384 files changed, 129683 insertions, 0 deletions

diff --git a/pki/base/tps/LICENSE b/pki/base/tps/LICENSE
new file mode 100644
index 000000000..e9c49d37e
--- /dev/null
+++ b/pki/base/tps/LICENSE
@@ -0,0 +1,476 @@
+This Program is free software; you can redistribute it and/or modify it 
+under the terms of the GNU Lesser General Public License as published by 
+the Free Software Foundation; version 2.1 of the License.
+ 
+This Program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 
+or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 
+for more details.
+ 
+You should have received a copy of the GNU General Public License along 
+with this Program; if not, write to the Free Software Foundation, Inc., 
+59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+ 
+In addition, as a special exception, Red Hat, Inc. gives You the additional 
+right to link the code of this Program with code not covered under the 
+GNU Lesser  General Public License ("Non-LGPL Code") and to distribute 
+linked combinations including the two, without the reverse engineering 
+permission set forth in Section 6 of the LGPL, subject to the 
+limitations in this paragraph.
+
+		  GNU LESSER GENERAL PUBLIC LICENSE
+		       Version 2.1, February 1999
+
+ Copyright (C) 1991, 1999 Free Software Foundation, Inc.
+ 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+[This is the first released version of the Lesser GPL.  It also counts
+ as the successor of the GNU Library Public License, version 2, hence
+ the version number 2.1.]
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+Licenses are intended to guarantee your freedom to share and change
+free software--to make sure the software is free for all its users.
+
+  This license, the Lesser General Public License, applies to some
+specially designated software packages--typically libraries--of the
+Free Software Foundation and other authors who decide to use it.  You
+can use it too, but we suggest you first think carefully about whether
+this license or the ordinary General Public License is the better
+strategy to use in any particular case, based on the explanations below.
+
+  When we speak of free software, we are referring to freedom of use,
+not price.  Our General Public Licenses are designed to make sure that
+you have the freedom to distribute copies of free software (and charge
+for this service if you wish); that you receive source code or can get
+it if you want it; that you can change the software and use pieces of
+it in new free programs; and that you are informed that you can do
+these things.
+
+  To protect your rights, we need to make restrictions that forbid
+distributors to deny you these rights or to ask you to surrender these
+rights.  These restrictions translate to certain responsibilities for
+you if you distribute copies of the library or if you modify it.
+
+  For example, if you distribute copies of the library, whether gratis
+or for a fee, you must give the recipients all the rights that we gave
+you.  You must make sure that they, too, receive or can get the source
+code.  If you link other code with the library, you must provide
+complete object files to the recipients, so that they can relink them
+with the library after making changes to the library and recompiling
+it.  And you must show them these terms so they know their rights.
+
+  We protect your rights with a two-step method: (1) we copyright the
+library, and (2) we offer you this license, which gives you legal
+permission to copy, distribute and/or modify the library.
+
+  To protect each distributor, we want to make it very clear that
+there is no warranty for the free library.  Also, if the library is
+modified by someone else and passed on, the recipients should know
+that what they have is not the original version, so that the original
+author's reputation will not be affected by problems that might be
+introduced by others.
+
+  Finally, software patents pose a constant threat to the existence of
+any free program.  We wish to make sure that a company cannot
+effectively restrict the users of a free program by obtaining a
+restrictive license from a patent holder.  Therefore, we insist that
+any patent license obtained for a version of the library must be
+consistent with the full freedom of use specified in this license.
+
+  Most GNU software, including some libraries, is covered by the
+ordinary GNU General Public License.  This license, the GNU Lesser
+General Public License, applies to certain designated libraries, and
+is quite different from the ordinary General Public License.  We use
+this license for certain libraries in order to permit linking those
+libraries into non-free programs.
+
+  When a program is linked with a library, whether statically or using
+a shared library, the combination of the two is legally speaking a
+combined work, a derivative of the original library.  The ordinary
+General Public License therefore permits such linking only if the
+entire combination fits its criteria of freedom.  The Lesser General
+Public License permits more lax criteria for linking other code with
+the library.
+
+  We call this license the "Lesser" General Public License because it
+does Less to protect the user's freedom than the ordinary General
+Public License.  It also provides other free software developers Less
+of an advantage over competing non-free programs.  These disadvantages
+are the reason we use the ordinary General Public License for many
+libraries.  However, the Lesser license provides advantages in certain
+special circumstances.
+
+  For example, on rare occasions, there may be a special need to
+encourage the widest possible use of a certain library, so that it becomes
+a de-facto standard.  To achieve this, non-free programs must be
+allowed to use the library.  A more frequent case is that a free
+library does the same job as widely used non-free libraries.  In this
+case, there is little to gain by limiting the free library to free
+software only, so we use the Lesser General Public License.
+
+  In other cases, permission to use a particular library in non-free
+programs enables a greater number of people to use a large body of
+free software.  For example, permission to use the GNU C Library in
+non-free programs enables many more people to use the whole GNU
+operating system, as well as its variant, the GNU/Linux operating
+system.
+
+  Although the Lesser General Public License is Less protective of the
+users' freedom, it does ensure that the user of a program that is
+linked with the Library has the freedom and the wherewithal to run
+that program using a modified version of the Library.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.  Pay close attention to the difference between a
+"work based on the library" and a "work that uses the library".  The
+former contains code derived from the library, whereas the latter must
+be combined with the library in order to run.
+
+		  GNU LESSER GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License Agreement applies to any software library or other
+program which contains a notice placed by the copyright holder or
+other authorized party saying it may be distributed under the terms of
+this Lesser General Public License (also called "this License").
+Each licensee is addressed as "you".
+
+  A "library" means a collection of software functions and/or data
+prepared so as to be conveniently linked with application programs
+(which use some of those functions and data) to form executables.
+
+  The "Library", below, refers to any such software library or work
+which has been distributed under these terms.  A "work based on the
+Library" means either the Library or any derivative work under
+copyright law: that is to say, a work containing the Library or a
+portion of it, either verbatim or with modifications and/or translated
+straightforwardly into another language.  (Hereinafter, translation is
+included without limitation in the term "modification".)
+
+  "Source code" for a work means the preferred form of the work for
+making modifications to it.  For a library, complete source code means
+all the source code for all modules it contains, plus any associated
+interface definition files, plus the scripts used to control compilation
+and installation of the library.
+
+  Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running a program using the Library is not restricted, and output from
+such a program is covered only if its contents constitute a work based
+on the Library (independent of the use of the Library in a tool for
+writing it).  Whether that is true depends on what the Library does
+and what the program that uses the Library does.
+  
+  1. You may copy and distribute verbatim copies of the Library's
+complete source code as you receive it, in any medium, provided that
+you conspicuously and appropriately publish on each copy an
+appropriate copyright notice and disclaimer of warranty; keep intact
+all the notices that refer to this License and to the absence of any
+warranty; and distribute a copy of this License along with the
+Library.
+
+  You may charge a fee for the physical act of transferring a copy,
+and you may at your option offer warranty protection in exchange for a
+fee.
+
+  2. You may modify your copy or copies of the Library or any portion
+of it, thus forming a work based on the Library, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) The modified work must itself be a software library.
+
+    b) You must cause the files modified to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    c) You must cause the whole of the work to be licensed at no
+    charge to all third parties under the terms of this License.
+
+    d) If a facility in the modified Library refers to a function or a
+    table of data to be supplied by an application program that uses
+    the facility, other than as an argument passed when the facility
+    is invoked, then you must make a good faith effort to ensure that,
+    in the event an application does not supply such function or
+    table, the facility still operates, and performs whatever part of
+    its purpose remains meaningful.
+
+    (For example, a function in a library to compute square roots has
+    a purpose that is entirely well-defined independent of the
+    application.  Therefore, Subsection 2d requires that any
+    application-supplied function or table used by this function must
+    be optional: if the application does not supply it, the square
+    root function must still compute square roots.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Library,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Library, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote
+it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Library.
+
+In addition, mere aggregation of another work not based on the Library
+with the Library (or with a work based on the Library) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may opt to apply the terms of the ordinary GNU General Public
+License instead of this License to a given copy of the Library.  To do
+this, you must alter all the notices that refer to this License, so
+that they refer to the ordinary GNU General Public License, version 2,
+instead of to this License.  (If a newer version than version 2 of the
+ordinary GNU General Public License has appeared, then you can specify
+that version instead if you wish.)  Do not make any other change in
+these notices.
+
+  Once this change is made in a given copy, it is irreversible for
+that copy, so the ordinary GNU General Public License applies to all
+subsequent copies and derivative works made from that copy.
+
+  This option is useful when you wish to copy part of the code of
+the Library into a program that is not a library.
+
+  4. You may copy and distribute the Library (or a portion or
+derivative of it, under Section 2) in object code or executable form
+under the terms of Sections 1 and 2 above provided that you accompany
+it with the complete corresponding machine-readable source code, which
+must be distributed under the terms of Sections 1 and 2 above on a
+medium customarily used for software interchange.
+
+  If distribution of object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the
+source code from the same place satisfies the requirement to
+distribute the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  5. A program that contains no derivative of any portion of the
+Library, but is designed to work with the Library by being compiled or
+linked with it, is called a "work that uses the Library".  Such a
+work, in isolation, is not a derivative work of the Library, and
+therefore falls outside the scope of this License.
+
+  However, linking a "work that uses the Library" with the Library
+creates an executable that is a derivative of the Library (because it
+contains portions of the Library), rather than a "work that uses the
+library".  The executable is therefore covered by this License.
+Section 6 states terms for distribution of such executables.
+
+  When a "work that uses the Library" uses material from a header file
+that is part of the Library, the object code for the work may be a
+derivative work of the Library even though the source code is not.
+Whether this is true is especially significant if the work can be
+linked without the Library, or if the work is itself a library.  The
+threshold for this to be true is not precisely defined by law.
+
+  If such an object file uses only numerical parameters, data
+structure layouts and accessors, and small macros and small inline
+functions (ten lines or less in length), then the use of the object
+file is unrestricted, regardless of whether it is legally a derivative
+work.  (Executables containing this object code plus portions of the
+Library will still fall under Section 6.)
+
+  Otherwise, if the work is a derivative of the Library, you may
+distribute the object code for the work under the terms of Section 6.
+Any executables containing that work also fall under Section 6,
+whether or not they are linked directly with the Library itself.
+
+  6. As an exception to the Sections above, you may also combine or
+link a "work that uses the Library" with the Library to produce a
+work containing portions of the Library, and distribute that work
+under terms of your choice, provided that the terms permit
+modification of the work for the customer's own use and reverse
+engineering for debugging such modifications.
+
+  You must give prominent notice with each copy of the work that the
+Library is used in it and that the Library and its use are covered by
+this License.  You must supply a copy of this License.  If the work
+during execution displays copyright notices, you must include the
+copyright notice for the Library among them, as well as a reference
+directing the user to the copy of this License.  Also, you must do one
+of these things:
+
+    a) Accompany the work with the complete corresponding
+    machine-readable source code for the Library including whatever
+    changes were used in the work (which must be distributed under
+    Sections 1 and 2 above); and, if the work is an executable linked
+    with the Library, with the complete machine-readable "work that
+    uses the Library", as object code and/or source code, so that the
+    user can modify the Library and then relink to produce a modified
+    executable containing the modified Library.  (It is understood
+    that the user who changes the contents of definitions files in the
+    Library will not necessarily be able to recompile the application
+    to use the modified definitions.)
+
+    b) Use a suitable shared library mechanism for linking with the
+    Library.  A suitable mechanism is one that (1) uses at run time a
+    copy of the library already present on the user's computer system,
+    rather than copying library functions into the executable, and (2)
+    will operate properly with a modified version of the library, if
+    the user installs one, as long as the modified version is
+    interface-compatible with the version that the work was made with.
+
+    c) Accompany the work with a written offer, valid for at
+    least three years, to give the same user the materials
+    specified in Subsection 6a, above, for a charge no more
+    than the cost of performing this distribution.
+
+    d) If distribution of the work is made by offering access to copy
+    from a designated place, offer equivalent access to copy the above
+    specified materials from the same place.
+
+    e) Verify that the user has already received a copy of these
+    materials or that you have already sent this user a copy.
+
+  For an executable, the required form of the "work that uses the
+Library" must include any data and utility programs needed for
+reproducing the executable from it.  However, as a special exception,
+the materials to be distributed need not include anything that is
+normally distributed (in either source or binary form) with the major
+components (compiler, kernel, and so on) of the operating system on
+which the executable runs, unless that component itself accompanies
+the executable.
+
+  It may happen that this requirement contradicts the license
+restrictions of other proprietary libraries that do not normally
+accompany the operating system.  Such a contradiction means you cannot
+use both them and the Library together in an executable that you
+distribute.
+
+  7. You may place library facilities that are a work based on the
+Library side-by-side in a single library together with other library
+facilities not covered by this License, and distribute such a combined
+library, provided that the separate distribution of the work based on
+the Library and of the other library facilities is otherwise
+permitted, and provided that you do these two things:
+
+    a) Accompany the combined library with a copy of the same work
+    based on the Library, uncombined with any other library
+    facilities.  This must be distributed under the terms of the
+    Sections above.
+
+    b) Give prominent notice with the combined library of the fact
+    that part of it is a work based on the Library, and explaining
+    where to find the accompanying uncombined form of the same work.
+
+  8. You may not copy, modify, sublicense, link with, or distribute
+the Library except as expressly provided under this License.  Any
+attempt otherwise to copy, modify, sublicense, link with, or
+distribute the Library is void, and will automatically terminate your
+rights under this License.  However, parties who have received copies,
+or rights, from you under this License will not have their licenses
+terminated so long as such parties remain in full compliance.
+
+  9. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Library or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Library (or any work based on the
+Library), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Library or works based on it.
+
+  10. Each time you redistribute the Library (or any work based on the
+Library), the recipient automatically receives a license from the
+original licensor to copy, distribute, link with or modify the Library
+subject to these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties with
+this License.
+
+  11. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Library at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Library by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under any
+particular circumstance, the balance of the section is intended to apply,
+and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  12. If the distribution and/or use of the Library is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Library under this License may add
+an explicit geographical distribution limitation excluding those countries,
+so that distribution is permitted only in or among countries not thus
+excluded.  In such case, this License incorporates the limitation as if
+written in the body of this License.
+
+  13. The Free Software Foundation may publish revised and/or new
+versions of the Lesser General Public License from time to time.
+Such new versions will be similar in spirit to the present version,
+but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Library
+specifies a version number of this License which applies to it and
+"any later version", you have the option of following the terms and
+conditions either of that version or of any later version published by
+the Free Software Foundation.  If the Library does not specify a
+license version number, you may choose any version ever published by
+the Free Software Foundation.
+
+  14. If you wish to incorporate parts of the Library into other free
+programs whose distribution conditions are incompatible with these,
+write to the author to ask for permission.  For software which is
+copyrighted by the Free Software Foundation, write to the Free
+Software Foundation; we sometimes make exceptions for this.  Our
+decision will be guided by the two goals of preserving the free status
+of all derivatives of our free software and of promoting the sharing
+and reuse of software generally.
+
+			    NO WARRANTY
+
+  15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+LIBRARY IS WITH YOU.  SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
diff --git a/pki/base/tps/Makefile.am b/pki/base/tps/Makefile.am
new file mode 100644
index 000000000..b3b18e69f
--- /dev/null
+++ b/pki/base/tps/Makefile.am
@@ -0,0 +1,491 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+# look for included m4 files in the ./m4/ directory
+ACLOCAL_AMFLAGS = -I m4
+
+#------------------------
+# Compiler Flags
+#------------------------
+DEBUG_DEFINES = @debug_defs@
+TPS_INCLUDES = -I$(srcdir)/src/include
+# These paths are dependent on the settings of prefix and exec_prefix
+# which may be specified at make time.  So we cannot use AC_DEFINE in
+# the configure.ac because that would set the values prior to their
+# being defined.  Defining them here ensures that they are properly
+# expanded before use.  See create_instance.h for more details. The
+# quoting ensures that the values are # quoted for the shell command,
+# and the value expands to a quoted string value in the header file
+# (e.g. - #define LOCALSTATEDIR "/var"; without the quotes, it would
+#         be #define LOCALSTATEDIR /var which would be an error).
+PATH_DEFINES = -DLOCALSTATEDIR="\"$(localstatedir)\"" \
+	-DSYSCONFDIR="\"$(sysconfdir)\"" -DLIBDIR="\"$(libdir)\"" \
+	-DBINDIR="\"$(bindir)\"" -DDATADIR="\"$(datadir)\"" \
+	-DDOCDIR="\"$(docdir)\"" -DLIBEXECDIR="\"$(libexecdir)\""
+AM_CPPFLAGS = $(DEBUG_DEFINES) $(TPS_INCLUDES) $(PATH_DEFINES)
+# We need to make sure that libpthread is linked before libc on HP-UX.
+if HPUX
+AM_LDFLAGS = -lpthread -lz
+endif
+if LINUX
+AM_LDFLAGS = -lz
+endif
+if SOLARIS
+AM_LDFLAGS = -lz
+endif
+
+#------------------------
+# Linker Flags
+#------------------------
+APACHE_LINK = @apache_lib@ -l@apr_libutil_version@ -lexpat -lpcre @db_lib@ -ldb
+APR_LINK = @apr_lib@ -l@apr_lib_version@
+LDAPSDK_LINK = @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60
+SVRCORE_LINK = @svrcore_lib@ -lsvrcore
+SASL_LINK = @sasl_lib@ -lsasl2
+NSS_LINK = @nss_lib@ -lnss3 -lssl3 -lsmime3 -lsoftokn3
+NSPR_LINK = @nspr_lib@ -lplc4 -lplds4 -lnspr4
+
+LIBSOCKET=@LIBSOCKET@
+LIBNSL=@LIBNSL@
+LIBDL=@LIBDL@
+LIBCSTD=@LIBCSTD@
+LIBCRUN=@LIBCRUN@
+
+#------------------------
+# Install Paths
+#------------------------
+aliasdir = $(prefix)@aliasdir@
+apache_modulesdir = $(prefix)@apache_modulesdir@
+appletsdir = $(prefix)@appletsdir@
+cgibin_demodir = $(prefix)@cgibin_demodir@
+cgibin_homedir = $(prefix)@cgibin_homedir@
+cgibin_sodir = $(prefix)@cgibin_sodir@
+cgibin_sowdir = $(prefix)@cgibin_sowdir@
+confdir = $(prefix)@confdir@
+docrootdir = $(prefix)@docrootdir@
+docroot_demodir = $(prefix)@docroot_demodir@
+docroot_homedir = $(prefix)@docroot_homedir@
+docroot_sodir = $(prefix)@docroot_sodir@
+docroot_sowdir = $(prefix)@docroot_sowdir@
+docroot_tokendbdir = $(prefix)@docroot_tokendbdir@
+docroot_tps_configdir = $(prefix)@docroot_tps_configdir@
+docroot_tps_imgdir = $(prefix)@docroot_tps_imgdir@
+docroot_tps_jsdir = $(prefix)@docroot_tps_jsdir@
+initddir = $(sysconfdir)@initddir@
+licensedir = $(prefix)@licensedir@
+logsdir = $(prefix)@logsdir@
+perl_modulesdir = $(prefix)@perl_modulesdir@
+perl_templatesdir = $(prefix)@perl_templatesdir@
+samplesdir = $(prefix)@samplesdir@
+scriptsdir = $(prefix)@scriptsdir@
+setupdir = $(prefix)@setupdir@
+templatesdir = $(prefix)@templatesdir@
+
+#------------------------
+# Build Products
+#------------------------
+lib_LTLIBRARIES =	libtokendb.la  \
+					libtps.la      \
+					libldapauth.la
+
+apache_modules_LTLIBRARIES =	mod_tps.la \
+								mod_tokendb.la
+
+libexec_PROGRAMS =	tpsclient
+
+#------------------------
+# Installed Files
+#------------------------
+# create an empty 'alias' directory
+alias_DATA =
+
+applets_DATA =	$(srcdir)/applets/1.3.44724DDE.ijc
+
+bin_SCRIPTS =	wrappers/tpsclient
+
+cgibin_demo_DATA =
+
+cgibin_demo_SCRIPTS =	$(srcdir)/forms/esc/cgi-bin/demo/enroll.cgi \
+						$(srcdir)/forms/esc/cgi-bin/demo/index.cgi
+
+cgibin_home_DATA =
+
+cgibin_home_SCRIPTS =	$(srcdir)/forms/esc/cgi-bin/home/enroll.cgi \
+						$(srcdir)/forms/esc/cgi-bin/home/index.cgi
+
+cgibin_so_DATA =
+
+cgibin_so_SCRIPTS =	$(srcdir)/forms/esc/cgi-bin/so/enroll.cgi \
+					$(srcdir)/forms/esc/cgi-bin/so/index.cgi
+
+cgibin_sow_DATA =
+
+cgibin_sow_SCRIPTS =	$(srcdir)/forms/esc/cgi-bin/sow/ajax-list.cgi   \
+						$(srcdir)/forms/esc/cgi-bin/sow/cfg.pl          \
+						$(srcdir)/forms/esc/cgi-bin/sow/enroll.cgi      \
+						$(srcdir)/forms/esc/cgi-bin/sow/enroll_temp.cgi \
+						$(srcdir)/forms/esc/cgi-bin/sow/format.cgi      \
+						$(srcdir)/forms/esc/cgi-bin/sow/formatso.cgi    \
+						$(srcdir)/forms/esc/cgi-bin/sow/index.cgi       \
+						$(srcdir)/forms/esc/cgi-bin/sow/main.cgi        \
+						$(srcdir)/forms/esc/cgi-bin/sow/noaccess.cgi    \
+						$(srcdir)/forms/esc/cgi-bin/sow/read.cgi        \
+						$(srcdir)/forms/esc/cgi-bin/sow/read_temp.cgi   \
+						$(srcdir)/forms/esc/cgi-bin/sow/search.cgi      \
+						$(srcdir)/forms/esc/cgi-bin/sow/search_temp.cgi \
+						$(srcdir)/forms/esc/cgi-bin/sow/seturl.cgi      \
+						$(srcdir)/forms/esc/cgi-bin/sow/welcome.cgi
+
+conf_DATA =	$(srcdir)/apache/conf/httpd.conf \
+			$(srcdir)/apache/conf/magic      \
+			$(srcdir)/apache/conf/mime.types \
+			$(srcdir)/apache/conf/nss.conf   \
+			$(srcdir)/apache/conf/perl.conf  \
+			$(srcdir)/doc/CS.cfg
+
+docroot_DATA =	$(srcdir)/forms/index.html
+
+docroot_demo_DATA =
+
+docroot_home_DATA =
+
+docroot_so_DATA =
+
+docroot_sow_DATA =
+
+docroot_tokendb_DATA =
+
+docroot_tps_config_DATA = 
+
+docroot_tps_img_DATA =
+
+docroot_tps_js_DATA =
+
+initd_SCRIPTS =	$(srcdir)/etc/init.d/httpd
+
+license_DATA =	$(srcdir)/LICENSE
+
+libexec_SCRIPTS =	$(srcdir)/apache/apachectl
+
+# create an empty 'logs' directory
+logs_DATA =
+
+perl_modules_SCRIPTS =	$(srcdir)/lib/perl/PKI/TPS/AdminAuthPanel.pm         \
+						$(srcdir)/lib/perl/PKI/TPS/AdminPanel.pm             \
+						$(srcdir)/lib/perl/PKI/TPS/AgentAuthPanel.pm         \
+						$(srcdir)/lib/perl/PKI/TPS/AuthDBPanel.pm            \
+						$(srcdir)/lib/perl/PKI/TPS/BasePanel.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/CAInfoPanel.pm            \
+						$(srcdir)/lib/perl/PKI/TPS/CertInfo.pm               \
+						$(srcdir)/lib/perl/PKI/TPS/CertPrettyPrintPanel.pm   \
+						$(srcdir)/lib/perl/PKI/TPS/CertRequestPanel.pm       \
+						$(srcdir)/lib/perl/PKI/TPS/Common.pm                 \
+						$(srcdir)/lib/perl/PKI/TPS/Config.pm                 \
+						$(srcdir)/lib/perl/PKI/TPS/ConfigHSMLoginPanel.pm    \
+						$(srcdir)/lib/perl/PKI/TPS/ConfigHSMPanel.pm         \
+						$(srcdir)/lib/perl/PKI/TPS/DRMInfoPanel.pm           \
+						$(srcdir)/lib/perl/PKI/TPS/DatabasePanel.pm          \
+						$(srcdir)/lib/perl/PKI/TPS/DisplayCertChain2Panel.pm \
+						$(srcdir)/lib/perl/PKI/TPS/DisplayCertChainPanel.pm  \
+						$(srcdir)/lib/perl/PKI/TPS/DonePanel.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/GlobalVar.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/ImportAdminCertPanel.pm   \
+						$(srcdir)/lib/perl/PKI/TPS/Login.pm                  \
+						$(srcdir)/lib/perl/PKI/TPS/LoginPanel.pm             \
+						$(srcdir)/lib/perl/PKI/TPS/ModulePanel.pm            \
+						$(srcdir)/lib/perl/PKI/TPS/Modutil.pm                \
+						$(srcdir)/lib/perl/PKI/TPS/NamePanel.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/ReqCertInfo.pm            \
+						$(srcdir)/lib/perl/PKI/TPS/SecurityDomainPanel.pm    \
+						$(srcdir)/lib/perl/PKI/TPS/SizePanel.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/SubsystemTypePanel.pm     \
+						$(srcdir)/lib/perl/PKI/TPS/TKSInfoPanel.pm           \
+						$(srcdir)/lib/perl/PKI/TPS/WelcomePanel.pm           \
+						$(srcdir)/lib/perl/PKI/TPS/wizard.pm
+
+perl_templates_SCRIPTS =	$(srcdir)/lib/perl/Template/Velocity.pm
+
+samples_DATA =	$(srcdir)/tools/raclient/enroll.tps \
+				$(srcdir)/tools/raclient/format.tps \
+				$(srcdir)/tools/raclient/reset_pin.tps
+
+scripts_DATA =	$(srcdir)/scripts/schemaMods.ldif \
+				$(srcdir)/scripts/database.ldif   \
+				$(srcdir)/scripts/addIndexes.ldif \
+				$(srcdir)/scripts/addAgents.ldif  \
+				$(srcdir)/scripts/addTokens.ldif  \
+				$(srcdir)/scripts/vlvtasks.ldif   \
+				$(srcdir)/scripts/addVLVIndexes.ldif
+
+scripts_SCRIPTS =	$(srcdir)/scripts/nss_pcache
+
+if LINUX
+setup_DATA =	$(srcdir)/setup/config.desktop
+endif
+
+setup_SCRIPTS =	$(srcdir)/setup/postinstall
+
+templates_DATA =	$(srcdir)/apache/pki_instance_command_wrapper \
+					$(srcdir)/apache/pki_subsystem_command_wrapper
+
+
+#////////////////////////////////////////////////////////////////
+#
+#   Dynamic Libraries
+#
+#////////////////////////////////////////////////////////////////
+
+#------------------------
+# libtokendb
+#------------------------
+libtokendb_la_SOURCES = src/tus/tus_db.c
+
+libtokendb_la_CPPFLAGS = $(AM_CPPFLAGS) @ldapsdk_inc@ @svrcore_inc@ \
+	@sasl_inc@ @nss_inc@ @nspr_inc@
+libtokendb_la_LDFLAGS = $(AM_LDFLAGS) -avoid-version
+libtokendb_la_LIBADD = $(LDAPSDK_LINK) $(SVRCORE_LINK)                    \
+	$(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(LIBNSL) $(LIBSOCKET) $(LIBDL) \
+	$(LIBCSTD) $(LIBCRUN)
+libtokendb_la_LINK = $(CXXLINK)
+
+
+#------------------------
+# libtps
+#------------------------
+libtps_la_SOURCES =	src/main/Buffer.cpp                        \
+					src/main/NameValueSet.cpp                  \
+					src/main/ConfigStore.cpp                   \
+					src/main/Util.cpp                          \
+					src/main/RA_Msg.cpp                        \
+					src/main/RA_pblock.cpp                     \
+					src/main/RA_Session.cpp                    \
+					src/main/RA_Context.cpp                    \
+					src/main/Login.cpp                         \
+					src/main/SecureId.cpp                      \
+					src/main/Memory.cpp                        \
+					src/main/AuthenticationEntry.cpp           \
+					src/main/AuthParams.cpp                    \
+					src/main/Authentication.cpp                \
+					src/main/AttributeSpec.cpp                 \
+					src/main/ObjectSpec.cpp                    \
+					src/main/PKCS11Obj.cpp                     \
+					src/httpClient/httpClient.cpp              \
+					src/httpClient/Cache.cpp                   \
+					src/httpClient/engine.cpp                  \
+					src/httpClient/http.cpp                    \
+					src/httpClient/response.cpp                \
+					src/httpClient/request.cpp                 \
+					src/httpClient/nscperror.cpp               \
+					src/cms/HttpConnection.cpp                 \
+					src/cms/ConnectionInfo.cpp                 \
+					src/cms/CertEnroll.cpp                     \
+					src/apdu/APDU.cpp                          \
+					src/apdu/Unblock_Pin_APDU.cpp              \
+					src/apdu/Create_Object_APDU.cpp            \
+					src/apdu/Set_Pin_APDU.cpp                  \
+					src/apdu/Set_IssuerInfo_APDU.cpp           \
+					src/apdu/Get_IssuerInfo_APDU.cpp           \
+					src/apdu/Create_Pin_APDU.cpp               \
+					src/apdu/List_Pins_APDU.cpp                \
+					src/apdu/Initialize_Update_APDU.cpp        \
+					src/apdu/Get_Version_APDU.cpp              \
+					src/apdu/Get_Status_APDU.cpp               \
+					src/apdu/Get_Data_APDU.cpp                 \
+					src/apdu/External_Authenticate_APDU.cpp    \
+					src/apdu/Generate_Key_APDU.cpp             \
+					src/apdu/Read_Buffer_APDU.cpp              \
+					src/apdu/Read_Object_APDU.cpp              \
+					src/apdu/Write_Object_APDU.cpp             \
+					src/apdu/Put_Key_APDU.cpp                  \
+					src/apdu/Select_APDU.cpp                   \
+					src/apdu/Delete_File_APDU.cpp              \
+					src/apdu/Install_Applet_APDU.cpp           \
+					src/apdu/Format_Muscle_Applet_APDU.cpp     \
+					src/apdu/Load_File_APDU.cpp                \
+					src/apdu/Install_Load_APDU.cpp             \
+					src/apdu/Lifecycle_APDU.cpp                \
+					src/apdu/List_Objects_APDU.cpp             \
+					src/apdu/Import_Key_APDU.cpp               \
+					src/apdu/Import_Key_Enc_APDU.cpp           \
+					src/apdu/APDU_Response.cpp                 \
+					src/msg/RA_Begin_Op_Msg.cpp                \
+					src/msg/RA_End_Op_Msg.cpp                  \
+					src/msg/RA_Login_Request_Msg.cpp           \
+					src/msg/RA_Login_Response_Msg.cpp          \
+					src/msg/RA_SecureId_Request_Msg.cpp        \
+					src/msg/RA_SecureId_Response_Msg.cpp       \
+					src/msg/RA_ASQ_Request_Msg.cpp             \
+					src/msg/RA_ASQ_Response_Msg.cpp            \
+					src/msg/RA_New_Pin_Request_Msg.cpp         \
+					src/msg/RA_New_Pin_Response_Msg.cpp        \
+					src/msg/RA_Token_PDU_Request_Msg.cpp       \
+					src/msg/RA_Token_PDU_Response_Msg.cpp      \
+					src/msg/RA_Status_Update_Request_Msg.cpp   \
+					src/msg/RA_Status_Update_Response_Msg.cpp  \
+					src/msg/RA_Extended_Login_Request_Msg.cpp  \
+					src/msg/RA_Extended_Login_Response_Msg.cpp \
+					src/channel/Channel.cpp                    \
+					src/channel/Secure_Channel.cpp             \
+					src/engine/RA.cpp                          \
+					src/processor/RA_Processor.cpp             \
+					src/processor/RA_Enroll_Processor.cpp      \
+					src/processor/RA_Pin_Reset_Processor.cpp   \
+					src/processor/RA_Renew_Processor.cpp       \
+					src/processor/RA_Unblock_Processor.cpp     \
+					src/processor/RA_Format_Processor.cpp
+
+libtps_la_CPPFLAGS = $(AM_CPPFLAGS) @ldapsdk_inc@ @svrcore_inc@ \
+	@sasl_inc@ @nss_inc@ @nspr_inc@
+libtps_la_LDFLAGS = $(AM_LDFLAGS) -avoid-version
+libtps_la_LIBADD = libtokendb.la $(LDAPSDK_LINK) $(SVRCORE_LINK)          \
+	$(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(LIBNSL) $(LIBSOCKET) $(LIBDL) \
+	$(LIBCSTD) $(LIBCRUN)
+
+
+#------------------------
+# libldapauth
+#------------------------
+libldapauth_la_SOURCES =	src/authentication/LDAP_Authentication.cpp
+
+libldapauth_la_CPPFLAGS = $(AM_CPPFLAGS) @ldapsdk_inc@ @svrcore_inc@ \
+	@sasl_inc@ @nss_inc@ @nspr_inc@
+libldapauth_la_LDFLAGS = $(AM_LDFLAGS) -avoid-version
+libldapauth_la_LIBADD = libtps.la $(LDAPSDK_LINK) $(SVRCORE_LINK)         \
+	$(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(LIBNSL) $(LIBSOCKET) $(LIBDL) \
+	$(LIBCSTD) $(LIBCRUN)
+
+
+#------------------------
+# mod_tps
+#------------------------
+mod_tps_la_SOURCES =	src/modules/tps/AP_Context.cpp \
+						src/modules/tps/AP_Session.cpp \
+						src/modules/tps/mod_tps.cpp
+
+mod_tps_la_CPPFLAGS = $(AM_CPPFLAGS) @apr_inc@ @apache_inc@ \
+	@ldapsdk_inc@ @svrcore_inc@ @sasl_inc@ @nss_inc@ @nspr_inc@
+mod_tps_la_LDFLAGS = $(AM_LDFLAGS) -avoid-version -module
+mod_tps_la_LIBADD = libtps.la $(APACHE_LINK) $(APR_LINK)                  \
+	$(LDAPSDK_LINK) $(SVRCORE_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) \
+	$(LIBNSL) $(LIBSOCKET) $(LIBDL) $(LIBCSTD) $(LIBCRUN)
+
+
+#------------------------
+# mod_tokendb
+#------------------------
+mod_tokendb_la_SOURCES =	src/modules/tokendb/mod_tokendb.cpp
+
+mod_tokendb_la_CPPFLAGS = $(AM_CPPFLAGS) @apr_inc@ @apache_inc@ \
+	@ldapsdk_inc@ @svrcore_inc@ @sasl_inc@ @nss_inc@ @nspr_inc@
+mod_tokendb_la_LDFLAGS = $(AM_LDFLAGS) -avoid-version -module
+mod_tokendb_la_LIBADD = libtps.la $(APACHE_LINK) $(APR_LINK)              \
+	$(LDAPSDK_LINK) $(SVRCORE_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) \
+	$(LIBNSL) $(LIBSOCKET) $(LIBDL) $(LIBCSTD) $(LIBCRUN)
+
+
+#////////////////////////////////////////////////////////////////
+#
+#   Programs
+#
+#////////////////////////////////////////////////////////////////
+
+#------------------------
+# tpsclient
+#------------------------
+#
+# REMINDER:  Link order is significant!
+#
+tpsclient_SOURCES =	tools/raclient/RA_Client.cpp               \
+					tools/raclient/RA_Conn.cpp                 \
+					tools/raclient/RA_Token.cpp                \
+					src/main/Buffer.cpp                        \
+					src/main/NameValueSet.cpp                  \
+					src/main/Util.cpp                          \
+					src/main/AuthParams.cpp                    \
+					src/apdu/APDU.cpp                          \
+					src/apdu/APDU_Response.cpp                 \
+					src/apdu/Create_Object_APDU.cpp            \
+					src/apdu/Create_Pin_APDU.cpp               \
+					src/apdu/Delete_File_APDU.cpp              \
+					src/apdu/External_Authenticate_APDU.cpp    \
+					src/apdu/Format_Muscle_Applet_APDU.cpp     \
+					src/apdu/Generate_Key_APDU.cpp             \
+					src/apdu/Get_Data_APDU.cpp                 \
+					src/apdu/Get_Status_APDU.cpp               \
+					src/apdu/Get_Version_APDU.cpp              \
+					src/apdu/Initialize_Update_APDU.cpp        \
+					src/apdu/Install_Applet_APDU.cpp           \
+					src/apdu/Install_Load_APDU.cpp             \
+					src/apdu/Lifecycle_APDU.cpp                \
+					src/apdu/List_Objects_APDU.cpp             \
+					src/apdu/Set_IssuerInfo_APDU.cpp           \
+					src/apdu/Get_IssuerInfo_APDU.cpp           \
+					src/apdu/List_Pins_APDU.cpp                \
+					src/apdu/Load_File_APDU.cpp                \
+					src/apdu/Put_Key_APDU.cpp                  \
+					src/apdu/Read_Buffer_APDU.cpp              \
+					src/apdu/Read_Object_APDU.cpp              \
+					src/apdu/Select_APDU.cpp                   \
+					src/apdu/Set_Pin_APDU.cpp                  \
+					src/apdu/Unblock_Pin_APDU.cpp              \
+					src/apdu/Write_Object_APDU.cpp             \
+					src/apdu/Import_Key_Enc_APDU.cpp           \
+					src/main/RA_Msg.cpp                        \
+					src/msg/RA_Begin_Op_Msg.cpp                \
+					src/msg/RA_End_Op_Msg.cpp                  \
+					src/msg/RA_Login_Request_Msg.cpp           \
+					src/msg/RA_Login_Response_Msg.cpp          \
+					src/msg/RA_Extended_Login_Request_Msg.cpp  \
+					src/msg/RA_Extended_Login_Response_Msg.cpp \
+					src/msg/RA_ASQ_Request_Msg.cpp             \
+					src/msg/RA_ASQ_Response_Msg.cpp            \
+					src/msg/RA_New_Pin_Request_Msg.cpp         \
+					src/msg/RA_New_Pin_Response_Msg.cpp        \
+					src/msg/RA_SecureId_Request_Msg.cpp        \
+					src/msg/RA_SecureId_Response_Msg.cpp       \
+					src/msg/RA_Status_Update_Request_Msg.cpp   \
+					src/msg/RA_Status_Update_Response_Msg.cpp  \
+					src/msg/RA_Token_PDU_Request_Msg.cpp       \
+					src/msg/RA_Token_PDU_Response_Msg.cpp
+
+tpsclient_CPPFLAGS = $(AM_CPPFLAGS) @ldapsdk_inc@ @svrcore_inc@ \
+	@sasl_inc@ @nss_inc@ @nspr_inc@
+tpsclient_LDADD = $(LDAPSDK_LINK) $(SVRCORE_LINK)                         \
+	$(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(LIBNSL) $(LIBSOCKET) $(LIBDL) \
+	$(LIBCSTD) $(LIBCRUN)
+
+
+#////////////////////////////////////////////////////////////////
+#
+#   Wrappers
+#
+#////////////////////////////////////////////////////////////////
+
+create_wrapper = sed                              \
+	-e "s|\@ldapsdk_libdir\@|$(ldapsdk_libdir)|g" \
+	-e "s|\@libexecdir\@|$(libexecdir)|g"         \
+	-e "s|\@nspr_libdir\@|$(nspr_libdir)|g"       \
+	-e "s|\@nss_libdir\@|$(nss_libdir)|g"         \
+	-e "s|\@sasl_libdir\@|$(sasl_libdir)|g"
+
+%: %.in
+	mkdir -p $(dir $@)
+	$(create_wrapper) $^ > $@
+
diff --git a/pki/base/tps/Makefile.in b/pki/base/tps/Makefile.in
new file mode 100644
index 000000000..89ee71dea
--- /dev/null
+++ b/pki/base/tps/Makefile.in
@@ -0,0 +1,4214 @@
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005  Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+
+
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = .
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+libexec_PROGRAMS = tpsclient$(EXEEXT)
+DIST_COMMON = $(am__configure_deps) $(srcdir)/Makefile.am \
+	$(srcdir)/Makefile.in $(srcdir)/config.h.in \
+	$(top_srcdir)/configure compile config.guess config.sub \
+	depcomp install-sh ltmain.sh missing
+subdir = .
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/nspr.m4 $(top_srcdir)/m4/nss.m4 \
+	$(top_srcdir)/m4/mozldap.m4 $(top_srcdir)/m4/sasl.m4 \
+	$(top_srcdir)/m4/svrcore.m4 $(top_srcdir)/m4/apr.m4 \
+	$(top_srcdir)/m4/apache.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno configure.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(apache_modulesdir)" \
+	"$(DESTDIR)$(libdir)" "$(DESTDIR)$(libexecdir)" \
+	"$(DESTDIR)$(bindir)" "$(DESTDIR)$(cgibin_demodir)" \
+	"$(DESTDIR)$(cgibin_homedir)" "$(DESTDIR)$(cgibin_sodir)" \
+	"$(DESTDIR)$(cgibin_sowdir)" "$(DESTDIR)$(initddir)" \
+	"$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(perl_modulesdir)" \
+	"$(DESTDIR)$(perl_templatesdir)" "$(DESTDIR)$(scriptsdir)" \
+	"$(DESTDIR)$(setupdir)" "$(DESTDIR)$(aliasdir)" \
+	"$(DESTDIR)$(appletsdir)" "$(DESTDIR)$(cgibin_demodir)" \
+	"$(DESTDIR)$(cgibin_homedir)" "$(DESTDIR)$(cgibin_sodir)" \
+	"$(DESTDIR)$(cgibin_sowdir)" "$(DESTDIR)$(confdir)" \
+	"$(DESTDIR)$(docrootdir)" "$(DESTDIR)$(docroot_demodir)" \
+	"$(DESTDIR)$(docroot_homedir)" "$(DESTDIR)$(docroot_sodir)" \
+	"$(DESTDIR)$(docroot_sowdir)" \
+	"$(DESTDIR)$(docroot_tokendbdir)" \
+	"$(DESTDIR)$(docroot_tps_configdir)" \
+	"$(DESTDIR)$(docroot_tps_imgdir)" \
+	"$(DESTDIR)$(docroot_tps_jsdir)" "$(DESTDIR)$(licensedir)" \
+	"$(DESTDIR)$(logsdir)" "$(DESTDIR)$(samplesdir)" \
+	"$(DESTDIR)$(scriptsdir)" "$(DESTDIR)$(setupdir)" \
+	"$(DESTDIR)$(templatesdir)"
+apache_modulesLTLIBRARIES_INSTALL = $(INSTALL)
+libLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(apache_modules_LTLIBRARIES) $(lib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+libldapauth_la_DEPENDENCIES = libtps.la $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1)
+am__dirstamp = $(am__leading_dot)dirstamp
+am_libldapauth_la_OBJECTS =  \
+	src/authentication/libldapauth_la-LDAP_Authentication.lo
+libldapauth_la_OBJECTS = $(am_libldapauth_la_OBJECTS)
+libtokendb_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1)
+am_libtokendb_la_OBJECTS = src/tus/libtokendb_la-tus_db.lo
+libtokendb_la_OBJECTS = $(am_libtokendb_la_OBJECTS)
+libtps_la_DEPENDENCIES = libtokendb.la $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1)
+am_libtps_la_OBJECTS = src/main/libtps_la-Buffer.lo \
+	src/main/libtps_la-NameValueSet.lo \
+	src/main/libtps_la-ConfigStore.lo src/main/libtps_la-Util.lo \
+	src/main/libtps_la-RA_Msg.lo src/main/libtps_la-RA_pblock.lo \
+	src/main/libtps_la-RA_Session.lo \
+	src/main/libtps_la-RA_Context.lo src/main/libtps_la-Login.lo \
+	src/main/libtps_la-SecureId.lo src/main/libtps_la-Memory.lo \
+	src/main/libtps_la-AuthenticationEntry.lo \
+	src/main/libtps_la-AuthParams.lo \
+	src/main/libtps_la-Authentication.lo \
+	src/main/libtps_la-AttributeSpec.lo \
+	src/main/libtps_la-ObjectSpec.lo \
+	src/main/libtps_la-PKCS11Obj.lo \
+	src/httpClient/libtps_la-httpClient.lo \
+	src/httpClient/libtps_la-Cache.lo \
+	src/httpClient/libtps_la-engine.lo \
+	src/httpClient/libtps_la-http.lo \
+	src/httpClient/libtps_la-response.lo \
+	src/httpClient/libtps_la-request.lo \
+	src/httpClient/libtps_la-nscperror.lo \
+	src/cms/libtps_la-HttpConnection.lo \
+	src/cms/libtps_la-ConnectionInfo.lo \
+	src/cms/libtps_la-CertEnroll.lo src/apdu/libtps_la-APDU.lo \
+	src/apdu/libtps_la-Unblock_Pin_APDU.lo \
+	src/apdu/libtps_la-Create_Object_APDU.lo \
+	src/apdu/libtps_la-Set_Pin_APDU.lo \
+	src/apdu/libtps_la-Set_IssuerInfo_APDU.lo \
+	src/apdu/libtps_la-Get_IssuerInfo_APDU.lo \
+	src/apdu/libtps_la-Create_Pin_APDU.lo \
+	src/apdu/libtps_la-List_Pins_APDU.lo \
+	src/apdu/libtps_la-Initialize_Update_APDU.lo \
+	src/apdu/libtps_la-Get_Version_APDU.lo \
+	src/apdu/libtps_la-Get_Status_APDU.lo \
+	src/apdu/libtps_la-Get_Data_APDU.lo \
+	src/apdu/libtps_la-External_Authenticate_APDU.lo \
+	src/apdu/libtps_la-Generate_Key_APDU.lo \
+	src/apdu/libtps_la-Read_Buffer_APDU.lo \
+	src/apdu/libtps_la-Read_Object_APDU.lo \
+	src/apdu/libtps_la-Write_Object_APDU.lo \
+	src/apdu/libtps_la-Put_Key_APDU.lo \
+	src/apdu/libtps_la-Select_APDU.lo \
+	src/apdu/libtps_la-Delete_File_APDU.lo \
+	src/apdu/libtps_la-Install_Applet_APDU.lo \
+	src/apdu/libtps_la-Format_Muscle_Applet_APDU.lo \
+	src/apdu/libtps_la-Load_File_APDU.lo \
+	src/apdu/libtps_la-Install_Load_APDU.lo \
+	src/apdu/libtps_la-Lifecycle_APDU.lo \
+	src/apdu/libtps_la-List_Objects_APDU.lo \
+	src/apdu/libtps_la-Import_Key_APDU.lo \
+	src/apdu/libtps_la-Import_Key_Enc_APDU.lo \
+	src/apdu/libtps_la-APDU_Response.lo \
+	src/msg/libtps_la-RA_Begin_Op_Msg.lo \
+	src/msg/libtps_la-RA_End_Op_Msg.lo \
+	src/msg/libtps_la-RA_Login_Request_Msg.lo \
+	src/msg/libtps_la-RA_Login_Response_Msg.lo \
+	src/msg/libtps_la-RA_SecureId_Request_Msg.lo \
+	src/msg/libtps_la-RA_SecureId_Response_Msg.lo \
+	src/msg/libtps_la-RA_ASQ_Request_Msg.lo \
+	src/msg/libtps_la-RA_ASQ_Response_Msg.lo \
+	src/msg/libtps_la-RA_New_Pin_Request_Msg.lo \
+	src/msg/libtps_la-RA_New_Pin_Response_Msg.lo \
+	src/msg/libtps_la-RA_Token_PDU_Request_Msg.lo \
+	src/msg/libtps_la-RA_Token_PDU_Response_Msg.lo \
+	src/msg/libtps_la-RA_Status_Update_Request_Msg.lo \
+	src/msg/libtps_la-RA_Status_Update_Response_Msg.lo \
+	src/msg/libtps_la-RA_Extended_Login_Request_Msg.lo \
+	src/msg/libtps_la-RA_Extended_Login_Response_Msg.lo \
+	src/channel/libtps_la-Channel.lo \
+	src/channel/libtps_la-Secure_Channel.lo \
+	src/engine/libtps_la-RA.lo \
+	src/processor/libtps_la-RA_Processor.lo \
+	src/processor/libtps_la-RA_Enroll_Processor.lo \
+	src/processor/libtps_la-RA_Pin_Reset_Processor.lo \
+	src/processor/libtps_la-RA_Renew_Processor.lo \
+	src/processor/libtps_la-RA_Unblock_Processor.lo \
+	src/processor/libtps_la-RA_Format_Processor.lo
+libtps_la_OBJECTS = $(am_libtps_la_OBJECTS)
+mod_tokendb_la_DEPENDENCIES = libtps.la $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1)
+am_mod_tokendb_la_OBJECTS =  \
+	src/modules/tokendb/mod_tokendb_la-mod_tokendb.lo
+mod_tokendb_la_OBJECTS = $(am_mod_tokendb_la_OBJECTS)
+mod_tps_la_DEPENDENCIES = libtps.la $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1)
+am_mod_tps_la_OBJECTS = src/modules/tps/mod_tps_la-AP_Context.lo \
+	src/modules/tps/mod_tps_la-AP_Session.lo \
+	src/modules/tps/mod_tps_la-mod_tps.lo
+mod_tps_la_OBJECTS = $(am_mod_tps_la_OBJECTS)
+libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(libexec_PROGRAMS)
+am_tpsclient_OBJECTS = tools/raclient/tpsclient-RA_Client.$(OBJEXT) \
+	tools/raclient/tpsclient-RA_Conn.$(OBJEXT) \
+	tools/raclient/tpsclient-RA_Token.$(OBJEXT) \
+	src/main/tpsclient-Buffer.$(OBJEXT) \
+	src/main/tpsclient-NameValueSet.$(OBJEXT) \
+	src/main/tpsclient-Util.$(OBJEXT) \
+	src/main/tpsclient-AuthParams.$(OBJEXT) \
+	src/apdu/tpsclient-APDU.$(OBJEXT) \
+	src/apdu/tpsclient-APDU_Response.$(OBJEXT) \
+	src/apdu/tpsclient-Create_Object_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Create_Pin_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Delete_File_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-External_Authenticate_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Format_Muscle_Applet_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Generate_Key_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Get_Data_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Get_Status_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Get_Version_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Initialize_Update_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Install_Applet_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Install_Load_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Lifecycle_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-List_Objects_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Set_IssuerInfo_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Get_IssuerInfo_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-List_Pins_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Load_File_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Put_Key_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Read_Buffer_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Read_Object_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Select_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Set_Pin_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Unblock_Pin_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Write_Object_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Import_Key_Enc_APDU.$(OBJEXT) \
+	src/main/tpsclient-RA_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_Begin_Op_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_End_Op_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_Login_Request_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_Login_Response_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_Extended_Login_Request_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_Extended_Login_Response_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_ASQ_Request_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_ASQ_Response_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_New_Pin_Request_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_New_Pin_Response_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_SecureId_Request_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_SecureId_Response_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_Status_Update_Request_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_Status_Update_Response_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_Token_PDU_Request_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_Token_PDU_Response_Msg.$(OBJEXT)
+tpsclient_OBJECTS = $(am_tpsclient_OBJECTS)
+tpsclient_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+binSCRIPT_INSTALL = $(INSTALL_SCRIPT)
+cgibin_demoSCRIPT_INSTALL = $(INSTALL_SCRIPT)
+cgibin_homeSCRIPT_INSTALL = $(INSTALL_SCRIPT)
+cgibin_soSCRIPT_INSTALL = $(INSTALL_SCRIPT)
+cgibin_sowSCRIPT_INSTALL = $(INSTALL_SCRIPT)
+initdSCRIPT_INSTALL = $(INSTALL_SCRIPT)
+libexecSCRIPT_INSTALL = $(INSTALL_SCRIPT)
+perl_modulesSCRIPT_INSTALL = $(INSTALL_SCRIPT)
+perl_templatesSCRIPT_INSTALL = $(INSTALL_SCRIPT)
+scriptsSCRIPT_INSTALL = $(INSTALL_SCRIPT)
+setupSCRIPT_INSTALL = $(INSTALL_SCRIPT)
+SCRIPTS = $(bin_SCRIPTS) $(cgibin_demo_SCRIPTS) $(cgibin_home_SCRIPTS) \
+	$(cgibin_so_SCRIPTS) $(cgibin_sow_SCRIPTS) $(initd_SCRIPTS) \
+	$(libexec_SCRIPTS) $(perl_modules_SCRIPTS) \
+	$(perl_templates_SCRIPTS) $(scripts_SCRIPTS) $(setup_SCRIPTS)
+DEFAULT_INCLUDES = -I. -I$(srcdir) -I.
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \
+	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+	$(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+CXXCOMPILE = $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS)
+LTCXXCOMPILE = $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) \
+	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+	$(AM_CXXFLAGS) $(CXXFLAGS)
+CXXLD = $(CXX)
+CXXLINK = $(LIBTOOL) --tag=CXX --mode=link $(CXXLD) $(AM_CXXFLAGS) \
+	$(CXXFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(libldapauth_la_SOURCES) $(libtokendb_la_SOURCES) \
+	$(libtps_la_SOURCES) $(mod_tokendb_la_SOURCES) \
+	$(mod_tps_la_SOURCES) $(tpsclient_SOURCES)
+DIST_SOURCES = $(libldapauth_la_SOURCES) $(libtokendb_la_SOURCES) \
+	$(libtps_la_SOURCES) $(mod_tokendb_la_SOURCES) \
+	$(mod_tps_la_SOURCES) $(tpsclient_SOURCES)
+aliasDATA_INSTALL = $(INSTALL_DATA)
+appletsDATA_INSTALL = $(INSTALL_DATA)
+cgibin_demoDATA_INSTALL = $(INSTALL_DATA)
+cgibin_homeDATA_INSTALL = $(INSTALL_DATA)
+cgibin_soDATA_INSTALL = $(INSTALL_DATA)
+cgibin_sowDATA_INSTALL = $(INSTALL_DATA)
+confDATA_INSTALL = $(INSTALL_DATA)
+docrootDATA_INSTALL = $(INSTALL_DATA)
+docroot_demoDATA_INSTALL = $(INSTALL_DATA)
+docroot_homeDATA_INSTALL = $(INSTALL_DATA)
+docroot_soDATA_INSTALL = $(INSTALL_DATA)
+docroot_sowDATA_INSTALL = $(INSTALL_DATA)
+docroot_tokendbDATA_INSTALL = $(INSTALL_DATA)
+docroot_tps_configDATA_INSTALL = $(INSTALL_DATA)
+docroot_tps_imgDATA_INSTALL = $(INSTALL_DATA)
+docroot_tps_jsDATA_INSTALL = $(INSTALL_DATA)
+licenseDATA_INSTALL = $(INSTALL_DATA)
+logsDATA_INSTALL = $(INSTALL_DATA)
+samplesDATA_INSTALL = $(INSTALL_DATA)
+scriptsDATA_INSTALL = $(INSTALL_DATA)
+setupDATA_INSTALL = $(INSTALL_DATA)
+templatesDATA_INSTALL = $(INSTALL_DATA)
+DATA = $(alias_DATA) $(applets_DATA) $(cgibin_demo_DATA) \
+	$(cgibin_home_DATA) $(cgibin_so_DATA) $(cgibin_sow_DATA) \
+	$(conf_DATA) $(docroot_DATA) $(docroot_demo_DATA) \
+	$(docroot_home_DATA) $(docroot_so_DATA) $(docroot_sow_DATA) \
+	$(docroot_tokendb_DATA) $(docroot_tps_config_DATA) \
+	$(docroot_tps_img_DATA) $(docroot_tps_js_DATA) $(license_DATA) \
+	$(logs_DATA) $(samples_DATA) $(scripts_DATA) $(setup_DATA) \
+	$(templates_DATA)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+  { test ! -d $(distdir) \
+    || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \
+         && rm -fr $(distdir); }; }
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = @ACLOCAL@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+APRDIR = @APRDIR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+HPUX_FALSE = @HPUX_FALSE@
+HPUX_TRUE = @HPUX_TRUE@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBCRUN = @LIBCRUN@
+LIBCSTD = @LIBCSTD@
+LIBDL = @LIBDL@
+LIBNSL = @LIBNSL@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBSOCKET = @LIBSOCKET@
+LIBTOOL = @LIBTOOL@
+LINUX_FALSE = @LINUX_FALSE@
+LINUX_TRUE = @LINUX_TRUE@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
+MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
+MAKEINFO = @MAKEINFO@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOLARIS_FALSE = @SOLARIS_FALSE@
+SOLARIS_TRUE = @SOLARIS_TRUE@
+STRIP = @STRIP@
+VERSION = @VERSION@
+WINNT_FALSE = @WINNT_FALSE@
+WINNT_TRUE = @WINNT_TRUE@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+ac_ct_RANLIB = @ac_ct_RANLIB@
+ac_ct_STRIP = @ac_ct_STRIP@
+
+#------------------------
+# Install Paths
+#------------------------
+aliasdir = $(prefix)@aliasdir@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
+am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+apache_bindir = @apache_bindir@
+apache_inc = @apache_inc@
+apache_lib = @apache_lib@
+apache_libdir = @apache_libdir@
+apache_modulesdir = $(prefix)@apache_modulesdir@
+appletsdir = $(prefix)@appletsdir@
+apr_bindir = @apr_bindir@
+apr_inc = @apr_inc@
+apr_lib = @apr_lib@
+apr_lib_version = @apr_lib_version@
+apr_libdir = @apr_libdir@
+apr_libutil_version = @apr_libutil_version@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+cgibin_demodir = $(prefix)@cgibin_demodir@
+cgibin_homedir = $(prefix)@cgibin_homedir@
+cgibin_sodir = $(prefix)@cgibin_sodir@
+cgibin_sowdir = $(prefix)@cgibin_sowdir@
+confdir = $(prefix)@confdir@
+datadir = @datadir@
+db_lib = @db_lib@
+db_libdir = @db_libdir@
+debug_defs = @debug_defs@
+docroot_demodir = $(prefix)@docroot_demodir@
+docroot_homedir = $(prefix)@docroot_homedir@
+docroot_sodir = $(prefix)@docroot_sodir@
+docroot_sow_cssdir = @docroot_sow_cssdir@
+docroot_sow_imagesdir = @docroot_sow_imagesdir@
+docroot_sow_jsdir = @docroot_sow_jsdir@
+docroot_sowdir = $(prefix)@docroot_sowdir@
+docroot_tokendbdir = $(prefix)@docroot_tokendbdir@
+docroot_tps_configdir = $(prefix)@docroot_tps_configdir@
+docroot_tps_cssdir = @docroot_tps_cssdir@
+docroot_tps_imgdir = $(prefix)@docroot_tps_imgdir@
+docroot_tps_jsdir = $(prefix)@docroot_tps_jsdir@
+docrootdir = $(prefix)@docrootdir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+includedir = @includedir@
+infodir = @infodir@
+initddir = $(sysconfdir)@initddir@
+install_sh = @install_sh@
+ldapsdk_bindir = @ldapsdk_bindir@
+ldapsdk_inc = @ldapsdk_inc@
+ldapsdk_lib = @ldapsdk_lib@
+ldapsdk_libdir = @ldapsdk_libdir@
+libdir = @libdir@
+libexecdir = @libexecdir@
+licensedir = $(prefix)@licensedir@
+localstatedir = @localstatedir@
+logsdir = $(prefix)@logsdir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nspr_inc = @nspr_inc@
+nspr_lib = @nspr_lib@
+nspr_libdir = @nspr_libdir@
+nss_inc = @nss_inc@
+nss_lib = @nss_lib@
+nss_libdir = @nss_libdir@
+oldincludedir = @oldincludedir@
+perl_modulesdir = $(prefix)@perl_modulesdir@
+perl_templatesdir = $(prefix)@perl_templatesdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+samplesdir = $(prefix)@samplesdir@
+sasl_inc = @sasl_inc@
+sasl_lib = @sasl_lib@
+sasl_libdir = @sasl_libdir@
+sbindir = @sbindir@
+scriptsdir = $(prefix)@scriptsdir@
+setupdir = $(prefix)@setupdir@
+sharedstatedir = @sharedstatedir@
+svrcore_inc = @svrcore_inc@
+svrcore_lib = @svrcore_lib@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+templatesdir = $(prefix)@templatesdir@
+
+# look for included m4 files in the ./m4/ directory
+ACLOCAL_AMFLAGS = -I m4
+
+#------------------------
+# Compiler Flags
+#------------------------
+DEBUG_DEFINES = @debug_defs@
+TPS_INCLUDES = -I$(srcdir)/src/include
+# These paths are dependent on the settings of prefix and exec_prefix
+# which may be specified at make time.  So we cannot use AC_DEFINE in
+# the configure.ac because that would set the values prior to their
+# being defined.  Defining them here ensures that they are properly
+# expanded before use.  See create_instance.h for more details. The
+# quoting ensures that the values are # quoted for the shell command,
+# and the value expands to a quoted string value in the header file
+# (e.g. - #define LOCALSTATEDIR "/var"; without the quotes, it would
+#         be #define LOCALSTATEDIR /var which would be an error).
+PATH_DEFINES = -DLOCALSTATEDIR="\"$(localstatedir)\"" \
+	-DSYSCONFDIR="\"$(sysconfdir)\"" -DLIBDIR="\"$(libdir)\"" \
+	-DBINDIR="\"$(bindir)\"" -DDATADIR="\"$(datadir)\"" \
+	-DDOCDIR="\"$(docdir)\"" -DLIBEXECDIR="\"$(libexecdir)\""
+
+AM_CPPFLAGS = $(DEBUG_DEFINES) $(TPS_INCLUDES) $(PATH_DEFINES)
+# We need to make sure that libpthread is linked before libc on HP-UX.
+@HPUX_TRUE@AM_LDFLAGS = -lpthread -lz
+@LINUX_TRUE@AM_LDFLAGS = -lz
+@SOLARIS_TRUE@AM_LDFLAGS = -lz
+
+#------------------------
+# Linker Flags
+#------------------------
+APACHE_LINK = @apache_lib@ -l@apr_libutil_version@ -lexpat -lpcre @db_lib@ -ldb
+APR_LINK = @apr_lib@ -l@apr_lib_version@
+LDAPSDK_LINK = @ldapsdk_lib@ -lssldap60 -lprldap60 -lldap60 -lldif60
+SVRCORE_LINK = @svrcore_lib@ -lsvrcore
+SASL_LINK = @sasl_lib@ -lsasl2
+NSS_LINK = @nss_lib@ -lnss3 -lssl3 -lsmime3 -lsoftokn3
+NSPR_LINK = @nspr_lib@ -lplc4 -lplds4 -lnspr4
+
+#------------------------
+# Build Products
+#------------------------
+lib_LTLIBRARIES = libtokendb.la  \
+					libtps.la      \
+					libldapauth.la
+
+apache_modules_LTLIBRARIES = mod_tps.la \
+								mod_tokendb.la
+
+
+#------------------------
+# Installed Files
+#------------------------
+# create an empty 'alias' directory
+alias_DATA = 
+applets_DATA = $(srcdir)/applets/1.3.44724DDE.ijc
+bin_SCRIPTS = wrappers/tpsclient
+cgibin_demo_DATA = 
+cgibin_demo_SCRIPTS = $(srcdir)/forms/esc/cgi-bin/demo/enroll.cgi \
+						$(srcdir)/forms/esc/cgi-bin/demo/index.cgi
+
+cgibin_home_DATA = 
+cgibin_home_SCRIPTS = $(srcdir)/forms/esc/cgi-bin/home/enroll.cgi \
+						$(srcdir)/forms/esc/cgi-bin/home/index.cgi
+
+cgibin_so_DATA = 
+cgibin_so_SCRIPTS = $(srcdir)/forms/esc/cgi-bin/so/enroll.cgi \
+					$(srcdir)/forms/esc/cgi-bin/so/index.cgi
+
+cgibin_sow_DATA = 
+cgibin_sow_SCRIPTS = $(srcdir)/forms/esc/cgi-bin/sow/ajax-list.cgi   \
+						$(srcdir)/forms/esc/cgi-bin/sow/cfg.pl          \
+						$(srcdir)/forms/esc/cgi-bin/sow/enroll.cgi      \
+						$(srcdir)/forms/esc/cgi-bin/sow/enroll_temp.cgi \
+						$(srcdir)/forms/esc/cgi-bin/sow/format.cgi      \
+						$(srcdir)/forms/esc/cgi-bin/sow/formatso.cgi    \
+						$(srcdir)/forms/esc/cgi-bin/sow/index.cgi       \
+						$(srcdir)/forms/esc/cgi-bin/sow/main.cgi        \
+						$(srcdir)/forms/esc/cgi-bin/sow/noaccess.cgi    \
+						$(srcdir)/forms/esc/cgi-bin/sow/read.cgi        \
+						$(srcdir)/forms/esc/cgi-bin/sow/read_temp.cgi   \
+						$(srcdir)/forms/esc/cgi-bin/sow/search.cgi      \
+						$(srcdir)/forms/esc/cgi-bin/sow/search_temp.cgi \
+						$(srcdir)/forms/esc/cgi-bin/sow/seturl.cgi      \
+						$(srcdir)/forms/esc/cgi-bin/sow/welcome.cgi
+
+conf_DATA = $(srcdir)/apache/conf/httpd.conf \
+			$(srcdir)/apache/conf/magic      \
+			$(srcdir)/apache/conf/mime.types \
+			$(srcdir)/apache/conf/nss.conf   \
+			$(srcdir)/apache/conf/perl.conf  \
+			$(srcdir)/doc/CS.cfg
+
+docroot_DATA = $(srcdir)/forms/index.html
+docroot_demo_DATA = 
+docroot_home_DATA = 
+docroot_so_DATA = 
+docroot_sow_DATA = 
+docroot_tokendb_DATA = 
+docroot_tps_config_DATA = 
+docroot_tps_img_DATA = 
+docroot_tps_js_DATA = 
+initd_SCRIPTS = $(srcdir)/etc/init.d/httpd
+license_DATA = $(srcdir)/LICENSE
+libexec_SCRIPTS = $(srcdir)/apache/apachectl
+
+# create an empty 'logs' directory
+logs_DATA = 
+perl_modules_SCRIPTS = $(srcdir)/lib/perl/PKI/TPS/AdminAuthPanel.pm         \
+						$(srcdir)/lib/perl/PKI/TPS/AdminPanel.pm             \
+						$(srcdir)/lib/perl/PKI/TPS/AgentAuthPanel.pm         \
+						$(srcdir)/lib/perl/PKI/TPS/AuthDBPanel.pm            \
+						$(srcdir)/lib/perl/PKI/TPS/BasePanel.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/CAInfoPanel.pm            \
+						$(srcdir)/lib/perl/PKI/TPS/CertInfo.pm               \
+						$(srcdir)/lib/perl/PKI/TPS/CertPrettyPrintPanel.pm   \
+						$(srcdir)/lib/perl/PKI/TPS/CertRequestPanel.pm       \
+						$(srcdir)/lib/perl/PKI/TPS/Common.pm                 \
+						$(srcdir)/lib/perl/PKI/TPS/Config.pm                 \
+						$(srcdir)/lib/perl/PKI/TPS/ConfigHSMLoginPanel.pm    \
+						$(srcdir)/lib/perl/PKI/TPS/ConfigHSMPanel.pm         \
+						$(srcdir)/lib/perl/PKI/TPS/DRMInfoPanel.pm           \
+						$(srcdir)/lib/perl/PKI/TPS/DatabasePanel.pm          \
+						$(srcdir)/lib/perl/PKI/TPS/DisplayCertChain2Panel.pm \
+						$(srcdir)/lib/perl/PKI/TPS/DisplayCertChainPanel.pm  \
+						$(srcdir)/lib/perl/PKI/TPS/DonePanel.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/GlobalVar.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/ImportAdminCertPanel.pm   \
+						$(srcdir)/lib/perl/PKI/TPS/Login.pm                  \
+						$(srcdir)/lib/perl/PKI/TPS/LoginPanel.pm             \
+						$(srcdir)/lib/perl/PKI/TPS/ModulePanel.pm            \
+						$(srcdir)/lib/perl/PKI/TPS/Modutil.pm                \
+						$(srcdir)/lib/perl/PKI/TPS/NamePanel.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/ReqCertInfo.pm            \
+						$(srcdir)/lib/perl/PKI/TPS/SecurityDomainPanel.pm    \
+						$(srcdir)/lib/perl/PKI/TPS/SizePanel.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/SubsystemTypePanel.pm     \
+						$(srcdir)/lib/perl/PKI/TPS/TKSInfoPanel.pm           \
+						$(srcdir)/lib/perl/PKI/TPS/WelcomePanel.pm           \
+						$(srcdir)/lib/perl/PKI/TPS/wizard.pm
+
+perl_templates_SCRIPTS = $(srcdir)/lib/perl/Template/Velocity.pm
+samples_DATA = $(srcdir)/tools/raclient/enroll.tps \
+				$(srcdir)/tools/raclient/format.tps \
+				$(srcdir)/tools/raclient/reset_pin.tps
+
+scripts_DATA = $(srcdir)/scripts/schemaMods.ldif \
+				$(srcdir)/scripts/database.ldif   \
+				$(srcdir)/scripts/addIndexes.ldif \
+				$(srcdir)/scripts/addAgents.ldif  \
+				$(srcdir)/scripts/addTokens.ldif  \
+				$(srcdir)/scripts/vlvtasks.ldif   \
+				$(srcdir)/scripts/addVLVIndexes.ldif
+
+scripts_SCRIPTS = $(srcdir)/scripts/nss_pcache
+@LINUX_TRUE@setup_DATA = $(srcdir)/setup/config.desktop
+setup_SCRIPTS = $(srcdir)/setup/postinstall
+templates_DATA = $(srcdir)/apache/pki_instance_command_wrapper \
+					$(srcdir)/apache/pki_subsystem_command_wrapper
+
+
+#////////////////////////////////////////////////////////////////
+#
+#   Dynamic Libraries
+#
+#////////////////////////////////////////////////////////////////
+
+#------------------------
+# libtokendb
+#------------------------
+libtokendb_la_SOURCES = src/tus/tus_db.c
+libtokendb_la_CPPFLAGS = $(AM_CPPFLAGS) @ldapsdk_inc@ @svrcore_inc@ \
+	@sasl_inc@ @nss_inc@ @nspr_inc@
+
+libtokendb_la_LDFLAGS = $(AM_LDFLAGS) -avoid-version
+libtokendb_la_LIBADD = $(LDAPSDK_LINK) $(SVRCORE_LINK)                    \
+	$(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(LIBNSL) $(LIBSOCKET) $(LIBDL) \
+	$(LIBCSTD) $(LIBCRUN)
+
+libtokendb_la_LINK = $(CXXLINK)
+
+#------------------------
+# libtps
+#------------------------
+libtps_la_SOURCES = src/main/Buffer.cpp                        \
+					src/main/NameValueSet.cpp                  \
+					src/main/ConfigStore.cpp                   \
+					src/main/Util.cpp                          \
+					src/main/RA_Msg.cpp                        \
+					src/main/RA_pblock.cpp                     \
+					src/main/RA_Session.cpp                    \
+					src/main/RA_Context.cpp                    \
+					src/main/Login.cpp                         \
+					src/main/SecureId.cpp                      \
+					src/main/Memory.cpp                        \
+					src/main/AuthenticationEntry.cpp           \
+					src/main/AuthParams.cpp                    \
+					src/main/Authentication.cpp                \
+					src/main/AttributeSpec.cpp                 \
+					src/main/ObjectSpec.cpp                    \
+					src/main/PKCS11Obj.cpp                     \
+					src/httpClient/httpClient.cpp              \
+					src/httpClient/Cache.cpp                   \
+					src/httpClient/engine.cpp                  \
+					src/httpClient/http.cpp                    \
+					src/httpClient/response.cpp                \
+					src/httpClient/request.cpp                 \
+					src/httpClient/nscperror.cpp               \
+					src/cms/HttpConnection.cpp                 \
+					src/cms/ConnectionInfo.cpp                 \
+					src/cms/CertEnroll.cpp                     \
+					src/apdu/APDU.cpp                          \
+					src/apdu/Unblock_Pin_APDU.cpp              \
+					src/apdu/Create_Object_APDU.cpp            \
+					src/apdu/Set_Pin_APDU.cpp                  \
+					src/apdu/Set_IssuerInfo_APDU.cpp           \
+					src/apdu/Get_IssuerInfo_APDU.cpp           \
+					src/apdu/Create_Pin_APDU.cpp               \
+					src/apdu/List_Pins_APDU.cpp                \
+					src/apdu/Initialize_Update_APDU.cpp        \
+					src/apdu/Get_Version_APDU.cpp              \
+					src/apdu/Get_Status_APDU.cpp               \
+					src/apdu/Get_Data_APDU.cpp                 \
+					src/apdu/External_Authenticate_APDU.cpp    \
+					src/apdu/Generate_Key_APDU.cpp             \
+					src/apdu/Read_Buffer_APDU.cpp              \
+					src/apdu/Read_Object_APDU.cpp              \
+					src/apdu/Write_Object_APDU.cpp             \
+					src/apdu/Put_Key_APDU.cpp                  \
+					src/apdu/Select_APDU.cpp                   \
+					src/apdu/Delete_File_APDU.cpp              \
+					src/apdu/Install_Applet_APDU.cpp           \
+					src/apdu/Format_Muscle_Applet_APDU.cpp     \
+					src/apdu/Load_File_APDU.cpp                \
+					src/apdu/Install_Load_APDU.cpp             \
+					src/apdu/Lifecycle_APDU.cpp                \
+					src/apdu/List_Objects_APDU.cpp             \
+					src/apdu/Import_Key_APDU.cpp               \
+					src/apdu/Import_Key_Enc_APDU.cpp           \
+					src/apdu/APDU_Response.cpp                 \
+					src/msg/RA_Begin_Op_Msg.cpp                \
+					src/msg/RA_End_Op_Msg.cpp                  \
+					src/msg/RA_Login_Request_Msg.cpp           \
+					src/msg/RA_Login_Response_Msg.cpp          \
+					src/msg/RA_SecureId_Request_Msg.cpp        \
+					src/msg/RA_SecureId_Response_Msg.cpp       \
+					src/msg/RA_ASQ_Request_Msg.cpp             \
+					src/msg/RA_ASQ_Response_Msg.cpp            \
+					src/msg/RA_New_Pin_Request_Msg.cpp         \
+					src/msg/RA_New_Pin_Response_Msg.cpp        \
+					src/msg/RA_Token_PDU_Request_Msg.cpp       \
+					src/msg/RA_Token_PDU_Response_Msg.cpp      \
+					src/msg/RA_Status_Update_Request_Msg.cpp   \
+					src/msg/RA_Status_Update_Response_Msg.cpp  \
+					src/msg/RA_Extended_Login_Request_Msg.cpp  \
+					src/msg/RA_Extended_Login_Response_Msg.cpp \
+					src/channel/Channel.cpp                    \
+					src/channel/Secure_Channel.cpp             \
+					src/engine/RA.cpp                          \
+					src/processor/RA_Processor.cpp             \
+					src/processor/RA_Enroll_Processor.cpp      \
+					src/processor/RA_Pin_Reset_Processor.cpp   \
+					src/processor/RA_Renew_Processor.cpp       \
+					src/processor/RA_Unblock_Processor.cpp     \
+					src/processor/RA_Format_Processor.cpp
+
+libtps_la_CPPFLAGS = $(AM_CPPFLAGS) @ldapsdk_inc@ @svrcore_inc@ \
+	@sasl_inc@ @nss_inc@ @nspr_inc@
+
+libtps_la_LDFLAGS = $(AM_LDFLAGS) -avoid-version
+libtps_la_LIBADD = libtokendb.la $(LDAPSDK_LINK) $(SVRCORE_LINK)          \
+	$(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(LIBNSL) $(LIBSOCKET) $(LIBDL) \
+	$(LIBCSTD) $(LIBCRUN)
+
+
+#------------------------
+# libldapauth
+#------------------------
+libldapauth_la_SOURCES = src/authentication/LDAP_Authentication.cpp
+libldapauth_la_CPPFLAGS = $(AM_CPPFLAGS) @ldapsdk_inc@ @svrcore_inc@ \
+	@sasl_inc@ @nss_inc@ @nspr_inc@
+
+libldapauth_la_LDFLAGS = $(AM_LDFLAGS) -avoid-version
+libldapauth_la_LIBADD = libtps.la $(LDAPSDK_LINK) $(SVRCORE_LINK)         \
+	$(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(LIBNSL) $(LIBSOCKET) $(LIBDL) \
+	$(LIBCSTD) $(LIBCRUN)
+
+
+#------------------------
+# mod_tps
+#------------------------
+mod_tps_la_SOURCES = src/modules/tps/AP_Context.cpp \
+						src/modules/tps/AP_Session.cpp \
+						src/modules/tps/mod_tps.cpp
+
+mod_tps_la_CPPFLAGS = $(AM_CPPFLAGS) @apr_inc@ @apache_inc@ \
+	@ldapsdk_inc@ @svrcore_inc@ @sasl_inc@ @nss_inc@ @nspr_inc@
+
+mod_tps_la_LDFLAGS = $(AM_LDFLAGS) -avoid-version -module
+mod_tps_la_LIBADD = libtps.la $(APACHE_LINK) $(APR_LINK)                  \
+	$(LDAPSDK_LINK) $(SVRCORE_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) \
+	$(LIBNSL) $(LIBSOCKET) $(LIBDL) $(LIBCSTD) $(LIBCRUN)
+
+
+#------------------------
+# mod_tokendb
+#------------------------
+mod_tokendb_la_SOURCES = src/modules/tokendb/mod_tokendb.cpp
+mod_tokendb_la_CPPFLAGS = $(AM_CPPFLAGS) @apr_inc@ @apache_inc@ \
+	@ldapsdk_inc@ @svrcore_inc@ @sasl_inc@ @nss_inc@ @nspr_inc@
+
+mod_tokendb_la_LDFLAGS = $(AM_LDFLAGS) -avoid-version -module
+mod_tokendb_la_LIBADD = libtps.la $(APACHE_LINK) $(APR_LINK)              \
+	$(LDAPSDK_LINK) $(SVRCORE_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) \
+	$(LIBNSL) $(LIBSOCKET) $(LIBDL) $(LIBCSTD) $(LIBCRUN)
+
+
+#////////////////////////////////////////////////////////////////
+#
+#   Programs
+#
+#////////////////////////////////////////////////////////////////
+
+#------------------------
+# tpsclient
+#------------------------
+#
+# REMINDER:  Link order is significant!
+#
+tpsclient_SOURCES = tools/raclient/RA_Client.cpp               \
+					tools/raclient/RA_Conn.cpp                 \
+					tools/raclient/RA_Token.cpp                \
+					src/main/Buffer.cpp                        \
+					src/main/NameValueSet.cpp                  \
+					src/main/Util.cpp                          \
+					src/main/AuthParams.cpp                    \
+					src/apdu/APDU.cpp                          \
+					src/apdu/APDU_Response.cpp                 \
+					src/apdu/Create_Object_APDU.cpp            \
+					src/apdu/Create_Pin_APDU.cpp               \
+					src/apdu/Delete_File_APDU.cpp              \
+					src/apdu/External_Authenticate_APDU.cpp    \
+					src/apdu/Format_Muscle_Applet_APDU.cpp     \
+					src/apdu/Generate_Key_APDU.cpp             \
+					src/apdu/Get_Data_APDU.cpp                 \
+					src/apdu/Get_Status_APDU.cpp               \
+					src/apdu/Get_Version_APDU.cpp              \
+					src/apdu/Initialize_Update_APDU.cpp        \
+					src/apdu/Install_Applet_APDU.cpp           \
+					src/apdu/Install_Load_APDU.cpp             \
+					src/apdu/Lifecycle_APDU.cpp                \
+					src/apdu/List_Objects_APDU.cpp             \
+					src/apdu/Set_IssuerInfo_APDU.cpp           \
+					src/apdu/Get_IssuerInfo_APDU.cpp           \
+					src/apdu/List_Pins_APDU.cpp                \
+					src/apdu/Load_File_APDU.cpp                \
+					src/apdu/Put_Key_APDU.cpp                  \
+					src/apdu/Read_Buffer_APDU.cpp              \
+					src/apdu/Read_Object_APDU.cpp              \
+					src/apdu/Select_APDU.cpp                   \
+					src/apdu/Set_Pin_APDU.cpp                  \
+					src/apdu/Unblock_Pin_APDU.cpp              \
+					src/apdu/Write_Object_APDU.cpp             \
+					src/apdu/Import_Key_Enc_APDU.cpp           \
+					src/main/RA_Msg.cpp                        \
+					src/msg/RA_Begin_Op_Msg.cpp                \
+					src/msg/RA_End_Op_Msg.cpp                  \
+					src/msg/RA_Login_Request_Msg.cpp           \
+					src/msg/RA_Login_Response_Msg.cpp          \
+					src/msg/RA_Extended_Login_Request_Msg.cpp  \
+					src/msg/RA_Extended_Login_Response_Msg.cpp \
+					src/msg/RA_ASQ_Request_Msg.cpp             \
+					src/msg/RA_ASQ_Response_Msg.cpp            \
+					src/msg/RA_New_Pin_Request_Msg.cpp         \
+					src/msg/RA_New_Pin_Response_Msg.cpp        \
+					src/msg/RA_SecureId_Request_Msg.cpp        \
+					src/msg/RA_SecureId_Response_Msg.cpp       \
+					src/msg/RA_Status_Update_Request_Msg.cpp   \
+					src/msg/RA_Status_Update_Response_Msg.cpp  \
+					src/msg/RA_Token_PDU_Request_Msg.cpp       \
+					src/msg/RA_Token_PDU_Response_Msg.cpp
+
+tpsclient_CPPFLAGS = $(AM_CPPFLAGS) @ldapsdk_inc@ @svrcore_inc@ \
+	@sasl_inc@ @nss_inc@ @nspr_inc@
+
+tpsclient_LDADD = $(LDAPSDK_LINK) $(SVRCORE_LINK)                         \
+	$(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(LIBNSL) $(LIBSOCKET) $(LIBDL) \
+	$(LIBCSTD) $(LIBCRUN)
+
+
+#////////////////////////////////////////////////////////////////
+#
+#   Wrappers
+#
+#////////////////////////////////////////////////////////////////
+create_wrapper = sed                              \
+	-e "s|\@ldapsdk_libdir\@|$(ldapsdk_libdir)|g" \
+	-e "s|\@libexecdir\@|$(libexecdir)|g"         \
+	-e "s|\@nspr_libdir\@|$(nspr_libdir)|g"       \
+	-e "s|\@nss_libdir\@|$(nss_libdir)|g"         \
+	-e "s|\@sasl_libdir\@|$(sasl_libdir)|g"
+
+all: config.h
+	$(MAKE) $(AM_MAKEFLAGS) all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .cpp .lo .o .obj
+am--refresh:
+	@:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      echo ' cd $(srcdir) && $(AUTOMAKE) --foreign '; \
+	      cd $(srcdir) && $(AUTOMAKE) --foreign  \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  Makefile'; \
+	cd $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign  Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    echo ' $(SHELL) ./config.status'; \
+	    $(SHELL) ./config.status;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	$(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	cd $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+
+config.h: stamp-h1
+	@if test ! -f $@; then \
+	  rm -f stamp-h1; \
+	  $(MAKE) stamp-h1; \
+	else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+	@rm -f stamp-h1
+	cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) 
+	cd $(top_srcdir) && $(AUTOHEADER)
+	rm -f stamp-h1
+	touch $@
+
+distclean-hdr:
+	-rm -f config.h stamp-h1
+install-apache_modulesLTLIBRARIES: $(apache_modules_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	test -z "$(apache_modulesdir)" || $(mkdir_p) "$(DESTDIR)$(apache_modulesdir)"
+	@list='$(apache_modules_LTLIBRARIES)'; for p in $$list; do \
+	  if test -f $$p; then \
+	    f=$(am__strip_dir) \
+	    echo " $(LIBTOOL) --mode=install $(apache_modulesLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(apache_modulesdir)/$$f'"; \
+	    $(LIBTOOL) --mode=install $(apache_modulesLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(apache_modulesdir)/$$f"; \
+	  else :; fi; \
+	done
+
+uninstall-apache_modulesLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@set -x; list='$(apache_modules_LTLIBRARIES)'; for p in $$list; do \
+	  p=$(am__strip_dir) \
+	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(apache_modulesdir)/$$p'"; \
+	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(apache_modulesdir)/$$p"; \
+	done
+
+clean-apache_modulesLTLIBRARIES:
+	-test -z "$(apache_modules_LTLIBRARIES)" || rm -f $(apache_modules_LTLIBRARIES)
+	@list='$(apache_modules_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	test -z "$(libdir)" || $(mkdir_p) "$(DESTDIR)$(libdir)"
+	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+	  if test -f $$p; then \
+	    f=$(am__strip_dir) \
+	    echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \
+	    $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \
+	  else :; fi; \
+	done
+
+uninstall-libLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@set -x; list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+	  p=$(am__strip_dir) \
+	  echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
+	  $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
+	done
+
+clean-libLTLIBRARIES:
+	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+src/authentication/$(am__dirstamp):
+	@$(mkdir_p) src/authentication
+	@: > src/authentication/$(am__dirstamp)
+src/authentication/$(DEPDIR)/$(am__dirstamp):
+	@$(mkdir_p) src/authentication/$(DEPDIR)
+	@: > src/authentication/$(DEPDIR)/$(am__dirstamp)
+src/authentication/libldapauth_la-LDAP_Authentication.lo:  \
+	src/authentication/$(am__dirstamp) \
+	src/authentication/$(DEPDIR)/$(am__dirstamp)
+libldapauth.la: $(libldapauth_la_OBJECTS) $(libldapauth_la_DEPENDENCIES) 
+	$(CXXLINK) -rpath $(libdir) $(libldapauth_la_LDFLAGS) $(libldapauth_la_OBJECTS) $(libldapauth_la_LIBADD) $(LIBS)
+src/tus/$(am__dirstamp):
+	@$(mkdir_p) src/tus
+	@: > src/tus/$(am__dirstamp)
+src/tus/$(DEPDIR)/$(am__dirstamp):
+	@$(mkdir_p) src/tus/$(DEPDIR)
+	@: > src/tus/$(DEPDIR)/$(am__dirstamp)
+src/tus/libtokendb_la-tus_db.lo: src/tus/$(am__dirstamp) \
+	src/tus/$(DEPDIR)/$(am__dirstamp)
+libtokendb.la: $(libtokendb_la_OBJECTS) $(libtokendb_la_DEPENDENCIES) 
+	$(libtokendb_la_LINK) -rpath $(libdir) $(libtokendb_la_LDFLAGS) $(libtokendb_la_OBJECTS) $(libtokendb_la_LIBADD) $(LIBS)
+src/main/$(am__dirstamp):
+	@$(mkdir_p) src/main
+	@: > src/main/$(am__dirstamp)
+src/main/$(DEPDIR)/$(am__dirstamp):
+	@$(mkdir_p) src/main/$(DEPDIR)
+	@: > src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-Buffer.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-NameValueSet.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-ConfigStore.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-Util.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-RA_Msg.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-RA_pblock.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-RA_Session.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-RA_Context.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-Login.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-SecureId.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-Memory.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-AuthenticationEntry.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-AuthParams.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-Authentication.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-AttributeSpec.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-ObjectSpec.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-PKCS11Obj.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/httpClient/$(am__dirstamp):
+	@$(mkdir_p) src/httpClient
+	@: > src/httpClient/$(am__dirstamp)
+src/httpClient/$(DEPDIR)/$(am__dirstamp):
+	@$(mkdir_p) src/httpClient/$(DEPDIR)
+	@: > src/httpClient/$(DEPDIR)/$(am__dirstamp)
+src/httpClient/libtps_la-httpClient.lo:  \
+	src/httpClient/$(am__dirstamp) \
+	src/httpClient/$(DEPDIR)/$(am__dirstamp)
+src/httpClient/libtps_la-Cache.lo: src/httpClient/$(am__dirstamp) \
+	src/httpClient/$(DEPDIR)/$(am__dirstamp)
+src/httpClient/libtps_la-engine.lo: src/httpClient/$(am__dirstamp) \
+	src/httpClient/$(DEPDIR)/$(am__dirstamp)
+src/httpClient/libtps_la-http.lo: src/httpClient/$(am__dirstamp) \
+	src/httpClient/$(DEPDIR)/$(am__dirstamp)
+src/httpClient/libtps_la-response.lo: src/httpClient/$(am__dirstamp) \
+	src/httpClient/$(DEPDIR)/$(am__dirstamp)
+src/httpClient/libtps_la-request.lo: src/httpClient/$(am__dirstamp) \
+	src/httpClient/$(DEPDIR)/$(am__dirstamp)
+src/httpClient/libtps_la-nscperror.lo: src/httpClient/$(am__dirstamp) \
+	src/httpClient/$(DEPDIR)/$(am__dirstamp)
+src/cms/$(am__dirstamp):
+	@$(mkdir_p) src/cms
+	@: > src/cms/$(am__dirstamp)
+src/cms/$(DEPDIR)/$(am__dirstamp):
+	@$(mkdir_p) src/cms/$(DEPDIR)
+	@: > src/cms/$(DEPDIR)/$(am__dirstamp)
+src/cms/libtps_la-HttpConnection.lo: src/cms/$(am__dirstamp) \
+	src/cms/$(DEPDIR)/$(am__dirstamp)
+src/cms/libtps_la-ConnectionInfo.lo: src/cms/$(am__dirstamp) \
+	src/cms/$(DEPDIR)/$(am__dirstamp)
+src/cms/libtps_la-CertEnroll.lo: src/cms/$(am__dirstamp) \
+	src/cms/$(DEPDIR)/$(am__dirstamp)
+src/apdu/$(am__dirstamp):
+	@$(mkdir_p) src/apdu
+	@: > src/apdu/$(am__dirstamp)
+src/apdu/$(DEPDIR)/$(am__dirstamp):
+	@$(mkdir_p) src/apdu/$(DEPDIR)
+	@: > src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Unblock_Pin_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Create_Object_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Set_Pin_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Set_IssuerInfo_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Get_IssuerInfo_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Create_Pin_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-List_Pins_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Initialize_Update_APDU.lo:  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Get_Version_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Get_Status_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Get_Data_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-External_Authenticate_APDU.lo:  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Generate_Key_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Read_Buffer_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Read_Object_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Write_Object_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Put_Key_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Select_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Delete_File_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Install_Applet_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Format_Muscle_Applet_APDU.lo:  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Load_File_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Install_Load_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Lifecycle_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-List_Objects_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Import_Key_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Import_Key_Enc_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-APDU_Response.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/msg/$(am__dirstamp):
+	@$(mkdir_p) src/msg
+	@: > src/msg/$(am__dirstamp)
+src/msg/$(DEPDIR)/$(am__dirstamp):
+	@$(mkdir_p) src/msg/$(DEPDIR)
+	@: > src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_Begin_Op_Msg.lo: src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_End_Op_Msg.lo: src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_Login_Request_Msg.lo: src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_Login_Response_Msg.lo: src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_SecureId_Request_Msg.lo: src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_SecureId_Response_Msg.lo:  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_ASQ_Request_Msg.lo: src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_ASQ_Response_Msg.lo: src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_New_Pin_Request_Msg.lo: src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_New_Pin_Response_Msg.lo: src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_Token_PDU_Request_Msg.lo:  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_Token_PDU_Response_Msg.lo:  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_Status_Update_Request_Msg.lo:  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_Status_Update_Response_Msg.lo:  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_Extended_Login_Request_Msg.lo:  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_Extended_Login_Response_Msg.lo:  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/channel/$(am__dirstamp):
+	@$(mkdir_p) src/channel
+	@: > src/channel/$(am__dirstamp)
+src/channel/$(DEPDIR)/$(am__dirstamp):
+	@$(mkdir_p) src/channel/$(DEPDIR)
+	@: > src/channel/$(DEPDIR)/$(am__dirstamp)
+src/channel/libtps_la-Channel.lo: src/channel/$(am__dirstamp) \
+	src/channel/$(DEPDIR)/$(am__dirstamp)
+src/channel/libtps_la-Secure_Channel.lo: src/channel/$(am__dirstamp) \
+	src/channel/$(DEPDIR)/$(am__dirstamp)
+src/engine/$(am__dirstamp):
+	@$(mkdir_p) src/engine
+	@: > src/engine/$(am__dirstamp)
+src/engine/$(DEPDIR)/$(am__dirstamp):
+	@$(mkdir_p) src/engine/$(DEPDIR)
+	@: > src/engine/$(DEPDIR)/$(am__dirstamp)
+src/engine/libtps_la-RA.lo: src/engine/$(am__dirstamp) \
+	src/engine/$(DEPDIR)/$(am__dirstamp)
+src/processor/$(am__dirstamp):
+	@$(mkdir_p) src/processor
+	@: > src/processor/$(am__dirstamp)
+src/processor/$(DEPDIR)/$(am__dirstamp):
+	@$(mkdir_p) src/processor/$(DEPDIR)
+	@: > src/processor/$(DEPDIR)/$(am__dirstamp)
+src/processor/libtps_la-RA_Processor.lo:  \
+	src/processor/$(am__dirstamp) \
+	src/processor/$(DEPDIR)/$(am__dirstamp)
+src/processor/libtps_la-RA_Enroll_Processor.lo:  \
+	src/processor/$(am__dirstamp) \
+	src/processor/$(DEPDIR)/$(am__dirstamp)
+src/processor/libtps_la-RA_Pin_Reset_Processor.lo:  \
+	src/processor/$(am__dirstamp) \
+	src/processor/$(DEPDIR)/$(am__dirstamp)
+src/processor/libtps_la-RA_Renew_Processor.lo:  \
+	src/processor/$(am__dirstamp) \
+	src/processor/$(DEPDIR)/$(am__dirstamp)
+src/processor/libtps_la-RA_Unblock_Processor.lo:  \
+	src/processor/$(am__dirstamp) \
+	src/processor/$(DEPDIR)/$(am__dirstamp)
+src/processor/libtps_la-RA_Format_Processor.lo:  \
+	src/processor/$(am__dirstamp) \
+	src/processor/$(DEPDIR)/$(am__dirstamp)
+libtps.la: $(libtps_la_OBJECTS) $(libtps_la_DEPENDENCIES) 
+	$(CXXLINK) -rpath $(libdir) $(libtps_la_LDFLAGS) $(libtps_la_OBJECTS) $(libtps_la_LIBADD) $(LIBS)
+src/modules/tokendb/$(am__dirstamp):
+	@$(mkdir_p) src/modules/tokendb
+	@: > src/modules/tokendb/$(am__dirstamp)
+src/modules/tokendb/$(DEPDIR)/$(am__dirstamp):
+	@$(mkdir_p) src/modules/tokendb/$(DEPDIR)
+	@: > src/modules/tokendb/$(DEPDIR)/$(am__dirstamp)
+src/modules/tokendb/mod_tokendb_la-mod_tokendb.lo:  \
+	src/modules/tokendb/$(am__dirstamp) \
+	src/modules/tokendb/$(DEPDIR)/$(am__dirstamp)
+mod_tokendb.la: $(mod_tokendb_la_OBJECTS) $(mod_tokendb_la_DEPENDENCIES) 
+	$(CXXLINK) -rpath $(apache_modulesdir) $(mod_tokendb_la_LDFLAGS) $(mod_tokendb_la_OBJECTS) $(mod_tokendb_la_LIBADD) $(LIBS)
+src/modules/tps/$(am__dirstamp):
+	@$(mkdir_p) src/modules/tps
+	@: > src/modules/tps/$(am__dirstamp)
+src/modules/tps/$(DEPDIR)/$(am__dirstamp):
+	@$(mkdir_p) src/modules/tps/$(DEPDIR)
+	@: > src/modules/tps/$(DEPDIR)/$(am__dirstamp)
+src/modules/tps/mod_tps_la-AP_Context.lo:  \
+	src/modules/tps/$(am__dirstamp) \
+	src/modules/tps/$(DEPDIR)/$(am__dirstamp)
+src/modules/tps/mod_tps_la-AP_Session.lo:  \
+	src/modules/tps/$(am__dirstamp) \
+	src/modules/tps/$(DEPDIR)/$(am__dirstamp)
+src/modules/tps/mod_tps_la-mod_tps.lo:  \
+	src/modules/tps/$(am__dirstamp) \
+	src/modules/tps/$(DEPDIR)/$(am__dirstamp)
+mod_tps.la: $(mod_tps_la_OBJECTS) $(mod_tps_la_DEPENDENCIES) 
+	$(CXXLINK) -rpath $(apache_modulesdir) $(mod_tps_la_LDFLAGS) $(mod_tps_la_OBJECTS) $(mod_tps_la_LIBADD) $(LIBS)
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	test -z "$(libexecdir)" || $(mkdir_p) "$(DESTDIR)$(libexecdir)"
+	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
+	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+	  if test -f $$p \
+	     || test -f $$p1 \
+	  ; then \
+	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
+	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
+	  else :; fi; \
+	done
+
+uninstall-libexecPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
+	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+	  echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
+	done
+
+clean-libexecPROGRAMS:
+	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
+	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+	  echo " rm -f $$p $$f"; \
+	  rm -f $$p $$f ; \
+	done
+tools/raclient/$(am__dirstamp):
+	@$(mkdir_p) tools/raclient
+	@: > tools/raclient/$(am__dirstamp)
+tools/raclient/$(DEPDIR)/$(am__dirstamp):
+	@$(mkdir_p) tools/raclient/$(DEPDIR)
+	@: > tools/raclient/$(DEPDIR)/$(am__dirstamp)
+tools/raclient/tpsclient-RA_Client.$(OBJEXT):  \
+	tools/raclient/$(am__dirstamp) \
+	tools/raclient/$(DEPDIR)/$(am__dirstamp)
+tools/raclient/tpsclient-RA_Conn.$(OBJEXT):  \
+	tools/raclient/$(am__dirstamp) \
+	tools/raclient/$(DEPDIR)/$(am__dirstamp)
+tools/raclient/tpsclient-RA_Token.$(OBJEXT):  \
+	tools/raclient/$(am__dirstamp) \
+	tools/raclient/$(DEPDIR)/$(am__dirstamp)
+src/main/tpsclient-Buffer.$(OBJEXT): src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/tpsclient-NameValueSet.$(OBJEXT): src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/tpsclient-Util.$(OBJEXT): src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/tpsclient-AuthParams.$(OBJEXT): src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-APDU.$(OBJEXT): src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-APDU_Response.$(OBJEXT): src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Create_Object_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Create_Pin_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Delete_File_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-External_Authenticate_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Format_Muscle_Applet_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Generate_Key_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Get_Data_APDU.$(OBJEXT): src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Get_Status_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Get_Version_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Initialize_Update_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Install_Applet_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Install_Load_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Lifecycle_APDU.$(OBJEXT): src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-List_Objects_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Set_IssuerInfo_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Get_IssuerInfo_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-List_Pins_APDU.$(OBJEXT): src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Load_File_APDU.$(OBJEXT): src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Put_Key_APDU.$(OBJEXT): src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Read_Buffer_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Read_Object_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Select_APDU.$(OBJEXT): src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Set_Pin_APDU.$(OBJEXT): src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Unblock_Pin_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Write_Object_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Import_Key_Enc_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/main/tpsclient-RA_Msg.$(OBJEXT): src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_Begin_Op_Msg.$(OBJEXT): src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_End_Op_Msg.$(OBJEXT): src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_Login_Request_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_Login_Response_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_Extended_Login_Request_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_Extended_Login_Response_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_ASQ_Request_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_ASQ_Response_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_New_Pin_Request_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_New_Pin_Response_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_SecureId_Request_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_SecureId_Response_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_Status_Update_Request_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_Status_Update_Response_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_Token_PDU_Request_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_Token_PDU_Response_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+tpsclient$(EXEEXT): $(tpsclient_OBJECTS) $(tpsclient_DEPENDENCIES) 
+	@rm -f tpsclient$(EXEEXT)
+	$(CXXLINK) $(tpsclient_LDFLAGS) $(tpsclient_OBJECTS) $(tpsclient_LDADD) $(LIBS)
+install-binSCRIPTS: $(bin_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(bindir)" || $(mkdir_p) "$(DESTDIR)$(bindir)"
+	@list='$(bin_SCRIPTS)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f $$d$$p; then \
+	    f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	    echo " $(binSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+	    $(binSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(bindir)/$$f"; \
+	  else :; fi; \
+	done
+
+uninstall-binSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(bin_SCRIPTS)'; for p in $$list; do \
+	  f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
+	done
+install-cgibin_demoSCRIPTS: $(cgibin_demo_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(cgibin_demodir)" || $(mkdir_p) "$(DESTDIR)$(cgibin_demodir)"
+	@list='$(cgibin_demo_SCRIPTS)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f $$d$$p; then \
+	    f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	    echo " $(cgibin_demoSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(cgibin_demodir)/$$f'"; \
+	    $(cgibin_demoSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(cgibin_demodir)/$$f"; \
+	  else :; fi; \
+	done
+
+uninstall-cgibin_demoSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(cgibin_demo_SCRIPTS)'; for p in $$list; do \
+	  f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	  echo " rm -f '$(DESTDIR)$(cgibin_demodir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(cgibin_demodir)/$$f"; \
+	done
+install-cgibin_homeSCRIPTS: $(cgibin_home_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(cgibin_homedir)" || $(mkdir_p) "$(DESTDIR)$(cgibin_homedir)"
+	@list='$(cgibin_home_SCRIPTS)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f $$d$$p; then \
+	    f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	    echo " $(cgibin_homeSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(cgibin_homedir)/$$f'"; \
+	    $(cgibin_homeSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(cgibin_homedir)/$$f"; \
+	  else :; fi; \
+	done
+
+uninstall-cgibin_homeSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(cgibin_home_SCRIPTS)'; for p in $$list; do \
+	  f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	  echo " rm -f '$(DESTDIR)$(cgibin_homedir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(cgibin_homedir)/$$f"; \
+	done
+install-cgibin_soSCRIPTS: $(cgibin_so_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(cgibin_sodir)" || $(mkdir_p) "$(DESTDIR)$(cgibin_sodir)"
+	@list='$(cgibin_so_SCRIPTS)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f $$d$$p; then \
+	    f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	    echo " $(cgibin_soSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(cgibin_sodir)/$$f'"; \
+	    $(cgibin_soSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(cgibin_sodir)/$$f"; \
+	  else :; fi; \
+	done
+
+uninstall-cgibin_soSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(cgibin_so_SCRIPTS)'; for p in $$list; do \
+	  f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	  echo " rm -f '$(DESTDIR)$(cgibin_sodir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(cgibin_sodir)/$$f"; \
+	done
+install-cgibin_sowSCRIPTS: $(cgibin_sow_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(cgibin_sowdir)" || $(mkdir_p) "$(DESTDIR)$(cgibin_sowdir)"
+	@list='$(cgibin_sow_SCRIPTS)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f $$d$$p; then \
+	    f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	    echo " $(cgibin_sowSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(cgibin_sowdir)/$$f'"; \
+	    $(cgibin_sowSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(cgibin_sowdir)/$$f"; \
+	  else :; fi; \
+	done
+
+uninstall-cgibin_sowSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(cgibin_sow_SCRIPTS)'; for p in $$list; do \
+	  f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	  echo " rm -f '$(DESTDIR)$(cgibin_sowdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(cgibin_sowdir)/$$f"; \
+	done
+install-initdSCRIPTS: $(initd_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(initddir)" || $(mkdir_p) "$(DESTDIR)$(initddir)"
+	@list='$(initd_SCRIPTS)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f $$d$$p; then \
+	    f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	    echo " $(initdSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(initddir)/$$f'"; \
+	    $(initdSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(initddir)/$$f"; \
+	  else :; fi; \
+	done
+
+uninstall-initdSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(initd_SCRIPTS)'; for p in $$list; do \
+	  f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	  echo " rm -f '$(DESTDIR)$(initddir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(initddir)/$$f"; \
+	done
+install-libexecSCRIPTS: $(libexec_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(libexecdir)" || $(mkdir_p) "$(DESTDIR)$(libexecdir)"
+	@list='$(libexec_SCRIPTS)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f $$d$$p; then \
+	    f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	    echo " $(libexecSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
+	    $(libexecSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(libexecdir)/$$f"; \
+	  else :; fi; \
+	done
+
+uninstall-libexecSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(libexec_SCRIPTS)'; for p in $$list; do \
+	  f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	  echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
+	done
+install-perl_modulesSCRIPTS: $(perl_modules_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(perl_modulesdir)" || $(mkdir_p) "$(DESTDIR)$(perl_modulesdir)"
+	@list='$(perl_modules_SCRIPTS)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f $$d$$p; then \
+	    f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	    echo " $(perl_modulesSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(perl_modulesdir)/$$f'"; \
+	    $(perl_modulesSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(perl_modulesdir)/$$f"; \
+	  else :; fi; \
+	done
+
+uninstall-perl_modulesSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(perl_modules_SCRIPTS)'; for p in $$list; do \
+	  f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	  echo " rm -f '$(DESTDIR)$(perl_modulesdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(perl_modulesdir)/$$f"; \
+	done
+install-perl_templatesSCRIPTS: $(perl_templates_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(perl_templatesdir)" || $(mkdir_p) "$(DESTDIR)$(perl_templatesdir)"
+	@list='$(perl_templates_SCRIPTS)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f $$d$$p; then \
+	    f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	    echo " $(perl_templatesSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(perl_templatesdir)/$$f'"; \
+	    $(perl_templatesSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(perl_templatesdir)/$$f"; \
+	  else :; fi; \
+	done
+
+uninstall-perl_templatesSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(perl_templates_SCRIPTS)'; for p in $$list; do \
+	  f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	  echo " rm -f '$(DESTDIR)$(perl_templatesdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(perl_templatesdir)/$$f"; \
+	done
+install-scriptsSCRIPTS: $(scripts_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(scriptsdir)" || $(mkdir_p) "$(DESTDIR)$(scriptsdir)"
+	@list='$(scripts_SCRIPTS)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f $$d$$p; then \
+	    f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	    echo " $(scriptsSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(scriptsdir)/$$f'"; \
+	    $(scriptsSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(scriptsdir)/$$f"; \
+	  else :; fi; \
+	done
+
+uninstall-scriptsSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(scripts_SCRIPTS)'; for p in $$list; do \
+	  f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	  echo " rm -f '$(DESTDIR)$(scriptsdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(scriptsdir)/$$f"; \
+	done
+install-setupSCRIPTS: $(setup_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(setupdir)" || $(mkdir_p) "$(DESTDIR)$(setupdir)"
+	@list='$(setup_SCRIPTS)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f $$d$$p; then \
+	    f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	    echo " $(setupSCRIPT_INSTALL) '$$d$$p' '$(DESTDIR)$(setupdir)/$$f'"; \
+	    $(setupSCRIPT_INSTALL) "$$d$$p" "$(DESTDIR)$(setupdir)/$$f"; \
+	  else :; fi; \
+	done
+
+uninstall-setupSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(setup_SCRIPTS)'; for p in $$list; do \
+	  f=`echo "$$p" | sed 's|^.*/||;$(transform)'`; \
+	  echo " rm -f '$(DESTDIR)$(setupdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(setupdir)/$$f"; \
+	done
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-APDU.lo
+	-rm -f src/apdu/libtps_la-APDU_Response.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-APDU_Response.lo
+	-rm -f src/apdu/libtps_la-Create_Object_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Create_Object_APDU.lo
+	-rm -f src/apdu/libtps_la-Create_Pin_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Create_Pin_APDU.lo
+	-rm -f src/apdu/libtps_la-Delete_File_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Delete_File_APDU.lo
+	-rm -f src/apdu/libtps_la-External_Authenticate_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-External_Authenticate_APDU.lo
+	-rm -f src/apdu/libtps_la-Format_Muscle_Applet_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Format_Muscle_Applet_APDU.lo
+	-rm -f src/apdu/libtps_la-Generate_Key_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Generate_Key_APDU.lo
+	-rm -f src/apdu/libtps_la-Get_Data_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Get_Data_APDU.lo
+	-rm -f src/apdu/libtps_la-Get_IssuerInfo_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Get_IssuerInfo_APDU.lo
+	-rm -f src/apdu/libtps_la-Get_Status_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Get_Status_APDU.lo
+	-rm -f src/apdu/libtps_la-Get_Version_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Get_Version_APDU.lo
+	-rm -f src/apdu/libtps_la-Import_Key_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Import_Key_APDU.lo
+	-rm -f src/apdu/libtps_la-Import_Key_Enc_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Import_Key_Enc_APDU.lo
+	-rm -f src/apdu/libtps_la-Initialize_Update_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Initialize_Update_APDU.lo
+	-rm -f src/apdu/libtps_la-Install_Applet_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Install_Applet_APDU.lo
+	-rm -f src/apdu/libtps_la-Install_Load_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Install_Load_APDU.lo
+	-rm -f src/apdu/libtps_la-Lifecycle_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Lifecycle_APDU.lo
+	-rm -f src/apdu/libtps_la-List_Objects_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-List_Objects_APDU.lo
+	-rm -f src/apdu/libtps_la-List_Pins_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-List_Pins_APDU.lo
+	-rm -f src/apdu/libtps_la-Load_File_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Load_File_APDU.lo
+	-rm -f src/apdu/libtps_la-Put_Key_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Put_Key_APDU.lo
+	-rm -f src/apdu/libtps_la-Read_Buffer_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Read_Buffer_APDU.lo
+	-rm -f src/apdu/libtps_la-Read_Object_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Read_Object_APDU.lo
+	-rm -f src/apdu/libtps_la-Select_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Select_APDU.lo
+	-rm -f src/apdu/libtps_la-Set_IssuerInfo_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Set_IssuerInfo_APDU.lo
+	-rm -f src/apdu/libtps_la-Set_Pin_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Set_Pin_APDU.lo
+	-rm -f src/apdu/libtps_la-Unblock_Pin_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Unblock_Pin_APDU.lo
+	-rm -f src/apdu/libtps_la-Write_Object_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Write_Object_APDU.lo
+	-rm -f src/apdu/tpsclient-APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-APDU_Response.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Create_Object_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Create_Pin_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Delete_File_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-External_Authenticate_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Format_Muscle_Applet_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Generate_Key_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Get_Data_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Get_IssuerInfo_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Get_Status_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Get_Version_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Import_Key_Enc_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Initialize_Update_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Install_Applet_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Install_Load_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Lifecycle_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-List_Objects_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-List_Pins_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Load_File_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Put_Key_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Read_Buffer_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Read_Object_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Select_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Set_IssuerInfo_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Set_Pin_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Unblock_Pin_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Write_Object_APDU.$(OBJEXT)
+	-rm -f src/authentication/libldapauth_la-LDAP_Authentication.$(OBJEXT)
+	-rm -f src/authentication/libldapauth_la-LDAP_Authentication.lo
+	-rm -f src/channel/libtps_la-Channel.$(OBJEXT)
+	-rm -f src/channel/libtps_la-Channel.lo
+	-rm -f src/channel/libtps_la-Secure_Channel.$(OBJEXT)
+	-rm -f src/channel/libtps_la-Secure_Channel.lo
+	-rm -f src/cms/libtps_la-CertEnroll.$(OBJEXT)
+	-rm -f src/cms/libtps_la-CertEnroll.lo
+	-rm -f src/cms/libtps_la-ConnectionInfo.$(OBJEXT)
+	-rm -f src/cms/libtps_la-ConnectionInfo.lo
+	-rm -f src/cms/libtps_la-HttpConnection.$(OBJEXT)
+	-rm -f src/cms/libtps_la-HttpConnection.lo
+	-rm -f src/engine/libtps_la-RA.$(OBJEXT)
+	-rm -f src/engine/libtps_la-RA.lo
+	-rm -f src/httpClient/libtps_la-Cache.$(OBJEXT)
+	-rm -f src/httpClient/libtps_la-Cache.lo
+	-rm -f src/httpClient/libtps_la-engine.$(OBJEXT)
+	-rm -f src/httpClient/libtps_la-engine.lo
+	-rm -f src/httpClient/libtps_la-http.$(OBJEXT)
+	-rm -f src/httpClient/libtps_la-http.lo
+	-rm -f src/httpClient/libtps_la-httpClient.$(OBJEXT)
+	-rm -f src/httpClient/libtps_la-httpClient.lo
+	-rm -f src/httpClient/libtps_la-nscperror.$(OBJEXT)
+	-rm -f src/httpClient/libtps_la-nscperror.lo
+	-rm -f src/httpClient/libtps_la-request.$(OBJEXT)
+	-rm -f src/httpClient/libtps_la-request.lo
+	-rm -f src/httpClient/libtps_la-response.$(OBJEXT)
+	-rm -f src/httpClient/libtps_la-response.lo
+	-rm -f src/main/libtps_la-AttributeSpec.$(OBJEXT)
+	-rm -f src/main/libtps_la-AttributeSpec.lo
+	-rm -f src/main/libtps_la-AuthParams.$(OBJEXT)
+	-rm -f src/main/libtps_la-AuthParams.lo
+	-rm -f src/main/libtps_la-Authentication.$(OBJEXT)
+	-rm -f src/main/libtps_la-Authentication.lo
+	-rm -f src/main/libtps_la-AuthenticationEntry.$(OBJEXT)
+	-rm -f src/main/libtps_la-AuthenticationEntry.lo
+	-rm -f src/main/libtps_la-Buffer.$(OBJEXT)
+	-rm -f src/main/libtps_la-Buffer.lo
+	-rm -f src/main/libtps_la-ConfigStore.$(OBJEXT)
+	-rm -f src/main/libtps_la-ConfigStore.lo
+	-rm -f src/main/libtps_la-Login.$(OBJEXT)
+	-rm -f src/main/libtps_la-Login.lo
+	-rm -f src/main/libtps_la-Memory.$(OBJEXT)
+	-rm -f src/main/libtps_la-Memory.lo
+	-rm -f src/main/libtps_la-NameValueSet.$(OBJEXT)
+	-rm -f src/main/libtps_la-NameValueSet.lo
+	-rm -f src/main/libtps_la-ObjectSpec.$(OBJEXT)
+	-rm -f src/main/libtps_la-ObjectSpec.lo
+	-rm -f src/main/libtps_la-PKCS11Obj.$(OBJEXT)
+	-rm -f src/main/libtps_la-PKCS11Obj.lo
+	-rm -f src/main/libtps_la-RA_Context.$(OBJEXT)
+	-rm -f src/main/libtps_la-RA_Context.lo
+	-rm -f src/main/libtps_la-RA_Msg.$(OBJEXT)
+	-rm -f src/main/libtps_la-RA_Msg.lo
+	-rm -f src/main/libtps_la-RA_Session.$(OBJEXT)
+	-rm -f src/main/libtps_la-RA_Session.lo
+	-rm -f src/main/libtps_la-RA_pblock.$(OBJEXT)
+	-rm -f src/main/libtps_la-RA_pblock.lo
+	-rm -f src/main/libtps_la-SecureId.$(OBJEXT)
+	-rm -f src/main/libtps_la-SecureId.lo
+	-rm -f src/main/libtps_la-Util.$(OBJEXT)
+	-rm -f src/main/libtps_la-Util.lo
+	-rm -f src/main/tpsclient-AuthParams.$(OBJEXT)
+	-rm -f src/main/tpsclient-Buffer.$(OBJEXT)
+	-rm -f src/main/tpsclient-NameValueSet.$(OBJEXT)
+	-rm -f src/main/tpsclient-RA_Msg.$(OBJEXT)
+	-rm -f src/main/tpsclient-Util.$(OBJEXT)
+	-rm -f src/modules/tokendb/mod_tokendb_la-mod_tokendb.$(OBJEXT)
+	-rm -f src/modules/tokendb/mod_tokendb_la-mod_tokendb.lo
+	-rm -f src/modules/tps/mod_tps_la-AP_Context.$(OBJEXT)
+	-rm -f src/modules/tps/mod_tps_la-AP_Context.lo
+	-rm -f src/modules/tps/mod_tps_la-AP_Session.$(OBJEXT)
+	-rm -f src/modules/tps/mod_tps_la-AP_Session.lo
+	-rm -f src/modules/tps/mod_tps_la-mod_tps.$(OBJEXT)
+	-rm -f src/modules/tps/mod_tps_la-mod_tps.lo
+	-rm -f src/msg/libtps_la-RA_ASQ_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_ASQ_Request_Msg.lo
+	-rm -f src/msg/libtps_la-RA_ASQ_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_ASQ_Response_Msg.lo
+	-rm -f src/msg/libtps_la-RA_Begin_Op_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_Begin_Op_Msg.lo
+	-rm -f src/msg/libtps_la-RA_End_Op_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_End_Op_Msg.lo
+	-rm -f src/msg/libtps_la-RA_Extended_Login_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_Extended_Login_Request_Msg.lo
+	-rm -f src/msg/libtps_la-RA_Extended_Login_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_Extended_Login_Response_Msg.lo
+	-rm -f src/msg/libtps_la-RA_Login_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_Login_Request_Msg.lo
+	-rm -f src/msg/libtps_la-RA_Login_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_Login_Response_Msg.lo
+	-rm -f src/msg/libtps_la-RA_New_Pin_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_New_Pin_Request_Msg.lo
+	-rm -f src/msg/libtps_la-RA_New_Pin_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_New_Pin_Response_Msg.lo
+	-rm -f src/msg/libtps_la-RA_SecureId_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_SecureId_Request_Msg.lo
+	-rm -f src/msg/libtps_la-RA_SecureId_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_SecureId_Response_Msg.lo
+	-rm -f src/msg/libtps_la-RA_Status_Update_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_Status_Update_Request_Msg.lo
+	-rm -f src/msg/libtps_la-RA_Status_Update_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_Status_Update_Response_Msg.lo
+	-rm -f src/msg/libtps_la-RA_Token_PDU_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_Token_PDU_Request_Msg.lo
+	-rm -f src/msg/libtps_la-RA_Token_PDU_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_Token_PDU_Response_Msg.lo
+	-rm -f src/msg/tpsclient-RA_ASQ_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_ASQ_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_Begin_Op_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_End_Op_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_Extended_Login_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_Extended_Login_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_Login_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_Login_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_New_Pin_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_New_Pin_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_SecureId_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_SecureId_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_Status_Update_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_Status_Update_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_Token_PDU_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_Token_PDU_Response_Msg.$(OBJEXT)
+	-rm -f src/processor/libtps_la-RA_Enroll_Processor.$(OBJEXT)
+	-rm -f src/processor/libtps_la-RA_Enroll_Processor.lo
+	-rm -f src/processor/libtps_la-RA_Format_Processor.$(OBJEXT)
+	-rm -f src/processor/libtps_la-RA_Format_Processor.lo
+	-rm -f src/processor/libtps_la-RA_Pin_Reset_Processor.$(OBJEXT)
+	-rm -f src/processor/libtps_la-RA_Pin_Reset_Processor.lo
+	-rm -f src/processor/libtps_la-RA_Processor.$(OBJEXT)
+	-rm -f src/processor/libtps_la-RA_Processor.lo
+	-rm -f src/processor/libtps_la-RA_Renew_Processor.$(OBJEXT)
+	-rm -f src/processor/libtps_la-RA_Renew_Processor.lo
+	-rm -f src/processor/libtps_la-RA_Unblock_Processor.$(OBJEXT)
+	-rm -f src/processor/libtps_la-RA_Unblock_Processor.lo
+	-rm -f src/tus/libtokendb_la-tus_db.$(OBJEXT)
+	-rm -f src/tus/libtokendb_la-tus_db.lo
+	-rm -f tools/raclient/tpsclient-RA_Client.$(OBJEXT)
+	-rm -f tools/raclient/tpsclient-RA_Conn.$(OBJEXT)
+	-rm -f tools/raclient/tpsclient-RA_Token.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-APDU_Response.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Create_Object_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Create_Pin_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Delete_File_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-External_Authenticate_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Format_Muscle_Applet_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Generate_Key_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Get_Data_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Get_IssuerInfo_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Get_Status_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Get_Version_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Import_Key_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Import_Key_Enc_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Initialize_Update_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Install_Applet_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Install_Load_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Lifecycle_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-List_Objects_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-List_Pins_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Load_File_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Put_Key_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Read_Buffer_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Read_Object_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Select_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Set_IssuerInfo_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Set_Pin_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Unblock_Pin_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Write_Object_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-APDU_Response.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Create_Object_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Create_Pin_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Delete_File_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-External_Authenticate_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Format_Muscle_Applet_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Generate_Key_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Get_Data_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Get_IssuerInfo_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Get_Status_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Get_Version_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Import_Key_Enc_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Initialize_Update_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Install_Applet_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Install_Load_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Lifecycle_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-List_Objects_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-List_Pins_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Load_File_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Put_Key_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Read_Buffer_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Read_Object_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Select_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Set_IssuerInfo_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Set_Pin_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Unblock_Pin_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Write_Object_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/authentication/$(DEPDIR)/libldapauth_la-LDAP_Authentication.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/channel/$(DEPDIR)/libtps_la-Channel.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/channel/$(DEPDIR)/libtps_la-Secure_Channel.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/cms/$(DEPDIR)/libtps_la-CertEnroll.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/cms/$(DEPDIR)/libtps_la-ConnectionInfo.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/cms/$(DEPDIR)/libtps_la-HttpConnection.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/engine/$(DEPDIR)/libtps_la-RA.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/httpClient/$(DEPDIR)/libtps_la-Cache.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/httpClient/$(DEPDIR)/libtps_la-engine.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/httpClient/$(DEPDIR)/libtps_la-http.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/httpClient/$(DEPDIR)/libtps_la-httpClient.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/httpClient/$(DEPDIR)/libtps_la-nscperror.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/httpClient/$(DEPDIR)/libtps_la-request.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/httpClient/$(DEPDIR)/libtps_la-response.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-AttributeSpec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-AuthParams.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-Authentication.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-AuthenticationEntry.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-Buffer.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-ConfigStore.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-Login.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-Memory.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-NameValueSet.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-ObjectSpec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-PKCS11Obj.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-RA_Context.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-RA_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-RA_Session.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-RA_pblock.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-SecureId.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-Util.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/tpsclient-AuthParams.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/tpsclient-Buffer.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/tpsclient-NameValueSet.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/tpsclient-RA_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/tpsclient-Util.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/modules/tokendb/$(DEPDIR)/mod_tokendb_la-mod_tokendb.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/modules/tps/$(DEPDIR)/mod_tps_la-AP_Context.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/modules/tps/$(DEPDIR)/mod_tps_la-AP_Session.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/modules/tps/$(DEPDIR)/mod_tps_la-mod_tps.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_ASQ_Request_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_ASQ_Response_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_Begin_Op_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_End_Op_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_Extended_Login_Request_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_Extended_Login_Response_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_Login_Request_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_Login_Response_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_New_Pin_Request_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_New_Pin_Response_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_SecureId_Request_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_SecureId_Response_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_Status_Update_Request_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_Status_Update_Response_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_Token_PDU_Request_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_Token_PDU_Response_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Request_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Response_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_Begin_Op_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_End_Op_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Request_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Response_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_Login_Request_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_Login_Response_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Request_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Response_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Request_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Response_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Request_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Response_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Request_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Response_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/processor/$(DEPDIR)/libtps_la-RA_Enroll_Processor.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/processor/$(DEPDIR)/libtps_la-RA_Format_Processor.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/processor/$(DEPDIR)/libtps_la-RA_Pin_Reset_Processor.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/processor/$(DEPDIR)/libtps_la-RA_Processor.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/processor/$(DEPDIR)/libtps_la-RA_Renew_Processor.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/processor/$(DEPDIR)/libtps_la-RA_Unblock_Processor.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/tus/$(DEPDIR)/libtokendb_la-tus_db.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tools/raclient/$(DEPDIR)/tpsclient-RA_Client.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tools/raclient/$(DEPDIR)/tpsclient-RA_Conn.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tools/raclient/$(DEPDIR)/tpsclient-RA_Token.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`; \
+@am__fastdepCC_TRUE@	if $(COMPILE) -MT $@ -MD -MP -MF "$$depbase.Tpo" -c -o $@ $<; \
+@am__fastdepCC_TRUE@	then mv -f "$$depbase.Tpo" "$$depbase.Po"; else rm -f "$$depbase.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`; \
+@am__fastdepCC_TRUE@	if $(COMPILE) -MT $@ -MD -MP -MF "$$depbase.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \
+@am__fastdepCC_TRUE@	then mv -f "$$depbase.Tpo" "$$depbase.Po"; else rm -f "$$depbase.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`; \
+@am__fastdepCC_TRUE@	if $(LTCOMPILE) -MT $@ -MD -MP -MF "$$depbase.Tpo" -c -o $@ $<; \
+@am__fastdepCC_TRUE@	then mv -f "$$depbase.Tpo" "$$depbase.Plo"; else rm -f "$$depbase.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+
+src/tus/libtokendb_la-tus_db.lo: src/tus/tus_db.c
+@am__fastdepCC_TRUE@	if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtokendb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT src/tus/libtokendb_la-tus_db.lo -MD -MP -MF "src/tus/$(DEPDIR)/libtokendb_la-tus_db.Tpo" -c -o src/tus/libtokendb_la-tus_db.lo `test -f 'src/tus/tus_db.c' || echo '$(srcdir)/'`src/tus/tus_db.c; \
+@am__fastdepCC_TRUE@	then mv -f "src/tus/$(DEPDIR)/libtokendb_la-tus_db.Tpo" "src/tus/$(DEPDIR)/libtokendb_la-tus_db.Plo"; else rm -f "src/tus/$(DEPDIR)/libtokendb_la-tus_db.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='src/tus/tus_db.c' object='src/tus/libtokendb_la-tus_db.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtokendb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o src/tus/libtokendb_la-tus_db.lo `test -f 'src/tus/tus_db.c' || echo '$(srcdir)/'`src/tus/tus_db.c
+
+.cpp.o:
+@am__fastdepCXX_TRUE@	depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`; \
+@am__fastdepCXX_TRUE@	if $(CXXCOMPILE) -MT $@ -MD -MP -MF "$$depbase.Tpo" -c -o $@ $<; \
+@am__fastdepCXX_TRUE@	then mv -f "$$depbase.Tpo" "$$depbase.Po"; else rm -f "$$depbase.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXXCOMPILE) -c -o $@ $<
+
+.cpp.obj:
+@am__fastdepCXX_TRUE@	depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`; \
+@am__fastdepCXX_TRUE@	if $(CXXCOMPILE) -MT $@ -MD -MP -MF "$$depbase.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \
+@am__fastdepCXX_TRUE@	then mv -f "$$depbase.Tpo" "$$depbase.Po"; else rm -f "$$depbase.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXXCOMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.cpp.lo:
+@am__fastdepCXX_TRUE@	depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`; \
+@am__fastdepCXX_TRUE@	if $(LTCXXCOMPILE) -MT $@ -MD -MP -MF "$$depbase.Tpo" -c -o $@ $<; \
+@am__fastdepCXX_TRUE@	then mv -f "$$depbase.Tpo" "$$depbase.Plo"; else rm -f "$$depbase.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LTCXXCOMPILE) -c -o $@ $<
+
+src/authentication/libldapauth_la-LDAP_Authentication.lo: src/authentication/LDAP_Authentication.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libldapauth_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/authentication/libldapauth_la-LDAP_Authentication.lo -MD -MP -MF "src/authentication/$(DEPDIR)/libldapauth_la-LDAP_Authentication.Tpo" -c -o src/authentication/libldapauth_la-LDAP_Authentication.lo `test -f 'src/authentication/LDAP_Authentication.cpp' || echo '$(srcdir)/'`src/authentication/LDAP_Authentication.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/authentication/$(DEPDIR)/libldapauth_la-LDAP_Authentication.Tpo" "src/authentication/$(DEPDIR)/libldapauth_la-LDAP_Authentication.Plo"; else rm -f "src/authentication/$(DEPDIR)/libldapauth_la-LDAP_Authentication.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/authentication/LDAP_Authentication.cpp' object='src/authentication/libldapauth_la-LDAP_Authentication.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libldapauth_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/authentication/libldapauth_la-LDAP_Authentication.lo `test -f 'src/authentication/LDAP_Authentication.cpp' || echo '$(srcdir)/'`src/authentication/LDAP_Authentication.cpp
+
+src/main/libtps_la-Buffer.lo: src/main/Buffer.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-Buffer.lo -MD -MP -MF "src/main/$(DEPDIR)/libtps_la-Buffer.Tpo" -c -o src/main/libtps_la-Buffer.lo `test -f 'src/main/Buffer.cpp' || echo '$(srcdir)/'`src/main/Buffer.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/libtps_la-Buffer.Tpo" "src/main/$(DEPDIR)/libtps_la-Buffer.Plo"; else rm -f "src/main/$(DEPDIR)/libtps_la-Buffer.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/Buffer.cpp' object='src/main/libtps_la-Buffer.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-Buffer.lo `test -f 'src/main/Buffer.cpp' || echo '$(srcdir)/'`src/main/Buffer.cpp
+
+src/main/libtps_la-NameValueSet.lo: src/main/NameValueSet.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-NameValueSet.lo -MD -MP -MF "src/main/$(DEPDIR)/libtps_la-NameValueSet.Tpo" -c -o src/main/libtps_la-NameValueSet.lo `test -f 'src/main/NameValueSet.cpp' || echo '$(srcdir)/'`src/main/NameValueSet.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/libtps_la-NameValueSet.Tpo" "src/main/$(DEPDIR)/libtps_la-NameValueSet.Plo"; else rm -f "src/main/$(DEPDIR)/libtps_la-NameValueSet.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/NameValueSet.cpp' object='src/main/libtps_la-NameValueSet.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-NameValueSet.lo `test -f 'src/main/NameValueSet.cpp' || echo '$(srcdir)/'`src/main/NameValueSet.cpp
+
+src/main/libtps_la-ConfigStore.lo: src/main/ConfigStore.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-ConfigStore.lo -MD -MP -MF "src/main/$(DEPDIR)/libtps_la-ConfigStore.Tpo" -c -o src/main/libtps_la-ConfigStore.lo `test -f 'src/main/ConfigStore.cpp' || echo '$(srcdir)/'`src/main/ConfigStore.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/libtps_la-ConfigStore.Tpo" "src/main/$(DEPDIR)/libtps_la-ConfigStore.Plo"; else rm -f "src/main/$(DEPDIR)/libtps_la-ConfigStore.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/ConfigStore.cpp' object='src/main/libtps_la-ConfigStore.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-ConfigStore.lo `test -f 'src/main/ConfigStore.cpp' || echo '$(srcdir)/'`src/main/ConfigStore.cpp
+
+src/main/libtps_la-Util.lo: src/main/Util.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-Util.lo -MD -MP -MF "src/main/$(DEPDIR)/libtps_la-Util.Tpo" -c -o src/main/libtps_la-Util.lo `test -f 'src/main/Util.cpp' || echo '$(srcdir)/'`src/main/Util.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/libtps_la-Util.Tpo" "src/main/$(DEPDIR)/libtps_la-Util.Plo"; else rm -f "src/main/$(DEPDIR)/libtps_la-Util.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/Util.cpp' object='src/main/libtps_la-Util.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-Util.lo `test -f 'src/main/Util.cpp' || echo '$(srcdir)/'`src/main/Util.cpp
+
+src/main/libtps_la-RA_Msg.lo: src/main/RA_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-RA_Msg.lo -MD -MP -MF "src/main/$(DEPDIR)/libtps_la-RA_Msg.Tpo" -c -o src/main/libtps_la-RA_Msg.lo `test -f 'src/main/RA_Msg.cpp' || echo '$(srcdir)/'`src/main/RA_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/libtps_la-RA_Msg.Tpo" "src/main/$(DEPDIR)/libtps_la-RA_Msg.Plo"; else rm -f "src/main/$(DEPDIR)/libtps_la-RA_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/RA_Msg.cpp' object='src/main/libtps_la-RA_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-RA_Msg.lo `test -f 'src/main/RA_Msg.cpp' || echo '$(srcdir)/'`src/main/RA_Msg.cpp
+
+src/main/libtps_la-RA_pblock.lo: src/main/RA_pblock.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-RA_pblock.lo -MD -MP -MF "src/main/$(DEPDIR)/libtps_la-RA_pblock.Tpo" -c -o src/main/libtps_la-RA_pblock.lo `test -f 'src/main/RA_pblock.cpp' || echo '$(srcdir)/'`src/main/RA_pblock.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/libtps_la-RA_pblock.Tpo" "src/main/$(DEPDIR)/libtps_la-RA_pblock.Plo"; else rm -f "src/main/$(DEPDIR)/libtps_la-RA_pblock.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/RA_pblock.cpp' object='src/main/libtps_la-RA_pblock.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-RA_pblock.lo `test -f 'src/main/RA_pblock.cpp' || echo '$(srcdir)/'`src/main/RA_pblock.cpp
+
+src/main/libtps_la-RA_Session.lo: src/main/RA_Session.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-RA_Session.lo -MD -MP -MF "src/main/$(DEPDIR)/libtps_la-RA_Session.Tpo" -c -o src/main/libtps_la-RA_Session.lo `test -f 'src/main/RA_Session.cpp' || echo '$(srcdir)/'`src/main/RA_Session.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/libtps_la-RA_Session.Tpo" "src/main/$(DEPDIR)/libtps_la-RA_Session.Plo"; else rm -f "src/main/$(DEPDIR)/libtps_la-RA_Session.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/RA_Session.cpp' object='src/main/libtps_la-RA_Session.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-RA_Session.lo `test -f 'src/main/RA_Session.cpp' || echo '$(srcdir)/'`src/main/RA_Session.cpp
+
+src/main/libtps_la-RA_Context.lo: src/main/RA_Context.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-RA_Context.lo -MD -MP -MF "src/main/$(DEPDIR)/libtps_la-RA_Context.Tpo" -c -o src/main/libtps_la-RA_Context.lo `test -f 'src/main/RA_Context.cpp' || echo '$(srcdir)/'`src/main/RA_Context.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/libtps_la-RA_Context.Tpo" "src/main/$(DEPDIR)/libtps_la-RA_Context.Plo"; else rm -f "src/main/$(DEPDIR)/libtps_la-RA_Context.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/RA_Context.cpp' object='src/main/libtps_la-RA_Context.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-RA_Context.lo `test -f 'src/main/RA_Context.cpp' || echo '$(srcdir)/'`src/main/RA_Context.cpp
+
+src/main/libtps_la-Login.lo: src/main/Login.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-Login.lo -MD -MP -MF "src/main/$(DEPDIR)/libtps_la-Login.Tpo" -c -o src/main/libtps_la-Login.lo `test -f 'src/main/Login.cpp' || echo '$(srcdir)/'`src/main/Login.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/libtps_la-Login.Tpo" "src/main/$(DEPDIR)/libtps_la-Login.Plo"; else rm -f "src/main/$(DEPDIR)/libtps_la-Login.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/Login.cpp' object='src/main/libtps_la-Login.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-Login.lo `test -f 'src/main/Login.cpp' || echo '$(srcdir)/'`src/main/Login.cpp
+
+src/main/libtps_la-SecureId.lo: src/main/SecureId.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-SecureId.lo -MD -MP -MF "src/main/$(DEPDIR)/libtps_la-SecureId.Tpo" -c -o src/main/libtps_la-SecureId.lo `test -f 'src/main/SecureId.cpp' || echo '$(srcdir)/'`src/main/SecureId.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/libtps_la-SecureId.Tpo" "src/main/$(DEPDIR)/libtps_la-SecureId.Plo"; else rm -f "src/main/$(DEPDIR)/libtps_la-SecureId.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/SecureId.cpp' object='src/main/libtps_la-SecureId.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-SecureId.lo `test -f 'src/main/SecureId.cpp' || echo '$(srcdir)/'`src/main/SecureId.cpp
+
+src/main/libtps_la-Memory.lo: src/main/Memory.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-Memory.lo -MD -MP -MF "src/main/$(DEPDIR)/libtps_la-Memory.Tpo" -c -o src/main/libtps_la-Memory.lo `test -f 'src/main/Memory.cpp' || echo '$(srcdir)/'`src/main/Memory.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/libtps_la-Memory.Tpo" "src/main/$(DEPDIR)/libtps_la-Memory.Plo"; else rm -f "src/main/$(DEPDIR)/libtps_la-Memory.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/Memory.cpp' object='src/main/libtps_la-Memory.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-Memory.lo `test -f 'src/main/Memory.cpp' || echo '$(srcdir)/'`src/main/Memory.cpp
+
+src/main/libtps_la-AuthenticationEntry.lo: src/main/AuthenticationEntry.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-AuthenticationEntry.lo -MD -MP -MF "src/main/$(DEPDIR)/libtps_la-AuthenticationEntry.Tpo" -c -o src/main/libtps_la-AuthenticationEntry.lo `test -f 'src/main/AuthenticationEntry.cpp' || echo '$(srcdir)/'`src/main/AuthenticationEntry.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/libtps_la-AuthenticationEntry.Tpo" "src/main/$(DEPDIR)/libtps_la-AuthenticationEntry.Plo"; else rm -f "src/main/$(DEPDIR)/libtps_la-AuthenticationEntry.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/AuthenticationEntry.cpp' object='src/main/libtps_la-AuthenticationEntry.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-AuthenticationEntry.lo `test -f 'src/main/AuthenticationEntry.cpp' || echo '$(srcdir)/'`src/main/AuthenticationEntry.cpp
+
+src/main/libtps_la-AuthParams.lo: src/main/AuthParams.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-AuthParams.lo -MD -MP -MF "src/main/$(DEPDIR)/libtps_la-AuthParams.Tpo" -c -o src/main/libtps_la-AuthParams.lo `test -f 'src/main/AuthParams.cpp' || echo '$(srcdir)/'`src/main/AuthParams.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/libtps_la-AuthParams.Tpo" "src/main/$(DEPDIR)/libtps_la-AuthParams.Plo"; else rm -f "src/main/$(DEPDIR)/libtps_la-AuthParams.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/AuthParams.cpp' object='src/main/libtps_la-AuthParams.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-AuthParams.lo `test -f 'src/main/AuthParams.cpp' || echo '$(srcdir)/'`src/main/AuthParams.cpp
+
+src/main/libtps_la-Authentication.lo: src/main/Authentication.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-Authentication.lo -MD -MP -MF "src/main/$(DEPDIR)/libtps_la-Authentication.Tpo" -c -o src/main/libtps_la-Authentication.lo `test -f 'src/main/Authentication.cpp' || echo '$(srcdir)/'`src/main/Authentication.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/libtps_la-Authentication.Tpo" "src/main/$(DEPDIR)/libtps_la-Authentication.Plo"; else rm -f "src/main/$(DEPDIR)/libtps_la-Authentication.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/Authentication.cpp' object='src/main/libtps_la-Authentication.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-Authentication.lo `test -f 'src/main/Authentication.cpp' || echo '$(srcdir)/'`src/main/Authentication.cpp
+
+src/main/libtps_la-AttributeSpec.lo: src/main/AttributeSpec.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-AttributeSpec.lo -MD -MP -MF "src/main/$(DEPDIR)/libtps_la-AttributeSpec.Tpo" -c -o src/main/libtps_la-AttributeSpec.lo `test -f 'src/main/AttributeSpec.cpp' || echo '$(srcdir)/'`src/main/AttributeSpec.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/libtps_la-AttributeSpec.Tpo" "src/main/$(DEPDIR)/libtps_la-AttributeSpec.Plo"; else rm -f "src/main/$(DEPDIR)/libtps_la-AttributeSpec.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/AttributeSpec.cpp' object='src/main/libtps_la-AttributeSpec.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-AttributeSpec.lo `test -f 'src/main/AttributeSpec.cpp' || echo '$(srcdir)/'`src/main/AttributeSpec.cpp
+
+src/main/libtps_la-ObjectSpec.lo: src/main/ObjectSpec.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-ObjectSpec.lo -MD -MP -MF "src/main/$(DEPDIR)/libtps_la-ObjectSpec.Tpo" -c -o src/main/libtps_la-ObjectSpec.lo `test -f 'src/main/ObjectSpec.cpp' || echo '$(srcdir)/'`src/main/ObjectSpec.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/libtps_la-ObjectSpec.Tpo" "src/main/$(DEPDIR)/libtps_la-ObjectSpec.Plo"; else rm -f "src/main/$(DEPDIR)/libtps_la-ObjectSpec.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/ObjectSpec.cpp' object='src/main/libtps_la-ObjectSpec.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-ObjectSpec.lo `test -f 'src/main/ObjectSpec.cpp' || echo '$(srcdir)/'`src/main/ObjectSpec.cpp
+
+src/main/libtps_la-PKCS11Obj.lo: src/main/PKCS11Obj.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-PKCS11Obj.lo -MD -MP -MF "src/main/$(DEPDIR)/libtps_la-PKCS11Obj.Tpo" -c -o src/main/libtps_la-PKCS11Obj.lo `test -f 'src/main/PKCS11Obj.cpp' || echo '$(srcdir)/'`src/main/PKCS11Obj.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/libtps_la-PKCS11Obj.Tpo" "src/main/$(DEPDIR)/libtps_la-PKCS11Obj.Plo"; else rm -f "src/main/$(DEPDIR)/libtps_la-PKCS11Obj.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/PKCS11Obj.cpp' object='src/main/libtps_la-PKCS11Obj.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-PKCS11Obj.lo `test -f 'src/main/PKCS11Obj.cpp' || echo '$(srcdir)/'`src/main/PKCS11Obj.cpp
+
+src/httpClient/libtps_la-httpClient.lo: src/httpClient/httpClient.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/httpClient/libtps_la-httpClient.lo -MD -MP -MF "src/httpClient/$(DEPDIR)/libtps_la-httpClient.Tpo" -c -o src/httpClient/libtps_la-httpClient.lo `test -f 'src/httpClient/httpClient.cpp' || echo '$(srcdir)/'`src/httpClient/httpClient.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/httpClient/$(DEPDIR)/libtps_la-httpClient.Tpo" "src/httpClient/$(DEPDIR)/libtps_la-httpClient.Plo"; else rm -f "src/httpClient/$(DEPDIR)/libtps_la-httpClient.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/httpClient/httpClient.cpp' object='src/httpClient/libtps_la-httpClient.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/httpClient/libtps_la-httpClient.lo `test -f 'src/httpClient/httpClient.cpp' || echo '$(srcdir)/'`src/httpClient/httpClient.cpp
+
+src/httpClient/libtps_la-Cache.lo: src/httpClient/Cache.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/httpClient/libtps_la-Cache.lo -MD -MP -MF "src/httpClient/$(DEPDIR)/libtps_la-Cache.Tpo" -c -o src/httpClient/libtps_la-Cache.lo `test -f 'src/httpClient/Cache.cpp' || echo '$(srcdir)/'`src/httpClient/Cache.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/httpClient/$(DEPDIR)/libtps_la-Cache.Tpo" "src/httpClient/$(DEPDIR)/libtps_la-Cache.Plo"; else rm -f "src/httpClient/$(DEPDIR)/libtps_la-Cache.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/httpClient/Cache.cpp' object='src/httpClient/libtps_la-Cache.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/httpClient/libtps_la-Cache.lo `test -f 'src/httpClient/Cache.cpp' || echo '$(srcdir)/'`src/httpClient/Cache.cpp
+
+src/httpClient/libtps_la-engine.lo: src/httpClient/engine.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/httpClient/libtps_la-engine.lo -MD -MP -MF "src/httpClient/$(DEPDIR)/libtps_la-engine.Tpo" -c -o src/httpClient/libtps_la-engine.lo `test -f 'src/httpClient/engine.cpp' || echo '$(srcdir)/'`src/httpClient/engine.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/httpClient/$(DEPDIR)/libtps_la-engine.Tpo" "src/httpClient/$(DEPDIR)/libtps_la-engine.Plo"; else rm -f "src/httpClient/$(DEPDIR)/libtps_la-engine.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/httpClient/engine.cpp' object='src/httpClient/libtps_la-engine.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/httpClient/libtps_la-engine.lo `test -f 'src/httpClient/engine.cpp' || echo '$(srcdir)/'`src/httpClient/engine.cpp
+
+src/httpClient/libtps_la-http.lo: src/httpClient/http.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/httpClient/libtps_la-http.lo -MD -MP -MF "src/httpClient/$(DEPDIR)/libtps_la-http.Tpo" -c -o src/httpClient/libtps_la-http.lo `test -f 'src/httpClient/http.cpp' || echo '$(srcdir)/'`src/httpClient/http.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/httpClient/$(DEPDIR)/libtps_la-http.Tpo" "src/httpClient/$(DEPDIR)/libtps_la-http.Plo"; else rm -f "src/httpClient/$(DEPDIR)/libtps_la-http.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/httpClient/http.cpp' object='src/httpClient/libtps_la-http.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/httpClient/libtps_la-http.lo `test -f 'src/httpClient/http.cpp' || echo '$(srcdir)/'`src/httpClient/http.cpp
+
+src/httpClient/libtps_la-response.lo: src/httpClient/response.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/httpClient/libtps_la-response.lo -MD -MP -MF "src/httpClient/$(DEPDIR)/libtps_la-response.Tpo" -c -o src/httpClient/libtps_la-response.lo `test -f 'src/httpClient/response.cpp' || echo '$(srcdir)/'`src/httpClient/response.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/httpClient/$(DEPDIR)/libtps_la-response.Tpo" "src/httpClient/$(DEPDIR)/libtps_la-response.Plo"; else rm -f "src/httpClient/$(DEPDIR)/libtps_la-response.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/httpClient/response.cpp' object='src/httpClient/libtps_la-response.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/httpClient/libtps_la-response.lo `test -f 'src/httpClient/response.cpp' || echo '$(srcdir)/'`src/httpClient/response.cpp
+
+src/httpClient/libtps_la-request.lo: src/httpClient/request.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/httpClient/libtps_la-request.lo -MD -MP -MF "src/httpClient/$(DEPDIR)/libtps_la-request.Tpo" -c -o src/httpClient/libtps_la-request.lo `test -f 'src/httpClient/request.cpp' || echo '$(srcdir)/'`src/httpClient/request.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/httpClient/$(DEPDIR)/libtps_la-request.Tpo" "src/httpClient/$(DEPDIR)/libtps_la-request.Plo"; else rm -f "src/httpClient/$(DEPDIR)/libtps_la-request.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/httpClient/request.cpp' object='src/httpClient/libtps_la-request.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/httpClient/libtps_la-request.lo `test -f 'src/httpClient/request.cpp' || echo '$(srcdir)/'`src/httpClient/request.cpp
+
+src/httpClient/libtps_la-nscperror.lo: src/httpClient/nscperror.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/httpClient/libtps_la-nscperror.lo -MD -MP -MF "src/httpClient/$(DEPDIR)/libtps_la-nscperror.Tpo" -c -o src/httpClient/libtps_la-nscperror.lo `test -f 'src/httpClient/nscperror.cpp' || echo '$(srcdir)/'`src/httpClient/nscperror.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/httpClient/$(DEPDIR)/libtps_la-nscperror.Tpo" "src/httpClient/$(DEPDIR)/libtps_la-nscperror.Plo"; else rm -f "src/httpClient/$(DEPDIR)/libtps_la-nscperror.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/httpClient/nscperror.cpp' object='src/httpClient/libtps_la-nscperror.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/httpClient/libtps_la-nscperror.lo `test -f 'src/httpClient/nscperror.cpp' || echo '$(srcdir)/'`src/httpClient/nscperror.cpp
+
+src/cms/libtps_la-HttpConnection.lo: src/cms/HttpConnection.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/cms/libtps_la-HttpConnection.lo -MD -MP -MF "src/cms/$(DEPDIR)/libtps_la-HttpConnection.Tpo" -c -o src/cms/libtps_la-HttpConnection.lo `test -f 'src/cms/HttpConnection.cpp' || echo '$(srcdir)/'`src/cms/HttpConnection.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/cms/$(DEPDIR)/libtps_la-HttpConnection.Tpo" "src/cms/$(DEPDIR)/libtps_la-HttpConnection.Plo"; else rm -f "src/cms/$(DEPDIR)/libtps_la-HttpConnection.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/cms/HttpConnection.cpp' object='src/cms/libtps_la-HttpConnection.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/cms/libtps_la-HttpConnection.lo `test -f 'src/cms/HttpConnection.cpp' || echo '$(srcdir)/'`src/cms/HttpConnection.cpp
+
+src/cms/libtps_la-ConnectionInfo.lo: src/cms/ConnectionInfo.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/cms/libtps_la-ConnectionInfo.lo -MD -MP -MF "src/cms/$(DEPDIR)/libtps_la-ConnectionInfo.Tpo" -c -o src/cms/libtps_la-ConnectionInfo.lo `test -f 'src/cms/ConnectionInfo.cpp' || echo '$(srcdir)/'`src/cms/ConnectionInfo.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/cms/$(DEPDIR)/libtps_la-ConnectionInfo.Tpo" "src/cms/$(DEPDIR)/libtps_la-ConnectionInfo.Plo"; else rm -f "src/cms/$(DEPDIR)/libtps_la-ConnectionInfo.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/cms/ConnectionInfo.cpp' object='src/cms/libtps_la-ConnectionInfo.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/cms/libtps_la-ConnectionInfo.lo `test -f 'src/cms/ConnectionInfo.cpp' || echo '$(srcdir)/'`src/cms/ConnectionInfo.cpp
+
+src/cms/libtps_la-CertEnroll.lo: src/cms/CertEnroll.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/cms/libtps_la-CertEnroll.lo -MD -MP -MF "src/cms/$(DEPDIR)/libtps_la-CertEnroll.Tpo" -c -o src/cms/libtps_la-CertEnroll.lo `test -f 'src/cms/CertEnroll.cpp' || echo '$(srcdir)/'`src/cms/CertEnroll.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/cms/$(DEPDIR)/libtps_la-CertEnroll.Tpo" "src/cms/$(DEPDIR)/libtps_la-CertEnroll.Plo"; else rm -f "src/cms/$(DEPDIR)/libtps_la-CertEnroll.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/cms/CertEnroll.cpp' object='src/cms/libtps_la-CertEnroll.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/cms/libtps_la-CertEnroll.lo `test -f 'src/cms/CertEnroll.cpp' || echo '$(srcdir)/'`src/cms/CertEnroll.cpp
+
+src/apdu/libtps_la-APDU.lo: src/apdu/APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-APDU.Tpo" -c -o src/apdu/libtps_la-APDU.lo `test -f 'src/apdu/APDU.cpp' || echo '$(srcdir)/'`src/apdu/APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/APDU.cpp' object='src/apdu/libtps_la-APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-APDU.lo `test -f 'src/apdu/APDU.cpp' || echo '$(srcdir)/'`src/apdu/APDU.cpp
+
+src/apdu/libtps_la-Unblock_Pin_APDU.lo: src/apdu/Unblock_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Unblock_Pin_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Unblock_Pin_APDU.Tpo" -c -o src/apdu/libtps_la-Unblock_Pin_APDU.lo `test -f 'src/apdu/Unblock_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Unblock_Pin_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Unblock_Pin_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Unblock_Pin_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Unblock_Pin_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Unblock_Pin_APDU.cpp' object='src/apdu/libtps_la-Unblock_Pin_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Unblock_Pin_APDU.lo `test -f 'src/apdu/Unblock_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Unblock_Pin_APDU.cpp
+
+src/apdu/libtps_la-Create_Object_APDU.lo: src/apdu/Create_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Create_Object_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Create_Object_APDU.Tpo" -c -o src/apdu/libtps_la-Create_Object_APDU.lo `test -f 'src/apdu/Create_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Create_Object_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Create_Object_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Create_Object_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Create_Object_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Create_Object_APDU.cpp' object='src/apdu/libtps_la-Create_Object_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Create_Object_APDU.lo `test -f 'src/apdu/Create_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Create_Object_APDU.cpp
+
+src/apdu/libtps_la-Set_Pin_APDU.lo: src/apdu/Set_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Set_Pin_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Set_Pin_APDU.Tpo" -c -o src/apdu/libtps_la-Set_Pin_APDU.lo `test -f 'src/apdu/Set_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Set_Pin_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Set_Pin_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Set_Pin_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Set_Pin_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Set_Pin_APDU.cpp' object='src/apdu/libtps_la-Set_Pin_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Set_Pin_APDU.lo `test -f 'src/apdu/Set_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Set_Pin_APDU.cpp
+
+src/apdu/libtps_la-Set_IssuerInfo_APDU.lo: src/apdu/Set_IssuerInfo_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Set_IssuerInfo_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Set_IssuerInfo_APDU.Tpo" -c -o src/apdu/libtps_la-Set_IssuerInfo_APDU.lo `test -f 'src/apdu/Set_IssuerInfo_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Set_IssuerInfo_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Set_IssuerInfo_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Set_IssuerInfo_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Set_IssuerInfo_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Set_IssuerInfo_APDU.cpp' object='src/apdu/libtps_la-Set_IssuerInfo_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Set_IssuerInfo_APDU.lo `test -f 'src/apdu/Set_IssuerInfo_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Set_IssuerInfo_APDU.cpp
+
+src/apdu/libtps_la-Get_IssuerInfo_APDU.lo: src/apdu/Get_IssuerInfo_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Get_IssuerInfo_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Get_IssuerInfo_APDU.Tpo" -c -o src/apdu/libtps_la-Get_IssuerInfo_APDU.lo `test -f 'src/apdu/Get_IssuerInfo_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_IssuerInfo_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Get_IssuerInfo_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Get_IssuerInfo_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Get_IssuerInfo_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_IssuerInfo_APDU.cpp' object='src/apdu/libtps_la-Get_IssuerInfo_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Get_IssuerInfo_APDU.lo `test -f 'src/apdu/Get_IssuerInfo_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_IssuerInfo_APDU.cpp
+
+src/apdu/libtps_la-Create_Pin_APDU.lo: src/apdu/Create_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Create_Pin_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Create_Pin_APDU.Tpo" -c -o src/apdu/libtps_la-Create_Pin_APDU.lo `test -f 'src/apdu/Create_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Create_Pin_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Create_Pin_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Create_Pin_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Create_Pin_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Create_Pin_APDU.cpp' object='src/apdu/libtps_la-Create_Pin_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Create_Pin_APDU.lo `test -f 'src/apdu/Create_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Create_Pin_APDU.cpp
+
+src/apdu/libtps_la-List_Pins_APDU.lo: src/apdu/List_Pins_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-List_Pins_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-List_Pins_APDU.Tpo" -c -o src/apdu/libtps_la-List_Pins_APDU.lo `test -f 'src/apdu/List_Pins_APDU.cpp' || echo '$(srcdir)/'`src/apdu/List_Pins_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-List_Pins_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-List_Pins_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-List_Pins_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/List_Pins_APDU.cpp' object='src/apdu/libtps_la-List_Pins_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-List_Pins_APDU.lo `test -f 'src/apdu/List_Pins_APDU.cpp' || echo '$(srcdir)/'`src/apdu/List_Pins_APDU.cpp
+
+src/apdu/libtps_la-Initialize_Update_APDU.lo: src/apdu/Initialize_Update_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Initialize_Update_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Initialize_Update_APDU.Tpo" -c -o src/apdu/libtps_la-Initialize_Update_APDU.lo `test -f 'src/apdu/Initialize_Update_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Initialize_Update_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Initialize_Update_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Initialize_Update_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Initialize_Update_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Initialize_Update_APDU.cpp' object='src/apdu/libtps_la-Initialize_Update_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Initialize_Update_APDU.lo `test -f 'src/apdu/Initialize_Update_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Initialize_Update_APDU.cpp
+
+src/apdu/libtps_la-Get_Version_APDU.lo: src/apdu/Get_Version_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Get_Version_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Get_Version_APDU.Tpo" -c -o src/apdu/libtps_la-Get_Version_APDU.lo `test -f 'src/apdu/Get_Version_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Version_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Get_Version_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Get_Version_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Get_Version_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_Version_APDU.cpp' object='src/apdu/libtps_la-Get_Version_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Get_Version_APDU.lo `test -f 'src/apdu/Get_Version_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Version_APDU.cpp
+
+src/apdu/libtps_la-Get_Status_APDU.lo: src/apdu/Get_Status_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Get_Status_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Get_Status_APDU.Tpo" -c -o src/apdu/libtps_la-Get_Status_APDU.lo `test -f 'src/apdu/Get_Status_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Status_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Get_Status_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Get_Status_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Get_Status_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_Status_APDU.cpp' object='src/apdu/libtps_la-Get_Status_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Get_Status_APDU.lo `test -f 'src/apdu/Get_Status_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Status_APDU.cpp
+
+src/apdu/libtps_la-Get_Data_APDU.lo: src/apdu/Get_Data_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Get_Data_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Get_Data_APDU.Tpo" -c -o src/apdu/libtps_la-Get_Data_APDU.lo `test -f 'src/apdu/Get_Data_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Data_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Get_Data_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Get_Data_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Get_Data_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_Data_APDU.cpp' object='src/apdu/libtps_la-Get_Data_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Get_Data_APDU.lo `test -f 'src/apdu/Get_Data_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Data_APDU.cpp
+
+src/apdu/libtps_la-External_Authenticate_APDU.lo: src/apdu/External_Authenticate_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-External_Authenticate_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-External_Authenticate_APDU.Tpo" -c -o src/apdu/libtps_la-External_Authenticate_APDU.lo `test -f 'src/apdu/External_Authenticate_APDU.cpp' || echo '$(srcdir)/'`src/apdu/External_Authenticate_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-External_Authenticate_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-External_Authenticate_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-External_Authenticate_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/External_Authenticate_APDU.cpp' object='src/apdu/libtps_la-External_Authenticate_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-External_Authenticate_APDU.lo `test -f 'src/apdu/External_Authenticate_APDU.cpp' || echo '$(srcdir)/'`src/apdu/External_Authenticate_APDU.cpp
+
+src/apdu/libtps_la-Generate_Key_APDU.lo: src/apdu/Generate_Key_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Generate_Key_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Generate_Key_APDU.Tpo" -c -o src/apdu/libtps_la-Generate_Key_APDU.lo `test -f 'src/apdu/Generate_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Generate_Key_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Generate_Key_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Generate_Key_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Generate_Key_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Generate_Key_APDU.cpp' object='src/apdu/libtps_la-Generate_Key_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Generate_Key_APDU.lo `test -f 'src/apdu/Generate_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Generate_Key_APDU.cpp
+
+src/apdu/libtps_la-Read_Buffer_APDU.lo: src/apdu/Read_Buffer_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Read_Buffer_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Read_Buffer_APDU.Tpo" -c -o src/apdu/libtps_la-Read_Buffer_APDU.lo `test -f 'src/apdu/Read_Buffer_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Read_Buffer_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Read_Buffer_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Read_Buffer_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Read_Buffer_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Read_Buffer_APDU.cpp' object='src/apdu/libtps_la-Read_Buffer_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Read_Buffer_APDU.lo `test -f 'src/apdu/Read_Buffer_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Read_Buffer_APDU.cpp
+
+src/apdu/libtps_la-Read_Object_APDU.lo: src/apdu/Read_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Read_Object_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Read_Object_APDU.Tpo" -c -o src/apdu/libtps_la-Read_Object_APDU.lo `test -f 'src/apdu/Read_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Read_Object_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Read_Object_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Read_Object_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Read_Object_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Read_Object_APDU.cpp' object='src/apdu/libtps_la-Read_Object_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Read_Object_APDU.lo `test -f 'src/apdu/Read_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Read_Object_APDU.cpp
+
+src/apdu/libtps_la-Write_Object_APDU.lo: src/apdu/Write_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Write_Object_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Write_Object_APDU.Tpo" -c -o src/apdu/libtps_la-Write_Object_APDU.lo `test -f 'src/apdu/Write_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Write_Object_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Write_Object_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Write_Object_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Write_Object_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Write_Object_APDU.cpp' object='src/apdu/libtps_la-Write_Object_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Write_Object_APDU.lo `test -f 'src/apdu/Write_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Write_Object_APDU.cpp
+
+src/apdu/libtps_la-Put_Key_APDU.lo: src/apdu/Put_Key_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Put_Key_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Put_Key_APDU.Tpo" -c -o src/apdu/libtps_la-Put_Key_APDU.lo `test -f 'src/apdu/Put_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Put_Key_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Put_Key_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Put_Key_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Put_Key_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Put_Key_APDU.cpp' object='src/apdu/libtps_la-Put_Key_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Put_Key_APDU.lo `test -f 'src/apdu/Put_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Put_Key_APDU.cpp
+
+src/apdu/libtps_la-Select_APDU.lo: src/apdu/Select_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Select_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Select_APDU.Tpo" -c -o src/apdu/libtps_la-Select_APDU.lo `test -f 'src/apdu/Select_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Select_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Select_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Select_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Select_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Select_APDU.cpp' object='src/apdu/libtps_la-Select_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Select_APDU.lo `test -f 'src/apdu/Select_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Select_APDU.cpp
+
+src/apdu/libtps_la-Delete_File_APDU.lo: src/apdu/Delete_File_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Delete_File_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Delete_File_APDU.Tpo" -c -o src/apdu/libtps_la-Delete_File_APDU.lo `test -f 'src/apdu/Delete_File_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Delete_File_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Delete_File_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Delete_File_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Delete_File_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Delete_File_APDU.cpp' object='src/apdu/libtps_la-Delete_File_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Delete_File_APDU.lo `test -f 'src/apdu/Delete_File_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Delete_File_APDU.cpp
+
+src/apdu/libtps_la-Install_Applet_APDU.lo: src/apdu/Install_Applet_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Install_Applet_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Install_Applet_APDU.Tpo" -c -o src/apdu/libtps_la-Install_Applet_APDU.lo `test -f 'src/apdu/Install_Applet_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Install_Applet_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Install_Applet_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Install_Applet_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Install_Applet_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Install_Applet_APDU.cpp' object='src/apdu/libtps_la-Install_Applet_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Install_Applet_APDU.lo `test -f 'src/apdu/Install_Applet_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Install_Applet_APDU.cpp
+
+src/apdu/libtps_la-Format_Muscle_Applet_APDU.lo: src/apdu/Format_Muscle_Applet_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Format_Muscle_Applet_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Format_Muscle_Applet_APDU.Tpo" -c -o src/apdu/libtps_la-Format_Muscle_Applet_APDU.lo `test -f 'src/apdu/Format_Muscle_Applet_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Format_Muscle_Applet_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Format_Muscle_Applet_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Format_Muscle_Applet_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Format_Muscle_Applet_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Format_Muscle_Applet_APDU.cpp' object='src/apdu/libtps_la-Format_Muscle_Applet_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Format_Muscle_Applet_APDU.lo `test -f 'src/apdu/Format_Muscle_Applet_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Format_Muscle_Applet_APDU.cpp
+
+src/apdu/libtps_la-Load_File_APDU.lo: src/apdu/Load_File_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Load_File_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Load_File_APDU.Tpo" -c -o src/apdu/libtps_la-Load_File_APDU.lo `test -f 'src/apdu/Load_File_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Load_File_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Load_File_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Load_File_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Load_File_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Load_File_APDU.cpp' object='src/apdu/libtps_la-Load_File_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Load_File_APDU.lo `test -f 'src/apdu/Load_File_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Load_File_APDU.cpp
+
+src/apdu/libtps_la-Install_Load_APDU.lo: src/apdu/Install_Load_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Install_Load_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Install_Load_APDU.Tpo" -c -o src/apdu/libtps_la-Install_Load_APDU.lo `test -f 'src/apdu/Install_Load_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Install_Load_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Install_Load_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Install_Load_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Install_Load_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Install_Load_APDU.cpp' object='src/apdu/libtps_la-Install_Load_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Install_Load_APDU.lo `test -f 'src/apdu/Install_Load_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Install_Load_APDU.cpp
+
+src/apdu/libtps_la-Lifecycle_APDU.lo: src/apdu/Lifecycle_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Lifecycle_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Lifecycle_APDU.Tpo" -c -o src/apdu/libtps_la-Lifecycle_APDU.lo `test -f 'src/apdu/Lifecycle_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Lifecycle_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Lifecycle_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Lifecycle_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Lifecycle_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Lifecycle_APDU.cpp' object='src/apdu/libtps_la-Lifecycle_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Lifecycle_APDU.lo `test -f 'src/apdu/Lifecycle_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Lifecycle_APDU.cpp
+
+src/apdu/libtps_la-List_Objects_APDU.lo: src/apdu/List_Objects_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-List_Objects_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-List_Objects_APDU.Tpo" -c -o src/apdu/libtps_la-List_Objects_APDU.lo `test -f 'src/apdu/List_Objects_APDU.cpp' || echo '$(srcdir)/'`src/apdu/List_Objects_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-List_Objects_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-List_Objects_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-List_Objects_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/List_Objects_APDU.cpp' object='src/apdu/libtps_la-List_Objects_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-List_Objects_APDU.lo `test -f 'src/apdu/List_Objects_APDU.cpp' || echo '$(srcdir)/'`src/apdu/List_Objects_APDU.cpp
+
+src/apdu/libtps_la-Import_Key_APDU.lo: src/apdu/Import_Key_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Import_Key_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Import_Key_APDU.Tpo" -c -o src/apdu/libtps_la-Import_Key_APDU.lo `test -f 'src/apdu/Import_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Import_Key_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Import_Key_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Import_Key_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Import_Key_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Import_Key_APDU.cpp' object='src/apdu/libtps_la-Import_Key_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Import_Key_APDU.lo `test -f 'src/apdu/Import_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Import_Key_APDU.cpp
+
+src/apdu/libtps_la-Import_Key_Enc_APDU.lo: src/apdu/Import_Key_Enc_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Import_Key_Enc_APDU.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-Import_Key_Enc_APDU.Tpo" -c -o src/apdu/libtps_la-Import_Key_Enc_APDU.lo `test -f 'src/apdu/Import_Key_Enc_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Import_Key_Enc_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-Import_Key_Enc_APDU.Tpo" "src/apdu/$(DEPDIR)/libtps_la-Import_Key_Enc_APDU.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-Import_Key_Enc_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Import_Key_Enc_APDU.cpp' object='src/apdu/libtps_la-Import_Key_Enc_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Import_Key_Enc_APDU.lo `test -f 'src/apdu/Import_Key_Enc_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Import_Key_Enc_APDU.cpp
+
+src/apdu/libtps_la-APDU_Response.lo: src/apdu/APDU_Response.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-APDU_Response.lo -MD -MP -MF "src/apdu/$(DEPDIR)/libtps_la-APDU_Response.Tpo" -c -o src/apdu/libtps_la-APDU_Response.lo `test -f 'src/apdu/APDU_Response.cpp' || echo '$(srcdir)/'`src/apdu/APDU_Response.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/libtps_la-APDU_Response.Tpo" "src/apdu/$(DEPDIR)/libtps_la-APDU_Response.Plo"; else rm -f "src/apdu/$(DEPDIR)/libtps_la-APDU_Response.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/APDU_Response.cpp' object='src/apdu/libtps_la-APDU_Response.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-APDU_Response.lo `test -f 'src/apdu/APDU_Response.cpp' || echo '$(srcdir)/'`src/apdu/APDU_Response.cpp
+
+src/msg/libtps_la-RA_Begin_Op_Msg.lo: src/msg/RA_Begin_Op_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_Begin_Op_Msg.lo -MD -MP -MF "src/msg/$(DEPDIR)/libtps_la-RA_Begin_Op_Msg.Tpo" -c -o src/msg/libtps_la-RA_Begin_Op_Msg.lo `test -f 'src/msg/RA_Begin_Op_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Begin_Op_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/libtps_la-RA_Begin_Op_Msg.Tpo" "src/msg/$(DEPDIR)/libtps_la-RA_Begin_Op_Msg.Plo"; else rm -f "src/msg/$(DEPDIR)/libtps_la-RA_Begin_Op_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Begin_Op_Msg.cpp' object='src/msg/libtps_la-RA_Begin_Op_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_Begin_Op_Msg.lo `test -f 'src/msg/RA_Begin_Op_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Begin_Op_Msg.cpp
+
+src/msg/libtps_la-RA_End_Op_Msg.lo: src/msg/RA_End_Op_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_End_Op_Msg.lo -MD -MP -MF "src/msg/$(DEPDIR)/libtps_la-RA_End_Op_Msg.Tpo" -c -o src/msg/libtps_la-RA_End_Op_Msg.lo `test -f 'src/msg/RA_End_Op_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_End_Op_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/libtps_la-RA_End_Op_Msg.Tpo" "src/msg/$(DEPDIR)/libtps_la-RA_End_Op_Msg.Plo"; else rm -f "src/msg/$(DEPDIR)/libtps_la-RA_End_Op_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_End_Op_Msg.cpp' object='src/msg/libtps_la-RA_End_Op_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_End_Op_Msg.lo `test -f 'src/msg/RA_End_Op_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_End_Op_Msg.cpp
+
+src/msg/libtps_la-RA_Login_Request_Msg.lo: src/msg/RA_Login_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_Login_Request_Msg.lo -MD -MP -MF "src/msg/$(DEPDIR)/libtps_la-RA_Login_Request_Msg.Tpo" -c -o src/msg/libtps_la-RA_Login_Request_Msg.lo `test -f 'src/msg/RA_Login_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Login_Request_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/libtps_la-RA_Login_Request_Msg.Tpo" "src/msg/$(DEPDIR)/libtps_la-RA_Login_Request_Msg.Plo"; else rm -f "src/msg/$(DEPDIR)/libtps_la-RA_Login_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Login_Request_Msg.cpp' object='src/msg/libtps_la-RA_Login_Request_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_Login_Request_Msg.lo `test -f 'src/msg/RA_Login_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Login_Request_Msg.cpp
+
+src/msg/libtps_la-RA_Login_Response_Msg.lo: src/msg/RA_Login_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_Login_Response_Msg.lo -MD -MP -MF "src/msg/$(DEPDIR)/libtps_la-RA_Login_Response_Msg.Tpo" -c -o src/msg/libtps_la-RA_Login_Response_Msg.lo `test -f 'src/msg/RA_Login_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Login_Response_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/libtps_la-RA_Login_Response_Msg.Tpo" "src/msg/$(DEPDIR)/libtps_la-RA_Login_Response_Msg.Plo"; else rm -f "src/msg/$(DEPDIR)/libtps_la-RA_Login_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Login_Response_Msg.cpp' object='src/msg/libtps_la-RA_Login_Response_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_Login_Response_Msg.lo `test -f 'src/msg/RA_Login_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Login_Response_Msg.cpp
+
+src/msg/libtps_la-RA_SecureId_Request_Msg.lo: src/msg/RA_SecureId_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_SecureId_Request_Msg.lo -MD -MP -MF "src/msg/$(DEPDIR)/libtps_la-RA_SecureId_Request_Msg.Tpo" -c -o src/msg/libtps_la-RA_SecureId_Request_Msg.lo `test -f 'src/msg/RA_SecureId_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_SecureId_Request_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/libtps_la-RA_SecureId_Request_Msg.Tpo" "src/msg/$(DEPDIR)/libtps_la-RA_SecureId_Request_Msg.Plo"; else rm -f "src/msg/$(DEPDIR)/libtps_la-RA_SecureId_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_SecureId_Request_Msg.cpp' object='src/msg/libtps_la-RA_SecureId_Request_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_SecureId_Request_Msg.lo `test -f 'src/msg/RA_SecureId_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_SecureId_Request_Msg.cpp
+
+src/msg/libtps_la-RA_SecureId_Response_Msg.lo: src/msg/RA_SecureId_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_SecureId_Response_Msg.lo -MD -MP -MF "src/msg/$(DEPDIR)/libtps_la-RA_SecureId_Response_Msg.Tpo" -c -o src/msg/libtps_la-RA_SecureId_Response_Msg.lo `test -f 'src/msg/RA_SecureId_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_SecureId_Response_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/libtps_la-RA_SecureId_Response_Msg.Tpo" "src/msg/$(DEPDIR)/libtps_la-RA_SecureId_Response_Msg.Plo"; else rm -f "src/msg/$(DEPDIR)/libtps_la-RA_SecureId_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_SecureId_Response_Msg.cpp' object='src/msg/libtps_la-RA_SecureId_Response_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_SecureId_Response_Msg.lo `test -f 'src/msg/RA_SecureId_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_SecureId_Response_Msg.cpp
+
+src/msg/libtps_la-RA_ASQ_Request_Msg.lo: src/msg/RA_ASQ_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_ASQ_Request_Msg.lo -MD -MP -MF "src/msg/$(DEPDIR)/libtps_la-RA_ASQ_Request_Msg.Tpo" -c -o src/msg/libtps_la-RA_ASQ_Request_Msg.lo `test -f 'src/msg/RA_ASQ_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_ASQ_Request_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/libtps_la-RA_ASQ_Request_Msg.Tpo" "src/msg/$(DEPDIR)/libtps_la-RA_ASQ_Request_Msg.Plo"; else rm -f "src/msg/$(DEPDIR)/libtps_la-RA_ASQ_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_ASQ_Request_Msg.cpp' object='src/msg/libtps_la-RA_ASQ_Request_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_ASQ_Request_Msg.lo `test -f 'src/msg/RA_ASQ_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_ASQ_Request_Msg.cpp
+
+src/msg/libtps_la-RA_ASQ_Response_Msg.lo: src/msg/RA_ASQ_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_ASQ_Response_Msg.lo -MD -MP -MF "src/msg/$(DEPDIR)/libtps_la-RA_ASQ_Response_Msg.Tpo" -c -o src/msg/libtps_la-RA_ASQ_Response_Msg.lo `test -f 'src/msg/RA_ASQ_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_ASQ_Response_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/libtps_la-RA_ASQ_Response_Msg.Tpo" "src/msg/$(DEPDIR)/libtps_la-RA_ASQ_Response_Msg.Plo"; else rm -f "src/msg/$(DEPDIR)/libtps_la-RA_ASQ_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_ASQ_Response_Msg.cpp' object='src/msg/libtps_la-RA_ASQ_Response_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_ASQ_Response_Msg.lo `test -f 'src/msg/RA_ASQ_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_ASQ_Response_Msg.cpp
+
+src/msg/libtps_la-RA_New_Pin_Request_Msg.lo: src/msg/RA_New_Pin_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_New_Pin_Request_Msg.lo -MD -MP -MF "src/msg/$(DEPDIR)/libtps_la-RA_New_Pin_Request_Msg.Tpo" -c -o src/msg/libtps_la-RA_New_Pin_Request_Msg.lo `test -f 'src/msg/RA_New_Pin_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_New_Pin_Request_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/libtps_la-RA_New_Pin_Request_Msg.Tpo" "src/msg/$(DEPDIR)/libtps_la-RA_New_Pin_Request_Msg.Plo"; else rm -f "src/msg/$(DEPDIR)/libtps_la-RA_New_Pin_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_New_Pin_Request_Msg.cpp' object='src/msg/libtps_la-RA_New_Pin_Request_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_New_Pin_Request_Msg.lo `test -f 'src/msg/RA_New_Pin_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_New_Pin_Request_Msg.cpp
+
+src/msg/libtps_la-RA_New_Pin_Response_Msg.lo: src/msg/RA_New_Pin_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_New_Pin_Response_Msg.lo -MD -MP -MF "src/msg/$(DEPDIR)/libtps_la-RA_New_Pin_Response_Msg.Tpo" -c -o src/msg/libtps_la-RA_New_Pin_Response_Msg.lo `test -f 'src/msg/RA_New_Pin_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_New_Pin_Response_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/libtps_la-RA_New_Pin_Response_Msg.Tpo" "src/msg/$(DEPDIR)/libtps_la-RA_New_Pin_Response_Msg.Plo"; else rm -f "src/msg/$(DEPDIR)/libtps_la-RA_New_Pin_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_New_Pin_Response_Msg.cpp' object='src/msg/libtps_la-RA_New_Pin_Response_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_New_Pin_Response_Msg.lo `test -f 'src/msg/RA_New_Pin_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_New_Pin_Response_Msg.cpp
+
+src/msg/libtps_la-RA_Token_PDU_Request_Msg.lo: src/msg/RA_Token_PDU_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_Token_PDU_Request_Msg.lo -MD -MP -MF "src/msg/$(DEPDIR)/libtps_la-RA_Token_PDU_Request_Msg.Tpo" -c -o src/msg/libtps_la-RA_Token_PDU_Request_Msg.lo `test -f 'src/msg/RA_Token_PDU_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Token_PDU_Request_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/libtps_la-RA_Token_PDU_Request_Msg.Tpo" "src/msg/$(DEPDIR)/libtps_la-RA_Token_PDU_Request_Msg.Plo"; else rm -f "src/msg/$(DEPDIR)/libtps_la-RA_Token_PDU_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Token_PDU_Request_Msg.cpp' object='src/msg/libtps_la-RA_Token_PDU_Request_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_Token_PDU_Request_Msg.lo `test -f 'src/msg/RA_Token_PDU_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Token_PDU_Request_Msg.cpp
+
+src/msg/libtps_la-RA_Token_PDU_Response_Msg.lo: src/msg/RA_Token_PDU_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_Token_PDU_Response_Msg.lo -MD -MP -MF "src/msg/$(DEPDIR)/libtps_la-RA_Token_PDU_Response_Msg.Tpo" -c -o src/msg/libtps_la-RA_Token_PDU_Response_Msg.lo `test -f 'src/msg/RA_Token_PDU_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Token_PDU_Response_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/libtps_la-RA_Token_PDU_Response_Msg.Tpo" "src/msg/$(DEPDIR)/libtps_la-RA_Token_PDU_Response_Msg.Plo"; else rm -f "src/msg/$(DEPDIR)/libtps_la-RA_Token_PDU_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Token_PDU_Response_Msg.cpp' object='src/msg/libtps_la-RA_Token_PDU_Response_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_Token_PDU_Response_Msg.lo `test -f 'src/msg/RA_Token_PDU_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Token_PDU_Response_Msg.cpp
+
+src/msg/libtps_la-RA_Status_Update_Request_Msg.lo: src/msg/RA_Status_Update_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_Status_Update_Request_Msg.lo -MD -MP -MF "src/msg/$(DEPDIR)/libtps_la-RA_Status_Update_Request_Msg.Tpo" -c -o src/msg/libtps_la-RA_Status_Update_Request_Msg.lo `test -f 'src/msg/RA_Status_Update_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Status_Update_Request_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/libtps_la-RA_Status_Update_Request_Msg.Tpo" "src/msg/$(DEPDIR)/libtps_la-RA_Status_Update_Request_Msg.Plo"; else rm -f "src/msg/$(DEPDIR)/libtps_la-RA_Status_Update_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Status_Update_Request_Msg.cpp' object='src/msg/libtps_la-RA_Status_Update_Request_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_Status_Update_Request_Msg.lo `test -f 'src/msg/RA_Status_Update_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Status_Update_Request_Msg.cpp
+
+src/msg/libtps_la-RA_Status_Update_Response_Msg.lo: src/msg/RA_Status_Update_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_Status_Update_Response_Msg.lo -MD -MP -MF "src/msg/$(DEPDIR)/libtps_la-RA_Status_Update_Response_Msg.Tpo" -c -o src/msg/libtps_la-RA_Status_Update_Response_Msg.lo `test -f 'src/msg/RA_Status_Update_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Status_Update_Response_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/libtps_la-RA_Status_Update_Response_Msg.Tpo" "src/msg/$(DEPDIR)/libtps_la-RA_Status_Update_Response_Msg.Plo"; else rm -f "src/msg/$(DEPDIR)/libtps_la-RA_Status_Update_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Status_Update_Response_Msg.cpp' object='src/msg/libtps_la-RA_Status_Update_Response_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_Status_Update_Response_Msg.lo `test -f 'src/msg/RA_Status_Update_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Status_Update_Response_Msg.cpp
+
+src/msg/libtps_la-RA_Extended_Login_Request_Msg.lo: src/msg/RA_Extended_Login_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_Extended_Login_Request_Msg.lo -MD -MP -MF "src/msg/$(DEPDIR)/libtps_la-RA_Extended_Login_Request_Msg.Tpo" -c -o src/msg/libtps_la-RA_Extended_Login_Request_Msg.lo `test -f 'src/msg/RA_Extended_Login_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Extended_Login_Request_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/libtps_la-RA_Extended_Login_Request_Msg.Tpo" "src/msg/$(DEPDIR)/libtps_la-RA_Extended_Login_Request_Msg.Plo"; else rm -f "src/msg/$(DEPDIR)/libtps_la-RA_Extended_Login_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Extended_Login_Request_Msg.cpp' object='src/msg/libtps_la-RA_Extended_Login_Request_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_Extended_Login_Request_Msg.lo `test -f 'src/msg/RA_Extended_Login_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Extended_Login_Request_Msg.cpp
+
+src/msg/libtps_la-RA_Extended_Login_Response_Msg.lo: src/msg/RA_Extended_Login_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_Extended_Login_Response_Msg.lo -MD -MP -MF "src/msg/$(DEPDIR)/libtps_la-RA_Extended_Login_Response_Msg.Tpo" -c -o src/msg/libtps_la-RA_Extended_Login_Response_Msg.lo `test -f 'src/msg/RA_Extended_Login_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Extended_Login_Response_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/libtps_la-RA_Extended_Login_Response_Msg.Tpo" "src/msg/$(DEPDIR)/libtps_la-RA_Extended_Login_Response_Msg.Plo"; else rm -f "src/msg/$(DEPDIR)/libtps_la-RA_Extended_Login_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Extended_Login_Response_Msg.cpp' object='src/msg/libtps_la-RA_Extended_Login_Response_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_Extended_Login_Response_Msg.lo `test -f 'src/msg/RA_Extended_Login_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Extended_Login_Response_Msg.cpp
+
+src/channel/libtps_la-Channel.lo: src/channel/Channel.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/channel/libtps_la-Channel.lo -MD -MP -MF "src/channel/$(DEPDIR)/libtps_la-Channel.Tpo" -c -o src/channel/libtps_la-Channel.lo `test -f 'src/channel/Channel.cpp' || echo '$(srcdir)/'`src/channel/Channel.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/channel/$(DEPDIR)/libtps_la-Channel.Tpo" "src/channel/$(DEPDIR)/libtps_la-Channel.Plo"; else rm -f "src/channel/$(DEPDIR)/libtps_la-Channel.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/channel/Channel.cpp' object='src/channel/libtps_la-Channel.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/channel/libtps_la-Channel.lo `test -f 'src/channel/Channel.cpp' || echo '$(srcdir)/'`src/channel/Channel.cpp
+
+src/channel/libtps_la-Secure_Channel.lo: src/channel/Secure_Channel.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/channel/libtps_la-Secure_Channel.lo -MD -MP -MF "src/channel/$(DEPDIR)/libtps_la-Secure_Channel.Tpo" -c -o src/channel/libtps_la-Secure_Channel.lo `test -f 'src/channel/Secure_Channel.cpp' || echo '$(srcdir)/'`src/channel/Secure_Channel.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/channel/$(DEPDIR)/libtps_la-Secure_Channel.Tpo" "src/channel/$(DEPDIR)/libtps_la-Secure_Channel.Plo"; else rm -f "src/channel/$(DEPDIR)/libtps_la-Secure_Channel.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/channel/Secure_Channel.cpp' object='src/channel/libtps_la-Secure_Channel.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/channel/libtps_la-Secure_Channel.lo `test -f 'src/channel/Secure_Channel.cpp' || echo '$(srcdir)/'`src/channel/Secure_Channel.cpp
+
+src/engine/libtps_la-RA.lo: src/engine/RA.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/engine/libtps_la-RA.lo -MD -MP -MF "src/engine/$(DEPDIR)/libtps_la-RA.Tpo" -c -o src/engine/libtps_la-RA.lo `test -f 'src/engine/RA.cpp' || echo '$(srcdir)/'`src/engine/RA.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/engine/$(DEPDIR)/libtps_la-RA.Tpo" "src/engine/$(DEPDIR)/libtps_la-RA.Plo"; else rm -f "src/engine/$(DEPDIR)/libtps_la-RA.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/engine/RA.cpp' object='src/engine/libtps_la-RA.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/engine/libtps_la-RA.lo `test -f 'src/engine/RA.cpp' || echo '$(srcdir)/'`src/engine/RA.cpp
+
+src/processor/libtps_la-RA_Processor.lo: src/processor/RA_Processor.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/processor/libtps_la-RA_Processor.lo -MD -MP -MF "src/processor/$(DEPDIR)/libtps_la-RA_Processor.Tpo" -c -o src/processor/libtps_la-RA_Processor.lo `test -f 'src/processor/RA_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Processor.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/processor/$(DEPDIR)/libtps_la-RA_Processor.Tpo" "src/processor/$(DEPDIR)/libtps_la-RA_Processor.Plo"; else rm -f "src/processor/$(DEPDIR)/libtps_la-RA_Processor.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/processor/RA_Processor.cpp' object='src/processor/libtps_la-RA_Processor.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/processor/libtps_la-RA_Processor.lo `test -f 'src/processor/RA_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Processor.cpp
+
+src/processor/libtps_la-RA_Enroll_Processor.lo: src/processor/RA_Enroll_Processor.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/processor/libtps_la-RA_Enroll_Processor.lo -MD -MP -MF "src/processor/$(DEPDIR)/libtps_la-RA_Enroll_Processor.Tpo" -c -o src/processor/libtps_la-RA_Enroll_Processor.lo `test -f 'src/processor/RA_Enroll_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Enroll_Processor.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/processor/$(DEPDIR)/libtps_la-RA_Enroll_Processor.Tpo" "src/processor/$(DEPDIR)/libtps_la-RA_Enroll_Processor.Plo"; else rm -f "src/processor/$(DEPDIR)/libtps_la-RA_Enroll_Processor.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/processor/RA_Enroll_Processor.cpp' object='src/processor/libtps_la-RA_Enroll_Processor.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/processor/libtps_la-RA_Enroll_Processor.lo `test -f 'src/processor/RA_Enroll_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Enroll_Processor.cpp
+
+src/processor/libtps_la-RA_Pin_Reset_Processor.lo: src/processor/RA_Pin_Reset_Processor.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/processor/libtps_la-RA_Pin_Reset_Processor.lo -MD -MP -MF "src/processor/$(DEPDIR)/libtps_la-RA_Pin_Reset_Processor.Tpo" -c -o src/processor/libtps_la-RA_Pin_Reset_Processor.lo `test -f 'src/processor/RA_Pin_Reset_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Pin_Reset_Processor.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/processor/$(DEPDIR)/libtps_la-RA_Pin_Reset_Processor.Tpo" "src/processor/$(DEPDIR)/libtps_la-RA_Pin_Reset_Processor.Plo"; else rm -f "src/processor/$(DEPDIR)/libtps_la-RA_Pin_Reset_Processor.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/processor/RA_Pin_Reset_Processor.cpp' object='src/processor/libtps_la-RA_Pin_Reset_Processor.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/processor/libtps_la-RA_Pin_Reset_Processor.lo `test -f 'src/processor/RA_Pin_Reset_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Pin_Reset_Processor.cpp
+
+src/processor/libtps_la-RA_Renew_Processor.lo: src/processor/RA_Renew_Processor.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/processor/libtps_la-RA_Renew_Processor.lo -MD -MP -MF "src/processor/$(DEPDIR)/libtps_la-RA_Renew_Processor.Tpo" -c -o src/processor/libtps_la-RA_Renew_Processor.lo `test -f 'src/processor/RA_Renew_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Renew_Processor.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/processor/$(DEPDIR)/libtps_la-RA_Renew_Processor.Tpo" "src/processor/$(DEPDIR)/libtps_la-RA_Renew_Processor.Plo"; else rm -f "src/processor/$(DEPDIR)/libtps_la-RA_Renew_Processor.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/processor/RA_Renew_Processor.cpp' object='src/processor/libtps_la-RA_Renew_Processor.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/processor/libtps_la-RA_Renew_Processor.lo `test -f 'src/processor/RA_Renew_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Renew_Processor.cpp
+
+src/processor/libtps_la-RA_Unblock_Processor.lo: src/processor/RA_Unblock_Processor.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/processor/libtps_la-RA_Unblock_Processor.lo -MD -MP -MF "src/processor/$(DEPDIR)/libtps_la-RA_Unblock_Processor.Tpo" -c -o src/processor/libtps_la-RA_Unblock_Processor.lo `test -f 'src/processor/RA_Unblock_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Unblock_Processor.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/processor/$(DEPDIR)/libtps_la-RA_Unblock_Processor.Tpo" "src/processor/$(DEPDIR)/libtps_la-RA_Unblock_Processor.Plo"; else rm -f "src/processor/$(DEPDIR)/libtps_la-RA_Unblock_Processor.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/processor/RA_Unblock_Processor.cpp' object='src/processor/libtps_la-RA_Unblock_Processor.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/processor/libtps_la-RA_Unblock_Processor.lo `test -f 'src/processor/RA_Unblock_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Unblock_Processor.cpp
+
+src/processor/libtps_la-RA_Format_Processor.lo: src/processor/RA_Format_Processor.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/processor/libtps_la-RA_Format_Processor.lo -MD -MP -MF "src/processor/$(DEPDIR)/libtps_la-RA_Format_Processor.Tpo" -c -o src/processor/libtps_la-RA_Format_Processor.lo `test -f 'src/processor/RA_Format_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Format_Processor.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/processor/$(DEPDIR)/libtps_la-RA_Format_Processor.Tpo" "src/processor/$(DEPDIR)/libtps_la-RA_Format_Processor.Plo"; else rm -f "src/processor/$(DEPDIR)/libtps_la-RA_Format_Processor.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/processor/RA_Format_Processor.cpp' object='src/processor/libtps_la-RA_Format_Processor.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/processor/libtps_la-RA_Format_Processor.lo `test -f 'src/processor/RA_Format_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Format_Processor.cpp
+
+src/modules/tokendb/mod_tokendb_la-mod_tokendb.lo: src/modules/tokendb/mod_tokendb.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_tokendb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/modules/tokendb/mod_tokendb_la-mod_tokendb.lo -MD -MP -MF "src/modules/tokendb/$(DEPDIR)/mod_tokendb_la-mod_tokendb.Tpo" -c -o src/modules/tokendb/mod_tokendb_la-mod_tokendb.lo `test -f 'src/modules/tokendb/mod_tokendb.cpp' || echo '$(srcdir)/'`src/modules/tokendb/mod_tokendb.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/modules/tokendb/$(DEPDIR)/mod_tokendb_la-mod_tokendb.Tpo" "src/modules/tokendb/$(DEPDIR)/mod_tokendb_la-mod_tokendb.Plo"; else rm -f "src/modules/tokendb/$(DEPDIR)/mod_tokendb_la-mod_tokendb.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/modules/tokendb/mod_tokendb.cpp' object='src/modules/tokendb/mod_tokendb_la-mod_tokendb.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_tokendb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/modules/tokendb/mod_tokendb_la-mod_tokendb.lo `test -f 'src/modules/tokendb/mod_tokendb.cpp' || echo '$(srcdir)/'`src/modules/tokendb/mod_tokendb.cpp
+
+src/modules/tps/mod_tps_la-AP_Context.lo: src/modules/tps/AP_Context.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_tps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/modules/tps/mod_tps_la-AP_Context.lo -MD -MP -MF "src/modules/tps/$(DEPDIR)/mod_tps_la-AP_Context.Tpo" -c -o src/modules/tps/mod_tps_la-AP_Context.lo `test -f 'src/modules/tps/AP_Context.cpp' || echo '$(srcdir)/'`src/modules/tps/AP_Context.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/modules/tps/$(DEPDIR)/mod_tps_la-AP_Context.Tpo" "src/modules/tps/$(DEPDIR)/mod_tps_la-AP_Context.Plo"; else rm -f "src/modules/tps/$(DEPDIR)/mod_tps_la-AP_Context.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/modules/tps/AP_Context.cpp' object='src/modules/tps/mod_tps_la-AP_Context.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_tps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/modules/tps/mod_tps_la-AP_Context.lo `test -f 'src/modules/tps/AP_Context.cpp' || echo '$(srcdir)/'`src/modules/tps/AP_Context.cpp
+
+src/modules/tps/mod_tps_la-AP_Session.lo: src/modules/tps/AP_Session.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_tps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/modules/tps/mod_tps_la-AP_Session.lo -MD -MP -MF "src/modules/tps/$(DEPDIR)/mod_tps_la-AP_Session.Tpo" -c -o src/modules/tps/mod_tps_la-AP_Session.lo `test -f 'src/modules/tps/AP_Session.cpp' || echo '$(srcdir)/'`src/modules/tps/AP_Session.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/modules/tps/$(DEPDIR)/mod_tps_la-AP_Session.Tpo" "src/modules/tps/$(DEPDIR)/mod_tps_la-AP_Session.Plo"; else rm -f "src/modules/tps/$(DEPDIR)/mod_tps_la-AP_Session.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/modules/tps/AP_Session.cpp' object='src/modules/tps/mod_tps_la-AP_Session.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_tps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/modules/tps/mod_tps_la-AP_Session.lo `test -f 'src/modules/tps/AP_Session.cpp' || echo '$(srcdir)/'`src/modules/tps/AP_Session.cpp
+
+src/modules/tps/mod_tps_la-mod_tps.lo: src/modules/tps/mod_tps.cpp
+@am__fastdepCXX_TRUE@	if $(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_tps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/modules/tps/mod_tps_la-mod_tps.lo -MD -MP -MF "src/modules/tps/$(DEPDIR)/mod_tps_la-mod_tps.Tpo" -c -o src/modules/tps/mod_tps_la-mod_tps.lo `test -f 'src/modules/tps/mod_tps.cpp' || echo '$(srcdir)/'`src/modules/tps/mod_tps.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/modules/tps/$(DEPDIR)/mod_tps_la-mod_tps.Tpo" "src/modules/tps/$(DEPDIR)/mod_tps_la-mod_tps.Plo"; else rm -f "src/modules/tps/$(DEPDIR)/mod_tps_la-mod_tps.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/modules/tps/mod_tps.cpp' object='src/modules/tps/mod_tps_la-mod_tps.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL) --tag=CXX --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_tps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/modules/tps/mod_tps_la-mod_tps.lo `test -f 'src/modules/tps/mod_tps.cpp' || echo '$(srcdir)/'`src/modules/tps/mod_tps.cpp
+
+tools/raclient/tpsclient-RA_Client.o: tools/raclient/RA_Client.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT tools/raclient/tpsclient-RA_Client.o -MD -MP -MF "tools/raclient/$(DEPDIR)/tpsclient-RA_Client.Tpo" -c -o tools/raclient/tpsclient-RA_Client.o `test -f 'tools/raclient/RA_Client.cpp' || echo '$(srcdir)/'`tools/raclient/RA_Client.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "tools/raclient/$(DEPDIR)/tpsclient-RA_Client.Tpo" "tools/raclient/$(DEPDIR)/tpsclient-RA_Client.Po"; else rm -f "tools/raclient/$(DEPDIR)/tpsclient-RA_Client.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='tools/raclient/RA_Client.cpp' object='tools/raclient/tpsclient-RA_Client.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o tools/raclient/tpsclient-RA_Client.o `test -f 'tools/raclient/RA_Client.cpp' || echo '$(srcdir)/'`tools/raclient/RA_Client.cpp
+
+tools/raclient/tpsclient-RA_Client.obj: tools/raclient/RA_Client.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT tools/raclient/tpsclient-RA_Client.obj -MD -MP -MF "tools/raclient/$(DEPDIR)/tpsclient-RA_Client.Tpo" -c -o tools/raclient/tpsclient-RA_Client.obj `if test -f 'tools/raclient/RA_Client.cpp'; then $(CYGPATH_W) 'tools/raclient/RA_Client.cpp'; else $(CYGPATH_W) '$(srcdir)/tools/raclient/RA_Client.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "tools/raclient/$(DEPDIR)/tpsclient-RA_Client.Tpo" "tools/raclient/$(DEPDIR)/tpsclient-RA_Client.Po"; else rm -f "tools/raclient/$(DEPDIR)/tpsclient-RA_Client.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='tools/raclient/RA_Client.cpp' object='tools/raclient/tpsclient-RA_Client.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o tools/raclient/tpsclient-RA_Client.obj `if test -f 'tools/raclient/RA_Client.cpp'; then $(CYGPATH_W) 'tools/raclient/RA_Client.cpp'; else $(CYGPATH_W) '$(srcdir)/tools/raclient/RA_Client.cpp'; fi`
+
+tools/raclient/tpsclient-RA_Conn.o: tools/raclient/RA_Conn.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT tools/raclient/tpsclient-RA_Conn.o -MD -MP -MF "tools/raclient/$(DEPDIR)/tpsclient-RA_Conn.Tpo" -c -o tools/raclient/tpsclient-RA_Conn.o `test -f 'tools/raclient/RA_Conn.cpp' || echo '$(srcdir)/'`tools/raclient/RA_Conn.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "tools/raclient/$(DEPDIR)/tpsclient-RA_Conn.Tpo" "tools/raclient/$(DEPDIR)/tpsclient-RA_Conn.Po"; else rm -f "tools/raclient/$(DEPDIR)/tpsclient-RA_Conn.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='tools/raclient/RA_Conn.cpp' object='tools/raclient/tpsclient-RA_Conn.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o tools/raclient/tpsclient-RA_Conn.o `test -f 'tools/raclient/RA_Conn.cpp' || echo '$(srcdir)/'`tools/raclient/RA_Conn.cpp
+
+tools/raclient/tpsclient-RA_Conn.obj: tools/raclient/RA_Conn.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT tools/raclient/tpsclient-RA_Conn.obj -MD -MP -MF "tools/raclient/$(DEPDIR)/tpsclient-RA_Conn.Tpo" -c -o tools/raclient/tpsclient-RA_Conn.obj `if test -f 'tools/raclient/RA_Conn.cpp'; then $(CYGPATH_W) 'tools/raclient/RA_Conn.cpp'; else $(CYGPATH_W) '$(srcdir)/tools/raclient/RA_Conn.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "tools/raclient/$(DEPDIR)/tpsclient-RA_Conn.Tpo" "tools/raclient/$(DEPDIR)/tpsclient-RA_Conn.Po"; else rm -f "tools/raclient/$(DEPDIR)/tpsclient-RA_Conn.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='tools/raclient/RA_Conn.cpp' object='tools/raclient/tpsclient-RA_Conn.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o tools/raclient/tpsclient-RA_Conn.obj `if test -f 'tools/raclient/RA_Conn.cpp'; then $(CYGPATH_W) 'tools/raclient/RA_Conn.cpp'; else $(CYGPATH_W) '$(srcdir)/tools/raclient/RA_Conn.cpp'; fi`
+
+tools/raclient/tpsclient-RA_Token.o: tools/raclient/RA_Token.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT tools/raclient/tpsclient-RA_Token.o -MD -MP -MF "tools/raclient/$(DEPDIR)/tpsclient-RA_Token.Tpo" -c -o tools/raclient/tpsclient-RA_Token.o `test -f 'tools/raclient/RA_Token.cpp' || echo '$(srcdir)/'`tools/raclient/RA_Token.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "tools/raclient/$(DEPDIR)/tpsclient-RA_Token.Tpo" "tools/raclient/$(DEPDIR)/tpsclient-RA_Token.Po"; else rm -f "tools/raclient/$(DEPDIR)/tpsclient-RA_Token.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='tools/raclient/RA_Token.cpp' object='tools/raclient/tpsclient-RA_Token.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o tools/raclient/tpsclient-RA_Token.o `test -f 'tools/raclient/RA_Token.cpp' || echo '$(srcdir)/'`tools/raclient/RA_Token.cpp
+
+tools/raclient/tpsclient-RA_Token.obj: tools/raclient/RA_Token.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT tools/raclient/tpsclient-RA_Token.obj -MD -MP -MF "tools/raclient/$(DEPDIR)/tpsclient-RA_Token.Tpo" -c -o tools/raclient/tpsclient-RA_Token.obj `if test -f 'tools/raclient/RA_Token.cpp'; then $(CYGPATH_W) 'tools/raclient/RA_Token.cpp'; else $(CYGPATH_W) '$(srcdir)/tools/raclient/RA_Token.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "tools/raclient/$(DEPDIR)/tpsclient-RA_Token.Tpo" "tools/raclient/$(DEPDIR)/tpsclient-RA_Token.Po"; else rm -f "tools/raclient/$(DEPDIR)/tpsclient-RA_Token.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='tools/raclient/RA_Token.cpp' object='tools/raclient/tpsclient-RA_Token.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o tools/raclient/tpsclient-RA_Token.obj `if test -f 'tools/raclient/RA_Token.cpp'; then $(CYGPATH_W) 'tools/raclient/RA_Token.cpp'; else $(CYGPATH_W) '$(srcdir)/tools/raclient/RA_Token.cpp'; fi`
+
+src/main/tpsclient-Buffer.o: src/main/Buffer.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-Buffer.o -MD -MP -MF "src/main/$(DEPDIR)/tpsclient-Buffer.Tpo" -c -o src/main/tpsclient-Buffer.o `test -f 'src/main/Buffer.cpp' || echo '$(srcdir)/'`src/main/Buffer.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/tpsclient-Buffer.Tpo" "src/main/$(DEPDIR)/tpsclient-Buffer.Po"; else rm -f "src/main/$(DEPDIR)/tpsclient-Buffer.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/Buffer.cpp' object='src/main/tpsclient-Buffer.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-Buffer.o `test -f 'src/main/Buffer.cpp' || echo '$(srcdir)/'`src/main/Buffer.cpp
+
+src/main/tpsclient-Buffer.obj: src/main/Buffer.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-Buffer.obj -MD -MP -MF "src/main/$(DEPDIR)/tpsclient-Buffer.Tpo" -c -o src/main/tpsclient-Buffer.obj `if test -f 'src/main/Buffer.cpp'; then $(CYGPATH_W) 'src/main/Buffer.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/Buffer.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/tpsclient-Buffer.Tpo" "src/main/$(DEPDIR)/tpsclient-Buffer.Po"; else rm -f "src/main/$(DEPDIR)/tpsclient-Buffer.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/Buffer.cpp' object='src/main/tpsclient-Buffer.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-Buffer.obj `if test -f 'src/main/Buffer.cpp'; then $(CYGPATH_W) 'src/main/Buffer.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/Buffer.cpp'; fi`
+
+src/main/tpsclient-NameValueSet.o: src/main/NameValueSet.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-NameValueSet.o -MD -MP -MF "src/main/$(DEPDIR)/tpsclient-NameValueSet.Tpo" -c -o src/main/tpsclient-NameValueSet.o `test -f 'src/main/NameValueSet.cpp' || echo '$(srcdir)/'`src/main/NameValueSet.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/tpsclient-NameValueSet.Tpo" "src/main/$(DEPDIR)/tpsclient-NameValueSet.Po"; else rm -f "src/main/$(DEPDIR)/tpsclient-NameValueSet.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/NameValueSet.cpp' object='src/main/tpsclient-NameValueSet.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-NameValueSet.o `test -f 'src/main/NameValueSet.cpp' || echo '$(srcdir)/'`src/main/NameValueSet.cpp
+
+src/main/tpsclient-NameValueSet.obj: src/main/NameValueSet.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-NameValueSet.obj -MD -MP -MF "src/main/$(DEPDIR)/tpsclient-NameValueSet.Tpo" -c -o src/main/tpsclient-NameValueSet.obj `if test -f 'src/main/NameValueSet.cpp'; then $(CYGPATH_W) 'src/main/NameValueSet.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/NameValueSet.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/tpsclient-NameValueSet.Tpo" "src/main/$(DEPDIR)/tpsclient-NameValueSet.Po"; else rm -f "src/main/$(DEPDIR)/tpsclient-NameValueSet.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/NameValueSet.cpp' object='src/main/tpsclient-NameValueSet.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-NameValueSet.obj `if test -f 'src/main/NameValueSet.cpp'; then $(CYGPATH_W) 'src/main/NameValueSet.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/NameValueSet.cpp'; fi`
+
+src/main/tpsclient-Util.o: src/main/Util.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-Util.o -MD -MP -MF "src/main/$(DEPDIR)/tpsclient-Util.Tpo" -c -o src/main/tpsclient-Util.o `test -f 'src/main/Util.cpp' || echo '$(srcdir)/'`src/main/Util.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/tpsclient-Util.Tpo" "src/main/$(DEPDIR)/tpsclient-Util.Po"; else rm -f "src/main/$(DEPDIR)/tpsclient-Util.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/Util.cpp' object='src/main/tpsclient-Util.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-Util.o `test -f 'src/main/Util.cpp' || echo '$(srcdir)/'`src/main/Util.cpp
+
+src/main/tpsclient-Util.obj: src/main/Util.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-Util.obj -MD -MP -MF "src/main/$(DEPDIR)/tpsclient-Util.Tpo" -c -o src/main/tpsclient-Util.obj `if test -f 'src/main/Util.cpp'; then $(CYGPATH_W) 'src/main/Util.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/Util.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/tpsclient-Util.Tpo" "src/main/$(DEPDIR)/tpsclient-Util.Po"; else rm -f "src/main/$(DEPDIR)/tpsclient-Util.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/Util.cpp' object='src/main/tpsclient-Util.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-Util.obj `if test -f 'src/main/Util.cpp'; then $(CYGPATH_W) 'src/main/Util.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/Util.cpp'; fi`
+
+src/main/tpsclient-AuthParams.o: src/main/AuthParams.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-AuthParams.o -MD -MP -MF "src/main/$(DEPDIR)/tpsclient-AuthParams.Tpo" -c -o src/main/tpsclient-AuthParams.o `test -f 'src/main/AuthParams.cpp' || echo '$(srcdir)/'`src/main/AuthParams.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/tpsclient-AuthParams.Tpo" "src/main/$(DEPDIR)/tpsclient-AuthParams.Po"; else rm -f "src/main/$(DEPDIR)/tpsclient-AuthParams.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/AuthParams.cpp' object='src/main/tpsclient-AuthParams.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-AuthParams.o `test -f 'src/main/AuthParams.cpp' || echo '$(srcdir)/'`src/main/AuthParams.cpp
+
+src/main/tpsclient-AuthParams.obj: src/main/AuthParams.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-AuthParams.obj -MD -MP -MF "src/main/$(DEPDIR)/tpsclient-AuthParams.Tpo" -c -o src/main/tpsclient-AuthParams.obj `if test -f 'src/main/AuthParams.cpp'; then $(CYGPATH_W) 'src/main/AuthParams.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/AuthParams.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/tpsclient-AuthParams.Tpo" "src/main/$(DEPDIR)/tpsclient-AuthParams.Po"; else rm -f "src/main/$(DEPDIR)/tpsclient-AuthParams.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/AuthParams.cpp' object='src/main/tpsclient-AuthParams.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-AuthParams.obj `if test -f 'src/main/AuthParams.cpp'; then $(CYGPATH_W) 'src/main/AuthParams.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/AuthParams.cpp'; fi`
+
+src/apdu/tpsclient-APDU.o: src/apdu/APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-APDU.Tpo" -c -o src/apdu/tpsclient-APDU.o `test -f 'src/apdu/APDU.cpp' || echo '$(srcdir)/'`src/apdu/APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/APDU.cpp' object='src/apdu/tpsclient-APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-APDU.o `test -f 'src/apdu/APDU.cpp' || echo '$(srcdir)/'`src/apdu/APDU.cpp
+
+src/apdu/tpsclient-APDU.obj: src/apdu/APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-APDU.Tpo" -c -o src/apdu/tpsclient-APDU.obj `if test -f 'src/apdu/APDU.cpp'; then $(CYGPATH_W) 'src/apdu/APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/APDU.cpp' object='src/apdu/tpsclient-APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-APDU.obj `if test -f 'src/apdu/APDU.cpp'; then $(CYGPATH_W) 'src/apdu/APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/APDU.cpp'; fi`
+
+src/apdu/tpsclient-APDU_Response.o: src/apdu/APDU_Response.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-APDU_Response.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-APDU_Response.Tpo" -c -o src/apdu/tpsclient-APDU_Response.o `test -f 'src/apdu/APDU_Response.cpp' || echo '$(srcdir)/'`src/apdu/APDU_Response.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-APDU_Response.Tpo" "src/apdu/$(DEPDIR)/tpsclient-APDU_Response.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-APDU_Response.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/APDU_Response.cpp' object='src/apdu/tpsclient-APDU_Response.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-APDU_Response.o `test -f 'src/apdu/APDU_Response.cpp' || echo '$(srcdir)/'`src/apdu/APDU_Response.cpp
+
+src/apdu/tpsclient-APDU_Response.obj: src/apdu/APDU_Response.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-APDU_Response.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-APDU_Response.Tpo" -c -o src/apdu/tpsclient-APDU_Response.obj `if test -f 'src/apdu/APDU_Response.cpp'; then $(CYGPATH_W) 'src/apdu/APDU_Response.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/APDU_Response.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-APDU_Response.Tpo" "src/apdu/$(DEPDIR)/tpsclient-APDU_Response.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-APDU_Response.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/APDU_Response.cpp' object='src/apdu/tpsclient-APDU_Response.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-APDU_Response.obj `if test -f 'src/apdu/APDU_Response.cpp'; then $(CYGPATH_W) 'src/apdu/APDU_Response.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/APDU_Response.cpp'; fi`
+
+src/apdu/tpsclient-Create_Object_APDU.o: src/apdu/Create_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Create_Object_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Create_Object_APDU.Tpo" -c -o src/apdu/tpsclient-Create_Object_APDU.o `test -f 'src/apdu/Create_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Create_Object_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Create_Object_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Create_Object_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Create_Object_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Create_Object_APDU.cpp' object='src/apdu/tpsclient-Create_Object_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Create_Object_APDU.o `test -f 'src/apdu/Create_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Create_Object_APDU.cpp
+
+src/apdu/tpsclient-Create_Object_APDU.obj: src/apdu/Create_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Create_Object_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Create_Object_APDU.Tpo" -c -o src/apdu/tpsclient-Create_Object_APDU.obj `if test -f 'src/apdu/Create_Object_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Create_Object_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Create_Object_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Create_Object_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Create_Object_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Create_Object_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Create_Object_APDU.cpp' object='src/apdu/tpsclient-Create_Object_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Create_Object_APDU.obj `if test -f 'src/apdu/Create_Object_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Create_Object_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Create_Object_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Create_Pin_APDU.o: src/apdu/Create_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Create_Pin_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Create_Pin_APDU.Tpo" -c -o src/apdu/tpsclient-Create_Pin_APDU.o `test -f 'src/apdu/Create_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Create_Pin_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Create_Pin_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Create_Pin_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Create_Pin_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Create_Pin_APDU.cpp' object='src/apdu/tpsclient-Create_Pin_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Create_Pin_APDU.o `test -f 'src/apdu/Create_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Create_Pin_APDU.cpp
+
+src/apdu/tpsclient-Create_Pin_APDU.obj: src/apdu/Create_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Create_Pin_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Create_Pin_APDU.Tpo" -c -o src/apdu/tpsclient-Create_Pin_APDU.obj `if test -f 'src/apdu/Create_Pin_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Create_Pin_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Create_Pin_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Create_Pin_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Create_Pin_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Create_Pin_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Create_Pin_APDU.cpp' object='src/apdu/tpsclient-Create_Pin_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Create_Pin_APDU.obj `if test -f 'src/apdu/Create_Pin_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Create_Pin_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Create_Pin_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Delete_File_APDU.o: src/apdu/Delete_File_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Delete_File_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Delete_File_APDU.Tpo" -c -o src/apdu/tpsclient-Delete_File_APDU.o `test -f 'src/apdu/Delete_File_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Delete_File_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Delete_File_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Delete_File_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Delete_File_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Delete_File_APDU.cpp' object='src/apdu/tpsclient-Delete_File_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Delete_File_APDU.o `test -f 'src/apdu/Delete_File_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Delete_File_APDU.cpp
+
+src/apdu/tpsclient-Delete_File_APDU.obj: src/apdu/Delete_File_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Delete_File_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Delete_File_APDU.Tpo" -c -o src/apdu/tpsclient-Delete_File_APDU.obj `if test -f 'src/apdu/Delete_File_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Delete_File_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Delete_File_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Delete_File_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Delete_File_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Delete_File_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Delete_File_APDU.cpp' object='src/apdu/tpsclient-Delete_File_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Delete_File_APDU.obj `if test -f 'src/apdu/Delete_File_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Delete_File_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Delete_File_APDU.cpp'; fi`
+
+src/apdu/tpsclient-External_Authenticate_APDU.o: src/apdu/External_Authenticate_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-External_Authenticate_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-External_Authenticate_APDU.Tpo" -c -o src/apdu/tpsclient-External_Authenticate_APDU.o `test -f 'src/apdu/External_Authenticate_APDU.cpp' || echo '$(srcdir)/'`src/apdu/External_Authenticate_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-External_Authenticate_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-External_Authenticate_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-External_Authenticate_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/External_Authenticate_APDU.cpp' object='src/apdu/tpsclient-External_Authenticate_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-External_Authenticate_APDU.o `test -f 'src/apdu/External_Authenticate_APDU.cpp' || echo '$(srcdir)/'`src/apdu/External_Authenticate_APDU.cpp
+
+src/apdu/tpsclient-External_Authenticate_APDU.obj: src/apdu/External_Authenticate_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-External_Authenticate_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-External_Authenticate_APDU.Tpo" -c -o src/apdu/tpsclient-External_Authenticate_APDU.obj `if test -f 'src/apdu/External_Authenticate_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/External_Authenticate_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/External_Authenticate_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-External_Authenticate_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-External_Authenticate_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-External_Authenticate_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/External_Authenticate_APDU.cpp' object='src/apdu/tpsclient-External_Authenticate_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-External_Authenticate_APDU.obj `if test -f 'src/apdu/External_Authenticate_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/External_Authenticate_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/External_Authenticate_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Format_Muscle_Applet_APDU.o: src/apdu/Format_Muscle_Applet_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Format_Muscle_Applet_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Format_Muscle_Applet_APDU.Tpo" -c -o src/apdu/tpsclient-Format_Muscle_Applet_APDU.o `test -f 'src/apdu/Format_Muscle_Applet_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Format_Muscle_Applet_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Format_Muscle_Applet_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Format_Muscle_Applet_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Format_Muscle_Applet_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Format_Muscle_Applet_APDU.cpp' object='src/apdu/tpsclient-Format_Muscle_Applet_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Format_Muscle_Applet_APDU.o `test -f 'src/apdu/Format_Muscle_Applet_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Format_Muscle_Applet_APDU.cpp
+
+src/apdu/tpsclient-Format_Muscle_Applet_APDU.obj: src/apdu/Format_Muscle_Applet_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Format_Muscle_Applet_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Format_Muscle_Applet_APDU.Tpo" -c -o src/apdu/tpsclient-Format_Muscle_Applet_APDU.obj `if test -f 'src/apdu/Format_Muscle_Applet_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Format_Muscle_Applet_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Format_Muscle_Applet_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Format_Muscle_Applet_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Format_Muscle_Applet_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Format_Muscle_Applet_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Format_Muscle_Applet_APDU.cpp' object='src/apdu/tpsclient-Format_Muscle_Applet_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Format_Muscle_Applet_APDU.obj `if test -f 'src/apdu/Format_Muscle_Applet_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Format_Muscle_Applet_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Format_Muscle_Applet_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Generate_Key_APDU.o: src/apdu/Generate_Key_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Generate_Key_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Generate_Key_APDU.Tpo" -c -o src/apdu/tpsclient-Generate_Key_APDU.o `test -f 'src/apdu/Generate_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Generate_Key_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Generate_Key_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Generate_Key_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Generate_Key_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Generate_Key_APDU.cpp' object='src/apdu/tpsclient-Generate_Key_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Generate_Key_APDU.o `test -f 'src/apdu/Generate_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Generate_Key_APDU.cpp
+
+src/apdu/tpsclient-Generate_Key_APDU.obj: src/apdu/Generate_Key_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Generate_Key_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Generate_Key_APDU.Tpo" -c -o src/apdu/tpsclient-Generate_Key_APDU.obj `if test -f 'src/apdu/Generate_Key_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Generate_Key_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Generate_Key_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Generate_Key_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Generate_Key_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Generate_Key_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Generate_Key_APDU.cpp' object='src/apdu/tpsclient-Generate_Key_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Generate_Key_APDU.obj `if test -f 'src/apdu/Generate_Key_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Generate_Key_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Generate_Key_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Get_Data_APDU.o: src/apdu/Get_Data_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Get_Data_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Get_Data_APDU.Tpo" -c -o src/apdu/tpsclient-Get_Data_APDU.o `test -f 'src/apdu/Get_Data_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Data_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Get_Data_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Get_Data_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Get_Data_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_Data_APDU.cpp' object='src/apdu/tpsclient-Get_Data_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Get_Data_APDU.o `test -f 'src/apdu/Get_Data_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Data_APDU.cpp
+
+src/apdu/tpsclient-Get_Data_APDU.obj: src/apdu/Get_Data_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Get_Data_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Get_Data_APDU.Tpo" -c -o src/apdu/tpsclient-Get_Data_APDU.obj `if test -f 'src/apdu/Get_Data_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Get_Data_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Get_Data_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Get_Data_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Get_Data_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Get_Data_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_Data_APDU.cpp' object='src/apdu/tpsclient-Get_Data_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Get_Data_APDU.obj `if test -f 'src/apdu/Get_Data_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Get_Data_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Get_Data_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Get_Status_APDU.o: src/apdu/Get_Status_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Get_Status_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Get_Status_APDU.Tpo" -c -o src/apdu/tpsclient-Get_Status_APDU.o `test -f 'src/apdu/Get_Status_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Status_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Get_Status_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Get_Status_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Get_Status_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_Status_APDU.cpp' object='src/apdu/tpsclient-Get_Status_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Get_Status_APDU.o `test -f 'src/apdu/Get_Status_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Status_APDU.cpp
+
+src/apdu/tpsclient-Get_Status_APDU.obj: src/apdu/Get_Status_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Get_Status_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Get_Status_APDU.Tpo" -c -o src/apdu/tpsclient-Get_Status_APDU.obj `if test -f 'src/apdu/Get_Status_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Get_Status_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Get_Status_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Get_Status_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Get_Status_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Get_Status_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_Status_APDU.cpp' object='src/apdu/tpsclient-Get_Status_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Get_Status_APDU.obj `if test -f 'src/apdu/Get_Status_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Get_Status_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Get_Status_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Get_Version_APDU.o: src/apdu/Get_Version_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Get_Version_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Get_Version_APDU.Tpo" -c -o src/apdu/tpsclient-Get_Version_APDU.o `test -f 'src/apdu/Get_Version_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Version_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Get_Version_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Get_Version_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Get_Version_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_Version_APDU.cpp' object='src/apdu/tpsclient-Get_Version_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Get_Version_APDU.o `test -f 'src/apdu/Get_Version_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Version_APDU.cpp
+
+src/apdu/tpsclient-Get_Version_APDU.obj: src/apdu/Get_Version_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Get_Version_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Get_Version_APDU.Tpo" -c -o src/apdu/tpsclient-Get_Version_APDU.obj `if test -f 'src/apdu/Get_Version_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Get_Version_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Get_Version_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Get_Version_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Get_Version_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Get_Version_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_Version_APDU.cpp' object='src/apdu/tpsclient-Get_Version_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Get_Version_APDU.obj `if test -f 'src/apdu/Get_Version_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Get_Version_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Get_Version_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Initialize_Update_APDU.o: src/apdu/Initialize_Update_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Initialize_Update_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Initialize_Update_APDU.Tpo" -c -o src/apdu/tpsclient-Initialize_Update_APDU.o `test -f 'src/apdu/Initialize_Update_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Initialize_Update_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Initialize_Update_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Initialize_Update_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Initialize_Update_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Initialize_Update_APDU.cpp' object='src/apdu/tpsclient-Initialize_Update_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Initialize_Update_APDU.o `test -f 'src/apdu/Initialize_Update_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Initialize_Update_APDU.cpp
+
+src/apdu/tpsclient-Initialize_Update_APDU.obj: src/apdu/Initialize_Update_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Initialize_Update_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Initialize_Update_APDU.Tpo" -c -o src/apdu/tpsclient-Initialize_Update_APDU.obj `if test -f 'src/apdu/Initialize_Update_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Initialize_Update_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Initialize_Update_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Initialize_Update_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Initialize_Update_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Initialize_Update_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Initialize_Update_APDU.cpp' object='src/apdu/tpsclient-Initialize_Update_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Initialize_Update_APDU.obj `if test -f 'src/apdu/Initialize_Update_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Initialize_Update_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Initialize_Update_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Install_Applet_APDU.o: src/apdu/Install_Applet_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Install_Applet_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Install_Applet_APDU.Tpo" -c -o src/apdu/tpsclient-Install_Applet_APDU.o `test -f 'src/apdu/Install_Applet_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Install_Applet_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Install_Applet_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Install_Applet_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Install_Applet_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Install_Applet_APDU.cpp' object='src/apdu/tpsclient-Install_Applet_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Install_Applet_APDU.o `test -f 'src/apdu/Install_Applet_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Install_Applet_APDU.cpp
+
+src/apdu/tpsclient-Install_Applet_APDU.obj: src/apdu/Install_Applet_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Install_Applet_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Install_Applet_APDU.Tpo" -c -o src/apdu/tpsclient-Install_Applet_APDU.obj `if test -f 'src/apdu/Install_Applet_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Install_Applet_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Install_Applet_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Install_Applet_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Install_Applet_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Install_Applet_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Install_Applet_APDU.cpp' object='src/apdu/tpsclient-Install_Applet_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Install_Applet_APDU.obj `if test -f 'src/apdu/Install_Applet_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Install_Applet_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Install_Applet_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Install_Load_APDU.o: src/apdu/Install_Load_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Install_Load_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Install_Load_APDU.Tpo" -c -o src/apdu/tpsclient-Install_Load_APDU.o `test -f 'src/apdu/Install_Load_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Install_Load_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Install_Load_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Install_Load_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Install_Load_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Install_Load_APDU.cpp' object='src/apdu/tpsclient-Install_Load_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Install_Load_APDU.o `test -f 'src/apdu/Install_Load_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Install_Load_APDU.cpp
+
+src/apdu/tpsclient-Install_Load_APDU.obj: src/apdu/Install_Load_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Install_Load_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Install_Load_APDU.Tpo" -c -o src/apdu/tpsclient-Install_Load_APDU.obj `if test -f 'src/apdu/Install_Load_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Install_Load_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Install_Load_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Install_Load_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Install_Load_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Install_Load_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Install_Load_APDU.cpp' object='src/apdu/tpsclient-Install_Load_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Install_Load_APDU.obj `if test -f 'src/apdu/Install_Load_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Install_Load_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Install_Load_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Lifecycle_APDU.o: src/apdu/Lifecycle_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Lifecycle_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Lifecycle_APDU.Tpo" -c -o src/apdu/tpsclient-Lifecycle_APDU.o `test -f 'src/apdu/Lifecycle_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Lifecycle_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Lifecycle_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Lifecycle_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Lifecycle_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Lifecycle_APDU.cpp' object='src/apdu/tpsclient-Lifecycle_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Lifecycle_APDU.o `test -f 'src/apdu/Lifecycle_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Lifecycle_APDU.cpp
+
+src/apdu/tpsclient-Lifecycle_APDU.obj: src/apdu/Lifecycle_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Lifecycle_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Lifecycle_APDU.Tpo" -c -o src/apdu/tpsclient-Lifecycle_APDU.obj `if test -f 'src/apdu/Lifecycle_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Lifecycle_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Lifecycle_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Lifecycle_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Lifecycle_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Lifecycle_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Lifecycle_APDU.cpp' object='src/apdu/tpsclient-Lifecycle_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Lifecycle_APDU.obj `if test -f 'src/apdu/Lifecycle_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Lifecycle_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Lifecycle_APDU.cpp'; fi`
+
+src/apdu/tpsclient-List_Objects_APDU.o: src/apdu/List_Objects_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-List_Objects_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-List_Objects_APDU.Tpo" -c -o src/apdu/tpsclient-List_Objects_APDU.o `test -f 'src/apdu/List_Objects_APDU.cpp' || echo '$(srcdir)/'`src/apdu/List_Objects_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-List_Objects_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-List_Objects_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-List_Objects_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/List_Objects_APDU.cpp' object='src/apdu/tpsclient-List_Objects_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-List_Objects_APDU.o `test -f 'src/apdu/List_Objects_APDU.cpp' || echo '$(srcdir)/'`src/apdu/List_Objects_APDU.cpp
+
+src/apdu/tpsclient-List_Objects_APDU.obj: src/apdu/List_Objects_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-List_Objects_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-List_Objects_APDU.Tpo" -c -o src/apdu/tpsclient-List_Objects_APDU.obj `if test -f 'src/apdu/List_Objects_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/List_Objects_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/List_Objects_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-List_Objects_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-List_Objects_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-List_Objects_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/List_Objects_APDU.cpp' object='src/apdu/tpsclient-List_Objects_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-List_Objects_APDU.obj `if test -f 'src/apdu/List_Objects_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/List_Objects_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/List_Objects_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Set_IssuerInfo_APDU.o: src/apdu/Set_IssuerInfo_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Set_IssuerInfo_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Set_IssuerInfo_APDU.Tpo" -c -o src/apdu/tpsclient-Set_IssuerInfo_APDU.o `test -f 'src/apdu/Set_IssuerInfo_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Set_IssuerInfo_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Set_IssuerInfo_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Set_IssuerInfo_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Set_IssuerInfo_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Set_IssuerInfo_APDU.cpp' object='src/apdu/tpsclient-Set_IssuerInfo_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Set_IssuerInfo_APDU.o `test -f 'src/apdu/Set_IssuerInfo_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Set_IssuerInfo_APDU.cpp
+
+src/apdu/tpsclient-Set_IssuerInfo_APDU.obj: src/apdu/Set_IssuerInfo_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Set_IssuerInfo_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Set_IssuerInfo_APDU.Tpo" -c -o src/apdu/tpsclient-Set_IssuerInfo_APDU.obj `if test -f 'src/apdu/Set_IssuerInfo_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Set_IssuerInfo_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Set_IssuerInfo_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Set_IssuerInfo_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Set_IssuerInfo_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Set_IssuerInfo_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Set_IssuerInfo_APDU.cpp' object='src/apdu/tpsclient-Set_IssuerInfo_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Set_IssuerInfo_APDU.obj `if test -f 'src/apdu/Set_IssuerInfo_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Set_IssuerInfo_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Set_IssuerInfo_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Get_IssuerInfo_APDU.o: src/apdu/Get_IssuerInfo_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Get_IssuerInfo_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Get_IssuerInfo_APDU.Tpo" -c -o src/apdu/tpsclient-Get_IssuerInfo_APDU.o `test -f 'src/apdu/Get_IssuerInfo_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_IssuerInfo_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Get_IssuerInfo_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Get_IssuerInfo_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Get_IssuerInfo_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_IssuerInfo_APDU.cpp' object='src/apdu/tpsclient-Get_IssuerInfo_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Get_IssuerInfo_APDU.o `test -f 'src/apdu/Get_IssuerInfo_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_IssuerInfo_APDU.cpp
+
+src/apdu/tpsclient-Get_IssuerInfo_APDU.obj: src/apdu/Get_IssuerInfo_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Get_IssuerInfo_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Get_IssuerInfo_APDU.Tpo" -c -o src/apdu/tpsclient-Get_IssuerInfo_APDU.obj `if test -f 'src/apdu/Get_IssuerInfo_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Get_IssuerInfo_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Get_IssuerInfo_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Get_IssuerInfo_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Get_IssuerInfo_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Get_IssuerInfo_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_IssuerInfo_APDU.cpp' object='src/apdu/tpsclient-Get_IssuerInfo_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Get_IssuerInfo_APDU.obj `if test -f 'src/apdu/Get_IssuerInfo_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Get_IssuerInfo_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Get_IssuerInfo_APDU.cpp'; fi`
+
+src/apdu/tpsclient-List_Pins_APDU.o: src/apdu/List_Pins_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-List_Pins_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-List_Pins_APDU.Tpo" -c -o src/apdu/tpsclient-List_Pins_APDU.o `test -f 'src/apdu/List_Pins_APDU.cpp' || echo '$(srcdir)/'`src/apdu/List_Pins_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-List_Pins_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-List_Pins_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-List_Pins_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/List_Pins_APDU.cpp' object='src/apdu/tpsclient-List_Pins_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-List_Pins_APDU.o `test -f 'src/apdu/List_Pins_APDU.cpp' || echo '$(srcdir)/'`src/apdu/List_Pins_APDU.cpp
+
+src/apdu/tpsclient-List_Pins_APDU.obj: src/apdu/List_Pins_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-List_Pins_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-List_Pins_APDU.Tpo" -c -o src/apdu/tpsclient-List_Pins_APDU.obj `if test -f 'src/apdu/List_Pins_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/List_Pins_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/List_Pins_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-List_Pins_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-List_Pins_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-List_Pins_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/List_Pins_APDU.cpp' object='src/apdu/tpsclient-List_Pins_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-List_Pins_APDU.obj `if test -f 'src/apdu/List_Pins_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/List_Pins_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/List_Pins_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Load_File_APDU.o: src/apdu/Load_File_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Load_File_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Load_File_APDU.Tpo" -c -o src/apdu/tpsclient-Load_File_APDU.o `test -f 'src/apdu/Load_File_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Load_File_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Load_File_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Load_File_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Load_File_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Load_File_APDU.cpp' object='src/apdu/tpsclient-Load_File_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Load_File_APDU.o `test -f 'src/apdu/Load_File_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Load_File_APDU.cpp
+
+src/apdu/tpsclient-Load_File_APDU.obj: src/apdu/Load_File_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Load_File_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Load_File_APDU.Tpo" -c -o src/apdu/tpsclient-Load_File_APDU.obj `if test -f 'src/apdu/Load_File_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Load_File_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Load_File_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Load_File_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Load_File_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Load_File_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Load_File_APDU.cpp' object='src/apdu/tpsclient-Load_File_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Load_File_APDU.obj `if test -f 'src/apdu/Load_File_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Load_File_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Load_File_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Put_Key_APDU.o: src/apdu/Put_Key_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Put_Key_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Put_Key_APDU.Tpo" -c -o src/apdu/tpsclient-Put_Key_APDU.o `test -f 'src/apdu/Put_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Put_Key_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Put_Key_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Put_Key_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Put_Key_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Put_Key_APDU.cpp' object='src/apdu/tpsclient-Put_Key_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Put_Key_APDU.o `test -f 'src/apdu/Put_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Put_Key_APDU.cpp
+
+src/apdu/tpsclient-Put_Key_APDU.obj: src/apdu/Put_Key_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Put_Key_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Put_Key_APDU.Tpo" -c -o src/apdu/tpsclient-Put_Key_APDU.obj `if test -f 'src/apdu/Put_Key_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Put_Key_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Put_Key_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Put_Key_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Put_Key_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Put_Key_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Put_Key_APDU.cpp' object='src/apdu/tpsclient-Put_Key_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Put_Key_APDU.obj `if test -f 'src/apdu/Put_Key_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Put_Key_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Put_Key_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Read_Buffer_APDU.o: src/apdu/Read_Buffer_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Read_Buffer_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Read_Buffer_APDU.Tpo" -c -o src/apdu/tpsclient-Read_Buffer_APDU.o `test -f 'src/apdu/Read_Buffer_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Read_Buffer_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Read_Buffer_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Read_Buffer_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Read_Buffer_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Read_Buffer_APDU.cpp' object='src/apdu/tpsclient-Read_Buffer_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Read_Buffer_APDU.o `test -f 'src/apdu/Read_Buffer_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Read_Buffer_APDU.cpp
+
+src/apdu/tpsclient-Read_Buffer_APDU.obj: src/apdu/Read_Buffer_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Read_Buffer_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Read_Buffer_APDU.Tpo" -c -o src/apdu/tpsclient-Read_Buffer_APDU.obj `if test -f 'src/apdu/Read_Buffer_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Read_Buffer_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Read_Buffer_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Read_Buffer_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Read_Buffer_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Read_Buffer_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Read_Buffer_APDU.cpp' object='src/apdu/tpsclient-Read_Buffer_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Read_Buffer_APDU.obj `if test -f 'src/apdu/Read_Buffer_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Read_Buffer_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Read_Buffer_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Read_Object_APDU.o: src/apdu/Read_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Read_Object_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Read_Object_APDU.Tpo" -c -o src/apdu/tpsclient-Read_Object_APDU.o `test -f 'src/apdu/Read_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Read_Object_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Read_Object_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Read_Object_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Read_Object_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Read_Object_APDU.cpp' object='src/apdu/tpsclient-Read_Object_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Read_Object_APDU.o `test -f 'src/apdu/Read_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Read_Object_APDU.cpp
+
+src/apdu/tpsclient-Read_Object_APDU.obj: src/apdu/Read_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Read_Object_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Read_Object_APDU.Tpo" -c -o src/apdu/tpsclient-Read_Object_APDU.obj `if test -f 'src/apdu/Read_Object_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Read_Object_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Read_Object_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Read_Object_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Read_Object_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Read_Object_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Read_Object_APDU.cpp' object='src/apdu/tpsclient-Read_Object_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Read_Object_APDU.obj `if test -f 'src/apdu/Read_Object_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Read_Object_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Read_Object_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Select_APDU.o: src/apdu/Select_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Select_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Select_APDU.Tpo" -c -o src/apdu/tpsclient-Select_APDU.o `test -f 'src/apdu/Select_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Select_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Select_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Select_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Select_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Select_APDU.cpp' object='src/apdu/tpsclient-Select_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Select_APDU.o `test -f 'src/apdu/Select_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Select_APDU.cpp
+
+src/apdu/tpsclient-Select_APDU.obj: src/apdu/Select_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Select_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Select_APDU.Tpo" -c -o src/apdu/tpsclient-Select_APDU.obj `if test -f 'src/apdu/Select_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Select_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Select_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Select_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Select_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Select_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Select_APDU.cpp' object='src/apdu/tpsclient-Select_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Select_APDU.obj `if test -f 'src/apdu/Select_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Select_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Select_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Set_Pin_APDU.o: src/apdu/Set_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Set_Pin_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Set_Pin_APDU.Tpo" -c -o src/apdu/tpsclient-Set_Pin_APDU.o `test -f 'src/apdu/Set_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Set_Pin_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Set_Pin_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Set_Pin_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Set_Pin_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Set_Pin_APDU.cpp' object='src/apdu/tpsclient-Set_Pin_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Set_Pin_APDU.o `test -f 'src/apdu/Set_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Set_Pin_APDU.cpp
+
+src/apdu/tpsclient-Set_Pin_APDU.obj: src/apdu/Set_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Set_Pin_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Set_Pin_APDU.Tpo" -c -o src/apdu/tpsclient-Set_Pin_APDU.obj `if test -f 'src/apdu/Set_Pin_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Set_Pin_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Set_Pin_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Set_Pin_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Set_Pin_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Set_Pin_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Set_Pin_APDU.cpp' object='src/apdu/tpsclient-Set_Pin_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Set_Pin_APDU.obj `if test -f 'src/apdu/Set_Pin_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Set_Pin_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Set_Pin_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Unblock_Pin_APDU.o: src/apdu/Unblock_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Unblock_Pin_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Unblock_Pin_APDU.Tpo" -c -o src/apdu/tpsclient-Unblock_Pin_APDU.o `test -f 'src/apdu/Unblock_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Unblock_Pin_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Unblock_Pin_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Unblock_Pin_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Unblock_Pin_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Unblock_Pin_APDU.cpp' object='src/apdu/tpsclient-Unblock_Pin_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Unblock_Pin_APDU.o `test -f 'src/apdu/Unblock_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Unblock_Pin_APDU.cpp
+
+src/apdu/tpsclient-Unblock_Pin_APDU.obj: src/apdu/Unblock_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Unblock_Pin_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Unblock_Pin_APDU.Tpo" -c -o src/apdu/tpsclient-Unblock_Pin_APDU.obj `if test -f 'src/apdu/Unblock_Pin_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Unblock_Pin_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Unblock_Pin_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Unblock_Pin_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Unblock_Pin_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Unblock_Pin_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Unblock_Pin_APDU.cpp' object='src/apdu/tpsclient-Unblock_Pin_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Unblock_Pin_APDU.obj `if test -f 'src/apdu/Unblock_Pin_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Unblock_Pin_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Unblock_Pin_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Write_Object_APDU.o: src/apdu/Write_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Write_Object_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Write_Object_APDU.Tpo" -c -o src/apdu/tpsclient-Write_Object_APDU.o `test -f 'src/apdu/Write_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Write_Object_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Write_Object_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Write_Object_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Write_Object_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Write_Object_APDU.cpp' object='src/apdu/tpsclient-Write_Object_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Write_Object_APDU.o `test -f 'src/apdu/Write_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Write_Object_APDU.cpp
+
+src/apdu/tpsclient-Write_Object_APDU.obj: src/apdu/Write_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Write_Object_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Write_Object_APDU.Tpo" -c -o src/apdu/tpsclient-Write_Object_APDU.obj `if test -f 'src/apdu/Write_Object_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Write_Object_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Write_Object_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Write_Object_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Write_Object_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Write_Object_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Write_Object_APDU.cpp' object='src/apdu/tpsclient-Write_Object_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Write_Object_APDU.obj `if test -f 'src/apdu/Write_Object_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Write_Object_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Write_Object_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Import_Key_Enc_APDU.o: src/apdu/Import_Key_Enc_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Import_Key_Enc_APDU.o -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Import_Key_Enc_APDU.Tpo" -c -o src/apdu/tpsclient-Import_Key_Enc_APDU.o `test -f 'src/apdu/Import_Key_Enc_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Import_Key_Enc_APDU.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Import_Key_Enc_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Import_Key_Enc_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Import_Key_Enc_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Import_Key_Enc_APDU.cpp' object='src/apdu/tpsclient-Import_Key_Enc_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Import_Key_Enc_APDU.o `test -f 'src/apdu/Import_Key_Enc_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Import_Key_Enc_APDU.cpp
+
+src/apdu/tpsclient-Import_Key_Enc_APDU.obj: src/apdu/Import_Key_Enc_APDU.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Import_Key_Enc_APDU.obj -MD -MP -MF "src/apdu/$(DEPDIR)/tpsclient-Import_Key_Enc_APDU.Tpo" -c -o src/apdu/tpsclient-Import_Key_Enc_APDU.obj `if test -f 'src/apdu/Import_Key_Enc_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Import_Key_Enc_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Import_Key_Enc_APDU.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/apdu/$(DEPDIR)/tpsclient-Import_Key_Enc_APDU.Tpo" "src/apdu/$(DEPDIR)/tpsclient-Import_Key_Enc_APDU.Po"; else rm -f "src/apdu/$(DEPDIR)/tpsclient-Import_Key_Enc_APDU.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Import_Key_Enc_APDU.cpp' object='src/apdu/tpsclient-Import_Key_Enc_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Import_Key_Enc_APDU.obj `if test -f 'src/apdu/Import_Key_Enc_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Import_Key_Enc_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Import_Key_Enc_APDU.cpp'; fi`
+
+src/main/tpsclient-RA_Msg.o: src/main/RA_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-RA_Msg.o -MD -MP -MF "src/main/$(DEPDIR)/tpsclient-RA_Msg.Tpo" -c -o src/main/tpsclient-RA_Msg.o `test -f 'src/main/RA_Msg.cpp' || echo '$(srcdir)/'`src/main/RA_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/tpsclient-RA_Msg.Tpo" "src/main/$(DEPDIR)/tpsclient-RA_Msg.Po"; else rm -f "src/main/$(DEPDIR)/tpsclient-RA_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/RA_Msg.cpp' object='src/main/tpsclient-RA_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-RA_Msg.o `test -f 'src/main/RA_Msg.cpp' || echo '$(srcdir)/'`src/main/RA_Msg.cpp
+
+src/main/tpsclient-RA_Msg.obj: src/main/RA_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-RA_Msg.obj -MD -MP -MF "src/main/$(DEPDIR)/tpsclient-RA_Msg.Tpo" -c -o src/main/tpsclient-RA_Msg.obj `if test -f 'src/main/RA_Msg.cpp'; then $(CYGPATH_W) 'src/main/RA_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/RA_Msg.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/main/$(DEPDIR)/tpsclient-RA_Msg.Tpo" "src/main/$(DEPDIR)/tpsclient-RA_Msg.Po"; else rm -f "src/main/$(DEPDIR)/tpsclient-RA_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/RA_Msg.cpp' object='src/main/tpsclient-RA_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-RA_Msg.obj `if test -f 'src/main/RA_Msg.cpp'; then $(CYGPATH_W) 'src/main/RA_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/RA_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_Begin_Op_Msg.o: src/msg/RA_Begin_Op_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Begin_Op_Msg.o -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_Begin_Op_Msg.Tpo" -c -o src/msg/tpsclient-RA_Begin_Op_Msg.o `test -f 'src/msg/RA_Begin_Op_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Begin_Op_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_Begin_Op_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_Begin_Op_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_Begin_Op_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Begin_Op_Msg.cpp' object='src/msg/tpsclient-RA_Begin_Op_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Begin_Op_Msg.o `test -f 'src/msg/RA_Begin_Op_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Begin_Op_Msg.cpp
+
+src/msg/tpsclient-RA_Begin_Op_Msg.obj: src/msg/RA_Begin_Op_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Begin_Op_Msg.obj -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_Begin_Op_Msg.Tpo" -c -o src/msg/tpsclient-RA_Begin_Op_Msg.obj `if test -f 'src/msg/RA_Begin_Op_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Begin_Op_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Begin_Op_Msg.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_Begin_Op_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_Begin_Op_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_Begin_Op_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Begin_Op_Msg.cpp' object='src/msg/tpsclient-RA_Begin_Op_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Begin_Op_Msg.obj `if test -f 'src/msg/RA_Begin_Op_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Begin_Op_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Begin_Op_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_End_Op_Msg.o: src/msg/RA_End_Op_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_End_Op_Msg.o -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_End_Op_Msg.Tpo" -c -o src/msg/tpsclient-RA_End_Op_Msg.o `test -f 'src/msg/RA_End_Op_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_End_Op_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_End_Op_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_End_Op_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_End_Op_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_End_Op_Msg.cpp' object='src/msg/tpsclient-RA_End_Op_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_End_Op_Msg.o `test -f 'src/msg/RA_End_Op_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_End_Op_Msg.cpp
+
+src/msg/tpsclient-RA_End_Op_Msg.obj: src/msg/RA_End_Op_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_End_Op_Msg.obj -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_End_Op_Msg.Tpo" -c -o src/msg/tpsclient-RA_End_Op_Msg.obj `if test -f 'src/msg/RA_End_Op_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_End_Op_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_End_Op_Msg.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_End_Op_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_End_Op_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_End_Op_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_End_Op_Msg.cpp' object='src/msg/tpsclient-RA_End_Op_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_End_Op_Msg.obj `if test -f 'src/msg/RA_End_Op_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_End_Op_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_End_Op_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_Login_Request_Msg.o: src/msg/RA_Login_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Login_Request_Msg.o -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_Login_Request_Msg.Tpo" -c -o src/msg/tpsclient-RA_Login_Request_Msg.o `test -f 'src/msg/RA_Login_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Login_Request_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_Login_Request_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_Login_Request_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_Login_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Login_Request_Msg.cpp' object='src/msg/tpsclient-RA_Login_Request_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Login_Request_Msg.o `test -f 'src/msg/RA_Login_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Login_Request_Msg.cpp
+
+src/msg/tpsclient-RA_Login_Request_Msg.obj: src/msg/RA_Login_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Login_Request_Msg.obj -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_Login_Request_Msg.Tpo" -c -o src/msg/tpsclient-RA_Login_Request_Msg.obj `if test -f 'src/msg/RA_Login_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Login_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Login_Request_Msg.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_Login_Request_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_Login_Request_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_Login_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Login_Request_Msg.cpp' object='src/msg/tpsclient-RA_Login_Request_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Login_Request_Msg.obj `if test -f 'src/msg/RA_Login_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Login_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Login_Request_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_Login_Response_Msg.o: src/msg/RA_Login_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Login_Response_Msg.o -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_Login_Response_Msg.Tpo" -c -o src/msg/tpsclient-RA_Login_Response_Msg.o `test -f 'src/msg/RA_Login_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Login_Response_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_Login_Response_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_Login_Response_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_Login_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Login_Response_Msg.cpp' object='src/msg/tpsclient-RA_Login_Response_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Login_Response_Msg.o `test -f 'src/msg/RA_Login_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Login_Response_Msg.cpp
+
+src/msg/tpsclient-RA_Login_Response_Msg.obj: src/msg/RA_Login_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Login_Response_Msg.obj -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_Login_Response_Msg.Tpo" -c -o src/msg/tpsclient-RA_Login_Response_Msg.obj `if test -f 'src/msg/RA_Login_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Login_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Login_Response_Msg.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_Login_Response_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_Login_Response_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_Login_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Login_Response_Msg.cpp' object='src/msg/tpsclient-RA_Login_Response_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Login_Response_Msg.obj `if test -f 'src/msg/RA_Login_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Login_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Login_Response_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_Extended_Login_Request_Msg.o: src/msg/RA_Extended_Login_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Extended_Login_Request_Msg.o -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Request_Msg.Tpo" -c -o src/msg/tpsclient-RA_Extended_Login_Request_Msg.o `test -f 'src/msg/RA_Extended_Login_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Extended_Login_Request_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Request_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Request_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Extended_Login_Request_Msg.cpp' object='src/msg/tpsclient-RA_Extended_Login_Request_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Extended_Login_Request_Msg.o `test -f 'src/msg/RA_Extended_Login_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Extended_Login_Request_Msg.cpp
+
+src/msg/tpsclient-RA_Extended_Login_Request_Msg.obj: src/msg/RA_Extended_Login_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Extended_Login_Request_Msg.obj -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Request_Msg.Tpo" -c -o src/msg/tpsclient-RA_Extended_Login_Request_Msg.obj `if test -f 'src/msg/RA_Extended_Login_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Extended_Login_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Extended_Login_Request_Msg.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Request_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Request_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Extended_Login_Request_Msg.cpp' object='src/msg/tpsclient-RA_Extended_Login_Request_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Extended_Login_Request_Msg.obj `if test -f 'src/msg/RA_Extended_Login_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Extended_Login_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Extended_Login_Request_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_Extended_Login_Response_Msg.o: src/msg/RA_Extended_Login_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Extended_Login_Response_Msg.o -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Response_Msg.Tpo" -c -o src/msg/tpsclient-RA_Extended_Login_Response_Msg.o `test -f 'src/msg/RA_Extended_Login_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Extended_Login_Response_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Response_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Response_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Extended_Login_Response_Msg.cpp' object='src/msg/tpsclient-RA_Extended_Login_Response_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Extended_Login_Response_Msg.o `test -f 'src/msg/RA_Extended_Login_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Extended_Login_Response_Msg.cpp
+
+src/msg/tpsclient-RA_Extended_Login_Response_Msg.obj: src/msg/RA_Extended_Login_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Extended_Login_Response_Msg.obj -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Response_Msg.Tpo" -c -o src/msg/tpsclient-RA_Extended_Login_Response_Msg.obj `if test -f 'src/msg/RA_Extended_Login_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Extended_Login_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Extended_Login_Response_Msg.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Response_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Response_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Extended_Login_Response_Msg.cpp' object='src/msg/tpsclient-RA_Extended_Login_Response_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Extended_Login_Response_Msg.obj `if test -f 'src/msg/RA_Extended_Login_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Extended_Login_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Extended_Login_Response_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_ASQ_Request_Msg.o: src/msg/RA_ASQ_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_ASQ_Request_Msg.o -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Request_Msg.Tpo" -c -o src/msg/tpsclient-RA_ASQ_Request_Msg.o `test -f 'src/msg/RA_ASQ_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_ASQ_Request_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Request_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Request_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_ASQ_Request_Msg.cpp' object='src/msg/tpsclient-RA_ASQ_Request_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_ASQ_Request_Msg.o `test -f 'src/msg/RA_ASQ_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_ASQ_Request_Msg.cpp
+
+src/msg/tpsclient-RA_ASQ_Request_Msg.obj: src/msg/RA_ASQ_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_ASQ_Request_Msg.obj -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Request_Msg.Tpo" -c -o src/msg/tpsclient-RA_ASQ_Request_Msg.obj `if test -f 'src/msg/RA_ASQ_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_ASQ_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_ASQ_Request_Msg.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Request_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Request_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_ASQ_Request_Msg.cpp' object='src/msg/tpsclient-RA_ASQ_Request_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_ASQ_Request_Msg.obj `if test -f 'src/msg/RA_ASQ_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_ASQ_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_ASQ_Request_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_ASQ_Response_Msg.o: src/msg/RA_ASQ_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_ASQ_Response_Msg.o -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Response_Msg.Tpo" -c -o src/msg/tpsclient-RA_ASQ_Response_Msg.o `test -f 'src/msg/RA_ASQ_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_ASQ_Response_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Response_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Response_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_ASQ_Response_Msg.cpp' object='src/msg/tpsclient-RA_ASQ_Response_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_ASQ_Response_Msg.o `test -f 'src/msg/RA_ASQ_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_ASQ_Response_Msg.cpp
+
+src/msg/tpsclient-RA_ASQ_Response_Msg.obj: src/msg/RA_ASQ_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_ASQ_Response_Msg.obj -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Response_Msg.Tpo" -c -o src/msg/tpsclient-RA_ASQ_Response_Msg.obj `if test -f 'src/msg/RA_ASQ_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_ASQ_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_ASQ_Response_Msg.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Response_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Response_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_ASQ_Response_Msg.cpp' object='src/msg/tpsclient-RA_ASQ_Response_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_ASQ_Response_Msg.obj `if test -f 'src/msg/RA_ASQ_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_ASQ_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_ASQ_Response_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_New_Pin_Request_Msg.o: src/msg/RA_New_Pin_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_New_Pin_Request_Msg.o -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Request_Msg.Tpo" -c -o src/msg/tpsclient-RA_New_Pin_Request_Msg.o `test -f 'src/msg/RA_New_Pin_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_New_Pin_Request_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Request_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Request_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_New_Pin_Request_Msg.cpp' object='src/msg/tpsclient-RA_New_Pin_Request_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_New_Pin_Request_Msg.o `test -f 'src/msg/RA_New_Pin_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_New_Pin_Request_Msg.cpp
+
+src/msg/tpsclient-RA_New_Pin_Request_Msg.obj: src/msg/RA_New_Pin_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_New_Pin_Request_Msg.obj -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Request_Msg.Tpo" -c -o src/msg/tpsclient-RA_New_Pin_Request_Msg.obj `if test -f 'src/msg/RA_New_Pin_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_New_Pin_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_New_Pin_Request_Msg.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Request_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Request_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_New_Pin_Request_Msg.cpp' object='src/msg/tpsclient-RA_New_Pin_Request_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_New_Pin_Request_Msg.obj `if test -f 'src/msg/RA_New_Pin_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_New_Pin_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_New_Pin_Request_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_New_Pin_Response_Msg.o: src/msg/RA_New_Pin_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_New_Pin_Response_Msg.o -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Response_Msg.Tpo" -c -o src/msg/tpsclient-RA_New_Pin_Response_Msg.o `test -f 'src/msg/RA_New_Pin_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_New_Pin_Response_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Response_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Response_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_New_Pin_Response_Msg.cpp' object='src/msg/tpsclient-RA_New_Pin_Response_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_New_Pin_Response_Msg.o `test -f 'src/msg/RA_New_Pin_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_New_Pin_Response_Msg.cpp
+
+src/msg/tpsclient-RA_New_Pin_Response_Msg.obj: src/msg/RA_New_Pin_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_New_Pin_Response_Msg.obj -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Response_Msg.Tpo" -c -o src/msg/tpsclient-RA_New_Pin_Response_Msg.obj `if test -f 'src/msg/RA_New_Pin_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_New_Pin_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_New_Pin_Response_Msg.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Response_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Response_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_New_Pin_Response_Msg.cpp' object='src/msg/tpsclient-RA_New_Pin_Response_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_New_Pin_Response_Msg.obj `if test -f 'src/msg/RA_New_Pin_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_New_Pin_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_New_Pin_Response_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_SecureId_Request_Msg.o: src/msg/RA_SecureId_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_SecureId_Request_Msg.o -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Request_Msg.Tpo" -c -o src/msg/tpsclient-RA_SecureId_Request_Msg.o `test -f 'src/msg/RA_SecureId_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_SecureId_Request_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Request_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Request_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_SecureId_Request_Msg.cpp' object='src/msg/tpsclient-RA_SecureId_Request_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_SecureId_Request_Msg.o `test -f 'src/msg/RA_SecureId_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_SecureId_Request_Msg.cpp
+
+src/msg/tpsclient-RA_SecureId_Request_Msg.obj: src/msg/RA_SecureId_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_SecureId_Request_Msg.obj -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Request_Msg.Tpo" -c -o src/msg/tpsclient-RA_SecureId_Request_Msg.obj `if test -f 'src/msg/RA_SecureId_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_SecureId_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_SecureId_Request_Msg.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Request_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Request_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_SecureId_Request_Msg.cpp' object='src/msg/tpsclient-RA_SecureId_Request_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_SecureId_Request_Msg.obj `if test -f 'src/msg/RA_SecureId_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_SecureId_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_SecureId_Request_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_SecureId_Response_Msg.o: src/msg/RA_SecureId_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_SecureId_Response_Msg.o -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Response_Msg.Tpo" -c -o src/msg/tpsclient-RA_SecureId_Response_Msg.o `test -f 'src/msg/RA_SecureId_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_SecureId_Response_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Response_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Response_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_SecureId_Response_Msg.cpp' object='src/msg/tpsclient-RA_SecureId_Response_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_SecureId_Response_Msg.o `test -f 'src/msg/RA_SecureId_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_SecureId_Response_Msg.cpp
+
+src/msg/tpsclient-RA_SecureId_Response_Msg.obj: src/msg/RA_SecureId_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_SecureId_Response_Msg.obj -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Response_Msg.Tpo" -c -o src/msg/tpsclient-RA_SecureId_Response_Msg.obj `if test -f 'src/msg/RA_SecureId_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_SecureId_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_SecureId_Response_Msg.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Response_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Response_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_SecureId_Response_Msg.cpp' object='src/msg/tpsclient-RA_SecureId_Response_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_SecureId_Response_Msg.obj `if test -f 'src/msg/RA_SecureId_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_SecureId_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_SecureId_Response_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_Status_Update_Request_Msg.o: src/msg/RA_Status_Update_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Status_Update_Request_Msg.o -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Request_Msg.Tpo" -c -o src/msg/tpsclient-RA_Status_Update_Request_Msg.o `test -f 'src/msg/RA_Status_Update_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Status_Update_Request_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Request_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Request_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Status_Update_Request_Msg.cpp' object='src/msg/tpsclient-RA_Status_Update_Request_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Status_Update_Request_Msg.o `test -f 'src/msg/RA_Status_Update_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Status_Update_Request_Msg.cpp
+
+src/msg/tpsclient-RA_Status_Update_Request_Msg.obj: src/msg/RA_Status_Update_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Status_Update_Request_Msg.obj -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Request_Msg.Tpo" -c -o src/msg/tpsclient-RA_Status_Update_Request_Msg.obj `if test -f 'src/msg/RA_Status_Update_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Status_Update_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Status_Update_Request_Msg.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Request_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Request_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Status_Update_Request_Msg.cpp' object='src/msg/tpsclient-RA_Status_Update_Request_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Status_Update_Request_Msg.obj `if test -f 'src/msg/RA_Status_Update_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Status_Update_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Status_Update_Request_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_Status_Update_Response_Msg.o: src/msg/RA_Status_Update_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Status_Update_Response_Msg.o -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Response_Msg.Tpo" -c -o src/msg/tpsclient-RA_Status_Update_Response_Msg.o `test -f 'src/msg/RA_Status_Update_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Status_Update_Response_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Response_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Response_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Status_Update_Response_Msg.cpp' object='src/msg/tpsclient-RA_Status_Update_Response_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Status_Update_Response_Msg.o `test -f 'src/msg/RA_Status_Update_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Status_Update_Response_Msg.cpp
+
+src/msg/tpsclient-RA_Status_Update_Response_Msg.obj: src/msg/RA_Status_Update_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Status_Update_Response_Msg.obj -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Response_Msg.Tpo" -c -o src/msg/tpsclient-RA_Status_Update_Response_Msg.obj `if test -f 'src/msg/RA_Status_Update_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Status_Update_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Status_Update_Response_Msg.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Response_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Response_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Status_Update_Response_Msg.cpp' object='src/msg/tpsclient-RA_Status_Update_Response_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Status_Update_Response_Msg.obj `if test -f 'src/msg/RA_Status_Update_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Status_Update_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Status_Update_Response_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_Token_PDU_Request_Msg.o: src/msg/RA_Token_PDU_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Token_PDU_Request_Msg.o -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Request_Msg.Tpo" -c -o src/msg/tpsclient-RA_Token_PDU_Request_Msg.o `test -f 'src/msg/RA_Token_PDU_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Token_PDU_Request_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Request_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Request_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Token_PDU_Request_Msg.cpp' object='src/msg/tpsclient-RA_Token_PDU_Request_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Token_PDU_Request_Msg.o `test -f 'src/msg/RA_Token_PDU_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Token_PDU_Request_Msg.cpp
+
+src/msg/tpsclient-RA_Token_PDU_Request_Msg.obj: src/msg/RA_Token_PDU_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Token_PDU_Request_Msg.obj -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Request_Msg.Tpo" -c -o src/msg/tpsclient-RA_Token_PDU_Request_Msg.obj `if test -f 'src/msg/RA_Token_PDU_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Token_PDU_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Token_PDU_Request_Msg.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Request_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Request_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Request_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Token_PDU_Request_Msg.cpp' object='src/msg/tpsclient-RA_Token_PDU_Request_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Token_PDU_Request_Msg.obj `if test -f 'src/msg/RA_Token_PDU_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Token_PDU_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Token_PDU_Request_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_Token_PDU_Response_Msg.o: src/msg/RA_Token_PDU_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Token_PDU_Response_Msg.o -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Response_Msg.Tpo" -c -o src/msg/tpsclient-RA_Token_PDU_Response_Msg.o `test -f 'src/msg/RA_Token_PDU_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Token_PDU_Response_Msg.cpp; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Response_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Response_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Token_PDU_Response_Msg.cpp' object='src/msg/tpsclient-RA_Token_PDU_Response_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Token_PDU_Response_Msg.o `test -f 'src/msg/RA_Token_PDU_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Token_PDU_Response_Msg.cpp
+
+src/msg/tpsclient-RA_Token_PDU_Response_Msg.obj: src/msg/RA_Token_PDU_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	if $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Token_PDU_Response_Msg.obj -MD -MP -MF "src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Response_Msg.Tpo" -c -o src/msg/tpsclient-RA_Token_PDU_Response_Msg.obj `if test -f 'src/msg/RA_Token_PDU_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Token_PDU_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Token_PDU_Response_Msg.cpp'; fi`; \
+@am__fastdepCXX_TRUE@	then mv -f "src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Response_Msg.Tpo" "src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Response_Msg.Po"; else rm -f "src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Response_Msg.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Token_PDU_Response_Msg.cpp' object='src/msg/tpsclient-RA_Token_PDU_Response_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Token_PDU_Response_Msg.obj `if test -f 'src/msg/RA_Token_PDU_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Token_PDU_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Token_PDU_Response_Msg.cpp'; fi`
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+	-rm -rf src/apdu/.libs src/apdu/_libs
+	-rm -rf src/authentication/.libs src/authentication/_libs
+	-rm -rf src/channel/.libs src/channel/_libs
+	-rm -rf src/cms/.libs src/cms/_libs
+	-rm -rf src/engine/.libs src/engine/_libs
+	-rm -rf src/httpClient/.libs src/httpClient/_libs
+	-rm -rf src/main/.libs src/main/_libs
+	-rm -rf src/modules/tokendb/.libs src/modules/tokendb/_libs
+	-rm -rf src/modules/tps/.libs src/modules/tps/_libs
+	-rm -rf src/msg/.libs src/msg/_libs
+	-rm -rf src/processor/.libs src/processor/_libs
+	-rm -rf src/tus/.libs src/tus/_libs
+
+distclean-libtool:
+	-rm -f libtool
+uninstall-info-am:
+install-aliasDATA: $(alias_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(aliasdir)" || $(mkdir_p) "$(DESTDIR)$(aliasdir)"
+	@list='$(alias_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(aliasDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(aliasdir)/$$f'"; \
+	  $(aliasDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(aliasdir)/$$f"; \
+	done
+
+uninstall-aliasDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(alias_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(aliasdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(aliasdir)/$$f"; \
+	done
+install-appletsDATA: $(applets_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(appletsdir)" || $(mkdir_p) "$(DESTDIR)$(appletsdir)"
+	@list='$(applets_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(appletsDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(appletsdir)/$$f'"; \
+	  $(appletsDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(appletsdir)/$$f"; \
+	done
+
+uninstall-appletsDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(applets_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(appletsdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(appletsdir)/$$f"; \
+	done
+install-cgibin_demoDATA: $(cgibin_demo_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(cgibin_demodir)" || $(mkdir_p) "$(DESTDIR)$(cgibin_demodir)"
+	@list='$(cgibin_demo_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(cgibin_demoDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(cgibin_demodir)/$$f'"; \
+	  $(cgibin_demoDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(cgibin_demodir)/$$f"; \
+	done
+
+uninstall-cgibin_demoDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(cgibin_demo_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(cgibin_demodir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(cgibin_demodir)/$$f"; \
+	done
+install-cgibin_homeDATA: $(cgibin_home_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(cgibin_homedir)" || $(mkdir_p) "$(DESTDIR)$(cgibin_homedir)"
+	@list='$(cgibin_home_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(cgibin_homeDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(cgibin_homedir)/$$f'"; \
+	  $(cgibin_homeDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(cgibin_homedir)/$$f"; \
+	done
+
+uninstall-cgibin_homeDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(cgibin_home_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(cgibin_homedir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(cgibin_homedir)/$$f"; \
+	done
+install-cgibin_soDATA: $(cgibin_so_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(cgibin_sodir)" || $(mkdir_p) "$(DESTDIR)$(cgibin_sodir)"
+	@list='$(cgibin_so_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(cgibin_soDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(cgibin_sodir)/$$f'"; \
+	  $(cgibin_soDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(cgibin_sodir)/$$f"; \
+	done
+
+uninstall-cgibin_soDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(cgibin_so_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(cgibin_sodir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(cgibin_sodir)/$$f"; \
+	done
+install-cgibin_sowDATA: $(cgibin_sow_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(cgibin_sowdir)" || $(mkdir_p) "$(DESTDIR)$(cgibin_sowdir)"
+	@list='$(cgibin_sow_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(cgibin_sowDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(cgibin_sowdir)/$$f'"; \
+	  $(cgibin_sowDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(cgibin_sowdir)/$$f"; \
+	done
+
+uninstall-cgibin_sowDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(cgibin_sow_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(cgibin_sowdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(cgibin_sowdir)/$$f"; \
+	done
+install-confDATA: $(conf_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(confdir)" || $(mkdir_p) "$(DESTDIR)$(confdir)"
+	@list='$(conf_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(confDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(confdir)/$$f'"; \
+	  $(confDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(confdir)/$$f"; \
+	done
+
+uninstall-confDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(conf_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(confdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(confdir)/$$f"; \
+	done
+install-docrootDATA: $(docroot_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docrootdir)" || $(mkdir_p) "$(DESTDIR)$(docrootdir)"
+	@list='$(docroot_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(docrootDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(docrootdir)/$$f'"; \
+	  $(docrootDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(docrootdir)/$$f"; \
+	done
+
+uninstall-docrootDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(docroot_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(docrootdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(docrootdir)/$$f"; \
+	done
+install-docroot_demoDATA: $(docroot_demo_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docroot_demodir)" || $(mkdir_p) "$(DESTDIR)$(docroot_demodir)"
+	@list='$(docroot_demo_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(docroot_demoDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(docroot_demodir)/$$f'"; \
+	  $(docroot_demoDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(docroot_demodir)/$$f"; \
+	done
+
+uninstall-docroot_demoDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(docroot_demo_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(docroot_demodir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(docroot_demodir)/$$f"; \
+	done
+install-docroot_homeDATA: $(docroot_home_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docroot_homedir)" || $(mkdir_p) "$(DESTDIR)$(docroot_homedir)"
+	@list='$(docroot_home_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(docroot_homeDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(docroot_homedir)/$$f'"; \
+	  $(docroot_homeDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(docroot_homedir)/$$f"; \
+	done
+
+uninstall-docroot_homeDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(docroot_home_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(docroot_homedir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(docroot_homedir)/$$f"; \
+	done
+install-docroot_soDATA: $(docroot_so_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docroot_sodir)" || $(mkdir_p) "$(DESTDIR)$(docroot_sodir)"
+	@list='$(docroot_so_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(docroot_soDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(docroot_sodir)/$$f'"; \
+	  $(docroot_soDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(docroot_sodir)/$$f"; \
+	done
+
+uninstall-docroot_soDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(docroot_so_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(docroot_sodir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(docroot_sodir)/$$f"; \
+	done
+install-docroot_sowDATA: $(docroot_sow_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docroot_sowdir)" || $(mkdir_p) "$(DESTDIR)$(docroot_sowdir)"
+	@list='$(docroot_sow_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(docroot_sowDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(docroot_sowdir)/$$f'"; \
+	  $(docroot_sowDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(docroot_sowdir)/$$f"; \
+	done
+
+uninstall-docroot_sowDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(docroot_sow_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(docroot_sowdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(docroot_sowdir)/$$f"; \
+	done
+install-docroot_tokendbDATA: $(docroot_tokendb_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docroot_tokendbdir)" || $(mkdir_p) "$(DESTDIR)$(docroot_tokendbdir)"
+	@list='$(docroot_tokendb_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(docroot_tokendbDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(docroot_tokendbdir)/$$f'"; \
+	  $(docroot_tokendbDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(docroot_tokendbdir)/$$f"; \
+	done
+
+uninstall-docroot_tokendbDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(docroot_tokendb_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(docroot_tokendbdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(docroot_tokendbdir)/$$f"; \
+	done
+install-docroot_tps_configDATA: $(docroot_tps_config_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docroot_tps_configdir)" || $(mkdir_p) "$(DESTDIR)$(docroot_tps_configdir)"
+	@list='$(docroot_tps_config_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(docroot_tps_configDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(docroot_tps_configdir)/$$f'"; \
+	  $(docroot_tps_configDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(docroot_tps_configdir)/$$f"; \
+	done
+
+uninstall-docroot_tps_configDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(docroot_tps_config_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(docroot_tps_configdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(docroot_tps_configdir)/$$f"; \
+	done
+install-docroot_tps_imgDATA: $(docroot_tps_img_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docroot_tps_imgdir)" || $(mkdir_p) "$(DESTDIR)$(docroot_tps_imgdir)"
+	@list='$(docroot_tps_img_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(docroot_tps_imgDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(docroot_tps_imgdir)/$$f'"; \
+	  $(docroot_tps_imgDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(docroot_tps_imgdir)/$$f"; \
+	done
+
+uninstall-docroot_tps_imgDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(docroot_tps_img_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(docroot_tps_imgdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(docroot_tps_imgdir)/$$f"; \
+	done
+install-docroot_tps_jsDATA: $(docroot_tps_js_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docroot_tps_jsdir)" || $(mkdir_p) "$(DESTDIR)$(docroot_tps_jsdir)"
+	@list='$(docroot_tps_js_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(docroot_tps_jsDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(docroot_tps_jsdir)/$$f'"; \
+	  $(docroot_tps_jsDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(docroot_tps_jsdir)/$$f"; \
+	done
+
+uninstall-docroot_tps_jsDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(docroot_tps_js_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(docroot_tps_jsdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(docroot_tps_jsdir)/$$f"; \
+	done
+install-licenseDATA: $(license_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(licensedir)" || $(mkdir_p) "$(DESTDIR)$(licensedir)"
+	@list='$(license_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(licenseDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(licensedir)/$$f'"; \
+	  $(licenseDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(licensedir)/$$f"; \
+	done
+
+uninstall-licenseDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(license_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(licensedir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(licensedir)/$$f"; \
+	done
+install-logsDATA: $(logs_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(logsdir)" || $(mkdir_p) "$(DESTDIR)$(logsdir)"
+	@list='$(logs_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(logsDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(logsdir)/$$f'"; \
+	  $(logsDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(logsdir)/$$f"; \
+	done
+
+uninstall-logsDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(logs_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(logsdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(logsdir)/$$f"; \
+	done
+install-samplesDATA: $(samples_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(samplesdir)" || $(mkdir_p) "$(DESTDIR)$(samplesdir)"
+	@list='$(samples_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(samplesDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(samplesdir)/$$f'"; \
+	  $(samplesDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(samplesdir)/$$f"; \
+	done
+
+uninstall-samplesDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(samples_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(samplesdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(samplesdir)/$$f"; \
+	done
+install-scriptsDATA: $(scripts_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(scriptsdir)" || $(mkdir_p) "$(DESTDIR)$(scriptsdir)"
+	@list='$(scripts_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(scriptsDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(scriptsdir)/$$f'"; \
+	  $(scriptsDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(scriptsdir)/$$f"; \
+	done
+
+uninstall-scriptsDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(scripts_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(scriptsdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(scriptsdir)/$$f"; \
+	done
+install-setupDATA: $(setup_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(setupdir)" || $(mkdir_p) "$(DESTDIR)$(setupdir)"
+	@list='$(setup_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(setupDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(setupdir)/$$f'"; \
+	  $(setupDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(setupdir)/$$f"; \
+	done
+
+uninstall-setupDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(setup_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(setupdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(setupdir)/$$f"; \
+	done
+install-templatesDATA: $(templates_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(templatesdir)" || $(mkdir_p) "$(DESTDIR)$(templatesdir)"
+	@list='$(templates_DATA)'; for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  f=$(am__strip_dir) \
+	  echo " $(templatesDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(templatesdir)/$$f'"; \
+	  $(templatesDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(templatesdir)/$$f"; \
+	done
+
+uninstall-templatesDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(templates_DATA)'; for p in $$list; do \
+	  f=$(am__strip_dir) \
+	  echo " rm -f '$(DESTDIR)$(templatesdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(templatesdir)/$$f"; \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	test -z "$(CTAGS_ARGS)$$tags$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$tags $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	$(am__remove_distdir)
+	mkdir $(distdir)
+	$(mkdir_p) $(distdir)/m4
+	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+	list='$(DISTFILES)'; for file in $$list; do \
+	  case $$file in \
+	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+	  esac; \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+	    dir="/$$dir"; \
+	    $(mkdir_p) "$(distdir)$$dir"; \
+	  else \
+	    dir=''; \
+	  fi; \
+	  if test -d $$d/$$file; then \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+	    fi; \
+	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \
+	|| chmod -R a+r $(distdir)
+dist-gzip: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+dist-bzip2: distdir
+	tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+	$(am__remove_distdir)
+
+dist-tarZ: distdir
+	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+	$(am__remove_distdir)
+
+dist-shar: distdir
+	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	$(am__remove_distdir)
+
+dist-zip: distdir
+	-rm -f $(distdir).zip
+	zip -rq $(distdir).zip $(distdir)
+	$(am__remove_distdir)
+
+dist dist-all: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration.  Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+	case '$(DIST_ARCHIVES)' in \
+	*.tar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+	*.tar.bz2*) \
+	  bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.Z*) \
+	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+	*.shar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+	*.zip*) \
+	  unzip $(distdir).zip ;;\
+	esac
+	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	mkdir $(distdir)/_build
+	mkdir $(distdir)/_inst
+	chmod a-w $(distdir)
+	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+	  && cd $(distdir)/_build \
+	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) check \
+	  && $(MAKE) $(AM_MAKEFLAGS) install \
+	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+	  && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+	        distuninstallcheck \
+	  && chmod -R a-w "$$dc_install_base" \
+	  && ({ \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+	            distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+	      } || { rm -rf "$$dc_destdir"; exit 1; }) \
+	  && rm -rf "$$dc_destdir" \
+	  && $(MAKE) $(AM_MAKEFLAGS) dist \
+	  && rm -rf $(DIST_ARCHIVES) \
+	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck
+	$(am__remove_distdir)
+	@(echo "$(distdir) archives ready for distribution: "; \
+	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+	  sed -e '1{h;s/./=/g;p;x;}' -e '$${p;x;}'
+distuninstallcheck:
+	@cd $(distuninstallcheck_dir) \
+	&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+	   || { echo "ERROR: files left after uninstall:" ; \
+	        if test -n "$(DESTDIR)"; then \
+	          echo "  (check DESTDIR support)"; \
+	        fi ; \
+	        $(distuninstallcheck_listfiles) ; \
+	        exit 1; } >&2
+distcleancheck: distclean
+	@if test '$(srcdir)' = . ; then \
+	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+	  exit 1 ; \
+	fi
+	@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+	  || { echo "ERROR: files left in build directory after distclean:" ; \
+	       $(distcleancheck_listfiles) ; \
+	       exit 1; } >&2
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) $(DATA) \
+		config.h
+installdirs:
+	for dir in "$(DESTDIR)$(apache_modulesdir)" "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(cgibin_demodir)" "$(DESTDIR)$(cgibin_homedir)" "$(DESTDIR)$(cgibin_sodir)" "$(DESTDIR)$(cgibin_sowdir)" "$(DESTDIR)$(initddir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(perl_modulesdir)" "$(DESTDIR)$(perl_templatesdir)" "$(DESTDIR)$(scriptsdir)" "$(DESTDIR)$(setupdir)" "$(DESTDIR)$(aliasdir)" "$(DESTDIR)$(appletsdir)" "$(DESTDIR)$(cgibin_demodir)" "$(DESTDIR)$(cgibin_homedir)" "$(DESTDIR)$(cgibin_sodir)" "$(DESTDIR)$(cgibin_sowdir)" "$(DESTDIR)$(confdir)" "$(DESTDIR)$(docrootdir)" "$(DESTDIR)$(docroot_demodir)" "$(DESTDIR)$(docroot_homedir)" "$(DESTDIR)$(docroot_sodir)" "$(DESTDIR)$(docroot_sowdir)" "$(DESTDIR)$(docroot_tokendbdir)" "$(DESTDIR)$(docroot_tps_configdir)" "$(DESTDIR)$(docroot_tps_imgdir)" "$(DESTDIR)$(docroot_tps_jsdir)" "$(DESTDIR)$(licensedir)" "$(DESTDIR)$(logsdir)" "$(DESTDIR)$(samplesdir)" "$(DESTDIR)$(scriptsdir)" "$(DESTDIR)$(setupdir)" "$(DESTDIR)$(templatesdir)"; do \
+	  test -z "$$dir" || $(mkdir_p) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-rm -f src/apdu/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/apdu/$(am__dirstamp)
+	-rm -f src/authentication/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/authentication/$(am__dirstamp)
+	-rm -f src/channel/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/channel/$(am__dirstamp)
+	-rm -f src/cms/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/cms/$(am__dirstamp)
+	-rm -f src/engine/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/engine/$(am__dirstamp)
+	-rm -f src/httpClient/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/httpClient/$(am__dirstamp)
+	-rm -f src/main/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/main/$(am__dirstamp)
+	-rm -f src/modules/tokendb/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/modules/tokendb/$(am__dirstamp)
+	-rm -f src/modules/tps/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/modules/tps/$(am__dirstamp)
+	-rm -f src/msg/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/msg/$(am__dirstamp)
+	-rm -f src/processor/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/processor/$(am__dirstamp)
+	-rm -f src/tus/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/tus/$(am__dirstamp)
+	-rm -f tools/raclient/$(DEPDIR)/$(am__dirstamp)
+	-rm -f tools/raclient/$(am__dirstamp)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-apache_modulesLTLIBRARIES clean-generic \
+	clean-libLTLIBRARIES clean-libexecPROGRAMS clean-libtool \
+	mostlyclean-am
+
+distclean: distclean-am
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf src/apdu/$(DEPDIR) src/authentication/$(DEPDIR) src/channel/$(DEPDIR) src/cms/$(DEPDIR) src/engine/$(DEPDIR) src/httpClient/$(DEPDIR) src/main/$(DEPDIR) src/modules/tokendb/$(DEPDIR) src/modules/tps/$(DEPDIR) src/msg/$(DEPDIR) src/processor/$(DEPDIR) src/tus/$(DEPDIR) tools/raclient/$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-hdr distclean-libtool distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-aliasDATA install-apache_modulesLTLIBRARIES \
+	install-appletsDATA install-cgibin_demoDATA \
+	install-cgibin_demoSCRIPTS install-cgibin_homeDATA \
+	install-cgibin_homeSCRIPTS install-cgibin_soDATA \
+	install-cgibin_soSCRIPTS install-cgibin_sowDATA \
+	install-cgibin_sowSCRIPTS install-confDATA install-docrootDATA \
+	install-docroot_demoDATA install-docroot_homeDATA \
+	install-docroot_soDATA install-docroot_sowDATA \
+	install-docroot_tokendbDATA install-docroot_tps_configDATA \
+	install-docroot_tps_imgDATA install-docroot_tps_jsDATA \
+	install-initdSCRIPTS install-licenseDATA install-logsDATA \
+	install-perl_modulesSCRIPTS install-perl_templatesSCRIPTS \
+	install-samplesDATA install-scriptsDATA install-scriptsSCRIPTS \
+	install-setupDATA install-setupSCRIPTS install-templatesDATA
+
+install-exec-am: install-binSCRIPTS install-libLTLIBRARIES \
+	install-libexecPROGRAMS install-libexecSCRIPTS
+
+install-info: install-info-am
+
+install-man:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf $(top_srcdir)/autom4te.cache
+	-rm -rf src/apdu/$(DEPDIR) src/authentication/$(DEPDIR) src/channel/$(DEPDIR) src/cms/$(DEPDIR) src/engine/$(DEPDIR) src/httpClient/$(DEPDIR) src/main/$(DEPDIR) src/modules/tokendb/$(DEPDIR) src/modules/tps/$(DEPDIR) src/msg/$(DEPDIR) src/processor/$(DEPDIR) src/tus/$(DEPDIR) tools/raclient/$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-aliasDATA uninstall-apache_modulesLTLIBRARIES \
+	uninstall-appletsDATA uninstall-binSCRIPTS \
+	uninstall-cgibin_demoDATA uninstall-cgibin_demoSCRIPTS \
+	uninstall-cgibin_homeDATA uninstall-cgibin_homeSCRIPTS \
+	uninstall-cgibin_soDATA uninstall-cgibin_soSCRIPTS \
+	uninstall-cgibin_sowDATA uninstall-cgibin_sowSCRIPTS \
+	uninstall-confDATA uninstall-docrootDATA \
+	uninstall-docroot_demoDATA uninstall-docroot_homeDATA \
+	uninstall-docroot_soDATA uninstall-docroot_sowDATA \
+	uninstall-docroot_tokendbDATA uninstall-docroot_tps_configDATA \
+	uninstall-docroot_tps_imgDATA uninstall-docroot_tps_jsDATA \
+	uninstall-info-am uninstall-initdSCRIPTS \
+	uninstall-libLTLIBRARIES uninstall-libexecPROGRAMS \
+	uninstall-libexecSCRIPTS uninstall-licenseDATA \
+	uninstall-logsDATA uninstall-perl_modulesSCRIPTS \
+	uninstall-perl_templatesSCRIPTS uninstall-samplesDATA \
+	uninstall-scriptsDATA uninstall-scriptsSCRIPTS \
+	uninstall-setupDATA uninstall-setupSCRIPTS \
+	uninstall-templatesDATA
+
+.PHONY: CTAGS GTAGS all all-am am--refresh check check-am clean \
+	clean-apache_modulesLTLIBRARIES clean-generic \
+	clean-libLTLIBRARIES clean-libexecPROGRAMS clean-libtool ctags \
+	dist dist-all dist-bzip2 dist-gzip dist-shar dist-tarZ \
+	dist-zip distcheck distclean distclean-compile \
+	distclean-generic distclean-hdr distclean-libtool \
+	distclean-tags distcleancheck distdir distuninstallcheck dvi \
+	dvi-am html html-am info info-am install install-aliasDATA \
+	install-am install-apache_modulesLTLIBRARIES \
+	install-appletsDATA install-binSCRIPTS install-cgibin_demoDATA \
+	install-cgibin_demoSCRIPTS install-cgibin_homeDATA \
+	install-cgibin_homeSCRIPTS install-cgibin_soDATA \
+	install-cgibin_soSCRIPTS install-cgibin_sowDATA \
+	install-cgibin_sowSCRIPTS install-confDATA install-data \
+	install-data-am install-docrootDATA install-docroot_demoDATA \
+	install-docroot_homeDATA install-docroot_soDATA \
+	install-docroot_sowDATA install-docroot_tokendbDATA \
+	install-docroot_tps_configDATA install-docroot_tps_imgDATA \
+	install-docroot_tps_jsDATA install-exec install-exec-am \
+	install-info install-info-am install-initdSCRIPTS \
+	install-libLTLIBRARIES install-libexecPROGRAMS \
+	install-libexecSCRIPTS install-licenseDATA install-logsDATA \
+	install-man install-perl_modulesSCRIPTS \
+	install-perl_templatesSCRIPTS install-samplesDATA \
+	install-scriptsDATA install-scriptsSCRIPTS install-setupDATA \
+	install-setupSCRIPTS install-strip install-templatesDATA \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	tags uninstall uninstall-aliasDATA uninstall-am \
+	uninstall-apache_modulesLTLIBRARIES uninstall-appletsDATA \
+	uninstall-binSCRIPTS uninstall-cgibin_demoDATA \
+	uninstall-cgibin_demoSCRIPTS uninstall-cgibin_homeDATA \
+	uninstall-cgibin_homeSCRIPTS uninstall-cgibin_soDATA \
+	uninstall-cgibin_soSCRIPTS uninstall-cgibin_sowDATA \
+	uninstall-cgibin_sowSCRIPTS uninstall-confDATA \
+	uninstall-docrootDATA uninstall-docroot_demoDATA \
+	uninstall-docroot_homeDATA uninstall-docroot_soDATA \
+	uninstall-docroot_sowDATA uninstall-docroot_tokendbDATA \
+	uninstall-docroot_tps_configDATA uninstall-docroot_tps_imgDATA \
+	uninstall-docroot_tps_jsDATA uninstall-info-am \
+	uninstall-initdSCRIPTS uninstall-libLTLIBRARIES \
+	uninstall-libexecPROGRAMS uninstall-libexecSCRIPTS \
+	uninstall-licenseDATA uninstall-logsDATA \
+	uninstall-perl_modulesSCRIPTS uninstall-perl_templatesSCRIPTS \
+	uninstall-samplesDATA uninstall-scriptsDATA \
+	uninstall-scriptsSCRIPTS uninstall-setupDATA \
+	uninstall-setupSCRIPTS uninstall-templatesDATA
+
+
+%: %.in
+	mkdir -p $(dir $@)
+	$(create_wrapper) $^ > $@
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/pki/base/tps/aclocal.m4 b/pki/base/tps/aclocal.m4
new file mode 100644
index 000000000..a3978ee6b
--- /dev/null
+++ b/pki/base/tps/aclocal.m4
@@ -0,0 +1,7284 @@
+# generated automatically by aclocal 1.9.6 -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005  Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
+
+# serial 48 AC_PROG_LIBTOOL
+
+
+# AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED)
+# -----------------------------------------------------------
+# If this macro is not defined by Autoconf, define it here.
+m4_ifdef([AC_PROVIDE_IFELSE],
+         [],
+         [m4_define([AC_PROVIDE_IFELSE],
+	         [m4_ifdef([AC_PROVIDE_$1],
+		           [$2], [$3])])])
+
+
+# AC_PROG_LIBTOOL
+# ---------------
+AC_DEFUN([AC_PROG_LIBTOOL],
+[AC_REQUIRE([_AC_PROG_LIBTOOL])dnl
+dnl If AC_PROG_CXX has already been expanded, run AC_LIBTOOL_CXX
+dnl immediately, otherwise, hook it in at the end of AC_PROG_CXX.
+  AC_PROVIDE_IFELSE([AC_PROG_CXX],
+    [AC_LIBTOOL_CXX],
+    [define([AC_PROG_CXX], defn([AC_PROG_CXX])[AC_LIBTOOL_CXX
+  ])])
+dnl And a similar setup for Fortran 77 support
+  AC_PROVIDE_IFELSE([AC_PROG_F77],
+    [AC_LIBTOOL_F77],
+    [define([AC_PROG_F77], defn([AC_PROG_F77])[AC_LIBTOOL_F77
+])])
+
+dnl Quote A][M_PROG_GCJ so that aclocal doesn't bring it in needlessly.
+dnl If either AC_PROG_GCJ or A][M_PROG_GCJ have already been expanded, run
+dnl AC_LIBTOOL_GCJ immediately, otherwise, hook it in at the end of both.
+  AC_PROVIDE_IFELSE([AC_PROG_GCJ],
+    [AC_LIBTOOL_GCJ],
+    [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],
+      [AC_LIBTOOL_GCJ],
+      [AC_PROVIDE_IFELSE([LT_AC_PROG_GCJ],
+	[AC_LIBTOOL_GCJ],
+      [ifdef([AC_PROG_GCJ],
+	     [define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[AC_LIBTOOL_GCJ])])
+       ifdef([A][M_PROG_GCJ],
+	     [define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[AC_LIBTOOL_GCJ])])
+       ifdef([LT_AC_PROG_GCJ],
+	     [define([LT_AC_PROG_GCJ],
+		defn([LT_AC_PROG_GCJ])[AC_LIBTOOL_GCJ])])])])
+])])# AC_PROG_LIBTOOL
+
+
+# _AC_PROG_LIBTOOL
+# ----------------
+AC_DEFUN([_AC_PROG_LIBTOOL],
+[AC_REQUIRE([AC_LIBTOOL_SETUP])dnl
+AC_BEFORE([$0],[AC_LIBTOOL_CXX])dnl
+AC_BEFORE([$0],[AC_LIBTOOL_F77])dnl
+AC_BEFORE([$0],[AC_LIBTOOL_GCJ])dnl
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ac_aux_dir/ltmain.sh"
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+AC_SUBST(LIBTOOL)dnl
+
+# Prevent multiple expansion
+define([AC_PROG_LIBTOOL], [])
+])# _AC_PROG_LIBTOOL
+
+
+# AC_LIBTOOL_SETUP
+# ----------------
+AC_DEFUN([AC_LIBTOOL_SETUP],
+[AC_PREREQ(2.50)dnl
+AC_REQUIRE([AC_ENABLE_SHARED])dnl
+AC_REQUIRE([AC_ENABLE_STATIC])dnl
+AC_REQUIRE([AC_ENABLE_FAST_INSTALL])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_PROG_LD])dnl
+AC_REQUIRE([AC_PROG_LD_RELOAD_FLAG])dnl
+AC_REQUIRE([AC_PROG_NM])dnl
+
+AC_REQUIRE([AC_PROG_LN_S])dnl
+AC_REQUIRE([AC_DEPLIBS_CHECK_METHOD])dnl
+# Autoconf 2.13's AC_OBJEXT and AC_EXEEXT macros only works for C compilers!
+AC_REQUIRE([AC_OBJEXT])dnl
+AC_REQUIRE([AC_EXEEXT])dnl
+dnl
+
+AC_LIBTOOL_SYS_MAX_CMD_LEN
+AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE
+AC_LIBTOOL_OBJDIR
+
+AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl
+_LT_AC_PROG_ECHO_BACKSLASH
+
+case $host_os in
+aix3*)
+  # AIX sometimes has problems with the GCC collect2 program.  For some
+  # reason, if we set the COLLECT_NAMES environment variable, the problems
+  # vanish in a puff of smoke.
+  if test "X${COLLECT_NAMES+set}" != Xset; then
+    COLLECT_NAMES=
+    export COLLECT_NAMES
+  fi
+  ;;
+esac
+
+# Sed substitution that helps us do robust quoting.  It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed='sed -e 1s/^X//'
+[sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g']
+
+# Same as above, but do not quote variable references.
+[double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g']
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+# Constants:
+rm="rm -f"
+
+# Global variables:
+default_ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+ltmain="$ac_aux_dir/ltmain.sh"
+ofile="$default_ofile"
+with_gnu_ld="$lt_cv_prog_gnu_ld"
+
+AC_CHECK_TOOL(AR, ar, false)
+AC_CHECK_TOOL(RANLIB, ranlib, :)
+AC_CHECK_TOOL(STRIP, strip, :)
+
+old_CC="$CC"
+old_CFLAGS="$CFLAGS"
+
+# Set sane defaults for various variables
+test -z "$AR" && AR=ar
+test -z "$AR_FLAGS" && AR_FLAGS=cru
+test -z "$AS" && AS=as
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
+test -z "$DLLTOOL" && DLLTOOL=dlltool
+test -z "$LD" && LD=ld
+test -z "$LN_S" && LN_S="ln -s"
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+test -z "$NM" && NM=nm
+test -z "$SED" && SED=sed
+test -z "$OBJDUMP" && OBJDUMP=objdump
+test -z "$RANLIB" && RANLIB=:
+test -z "$STRIP" && STRIP=:
+test -z "$ac_objext" && ac_objext=o
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+  case $host_os in
+  openbsd*)
+    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+    ;;
+  *)
+    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+    ;;
+  esac
+  old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+fi
+
+_LT_CC_BASENAME([$compiler])
+
+# Only perform the check for file, if the check method requires it
+case $deplibs_check_method in
+file_magic*)
+  if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+    AC_PATH_MAGIC
+  fi
+  ;;
+esac
+
+AC_PROVIDE_IFELSE([AC_LIBTOOL_DLOPEN], enable_dlopen=yes, enable_dlopen=no)
+AC_PROVIDE_IFELSE([AC_LIBTOOL_WIN32_DLL],
+enable_win32_dll=yes, enable_win32_dll=no)
+
+AC_ARG_ENABLE([libtool-lock],
+    [AC_HELP_STRING([--disable-libtool-lock],
+	[avoid locking (might break parallel builds)])])
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+AC_ARG_WITH([pic],
+    [AC_HELP_STRING([--with-pic],
+	[try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
+    [pic_mode="$withval"],
+    [pic_mode=default])
+test -z "$pic_mode" && pic_mode=default
+
+# Use C for the default configuration in the libtool script
+tagname=
+AC_LIBTOOL_LANG_C_CONFIG
+_LT_AC_TAGCONFIG
+])# AC_LIBTOOL_SETUP
+
+
+# _LT_AC_SYS_COMPILER
+# -------------------
+AC_DEFUN([_LT_AC_SYS_COMPILER],
+[AC_REQUIRE([AC_PROG_CC])dnl
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+])# _LT_AC_SYS_COMPILER
+
+
+# _LT_CC_BASENAME(CC)
+# -------------------
+# Calculate cc_basename.  Skip known compiler wrappers and cross-prefix.
+AC_DEFUN([_LT_CC_BASENAME],
+[for cc_temp in $1""; do
+  case $cc_temp in
+    compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
+    distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
+    \-*) ;;
+    *) break;;
+  esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+])
+
+
+# _LT_COMPILER_BOILERPLATE
+# ------------------------
+# Check for compiler boilerplate output or warnings with
+# the simple compiler test code.
+AC_DEFUN([_LT_COMPILER_BOILERPLATE],
+[ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+])# _LT_COMPILER_BOILERPLATE
+
+
+# _LT_LINKER_BOILERPLATE
+# ----------------------
+# Check for linker boilerplate output or warnings with
+# the simple link test code.
+AC_DEFUN([_LT_LINKER_BOILERPLATE],
+[ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+])# _LT_LINKER_BOILERPLATE
+
+
+# _LT_AC_SYS_LIBPATH_AIX
+# ----------------------
+# Links a minimal program and checks the executable
+# for the system default hardcoded library path. In most cases,
+# this is /usr/lib:/lib, but when the MPI compilers are used
+# the location of the communication and MPI libs are included too.
+# If we don't find anything, use the default library path according
+# to the aix ld manual.
+AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX],
+[AC_LINK_IFELSE(AC_LANG_PROGRAM,[
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`; fi],[])
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+])# _LT_AC_SYS_LIBPATH_AIX
+
+
+# _LT_AC_SHELL_INIT(ARG)
+# ----------------------
+AC_DEFUN([_LT_AC_SHELL_INIT],
+[ifdef([AC_DIVERSION_NOTICE],
+	     [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)],
+	 [AC_DIVERT_PUSH(NOTICE)])
+$1
+AC_DIVERT_POP
+])# _LT_AC_SHELL_INIT
+
+
+# _LT_AC_PROG_ECHO_BACKSLASH
+# --------------------------
+# Add some code to the start of the generated configure script which
+# will find an echo command which doesn't interpret backslashes.
+AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH],
+[_LT_AC_SHELL_INIT([
+# Check that we are running under the correct shell.
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+case X$ECHO in
+X*--fallback-echo)
+  # Remove one level of quotation (which was required for Make).
+  ECHO=`echo "$ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','`
+  ;;
+esac
+
+echo=${ECHO-echo}
+if test "X[$]1" = X--no-reexec; then
+  # Discard the --no-reexec flag, and continue.
+  shift
+elif test "X[$]1" = X--fallback-echo; then
+  # Avoid inline document here, it may be left over
+  :
+elif test "X`($echo '\t') 2>/dev/null`" = 'X\t' ; then
+  # Yippee, $echo works!
+  :
+else
+  # Restart under the correct shell.
+  exec $SHELL "[$]0" --no-reexec ${1+"[$]@"}
+fi
+
+if test "X[$]1" = X--fallback-echo; then
+  # used as fallback echo
+  shift
+  cat <<EOF
+[$]*
+EOF
+  exit 0
+fi
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test -z "$ECHO"; then
+if test "X${echo_test_string+set}" != Xset; then
+# find a string as large as possible, as long as the shell can cope with it
+  for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do
+    # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
+    if (echo_test_string=`eval $cmd`) 2>/dev/null &&
+       echo_test_string=`eval $cmd` &&
+       (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null
+    then
+      break
+    fi
+  done
+fi
+
+if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
+   echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
+   test "X$echo_testing_string" = "X$echo_test_string"; then
+  :
+else
+  # The Solaris, AIX, and Digital Unix default echo programs unquote
+  # backslashes.  This makes it impossible to quote backslashes using
+  #   echo "$something" | sed 's/\\/\\\\/g'
+  #
+  # So, first we look for a working echo in the user's PATH.
+
+  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+  for dir in $PATH /usr/ucb; do
+    IFS="$lt_save_ifs"
+    if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
+       test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
+       echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
+       test "X$echo_testing_string" = "X$echo_test_string"; then
+      echo="$dir/echo"
+      break
+    fi
+  done
+  IFS="$lt_save_ifs"
+
+  if test "X$echo" = Xecho; then
+    # We didn't find a better echo, so look for alternatives.
+    if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' &&
+       echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` &&
+       test "X$echo_testing_string" = "X$echo_test_string"; then
+      # This shell has a builtin print -r that does the trick.
+      echo='print -r'
+    elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) &&
+	 test "X$CONFIG_SHELL" != X/bin/ksh; then
+      # If we have ksh, try running configure again with it.
+      ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
+      export ORIGINAL_CONFIG_SHELL
+      CONFIG_SHELL=/bin/ksh
+      export CONFIG_SHELL
+      exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"}
+    else
+      # Try using printf.
+      echo='printf %s\n'
+      if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
+	 echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
+	 test "X$echo_testing_string" = "X$echo_test_string"; then
+	# Cool, printf works
+	:
+      elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
+	   test "X$echo_testing_string" = 'X\t' &&
+	   echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+	   test "X$echo_testing_string" = "X$echo_test_string"; then
+	CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
+	export CONFIG_SHELL
+	SHELL="$CONFIG_SHELL"
+	export SHELL
+	echo="$CONFIG_SHELL [$]0 --fallback-echo"
+      elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
+	   test "X$echo_testing_string" = 'X\t' &&
+	   echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+	   test "X$echo_testing_string" = "X$echo_test_string"; then
+	echo="$CONFIG_SHELL [$]0 --fallback-echo"
+      else
+	# maybe with a smaller string...
+	prev=:
+
+	for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do
+	  if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null
+	  then
+	    break
+	  fi
+	  prev="$cmd"
+	done
+
+	if test "$prev" != 'sed 50q "[$]0"'; then
+	  echo_test_string=`eval $prev`
+	  export echo_test_string
+	  exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"}
+	else
+	  # Oops.  We lost completely, so just stick with echo.
+	  echo=echo
+	fi
+      fi
+    fi
+  fi
+fi
+fi
+
+# Copy echo and quote the copy suitably for passing to libtool from
+# the Makefile, instead of quoting the original, which is used later.
+ECHO=$echo
+if test "X$ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then
+   ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo"
+fi
+
+AC_SUBST(ECHO)
+])])# _LT_AC_PROG_ECHO_BACKSLASH
+
+
+# _LT_AC_LOCK
+# -----------
+AC_DEFUN([_LT_AC_LOCK],
+[AC_ARG_ENABLE([libtool-lock],
+    [AC_HELP_STRING([--disable-libtool-lock],
+	[avoid locking (might break parallel builds)])])
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+  # Find out which ABI we are using.
+  echo 'int i;' > conftest.$ac_ext
+  if AC_TRY_EVAL(ac_compile); then
+    case `/usr/bin/file conftest.$ac_objext` in
+    *ELF-32*)
+      HPUX_IA64_MODE="32"
+      ;;
+    *ELF-64*)
+      HPUX_IA64_MODE="64"
+      ;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+*-*-irix6*)
+  # Find out which ABI we are using.
+  echo '[#]line __oline__ "configure"' > conftest.$ac_ext
+  if AC_TRY_EVAL(ac_compile); then
+   if test "$lt_cv_prog_gnu_ld" = yes; then
+    case `/usr/bin/file conftest.$ac_objext` in
+    *32-bit*)
+      LD="${LD-ld} -melf32bsmip"
+      ;;
+    *N32*)
+      LD="${LD-ld} -melf32bmipn32"
+      ;;
+    *64-bit*)
+      LD="${LD-ld} -melf64bmip"
+      ;;
+    esac
+   else
+    case `/usr/bin/file conftest.$ac_objext` in
+    *32-bit*)
+      LD="${LD-ld} -32"
+      ;;
+    *N32*)
+      LD="${LD-ld} -n32"
+      ;;
+    *64-bit*)
+      LD="${LD-ld} -64"
+      ;;
+    esac
+   fi
+  fi
+  rm -rf conftest*
+  ;;
+
+x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*|s390*-*linux*|sparc*-*linux*)
+  # Find out which ABI we are using.
+  echo 'int i;' > conftest.$ac_ext
+  if AC_TRY_EVAL(ac_compile); then
+    case `/usr/bin/file conftest.o` in
+    *32-bit*)
+      case $host in
+        x86_64-*linux*)
+          LD="${LD-ld} -m elf_i386"
+          ;;
+        ppc64-*linux*|powerpc64-*linux*)
+          LD="${LD-ld} -m elf32ppclinux"
+          ;;
+        s390x-*linux*)
+          LD="${LD-ld} -m elf_s390"
+          ;;
+        sparc64-*linux*)
+          LD="${LD-ld} -m elf32_sparc"
+          ;;
+      esac
+      ;;
+    *64-bit*)
+      case $host in
+        x86_64-*linux*)
+          LD="${LD-ld} -m elf_x86_64"
+          ;;
+        ppc*-*linux*|powerpc*-*linux*)
+          LD="${LD-ld} -m elf64ppc"
+          ;;
+        s390*-*linux*)
+          LD="${LD-ld} -m elf64_s390"
+          ;;
+        sparc*-*linux*)
+          LD="${LD-ld} -m elf64_sparc"
+          ;;
+      esac
+      ;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+
+*-*-sco3.2v5*)
+  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+  SAVE_CFLAGS="$CFLAGS"
+  CFLAGS="$CFLAGS -belf"
+  AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
+    [AC_LANG_PUSH(C)
+     AC_TRY_LINK([],[],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
+     AC_LANG_POP])
+  if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+    CFLAGS="$SAVE_CFLAGS"
+  fi
+  ;;
+sparc*-*solaris*)
+  # Find out which ABI we are using.
+  echo 'int i;' > conftest.$ac_ext
+  if AC_TRY_EVAL(ac_compile); then
+    case `/usr/bin/file conftest.o` in
+    *64-bit*)
+      case $lt_cv_prog_gnu_ld in
+      yes*) LD="${LD-ld} -m elf64_sparc" ;;
+      *)    LD="${LD-ld} -64" ;;
+      esac
+      ;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+
+AC_PROVIDE_IFELSE([AC_LIBTOOL_WIN32_DLL],
+[*-*-cygwin* | *-*-mingw* | *-*-pw32*)
+  AC_CHECK_TOOL(DLLTOOL, dlltool, false)
+  AC_CHECK_TOOL(AS, as, false)
+  AC_CHECK_TOOL(OBJDUMP, objdump, false)
+  ;;
+  ])
+esac
+
+need_locks="$enable_libtool_lock"
+
+])# _LT_AC_LOCK
+
+
+# AC_LIBTOOL_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
+#		[OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE])
+# ----------------------------------------------------------------
+# Check whether the given compiler option works
+AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION],
+[AC_REQUIRE([LT_AC_PROG_SED])
+AC_CACHE_CHECK([$1], [$2],
+  [$2=no
+  ifelse([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
+   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+   lt_compiler_flag="$3"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   # The option is referenced via a variable to avoid confusing sed.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+   (eval "$lt_compile" 2>conftest.err)
+   ac_status=$?
+   cat conftest.err >&AS_MESSAGE_LOG_FD
+   echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+   if (exit $ac_status) && test -s "$ac_outfile"; then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings other than the usual output.
+     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+       $2=yes
+     fi
+   fi
+   $rm conftest*
+])
+
+if test x"[$]$2" = xyes; then
+    ifelse([$5], , :, [$5])
+else
+    ifelse([$6], , :, [$6])
+fi
+])# AC_LIBTOOL_COMPILER_OPTION
+
+
+# AC_LIBTOOL_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
+#                          [ACTION-SUCCESS], [ACTION-FAILURE])
+# ------------------------------------------------------------
+# Check whether the given compiler option works
+AC_DEFUN([AC_LIBTOOL_LINKER_OPTION],
+[AC_CACHE_CHECK([$1], [$2],
+  [$2=no
+   save_LDFLAGS="$LDFLAGS"
+   LDFLAGS="$LDFLAGS $3"
+   printf "$lt_simple_link_test_code" > conftest.$ac_ext
+   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+     # The linker can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     if test -s conftest.err; then
+       # Append any errors to the config.log.
+       cat conftest.err 1>&AS_MESSAGE_LOG_FD
+       $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+       if diff conftest.exp conftest.er2 >/dev/null; then
+         $2=yes
+       fi
+     else
+       $2=yes
+     fi
+   fi
+   $rm conftest*
+   LDFLAGS="$save_LDFLAGS"
+])
+
+if test x"[$]$2" = xyes; then
+    ifelse([$4], , :, [$4])
+else
+    ifelse([$5], , :, [$5])
+fi
+])# AC_LIBTOOL_LINKER_OPTION
+
+
+# AC_LIBTOOL_SYS_MAX_CMD_LEN
+# --------------------------
+AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN],
+[# find the maximum length of command line arguments
+AC_MSG_CHECKING([the maximum length of command line arguments])
+AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
+  i=0
+  teststring="ABCD"
+
+  case $build_os in
+  msdosdjgpp*)
+    # On DJGPP, this test can blow up pretty badly due to problems in libc
+    # (any single argument exceeding 2000 bytes causes a buffer overrun
+    # during glob expansion).  Even if it were fixed, the result of this
+    # check would be larger than it should be.
+    lt_cv_sys_max_cmd_len=12288;    # 12K is about right
+    ;;
+
+  gnu*)
+    # Under GNU Hurd, this test is not required because there is
+    # no limit to the length of command line arguments.
+    # Libtool will interpret -1 as no limit whatsoever
+    lt_cv_sys_max_cmd_len=-1;
+    ;;
+
+  cygwin* | mingw*)
+    # On Win9x/ME, this test blows up -- it succeeds, but takes
+    # about 5 minutes as the teststring grows exponentially.
+    # Worse, since 9x/ME are not pre-emptively multitasking,
+    # you end up with a "frozen" computer, even though with patience
+    # the test eventually succeeds (with a max line length of 256k).
+    # Instead, let's just punt: use the minimum linelength reported by
+    # all of the supported platforms: 8192 (on NT/2K/XP).
+    lt_cv_sys_max_cmd_len=8192;
+    ;;
+
+  amigaos*)
+    # On AmigaOS with pdksh, this test takes hours, literally.
+    # So we just punt and use a minimum line length of 8192.
+    lt_cv_sys_max_cmd_len=8192;
+    ;;
+
+  netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+    # This has been around since 386BSD, at least.  Likely further.
+    if test -x /sbin/sysctl; then
+      lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+    elif test -x /usr/sbin/sysctl; then
+      lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+    else
+      lt_cv_sys_max_cmd_len=65536	# usable default for all BSDs
+    fi
+    # And add a safety zone
+    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+    ;;
+
+  interix*)
+    # We know the value 262144 and hardcode it with a safety zone (like BSD)
+    lt_cv_sys_max_cmd_len=196608
+    ;;
+
+  osf*)
+    # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+    # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+    # nice to cause kernel panics so lets avoid the loop below.
+    # First set a reasonable default.
+    lt_cv_sys_max_cmd_len=16384
+    #
+    if test -x /sbin/sysconfig; then
+      case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+        *1*) lt_cv_sys_max_cmd_len=-1 ;;
+      esac
+    fi
+    ;;
+  sco3.2v5*)
+    lt_cv_sys_max_cmd_len=102400
+    ;;
+  sysv5* | sco5v6* | sysv4.2uw2*)
+    kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
+    if test -n "$kargmax"; then
+      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ 	]]//'`
+    else
+      lt_cv_sys_max_cmd_len=32768
+    fi
+    ;;
+  *)
+    # If test is not a shell built-in, we'll probably end up computing a
+    # maximum length that is only half of the actual maximum length, but
+    # we can't tell.
+    SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+    while (test "X"`$SHELL [$]0 --fallback-echo "X$teststring" 2>/dev/null` \
+	       = "XX$teststring") >/dev/null 2>&1 &&
+	    new_result=`expr "X$teststring" : ".*" 2>&1` &&
+	    lt_cv_sys_max_cmd_len=$new_result &&
+	    test $i != 17 # 1/2 MB should be enough
+    do
+      i=`expr $i + 1`
+      teststring=$teststring$teststring
+    done
+    teststring=
+    # Add a significant safety factor because C++ compilers can tack on massive
+    # amounts of additional arguments before passing them to the linker.
+    # It appears as though 1/2 is a usable value.
+    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+    ;;
+  esac
+])
+if test -n $lt_cv_sys_max_cmd_len ; then
+  AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
+else
+  AC_MSG_RESULT(none)
+fi
+])# AC_LIBTOOL_SYS_MAX_CMD_LEN
+
+
+# _LT_AC_CHECK_DLFCN
+# ------------------
+AC_DEFUN([_LT_AC_CHECK_DLFCN],
+[AC_CHECK_HEADERS(dlfcn.h)dnl
+])# _LT_AC_CHECK_DLFCN
+
+
+# _LT_AC_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
+#                           ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
+# ---------------------------------------------------------------------
+AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF],
+[AC_REQUIRE([_LT_AC_CHECK_DLFCN])dnl
+if test "$cross_compiling" = yes; then :
+  [$4]
+else
+  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+  lt_status=$lt_dlunknown
+  cat > conftest.$ac_ext <<EOF
+[#line __oline__ "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+#  define LT_DLGLOBAL		RTLD_GLOBAL
+#else
+#  ifdef DL_GLOBAL
+#    define LT_DLGLOBAL		DL_GLOBAL
+#  else
+#    define LT_DLGLOBAL		0
+#  endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+   find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+#  ifdef RTLD_LAZY
+#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
+#  else
+#    ifdef DL_LAZY
+#      define LT_DLLAZY_OR_NOW		DL_LAZY
+#    else
+#      ifdef RTLD_NOW
+#        define LT_DLLAZY_OR_NOW	RTLD_NOW
+#      else
+#        ifdef DL_NOW
+#          define LT_DLLAZY_OR_NOW	DL_NOW
+#        else
+#          define LT_DLLAZY_OR_NOW	0
+#        endif
+#      endif
+#    endif
+#  endif
+#endif
+
+#ifdef __cplusplus
+extern "C" void exit (int);
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+  int status = $lt_dlunknown;
+
+  if (self)
+    {
+      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
+      else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+      /* dlclose (self); */
+    }
+  else
+    puts (dlerror ());
+
+    exit (status);
+}]
+EOF
+  if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then
+    (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
+    lt_status=$?
+    case x$lt_status in
+      x$lt_dlno_uscore) $1 ;;
+      x$lt_dlneed_uscore) $2 ;;
+      x$lt_dlunknown|x*) $3 ;;
+    esac
+  else :
+    # compilation failed
+    $3
+  fi
+fi
+rm -fr conftest*
+])# _LT_AC_TRY_DLOPEN_SELF
+
+
+# AC_LIBTOOL_DLOPEN_SELF
+# ----------------------
+AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF],
+[AC_REQUIRE([_LT_AC_CHECK_DLFCN])dnl
+if test "x$enable_dlopen" != xyes; then
+  enable_dlopen=unknown
+  enable_dlopen_self=unknown
+  enable_dlopen_self_static=unknown
+else
+  lt_cv_dlopen=no
+  lt_cv_dlopen_libs=
+
+  case $host_os in
+  beos*)
+    lt_cv_dlopen="load_add_on"
+    lt_cv_dlopen_libs=
+    lt_cv_dlopen_self=yes
+    ;;
+
+  mingw* | pw32*)
+    lt_cv_dlopen="LoadLibrary"
+    lt_cv_dlopen_libs=
+   ;;
+
+  cygwin*)
+    lt_cv_dlopen="dlopen"
+    lt_cv_dlopen_libs=
+   ;;
+
+  darwin*)
+  # if libdl is installed we need to link against it
+    AC_CHECK_LIB([dl], [dlopen],
+		[lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[
+    lt_cv_dlopen="dyld"
+    lt_cv_dlopen_libs=
+    lt_cv_dlopen_self=yes
+    ])
+   ;;
+
+  *)
+    AC_CHECK_FUNC([shl_load],
+	  [lt_cv_dlopen="shl_load"],
+      [AC_CHECK_LIB([dld], [shl_load],
+	    [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld"],
+	[AC_CHECK_FUNC([dlopen],
+	      [lt_cv_dlopen="dlopen"],
+	  [AC_CHECK_LIB([dl], [dlopen],
+		[lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],
+	    [AC_CHECK_LIB([svld], [dlopen],
+		  [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"],
+	      [AC_CHECK_LIB([dld], [dld_link],
+		    [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld"])
+	      ])
+	    ])
+	  ])
+	])
+      ])
+    ;;
+  esac
+
+  if test "x$lt_cv_dlopen" != xno; then
+    enable_dlopen=yes
+  else
+    enable_dlopen=no
+  fi
+
+  case $lt_cv_dlopen in
+  dlopen)
+    save_CPPFLAGS="$CPPFLAGS"
+    test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+    save_LDFLAGS="$LDFLAGS"
+    wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+    save_LIBS="$LIBS"
+    LIBS="$lt_cv_dlopen_libs $LIBS"
+
+    AC_CACHE_CHECK([whether a program can dlopen itself],
+	  lt_cv_dlopen_self, [dnl
+	  _LT_AC_TRY_DLOPEN_SELF(
+	    lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
+	    lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
+    ])
+
+    if test "x$lt_cv_dlopen_self" = xyes; then
+      wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
+      AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
+    	  lt_cv_dlopen_self_static, [dnl
+	  _LT_AC_TRY_DLOPEN_SELF(
+	    lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
+	    lt_cv_dlopen_self_static=no,  lt_cv_dlopen_self_static=cross)
+      ])
+    fi
+
+    CPPFLAGS="$save_CPPFLAGS"
+    LDFLAGS="$save_LDFLAGS"
+    LIBS="$save_LIBS"
+    ;;
+  esac
+
+  case $lt_cv_dlopen_self in
+  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+  *) enable_dlopen_self=unknown ;;
+  esac
+
+  case $lt_cv_dlopen_self_static in
+  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+  *) enable_dlopen_self_static=unknown ;;
+  esac
+fi
+])# AC_LIBTOOL_DLOPEN_SELF
+
+
+# AC_LIBTOOL_PROG_CC_C_O([TAGNAME])
+# ---------------------------------
+# Check to see if options -c and -o are simultaneously supported by compiler
+AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O],
+[AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl
+AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
+  [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
+  [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
+   $rm -r conftest 2>/dev/null
+   mkdir conftest
+   cd conftest
+   mkdir out
+   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+   lt_compiler_flag="-o out/conftest2.$ac_objext"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+   (eval "$lt_compile" 2>out/conftest.err)
+   ac_status=$?
+   cat out/conftest.err >&AS_MESSAGE_LOG_FD
+   echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+   if (exit $ac_status) && test -s out/conftest2.$ac_objext
+   then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+       _LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
+     fi
+   fi
+   chmod u+w . 2>&AS_MESSAGE_LOG_FD
+   $rm conftest*
+   # SGI C++ compiler will create directory out/ii_files/ for
+   # template instantiation
+   test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
+   $rm out/* && rmdir out
+   cd ..
+   rmdir conftest
+   $rm conftest*
+])
+])# AC_LIBTOOL_PROG_CC_C_O
+
+
+# AC_LIBTOOL_SYS_HARD_LINK_LOCKS([TAGNAME])
+# -----------------------------------------
+# Check to see if we can do hard links to lock some files if needed
+AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS],
+[AC_REQUIRE([_LT_AC_LOCK])dnl
+
+hard_links="nottested"
+if test "$_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then
+  # do not overwrite the value of need_locks provided by the user
+  AC_MSG_CHECKING([if we can lock with hard links])
+  hard_links=yes
+  $rm conftest*
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  touch conftest.a
+  ln conftest.a conftest.b 2>&5 || hard_links=no
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  AC_MSG_RESULT([$hard_links])
+  if test "$hard_links" = no; then
+    AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe])
+    need_locks=warn
+  fi
+else
+  need_locks=no
+fi
+])# AC_LIBTOOL_SYS_HARD_LINK_LOCKS
+
+
+# AC_LIBTOOL_OBJDIR
+# -----------------
+AC_DEFUN([AC_LIBTOOL_OBJDIR],
+[AC_CACHE_CHECK([for objdir], [lt_cv_objdir],
+[rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+  lt_cv_objdir=.libs
+else
+  # MS-DOS does not allow filenames that begin with a dot.
+  lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null])
+objdir=$lt_cv_objdir
+])# AC_LIBTOOL_OBJDIR
+
+
+# AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH([TAGNAME])
+# ----------------------------------------------
+# Check hardcoding attributes.
+AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH],
+[AC_MSG_CHECKING([how to hardcode library paths into programs])
+_LT_AC_TAGVAR(hardcode_action, $1)=
+if test -n "$_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)" || \
+   test -n "$_LT_AC_TAGVAR(runpath_var, $1)" || \
+   test "X$_LT_AC_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then
+
+  # We can hardcode non-existant directories.
+  if test "$_LT_AC_TAGVAR(hardcode_direct, $1)" != no &&
+     # If the only mechanism to avoid hardcoding is shlibpath_var, we
+     # have to relink, otherwise we might link with an installed library
+     # when we should be linking with a yet-to-be-installed one
+     ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)" != no &&
+     test "$_LT_AC_TAGVAR(hardcode_minus_L, $1)" != no; then
+    # Linking always hardcodes the temporary library directory.
+    _LT_AC_TAGVAR(hardcode_action, $1)=relink
+  else
+    # We can link without hardcoding, and we can hardcode nonexisting dirs.
+    _LT_AC_TAGVAR(hardcode_action, $1)=immediate
+  fi
+else
+  # We cannot hardcode anything, or else we can only hardcode existing
+  # directories.
+  _LT_AC_TAGVAR(hardcode_action, $1)=unsupported
+fi
+AC_MSG_RESULT([$_LT_AC_TAGVAR(hardcode_action, $1)])
+
+if test "$_LT_AC_TAGVAR(hardcode_action, $1)" = relink; then
+  # Fast installation is not supported
+  enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+     test "$enable_shared" = no; then
+  # Fast installation is not necessary
+  enable_fast_install=needless
+fi
+])# AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH
+
+
+# AC_LIBTOOL_SYS_LIB_STRIP
+# ------------------------
+AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP],
+[striplib=
+old_striplib=
+AC_MSG_CHECKING([whether stripping libraries is possible])
+if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
+  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+  AC_MSG_RESULT([yes])
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+  case $host_os in
+   darwin*)
+       if test -n "$STRIP" ; then
+         striplib="$STRIP -x"
+         AC_MSG_RESULT([yes])
+       else
+  AC_MSG_RESULT([no])
+fi
+       ;;
+   *)
+  AC_MSG_RESULT([no])
+    ;;
+  esac
+fi
+])# AC_LIBTOOL_SYS_LIB_STRIP
+
+
+# AC_LIBTOOL_SYS_DYNAMIC_LINKER
+# -----------------------------
+# PORTME Fill in your ld.so characteristics
+AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER],
+[AC_MSG_CHECKING([dynamic linker characteristics])
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+if test "$GCC" = yes; then
+  sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+  if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
+    # if the path contains ";" then we assume it to be the separator
+    # otherwise default to the standard path separator (i.e. ":") - it is
+    # assumed that no part of a normal pathname contains ";" but that should
+    # okay in the real world where ";" in dirpaths is itself problematic.
+    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+  else
+    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
+  fi
+else
+  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+  shlibpath_var=LIBPATH
+
+  # AIX 3 has no versioning support, so we append a major version to the name.
+  soname_spec='${libname}${release}${shared_ext}$major'
+  ;;
+
+aix4* | aix5*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  hardcode_into_libs=yes
+  if test "$host_cpu" = ia64; then
+    # AIX 5 supports IA64
+    library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+    shlibpath_var=LD_LIBRARY_PATH
+  else
+    # With GCC up to 2.95.x, collect2 would create an import file
+    # for dependence libraries.  The import file would start with
+    # the line `#! .'.  This would cause the generated library to
+    # depend on `.', always an invalid library.  This was fixed in
+    # development snapshots of GCC prior to 3.0.
+    case $host_os in
+      aix4 | aix4.[[01]] | aix4.[[01]].*)
+      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+	   echo ' yes '
+	   echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
+	:
+      else
+	can_build_shared=no
+      fi
+      ;;
+    esac
+    # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+    # soname into executable. Probably we can add versioning support to
+    # collect2, so additional links can be useful in future.
+    if test "$aix_use_runtimelinking" = yes; then
+      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+      # instead of lib<name>.a to let people know that these are not
+      # typical AIX shared libraries.
+      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    else
+      # We preserve .a as extension for shared libraries through AIX4.2
+      # and later when we are not doing run time linking.
+      library_names_spec='${libname}${release}.a $libname.a'
+      soname_spec='${libname}${release}${shared_ext}$major'
+    fi
+    shlibpath_var=LIBPATH
+  fi
+  ;;
+
+amigaos*)
+  library_names_spec='$libname.ixlibrary $libname.a'
+  # Create ${libname}_ixlibrary.a entries in /sys/libs.
+  finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+  ;;
+
+beos*)
+  library_names_spec='${libname}${shared_ext}'
+  dynamic_linker="$host_os ld.so"
+  shlibpath_var=LIBRARY_PATH
+  ;;
+
+bsdi[[45]]*)
+  version_type=linux
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+  # the default ld.so.conf also contains /usr/contrib/lib and
+  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+  # libtool to hard-code these into programs
+  ;;
+
+cygwin* | mingw* | pw32*)
+  version_type=windows
+  shrext_cmds=".dll"
+  need_version=no
+  need_lib_prefix=no
+
+  case $GCC,$host_os in
+  yes,cygwin* | yes,mingw* | yes,pw32*)
+    library_names_spec='$libname.dll.a'
+    # DLL is installed to $(libdir)/../bin by postinstall_cmds
+    postinstall_cmds='base_file=`basename \${file}`~
+      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
+      dldir=$destdir/`dirname \$dlpath`~
+      test -d \$dldir || mkdir -p \$dldir~
+      $install_prog $dir/$dlname \$dldir/$dlname~
+      chmod a+x \$dldir/$dlname'
+    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+      dlpath=$dir/\$dldll~
+       $rm \$dlpath'
+    shlibpath_overrides_runpath=yes
+
+    case $host_os in
+    cygwin*)
+      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+      soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+      sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+      ;;
+    mingw*)
+      # MinGW DLLs use traditional 'lib' prefix
+      soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+      sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+      if echo "$sys_lib_search_path_spec" | [grep ';[c-zC-Z]:/' >/dev/null]; then
+        # It is most probably a Windows format PATH printed by
+        # mingw gcc, but we are running on Cygwin. Gcc prints its search
+        # path with ; separators, and with drive letters. We can handle the
+        # drive letters (cygwin fileutils understands them), so leave them,
+        # especially as we might pass files found there to a mingw objdump,
+        # which wouldn't understand a cygwinified path. Ahh.
+        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+      else
+        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
+      fi
+      ;;
+    pw32*)
+      # pw32 DLLs use 'pw' prefix rather than 'lib'
+      library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+      ;;
+    esac
+    ;;
+
+  *)
+    library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib'
+    ;;
+  esac
+  dynamic_linker='Win32 ld.exe'
+  # FIXME: first we should search . and the directory the executable is in
+  shlibpath_var=PATH
+  ;;
+
+darwin* | rhapsody*)
+  dynamic_linker="$host_os dyld"
+  version_type=darwin
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+  soname_spec='${libname}${release}${major}$shared_ext'
+  shlibpath_overrides_runpath=yes
+  shlibpath_var=DYLD_LIBRARY_PATH
+  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+  # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
+  if test "$GCC" = yes; then
+    sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
+  else
+    sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
+  fi
+  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+  ;;
+
+dgux*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+freebsd1*)
+  dynamic_linker=no
+  ;;
+
+kfreebsd*-gnu)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='GNU ld.so'
+  ;;
+
+freebsd* | dragonfly*)
+  # DragonFly does not have aout.  When/if they implement a new
+  # versioning mechanism, adjust this.
+  if test -x /usr/bin/objformat; then
+    objformat=`/usr/bin/objformat`
+  else
+    case $host_os in
+    freebsd[[123]]*) objformat=aout ;;
+    *) objformat=elf ;;
+    esac
+  fi
+  version_type=freebsd-$objformat
+  case $version_type in
+    freebsd-elf*)
+      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+      need_version=no
+      need_lib_prefix=no
+      ;;
+    freebsd-*)
+      library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+      need_version=yes
+      ;;
+  esac
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_os in
+  freebsd2*)
+    shlibpath_overrides_runpath=yes
+    ;;
+  freebsd3.[[01]]* | freebsdelf3.[[01]]*)
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \
+  freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1)
+    shlibpath_overrides_runpath=no
+    hardcode_into_libs=yes
+    ;;
+  freebsd*) # from 4.6 on
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  esac
+  ;;
+
+gnu*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  hardcode_into_libs=yes
+  ;;
+
+hpux9* | hpux10* | hpux11*)
+  # Give a soname corresponding to the major version so that dld.sl refuses to
+  # link against other versions.
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  case $host_cpu in
+  ia64*)
+    shrext_cmds='.so'
+    hardcode_into_libs=yes
+    dynamic_linker="$host_os dld.so"
+    shlibpath_var=LD_LIBRARY_PATH
+    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    if test "X$HPUX_IA64_MODE" = X32; then
+      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+    else
+      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+    fi
+    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+    ;;
+   hppa*64*)
+     shrext_cmds='.sl'
+     hardcode_into_libs=yes
+     dynamic_linker="$host_os dld.sl"
+     shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+     shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+     library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+     soname_spec='${libname}${release}${shared_ext}$major'
+     sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+     sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+     ;;
+   *)
+    shrext_cmds='.sl'
+    dynamic_linker="$host_os dld.sl"
+    shlibpath_var=SHLIB_PATH
+    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    ;;
+  esac
+  # HP-UX runs *really* slowly unless shared libraries are mode 555.
+  postinstall_cmds='chmod 555 $lib'
+  ;;
+
+interix3*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
+irix5* | irix6* | nonstopux*)
+  case $host_os in
+    nonstopux*) version_type=nonstopux ;;
+    *)
+	if test "$lt_cv_prog_gnu_ld" = yes; then
+		version_type=linux
+	else
+		version_type=irix
+	fi ;;
+  esac
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='${libname}${release}${shared_ext}$major'
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+  case $host_os in
+  irix5* | nonstopux*)
+    libsuff= shlibsuff=
+    ;;
+  *)
+    case $LD in # libtool.m4 will add one of these switches to LD
+    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+      libsuff= shlibsuff= libmagic=32-bit;;
+    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+      libsuff=32 shlibsuff=N32 libmagic=N32;;
+    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+      libsuff=64 shlibsuff=64 libmagic=64-bit;;
+    *) libsuff= shlibsuff= libmagic=never-match;;
+    esac
+    ;;
+  esac
+  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+  shlibpath_overrides_runpath=no
+  sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+  hardcode_into_libs=yes
+  ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+  dynamic_linker=no
+  ;;
+
+# This must be Linux ELF.
+linux*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  # This implies no fast_install, which is unacceptable.
+  # Some rework will be needed to allow for fast_install
+  # before this can be enabled.
+  hardcode_into_libs=yes
+
+  # Append ld.so.conf contents to the search path
+  if test -f /etc/ld.so.conf; then
+    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+  fi
+
+  # We used to test for /lib/ld.so.1 and disable shared libraries on
+  # powerpc, because MkLinux only supported shared libraries with the
+  # GNU dynamic linker.  Since this was broken with cross compilers,
+  # most powerpc-linux boxes support dynamic linking these days and
+  # people can always --disable-shared, the test was removed, and we
+  # assume the GNU/Linux dynamic linker is in use.
+  dynamic_linker='GNU/Linux ld.so'
+  ;;
+
+knetbsd*-gnu)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='GNU ld.so'
+  ;;
+
+netbsd*)
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+    dynamic_linker='NetBSD (a.out) ld.so'
+  else
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    dynamic_linker='NetBSD ld.elf_so'
+  fi
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  ;;
+
+newsos6)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+nto-qnx*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+openbsd*)
+  version_type=sunos
+  sys_lib_dlsearch_path_spec="/usr/lib"
+  need_lib_prefix=no
+  # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+  case $host_os in
+    openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+    *)                         need_version=no  ;;
+  esac
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+    case $host_os in
+      openbsd2.[[89]] | openbsd2.[[89]].*)
+	shlibpath_overrides_runpath=no
+	;;
+      *)
+	shlibpath_overrides_runpath=yes
+	;;
+      esac
+  else
+    shlibpath_overrides_runpath=yes
+  fi
+  ;;
+
+os2*)
+  libname_spec='$name'
+  shrext_cmds=".dll"
+  need_lib_prefix=no
+  library_names_spec='$libname${shared_ext} $libname.a'
+  dynamic_linker='OS/2 ld.exe'
+  shlibpath_var=LIBPATH
+  ;;
+
+osf3* | osf4* | osf5*)
+  version_type=osf
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='${libname}${release}${shared_ext}$major'
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+  ;;
+
+solaris*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  # ldd complains unless libraries are executable
+  postinstall_cmds='chmod +x $lib'
+  ;;
+
+sunos4*)
+  version_type=sunos
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  if test "$with_gnu_ld" = yes; then
+    need_lib_prefix=no
+  fi
+  need_version=yes
+  ;;
+
+sysv4 | sysv4.3*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_vendor in
+    sni)
+      shlibpath_overrides_runpath=no
+      need_lib_prefix=no
+      export_dynamic_flag_spec='${wl}-Blargedynsym'
+      runpath_var=LD_RUN_PATH
+      ;;
+    siemens)
+      need_lib_prefix=no
+      ;;
+    motorola)
+      need_lib_prefix=no
+      need_version=no
+      shlibpath_overrides_runpath=no
+      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+      ;;
+  esac
+  ;;
+
+sysv4*MP*)
+  if test -d /usr/nec ;then
+    version_type=linux
+    library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+    soname_spec='$libname${shared_ext}.$major'
+    shlibpath_var=LD_LIBRARY_PATH
+  fi
+  ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+  version_type=freebsd-elf
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  hardcode_into_libs=yes
+  if test "$with_gnu_ld" = yes; then
+    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+    shlibpath_overrides_runpath=no
+  else
+    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+    shlibpath_overrides_runpath=yes
+    case $host_os in
+      sco3.2v5*)
+        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+	;;
+    esac
+  fi
+  sys_lib_dlsearch_path_spec='/usr/lib'
+  ;;
+
+uts4*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+*)
+  dynamic_linker=no
+  ;;
+esac
+AC_MSG_RESULT([$dynamic_linker])
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+])# AC_LIBTOOL_SYS_DYNAMIC_LINKER
+
+
+# _LT_AC_TAGCONFIG
+# ----------------
+AC_DEFUN([_LT_AC_TAGCONFIG],
+[AC_ARG_WITH([tags],
+    [AC_HELP_STRING([--with-tags@<:@=TAGS@:>@],
+        [include additional configurations @<:@automatic@:>@])],
+    [tagnames="$withval"])
+
+if test -f "$ltmain" && test -n "$tagnames"; then
+  if test ! -f "${ofile}"; then
+    AC_MSG_WARN([output file `$ofile' does not exist])
+  fi
+
+  if test -z "$LTCC"; then
+    eval "`$SHELL ${ofile} --config | grep '^LTCC='`"
+    if test -z "$LTCC"; then
+      AC_MSG_WARN([output file `$ofile' does not look like a libtool script])
+    else
+      AC_MSG_WARN([using `LTCC=$LTCC', extracted from `$ofile'])
+    fi
+  fi
+  if test -z "$LTCFLAGS"; then
+    eval "`$SHELL ${ofile} --config | grep '^LTCFLAGS='`"
+  fi
+
+  # Extract list of available tagged configurations in $ofile.
+  # Note that this assumes the entire list is on one line.
+  available_tags=`grep "^available_tags=" "${ofile}" | $SED -e 's/available_tags=\(.*$\)/\1/' -e 's/\"//g'`
+
+  lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+  for tagname in $tagnames; do
+    IFS="$lt_save_ifs"
+    # Check whether tagname contains only valid characters
+    case `$echo "X$tagname" | $Xsed -e 's:[[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]]::g'` in
+    "") ;;
+    *)  AC_MSG_ERROR([invalid tag name: $tagname])
+	;;
+    esac
+
+    if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "${ofile}" > /dev/null
+    then
+      AC_MSG_ERROR([tag name \"$tagname\" already exists])
+    fi
+
+    # Update the list of available tags.
+    if test -n "$tagname"; then
+      echo appending configuration tag \"$tagname\" to $ofile
+
+      case $tagname in
+      CXX)
+	if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+	    ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+	    (test "X$CXX" != "Xg++"))) ; then
+	  AC_LIBTOOL_LANG_CXX_CONFIG
+	else
+	  tagname=""
+	fi
+	;;
+
+      F77)
+	if test -n "$F77" && test "X$F77" != "Xno"; then
+	  AC_LIBTOOL_LANG_F77_CONFIG
+	else
+	  tagname=""
+	fi
+	;;
+
+      GCJ)
+	if test -n "$GCJ" && test "X$GCJ" != "Xno"; then
+	  AC_LIBTOOL_LANG_GCJ_CONFIG
+	else
+	  tagname=""
+	fi
+	;;
+
+      RC)
+	AC_LIBTOOL_LANG_RC_CONFIG
+	;;
+
+      *)
+	AC_MSG_ERROR([Unsupported tag name: $tagname])
+	;;
+      esac
+
+      # Append the new tag name to the list of available tags.
+      if test -n "$tagname" ; then
+      available_tags="$available_tags $tagname"
+    fi
+    fi
+  done
+  IFS="$lt_save_ifs"
+
+  # Now substitute the updated list of available tags.
+  if eval "sed -e 's/^available_tags=.*\$/available_tags=\"$available_tags\"/' \"$ofile\" > \"${ofile}T\""; then
+    mv "${ofile}T" "$ofile"
+    chmod +x "$ofile"
+  else
+    rm -f "${ofile}T"
+    AC_MSG_ERROR([unable to update list of available tagged configurations.])
+  fi
+fi
+])# _LT_AC_TAGCONFIG
+
+
+# AC_LIBTOOL_DLOPEN
+# -----------------
+# enable checks for dlopen support
+AC_DEFUN([AC_LIBTOOL_DLOPEN],
+ [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])
+])# AC_LIBTOOL_DLOPEN
+
+
+# AC_LIBTOOL_WIN32_DLL
+# --------------------
+# declare package support for building win32 DLLs
+AC_DEFUN([AC_LIBTOOL_WIN32_DLL],
+[AC_BEFORE([$0], [AC_LIBTOOL_SETUP])
+])# AC_LIBTOOL_WIN32_DLL
+
+
+# AC_ENABLE_SHARED([DEFAULT])
+# ---------------------------
+# implement the --enable-shared flag
+# DEFAULT is either `yes' or `no'.  If omitted, it defaults to `yes'.
+AC_DEFUN([AC_ENABLE_SHARED],
+[define([AC_ENABLE_SHARED_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE([shared],
+    [AC_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
+	[build shared libraries @<:@default=]AC_ENABLE_SHARED_DEFAULT[@:>@])],
+    [p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_shared=yes ;;
+    no) enable_shared=no ;;
+    *)
+      enable_shared=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+      for pkg in $enableval; do
+	IFS="$lt_save_ifs"
+	if test "X$pkg" = "X$p"; then
+	  enable_shared=yes
+	fi
+      done
+      IFS="$lt_save_ifs"
+      ;;
+    esac],
+    [enable_shared=]AC_ENABLE_SHARED_DEFAULT)
+])# AC_ENABLE_SHARED
+
+
+# AC_DISABLE_SHARED
+# -----------------
+# set the default shared flag to --disable-shared
+AC_DEFUN([AC_DISABLE_SHARED],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+AC_ENABLE_SHARED(no)
+])# AC_DISABLE_SHARED
+
+
+# AC_ENABLE_STATIC([DEFAULT])
+# ---------------------------
+# implement the --enable-static flag
+# DEFAULT is either `yes' or `no'.  If omitted, it defaults to `yes'.
+AC_DEFUN([AC_ENABLE_STATIC],
+[define([AC_ENABLE_STATIC_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE([static],
+    [AC_HELP_STRING([--enable-static@<:@=PKGS@:>@],
+	[build static libraries @<:@default=]AC_ENABLE_STATIC_DEFAULT[@:>@])],
+    [p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_static=yes ;;
+    no) enable_static=no ;;
+    *)
+     enable_static=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+      for pkg in $enableval; do
+	IFS="$lt_save_ifs"
+	if test "X$pkg" = "X$p"; then
+	  enable_static=yes
+	fi
+      done
+      IFS="$lt_save_ifs"
+      ;;
+    esac],
+    [enable_static=]AC_ENABLE_STATIC_DEFAULT)
+])# AC_ENABLE_STATIC
+
+
+# AC_DISABLE_STATIC
+# -----------------
+# set the default static flag to --disable-static
+AC_DEFUN([AC_DISABLE_STATIC],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+AC_ENABLE_STATIC(no)
+])# AC_DISABLE_STATIC
+
+
+# AC_ENABLE_FAST_INSTALL([DEFAULT])
+# ---------------------------------
+# implement the --enable-fast-install flag
+# DEFAULT is either `yes' or `no'.  If omitted, it defaults to `yes'.
+AC_DEFUN([AC_ENABLE_FAST_INSTALL],
+[define([AC_ENABLE_FAST_INSTALL_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE([fast-install],
+    [AC_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
+    [optimize for fast installation @<:@default=]AC_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
+    [p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_fast_install=yes ;;
+    no) enable_fast_install=no ;;
+    *)
+      enable_fast_install=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+      for pkg in $enableval; do
+	IFS="$lt_save_ifs"
+	if test "X$pkg" = "X$p"; then
+	  enable_fast_install=yes
+	fi
+      done
+      IFS="$lt_save_ifs"
+      ;;
+    esac],
+    [enable_fast_install=]AC_ENABLE_FAST_INSTALL_DEFAULT)
+])# AC_ENABLE_FAST_INSTALL
+
+
+# AC_DISABLE_FAST_INSTALL
+# -----------------------
+# set the default to --disable-fast-install
+AC_DEFUN([AC_DISABLE_FAST_INSTALL],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+AC_ENABLE_FAST_INSTALL(no)
+])# AC_DISABLE_FAST_INSTALL
+
+
+# AC_LIBTOOL_PICMODE([MODE])
+# --------------------------
+# implement the --with-pic flag
+# MODE is either `yes' or `no'.  If omitted, it defaults to `both'.
+AC_DEFUN([AC_LIBTOOL_PICMODE],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+pic_mode=ifelse($#,1,$1,default)
+])# AC_LIBTOOL_PICMODE
+
+
+# AC_PROG_EGREP
+# -------------
+# This is predefined starting with Autoconf 2.54, so this conditional
+# definition can be removed once we require Autoconf 2.54 or later.
+m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP],
+[AC_CACHE_CHECK([for egrep], [ac_cv_prog_egrep],
+   [if echo a | (grep -E '(a|b)') >/dev/null 2>&1
+    then ac_cv_prog_egrep='grep -E'
+    else ac_cv_prog_egrep='egrep'
+    fi])
+ EGREP=$ac_cv_prog_egrep
+ AC_SUBST([EGREP])
+])])
+
+
+# AC_PATH_TOOL_PREFIX
+# -------------------
+# find a file program which can recognise shared library
+AC_DEFUN([AC_PATH_TOOL_PREFIX],
+[AC_REQUIRE([AC_PROG_EGREP])dnl
+AC_MSG_CHECKING([for $1])
+AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
+[case $MAGIC_CMD in
+[[\\/*] |  ?:[\\/]*])
+  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+  ;;
+*)
+  lt_save_MAGIC_CMD="$MAGIC_CMD"
+  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+dnl $ac_dummy forces splitting on constant user-supplied paths.
+dnl POSIX.2 word splitting is done only on the output of word expansions,
+dnl not every word.  This closes a longstanding sh security hole.
+  ac_dummy="ifelse([$2], , $PATH, [$2])"
+  for ac_dir in $ac_dummy; do
+    IFS="$lt_save_ifs"
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$1; then
+      lt_cv_path_MAGIC_CMD="$ac_dir/$1"
+      if test -n "$file_magic_test_file"; then
+	case $deplibs_check_method in
+	"file_magic "*)
+	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+	  MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+	    $EGREP "$file_magic_regex" > /dev/null; then
+	    :
+	  else
+	    cat <<EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such.  This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem.  Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+EOF
+	  fi ;;
+	esac
+      fi
+      break
+    fi
+  done
+  IFS="$lt_save_ifs"
+  MAGIC_CMD="$lt_save_MAGIC_CMD"
+  ;;
+esac])
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+  AC_MSG_RESULT($MAGIC_CMD)
+else
+  AC_MSG_RESULT(no)
+fi
+])# AC_PATH_TOOL_PREFIX
+
+
+# AC_PATH_MAGIC
+# -------------
+# find a file program which can recognise a shared library
+AC_DEFUN([AC_PATH_MAGIC],
+[AC_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+  if test -n "$ac_tool_prefix"; then
+    AC_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH)
+  else
+    MAGIC_CMD=:
+  fi
+fi
+])# AC_PATH_MAGIC
+
+
+# AC_PROG_LD
+# ----------
+# find the pathname to the GNU or non-GNU linker
+AC_DEFUN([AC_PROG_LD],
+[AC_ARG_WITH([gnu-ld],
+    [AC_HELP_STRING([--with-gnu-ld],
+	[assume the C compiler uses GNU ld @<:@default=no@:>@])],
+    [test "$withval" = no || with_gnu_ld=yes],
+    [with_gnu_ld=no])
+AC_REQUIRE([LT_AC_PROG_SED])dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+ac_prog=ld
+if test "$GCC" = yes; then
+  # Check if gcc -print-prog-name=ld gives a path.
+  AC_MSG_CHECKING([for ld used by $CC])
+  case $host in
+  *-*-mingw*)
+    # gcc leaves a trailing carriage return which upsets mingw
+    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+  *)
+    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+  esac
+  case $ac_prog in
+    # Accept absolute paths.
+    [[\\/]]* | ?:[[\\/]]*)
+      re_direlt='/[[^/]][[^/]]*/\.\./'
+      # Canonicalize the pathname of ld
+      ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'`
+      while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
+	ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"`
+      done
+      test -z "$LD" && LD="$ac_prog"
+      ;;
+  "")
+    # If it fails, then pretend we aren't using GCC.
+    ac_prog=ld
+    ;;
+  *)
+    # If it is relative, then search for the first ld in PATH.
+    with_gnu_ld=unknown
+    ;;
+  esac
+elif test "$with_gnu_ld" = yes; then
+  AC_MSG_CHECKING([for GNU ld])
+else
+  AC_MSG_CHECKING([for non-GNU ld])
+fi
+AC_CACHE_VAL(lt_cv_path_LD,
+[if test -z "$LD"; then
+  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+  for ac_dir in $PATH; do
+    IFS="$lt_save_ifs"
+    test -z "$ac_dir" && ac_dir=.
+    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+      lt_cv_path_LD="$ac_dir/$ac_prog"
+      # Check to see if the program is GNU ld.  I'd rather use --version,
+      # but apparently some variants of GNU ld only accept -v.
+      # Break only if it was the GNU/non-GNU ld that we prefer.
+      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+      *GNU* | *'with BFD'*)
+	test "$with_gnu_ld" != no && break
+	;;
+      *)
+	test "$with_gnu_ld" != yes && break
+	;;
+      esac
+    fi
+  done
+  IFS="$lt_save_ifs"
+else
+  lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi])
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+  AC_MSG_RESULT($LD)
+else
+  AC_MSG_RESULT(no)
+fi
+test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
+AC_PROG_LD_GNU
+])# AC_PROG_LD
+
+
+# AC_PROG_LD_GNU
+# --------------
+AC_DEFUN([AC_PROG_LD_GNU],
+[AC_REQUIRE([AC_PROG_EGREP])dnl
+AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
+[# I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+  lt_cv_prog_gnu_ld=yes
+  ;;
+*)
+  lt_cv_prog_gnu_ld=no
+  ;;
+esac])
+with_gnu_ld=$lt_cv_prog_gnu_ld
+])# AC_PROG_LD_GNU
+
+
+# AC_PROG_LD_RELOAD_FLAG
+# ----------------------
+# find reload flag for linker
+#   -- PORTME Some linkers may need a different reload flag.
+AC_DEFUN([AC_PROG_LD_RELOAD_FLAG],
+[AC_CACHE_CHECK([for $LD option to reload object files],
+  lt_cv_ld_reload_flag,
+  [lt_cv_ld_reload_flag='-r'])
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+  darwin*)
+    if test "$GCC" = yes; then
+      reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
+    else
+      reload_cmds='$LD$reload_flag -o $output$reload_objs'
+    fi
+    ;;
+esac
+])# AC_PROG_LD_RELOAD_FLAG
+
+
+# AC_DEPLIBS_CHECK_METHOD
+# -----------------------
+# how to check for library dependencies
+#  -- PORTME fill in with the dynamic library characteristics
+AC_DEFUN([AC_DEPLIBS_CHECK_METHOD],
+[AC_CACHE_CHECK([how to recognise dependent libraries],
+lt_cv_deplibs_check_method,
+[lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# `unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# which responds to the $file_magic_cmd with a given extended regex.
+# If you have `file' or equivalent on your system and you're not sure
+# whether `pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix4* | aix5*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+beos*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+bsdi[[45]]*)
+  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
+  lt_cv_file_magic_cmd='/usr/bin/file -L'
+  lt_cv_file_magic_test_file=/shlib/libc.so
+  ;;
+
+cygwin*)
+  # func_win32_libid is a shell function defined in ltmain.sh
+  lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+  lt_cv_file_magic_cmd='func_win32_libid'
+  ;;
+
+mingw* | pw32*)
+  # Base MSYS/MinGW do not provide the 'file' command needed by
+  # func_win32_libid shell function, so use a weaker test based on 'objdump'.
+  lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+  lt_cv_file_magic_cmd='$OBJDUMP -f'
+  ;;
+
+darwin* | rhapsody*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+freebsd* | kfreebsd*-gnu | dragonfly*)
+  if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
+    case $host_cpu in
+    i*86 )
+      # Not sure whether the presence of OpenBSD here was a mistake.
+      # Let's accept both of them until this is cleared up.
+      lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
+      lt_cv_file_magic_cmd=/usr/bin/file
+      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+      ;;
+    esac
+  else
+    lt_cv_deplibs_check_method=pass_all
+  fi
+  ;;
+
+gnu*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+hpux10.20* | hpux11*)
+  lt_cv_file_magic_cmd=/usr/bin/file
+  case $host_cpu in
+  ia64*)
+    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
+    lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+    ;;
+  hppa*64*)
+    [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]']
+    lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+    ;;
+  *)
+    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library'
+    lt_cv_file_magic_test_file=/usr/lib/libc.sl
+    ;;
+  esac
+  ;;
+
+interix3*)
+  # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
+  lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$'
+  ;;
+
+irix5* | irix6* | nonstopux*)
+  case $LD in
+  *-32|*"-32 ") libmagic=32-bit;;
+  *-n32|*"-n32 ") libmagic=N32;;
+  *-64|*"-64 ") libmagic=64-bit;;
+  *) libmagic=never-match;;
+  esac
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+# This must be Linux ELF.
+linux*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+netbsd*)
+  if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
+    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
+  else
+    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$'
+  fi
+  ;;
+
+newos6*)
+  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
+  lt_cv_file_magic_cmd=/usr/bin/file
+  lt_cv_file_magic_test_file=/usr/lib/libnls.so
+  ;;
+
+nto-qnx*)
+  lt_cv_deplibs_check_method=unknown
+  ;;
+
+openbsd*)
+  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
+  else
+    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
+  fi
+  ;;
+
+osf3* | osf4* | osf5*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+solaris*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+sysv4 | sysv4.3*)
+  case $host_vendor in
+  motorola)
+    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
+    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+    ;;
+  ncr)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  sequent)
+    lt_cv_file_magic_cmd='/bin/file'
+    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
+    ;;
+  sni)
+    lt_cv_file_magic_cmd='/bin/file'
+    lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
+    lt_cv_file_magic_test_file=/lib/libc.so
+    ;;
+  siemens)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  pc)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  esac
+  ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+esac
+])
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+])# AC_DEPLIBS_CHECK_METHOD
+
+
+# AC_PROG_NM
+# ----------
+# find the pathname to a BSD-compatible name lister
+AC_DEFUN([AC_PROG_NM],
+[AC_CACHE_CHECK([for BSD-compatible nm], lt_cv_path_NM,
+[if test -n "$NM"; then
+  # Let the user override the test.
+  lt_cv_path_NM="$NM"
+else
+  lt_nm_to_check="${ac_tool_prefix}nm"
+  if test -n "$ac_tool_prefix" && test "$build" = "$host"; then 
+    lt_nm_to_check="$lt_nm_to_check nm"
+  fi
+  for lt_tmp_nm in $lt_nm_to_check; do
+    lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+    for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
+      IFS="$lt_save_ifs"
+      test -z "$ac_dir" && ac_dir=.
+      tmp_nm="$ac_dir/$lt_tmp_nm"
+      if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+	# Check to see if the nm accepts a BSD-compat flag.
+	# Adding the `sed 1q' prevents false positives on HP-UX, which says:
+	#   nm: unknown option "B" ignored
+	# Tru64's nm complains that /dev/null is an invalid object file
+	case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
+	*/dev/null* | *'Invalid file or object type'*)
+	  lt_cv_path_NM="$tmp_nm -B"
+	  break
+	  ;;
+	*)
+	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+	  */dev/null*)
+	    lt_cv_path_NM="$tmp_nm -p"
+	    break
+	    ;;
+	  *)
+	    lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+	    continue # so that we can try to find one that supports BSD flags
+	    ;;
+	  esac
+	  ;;
+	esac
+      fi
+    done
+    IFS="$lt_save_ifs"
+  done
+  test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm
+fi])
+NM="$lt_cv_path_NM"
+])# AC_PROG_NM
+
+
+# AC_CHECK_LIBM
+# -------------
+# check for math library
+AC_DEFUN([AC_CHECK_LIBM],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+LIBM=
+case $host in
+*-*-beos* | *-*-cygwin* | *-*-pw32* | *-*-darwin*)
+  # These system don't have libm, or don't need it
+  ;;
+*-ncr-sysv4.3*)
+  AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw")
+  AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
+  ;;
+*)
+  AC_CHECK_LIB(m, cos, LIBM="-lm")
+  ;;
+esac
+])# AC_CHECK_LIBM
+
+
+# AC_LIBLTDL_CONVENIENCE([DIRECTORY])
+# -----------------------------------
+# sets LIBLTDL to the link flags for the libltdl convenience library and
+# LTDLINCL to the include flags for the libltdl header and adds
+# --enable-ltdl-convenience to the configure arguments.  Note that
+# AC_CONFIG_SUBDIRS is not called here.  If DIRECTORY is not provided,
+# it is assumed to be `libltdl'.  LIBLTDL will be prefixed with
+# '${top_builddir}/' and LTDLINCL will be prefixed with '${top_srcdir}/'
+# (note the single quotes!).  If your package is not flat and you're not
+# using automake, define top_builddir and top_srcdir appropriately in
+# the Makefiles.
+AC_DEFUN([AC_LIBLTDL_CONVENIENCE],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+  case $enable_ltdl_convenience in
+  no) AC_MSG_ERROR([this package needs a convenience libltdl]) ;;
+  "") enable_ltdl_convenience=yes
+      ac_configure_args="$ac_configure_args --enable-ltdl-convenience" ;;
+  esac
+  LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdlc.la
+  LTDLINCL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl'])
+  # For backwards non-gettext consistent compatibility...
+  INCLTDL="$LTDLINCL"
+])# AC_LIBLTDL_CONVENIENCE
+
+
+# AC_LIBLTDL_INSTALLABLE([DIRECTORY])
+# -----------------------------------
+# sets LIBLTDL to the link flags for the libltdl installable library and
+# LTDLINCL to the include flags for the libltdl header and adds
+# --enable-ltdl-install to the configure arguments.  Note that
+# AC_CONFIG_SUBDIRS is not called here.  If DIRECTORY is not provided,
+# and an installed libltdl is not found, it is assumed to be `libltdl'.
+# LIBLTDL will be prefixed with '${top_builddir}/'# and LTDLINCL with
+# '${top_srcdir}/' (note the single quotes!).  If your package is not
+# flat and you're not using automake, define top_builddir and top_srcdir
+# appropriately in the Makefiles.
+# In the future, this macro may have to be called after AC_PROG_LIBTOOL.
+AC_DEFUN([AC_LIBLTDL_INSTALLABLE],
+[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+  AC_CHECK_LIB(ltdl, lt_dlinit,
+  [test x"$enable_ltdl_install" != xyes && enable_ltdl_install=no],
+  [if test x"$enable_ltdl_install" = xno; then
+     AC_MSG_WARN([libltdl not installed, but installation disabled])
+   else
+     enable_ltdl_install=yes
+   fi
+  ])
+  if test x"$enable_ltdl_install" = x"yes"; then
+    ac_configure_args="$ac_configure_args --enable-ltdl-install"
+    LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdl.la
+    LTDLINCL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl'])
+  else
+    ac_configure_args="$ac_configure_args --enable-ltdl-install=no"
+    LIBLTDL="-lltdl"
+    LTDLINCL=
+  fi
+  # For backwards non-gettext consistent compatibility...
+  INCLTDL="$LTDLINCL"
+])# AC_LIBLTDL_INSTALLABLE
+
+
+# AC_LIBTOOL_CXX
+# --------------
+# enable support for C++ libraries
+AC_DEFUN([AC_LIBTOOL_CXX],
+[AC_REQUIRE([_LT_AC_LANG_CXX])
+])# AC_LIBTOOL_CXX
+
+
+# _LT_AC_LANG_CXX
+# ---------------
+AC_DEFUN([_LT_AC_LANG_CXX],
+[AC_REQUIRE([AC_PROG_CXX])
+AC_REQUIRE([_LT_AC_PROG_CXXCPP])
+_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}CXX])
+])# _LT_AC_LANG_CXX
+
+# _LT_AC_PROG_CXXCPP
+# ------------------
+AC_DEFUN([_LT_AC_PROG_CXXCPP],
+[
+AC_REQUIRE([AC_PROG_CXX])
+if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+    ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+    (test "X$CXX" != "Xg++"))) ; then
+  AC_PROG_CXXCPP
+fi
+])# _LT_AC_PROG_CXXCPP
+
+# AC_LIBTOOL_F77
+# --------------
+# enable support for Fortran 77 libraries
+AC_DEFUN([AC_LIBTOOL_F77],
+[AC_REQUIRE([_LT_AC_LANG_F77])
+])# AC_LIBTOOL_F77
+
+
+# _LT_AC_LANG_F77
+# ---------------
+AC_DEFUN([_LT_AC_LANG_F77],
+[AC_REQUIRE([AC_PROG_F77])
+_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}F77])
+])# _LT_AC_LANG_F77
+
+
+# AC_LIBTOOL_GCJ
+# --------------
+# enable support for GCJ libraries
+AC_DEFUN([AC_LIBTOOL_GCJ],
+[AC_REQUIRE([_LT_AC_LANG_GCJ])
+])# AC_LIBTOOL_GCJ
+
+
+# _LT_AC_LANG_GCJ
+# ---------------
+AC_DEFUN([_LT_AC_LANG_GCJ],
+[AC_PROVIDE_IFELSE([AC_PROG_GCJ],[],
+  [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],[],
+    [AC_PROVIDE_IFELSE([LT_AC_PROG_GCJ],[],
+      [ifdef([AC_PROG_GCJ],[AC_REQUIRE([AC_PROG_GCJ])],
+	 [ifdef([A][M_PROG_GCJ],[AC_REQUIRE([A][M_PROG_GCJ])],
+	   [AC_REQUIRE([A][C_PROG_GCJ_OR_A][M_PROG_GCJ])])])])])])
+_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}GCJ])
+])# _LT_AC_LANG_GCJ
+
+
+# AC_LIBTOOL_RC
+# -------------
+# enable support for Windows resource files
+AC_DEFUN([AC_LIBTOOL_RC],
+[AC_REQUIRE([LT_AC_PROG_RC])
+_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}RC])
+])# AC_LIBTOOL_RC
+
+
+# AC_LIBTOOL_LANG_C_CONFIG
+# ------------------------
+# Ensure that the configuration vars for the C compiler are
+# suitably defined.  Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG], [_LT_AC_LANG_C_CONFIG])
+AC_DEFUN([_LT_AC_LANG_C_CONFIG],
+[lt_save_CC="$CC"
+AC_LANG_PUSH(C)
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}\n'
+
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+AC_LIBTOOL_PROG_COMPILER_NO_RTTI($1)
+AC_LIBTOOL_PROG_COMPILER_PIC($1)
+AC_LIBTOOL_PROG_CC_C_O($1)
+AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
+AC_LIBTOOL_PROG_LD_SHLIBS($1)
+AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
+AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
+AC_LIBTOOL_SYS_LIB_STRIP
+AC_LIBTOOL_DLOPEN_SELF
+
+# Report which library types will actually be built
+AC_MSG_CHECKING([if libtool supports shared libraries])
+AC_MSG_RESULT([$can_build_shared])
+
+AC_MSG_CHECKING([whether to build shared libraries])
+test "$can_build_shared" = "no" && enable_shared=no
+
+# On AIX, shared libraries and static libraries use the same namespace, and
+# are all built from PIC.
+case $host_os in
+aix3*)
+  test "$enable_shared" = yes && enable_static=no
+  if test -n "$RANLIB"; then
+    archive_cmds="$archive_cmds~\$RANLIB \$lib"
+    postinstall_cmds='$RANLIB $lib'
+  fi
+  ;;
+
+aix4* | aix5*)
+  if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+    test "$enable_shared" = yes && enable_static=no
+  fi
+    ;;
+esac
+AC_MSG_RESULT([$enable_shared])
+
+AC_MSG_CHECKING([whether to build static libraries])
+# Make sure either enable_shared or enable_static is yes.
+test "$enable_shared" = yes || enable_static=yes
+AC_MSG_RESULT([$enable_static])
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_POP
+CC="$lt_save_CC"
+])# AC_LIBTOOL_LANG_C_CONFIG
+
+
+# AC_LIBTOOL_LANG_CXX_CONFIG
+# --------------------------
+# Ensure that the configuration vars for the C compiler are
+# suitably defined.  Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG], [_LT_AC_LANG_CXX_CONFIG(CXX)])
+AC_DEFUN([_LT_AC_LANG_CXX_CONFIG],
+[AC_LANG_PUSH(C++)
+AC_REQUIRE([AC_PROG_CXX])
+AC_REQUIRE([_LT_AC_PROG_CXXCPP])
+
+_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_AC_TAGVAR(allow_undefined_flag, $1)=
+_LT_AC_TAGVAR(always_export_symbols, $1)=no
+_LT_AC_TAGVAR(archive_expsym_cmds, $1)=
+_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_AC_TAGVAR(hardcode_direct, $1)=no
+_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_AC_TAGVAR(hardcode_minus_L, $1)=no
+_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+_LT_AC_TAGVAR(hardcode_automatic, $1)=no
+_LT_AC_TAGVAR(module_cmds, $1)=
+_LT_AC_TAGVAR(module_expsym_cmds, $1)=
+_LT_AC_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_AC_TAGVAR(no_undefined_flag, $1)=
+_LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Dependencies to place before and after the object being linked:
+_LT_AC_TAGVAR(predep_objects, $1)=
+_LT_AC_TAGVAR(postdep_objects, $1)=
+_LT_AC_TAGVAR(predeps, $1)=
+_LT_AC_TAGVAR(postdeps, $1)=
+_LT_AC_TAGVAR(compiler_lib_search_path, $1)=
+
+# Source file extension for C++ test sources.
+ac_ext=cpp
+
+# Object file extension for compiled C++ test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }\n'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC=$CC
+lt_save_LD=$LD
+lt_save_GCC=$GCC
+GCC=$GXX
+lt_save_with_gnu_ld=$with_gnu_ld
+lt_save_path_LD=$lt_cv_path_LD
+if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
+  lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
+else
+  $as_unset lt_cv_prog_gnu_ld
+fi
+if test -n "${lt_cv_path_LDCXX+set}"; then
+  lt_cv_path_LD=$lt_cv_path_LDCXX
+else
+  $as_unset lt_cv_path_LD
+fi
+test -z "${LDCXX+set}" || LD=$LDCXX
+CC=${CXX-"c++"}
+compiler=$CC
+_LT_AC_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+
+# We don't want -fno-exception wen compiling C++ code, so set the
+# no_builtin_flag separately
+if test "$GXX" = yes; then
+  _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
+else
+  _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
+fi
+
+if test "$GXX" = yes; then
+  # Set up default GNU C++ configuration
+
+  AC_PROG_LD
+
+  # Check if GNU C++ uses GNU ld as the underlying linker, since the
+  # archiving commands below assume that GNU ld is being used.
+  if test "$with_gnu_ld" = yes; then
+    _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+    _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+
+    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
+    _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+
+    # If archive_cmds runs LD, not CC, wlarc should be empty
+    # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
+    #     investigate it a little bit more. (MM)
+    wlarc='${wl}'
+
+    # ancient GNU ld didn't support --whole-archive et. al.
+    if eval "`$CC -print-prog-name=ld` --help 2>&1" | \
+	grep 'no-whole-archive' > /dev/null; then
+      _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+    else
+      _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+    fi
+  else
+    with_gnu_ld=no
+    wlarc=
+
+    # A generic and very simple default shared library creation
+    # command for GNU C++ for the case where it uses the native
+    # linker, instead of GNU ld.  If possible, this setting should
+    # overridden to take advantage of the native linker features on
+    # the platform it is being used on.
+    _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+  fi
+
+  # Commands to make compiler produce verbose output that lists
+  # what "hidden" libraries, object files and flags are used when
+  # linking a shared library.
+  output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+else
+  GXX=no
+  with_gnu_ld=no
+  wlarc=
+fi
+
+# PORTME: fill in a description of your system's C++ link characteristics
+AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
+_LT_AC_TAGVAR(ld_shlibs, $1)=yes
+case $host_os in
+  aix3*)
+    # FIXME: insert proper C++ library support
+    _LT_AC_TAGVAR(ld_shlibs, $1)=no
+    ;;
+  aix4* | aix5*)
+    if test "$host_cpu" = ia64; then
+      # On IA64, the linker does run time linking by default, so we don't
+      # have to do anything special.
+      aix_use_runtimelinking=no
+      exp_sym_flag='-Bexport'
+      no_entry_flag=""
+    else
+      aix_use_runtimelinking=no
+
+      # Test if we are trying to use run time linking or normal
+      # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+      # need to do runtime linking.
+      case $host_os in aix4.[[23]]|aix4.[[23]].*|aix5*)
+	for ld_flag in $LDFLAGS; do
+	  case $ld_flag in
+	  *-brtl*)
+	    aix_use_runtimelinking=yes
+	    break
+	    ;;
+	  esac
+	done
+	;;
+      esac
+
+      exp_sym_flag='-bexport'
+      no_entry_flag='-bnoentry'
+    fi
+
+    # When large executables or shared objects are built, AIX ld can
+    # have problems creating the table of contents.  If linking a library
+    # or program results in "error TOC overflow" add -mminimal-toc to
+    # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
+    # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+    _LT_AC_TAGVAR(archive_cmds, $1)=''
+    _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+    _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':'
+    _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+
+    if test "$GXX" = yes; then
+      case $host_os in aix4.[[012]]|aix4.[[012]].*)
+      # We only want to do this on AIX 4.2 and lower, the check
+      # below for broken collect2 doesn't work under 4.3+
+	collect2name=`${CC} -print-prog-name=collect2`
+	if test -f "$collect2name" && \
+	   strings "$collect2name" | grep resolve_lib_name >/dev/null
+	then
+	  # We have reworked collect2
+	  _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+	else
+	  # We have old collect2
+	  _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported
+	  # It fails to find uninstalled libraries when the uninstalled
+	  # path is not listed in the libpath.  Setting hardcode_minus_L
+	  # to unsupported forces relinking
+	  _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+	  _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+	  _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+	fi
+	;;
+      esac
+      shared_flag='-shared'
+      if test "$aix_use_runtimelinking" = yes; then
+	shared_flag="$shared_flag "'${wl}-G'
+      fi
+    else
+      # not using gcc
+      if test "$host_cpu" = ia64; then
+	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+	# chokes on -Wl,-G. The following line is correct:
+	shared_flag='-G'
+      else
+	if test "$aix_use_runtimelinking" = yes; then
+	  shared_flag='${wl}-G'
+	else
+	  shared_flag='${wl}-bM:SRE'
+	fi
+      fi
+    fi
+
+    # It seems that -bexpall does not export symbols beginning with
+    # underscore (_), so it is better to generate a list of symbols to export.
+    _LT_AC_TAGVAR(always_export_symbols, $1)=yes
+    if test "$aix_use_runtimelinking" = yes; then
+      # Warning - without using the other runtime loading flags (-brtl),
+      # -berok will link without error, but may produce a broken library.
+      _LT_AC_TAGVAR(allow_undefined_flag, $1)='-berok'
+      # Determine the default libpath from the value encoded in an empty executable.
+      _LT_AC_SYS_LIBPATH_AIX
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+
+      _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+     else
+      if test "$host_cpu" = ia64; then
+	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
+	_LT_AC_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+      else
+	# Determine the default libpath from the value encoded in an empty executable.
+	_LT_AC_SYS_LIBPATH_AIX
+	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+	# Warning - without using the other run time loading flags,
+	# -berok will link without error, but may produce a broken library.
+	_LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
+	_LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
+	# Exported symbols can be pulled into shared objects from archives
+	_LT_AC_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
+	_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
+	# This is similar to how AIX traditionally builds its shared libraries.
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+      fi
+    fi
+    ;;
+
+  beos*)
+    if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+      _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+      # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+      # support --undefined.  This deserves some investigation.  FIXME
+      _LT_AC_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+    else
+      _LT_AC_TAGVAR(ld_shlibs, $1)=no
+    fi
+    ;;
+
+  chorus*)
+    case $cc_basename in
+      *)
+	# FIXME: insert proper C++ library support
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+	;;
+    esac
+    ;;
+
+  cygwin* | mingw* | pw32*)
+    # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
+    # as there is no search path for DLLs.
+    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+    _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+    _LT_AC_TAGVAR(always_export_symbols, $1)=no
+    _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+
+    if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+      _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+      # If the export-symbols file already is a .def file (1st line
+      # is EXPORTS), use it as is; otherwise, prepend...
+      _LT_AC_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+	cp $export_symbols $output_objdir/$soname.def;
+      else
+	echo EXPORTS > $output_objdir/$soname.def;
+	cat $export_symbols >> $output_objdir/$soname.def;
+      fi~
+      $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+    else
+      _LT_AC_TAGVAR(ld_shlibs, $1)=no
+    fi
+  ;;
+      darwin* | rhapsody*)
+        case $host_os in
+        rhapsody* | darwin1.[[012]])
+         _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}suppress'
+         ;;
+       *) # Darwin 1.3 on
+         if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+           _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+         else
+           case ${MACOSX_DEPLOYMENT_TARGET} in
+             10.[[012]])
+               _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+               ;;
+             10.*)
+               _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}dynamic_lookup'
+               ;;
+           esac
+         fi
+         ;;
+        esac
+      _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+      _LT_AC_TAGVAR(hardcode_direct, $1)=no
+      _LT_AC_TAGVAR(hardcode_automatic, $1)=yes
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+      _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=''
+      _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+
+    if test "$GXX" = yes ; then
+      lt_int_apple_cc_single_mod=no
+      output_verbose_link_cmd='echo'
+      if $CC -dumpspecs 2>&1 | $EGREP 'single_module' >/dev/null ; then
+       lt_int_apple_cc_single_mod=yes
+      fi
+      if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
+       _LT_AC_TAGVAR(archive_cmds, $1)='$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+      else
+          _LT_AC_TAGVAR(archive_cmds, $1)='$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+        fi
+        _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+        # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+          if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
+            _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+          else
+            _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+          fi
+            _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+      else
+      case $cc_basename in
+        xlc*)
+         output_verbose_link_cmd='echo'
+          _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+          _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+          # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+          _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+          _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+          ;;
+       *)
+         _LT_AC_TAGVAR(ld_shlibs, $1)=no
+          ;;
+      esac
+      fi
+        ;;
+
+  dgux*)
+    case $cc_basename in
+      ec++*)
+	# FIXME: insert proper C++ library support
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+	;;
+      ghcx*)
+	# Green Hills C++ Compiler
+	# FIXME: insert proper C++ library support
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+	;;
+      *)
+	# FIXME: insert proper C++ library support
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+	;;
+    esac
+    ;;
+  freebsd[[12]]*)
+    # C++ shared libraries reported to be fairly broken before switch to ELF
+    _LT_AC_TAGVAR(ld_shlibs, $1)=no
+    ;;
+  freebsd-elf*)
+    _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+    ;;
+  freebsd* | kfreebsd*-gnu | dragonfly*)
+    # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
+    # conventions
+    _LT_AC_TAGVAR(ld_shlibs, $1)=yes
+    ;;
+  gnu*)
+    ;;
+  hpux9*)
+    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+    _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+    _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+    _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+    _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+				# but as the default
+				# location of the library.
+
+    case $cc_basename in
+    CC*)
+      # FIXME: insert proper C++ library support
+      _LT_AC_TAGVAR(ld_shlibs, $1)=no
+      ;;
+    aCC*)
+      _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+      # Commands to make compiler produce verbose output that lists
+      # what "hidden" libraries, object files and flags are used when
+      # linking a shared library.
+      #
+      # There doesn't appear to be a way to prevent this compiler from
+      # explicitly linking system object files so we need to strip them
+      # from the output so that they don't get included in the library
+      # dependencies.
+      output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "[[-]]L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+      ;;
+    *)
+      if test "$GXX" = yes; then
+        _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+      else
+        # FIXME: insert proper C++ library support
+        _LT_AC_TAGVAR(ld_shlibs, $1)=no
+      fi
+      ;;
+    esac
+    ;;
+  hpux10*|hpux11*)
+    if test $with_gnu_ld = no; then
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+      _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+      case $host_cpu in
+      hppa*64*|ia64*)
+	_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
+        ;;
+      *)
+	_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+        ;;
+      esac
+    fi
+    case $host_cpu in
+    hppa*64*|ia64*)
+      _LT_AC_TAGVAR(hardcode_direct, $1)=no
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+    *)
+      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+      _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+					      # but as the default
+					      # location of the library.
+      ;;
+    esac
+
+    case $cc_basename in
+      CC*)
+	# FIXME: insert proper C++ library support
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+	;;
+      aCC*)
+	case $host_cpu in
+	hppa*64*)
+	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	  ;;
+	ia64*)
+	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	  ;;
+	*)
+	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	  ;;
+	esac
+	# Commands to make compiler produce verbose output that lists
+	# what "hidden" libraries, object files and flags are used when
+	# linking a shared library.
+	#
+	# There doesn't appear to be a way to prevent this compiler from
+	# explicitly linking system object files so we need to strip them
+	# from the output so that they don't get included in the library
+	# dependencies.
+	output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+	;;
+      *)
+	if test "$GXX" = yes; then
+	  if test $with_gnu_ld = no; then
+	    case $host_cpu in
+	    hppa*64*)
+	      _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	      ;;
+	    ia64*)
+	      _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	      ;;
+	    *)
+	      _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	      ;;
+	    esac
+	  fi
+	else
+	  # FIXME: insert proper C++ library support
+	  _LT_AC_TAGVAR(ld_shlibs, $1)=no
+	fi
+	;;
+    esac
+    ;;
+  interix3*)
+    _LT_AC_TAGVAR(hardcode_direct, $1)=no
+    _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+    _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+    # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+    # Instead, shared libraries are loaded at an image base (0x10000000 by
+    # default) and relocated if they conflict, which is a slow very memory
+    # consuming and fragmenting process.  To avoid this, we pick a random,
+    # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+    # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
+    _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+    _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+    ;;
+  irix5* | irix6*)
+    case $cc_basename in
+      CC*)
+	# SGI C++
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+
+	# Archives containing C++ object files must be created using
+	# "CC -ar", where "CC" is the IRIX C++ compiler.  This is
+	# necessary to make sure instantiated templates are included
+	# in the archive.
+	_LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
+	;;
+      *)
+	if test "$GXX" = yes; then
+	  if test "$with_gnu_ld" = no; then
+	    _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+	  else
+	    _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` -o $lib'
+	  fi
+	fi
+	_LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+	;;
+    esac
+    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+    _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+    ;;
+  linux*)
+    case $cc_basename in
+      KCC*)
+	# Kuck and Associates, Inc. (KAI) C++ Compiler
+
+	# KCC will only create a shared library if the output file
+	# ends with ".so" (or ".sl" for HP-UX), so rename the library
+	# to its proper name (with version) after linking.
+	_LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib'
+	# Commands to make compiler produce verbose output that lists
+	# what "hidden" libraries, object files and flags are used when
+	# linking a shared library.
+	#
+	# There doesn't appear to be a way to prevent this compiler from
+	# explicitly linking system object files so we need to strip them
+	# from the output so that they don't get included in the library
+	# dependencies.
+	output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | grep "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+
+	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath,$libdir'
+	_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+
+	# Archives containing C++ object files must be created using
+	# "CC -Bstatic", where "CC" is the KAI C++ compiler.
+	_LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
+	;;
+      icpc*)
+	# Intel C++
+	with_gnu_ld=yes
+	# version 8.0 and above of icpc choke on multiply defined symbols
+	# if we add $predep_objects and $postdep_objects, however 7.1 and
+	# earlier do not add the objects themselves.
+	case `$CC -V 2>&1` in
+	*"Version 7."*)
+  	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+  	  _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+	  ;;
+	*)  # Version 8.0 or newer
+	  tmp_idyn=
+	  case $host_cpu in
+	    ia64*) tmp_idyn=' -i_dynamic';;
+	  esac
+  	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	  _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+	  ;;
+	esac
+	_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+	_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+	_LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+	;;
+      pgCC*)
+        # Portland Group C++ compiler
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+  	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+
+	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
+	_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+	_LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+        ;;
+      cxx*)
+	# Compaq C++
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname  -o $lib ${wl}-retain-symbols-file $wl$export_symbols'
+
+	runpath_var=LD_RUN_PATH
+	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+	_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+	# Commands to make compiler produce verbose output that lists
+	# what "hidden" libraries, object files and flags are used when
+	# linking a shared library.
+	#
+	# There doesn't appear to be a way to prevent this compiler from
+	# explicitly linking system object files so we need to strip them
+	# from the output so that they don't get included in the library
+	# dependencies.
+	output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+	;;
+    esac
+    ;;
+  lynxos*)
+    # FIXME: insert proper C++ library support
+    _LT_AC_TAGVAR(ld_shlibs, $1)=no
+    ;;
+  m88k*)
+    # FIXME: insert proper C++ library support
+    _LT_AC_TAGVAR(ld_shlibs, $1)=no
+    ;;
+  mvs*)
+    case $cc_basename in
+      cxx*)
+	# FIXME: insert proper C++ library support
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+	;;
+      *)
+	# FIXME: insert proper C++ library support
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+	;;
+    esac
+    ;;
+  netbsd*)
+    if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+      _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable  -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
+      wlarc=
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+    fi
+    # Workaround some broken pre-1.5 toolchains
+    output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
+    ;;
+  openbsd2*)
+    # C++ shared libraries are fairly broken
+    _LT_AC_TAGVAR(ld_shlibs, $1)=no
+    ;;
+  openbsd*)
+    _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+    _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+    _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+    if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+      _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
+      _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+      _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+    fi
+    output_verbose_link_cmd='echo'
+    ;;
+  osf3*)
+    case $cc_basename in
+      KCC*)
+	# Kuck and Associates, Inc. (KAI) C++ Compiler
+
+	# KCC will only create a shared library if the output file
+	# ends with ".so" (or ".sl" for HP-UX), so rename the library
+	# to its proper name (with version) after linking.
+	_LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+	_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+	# Archives containing C++ object files must be created using
+	# "CC -Bstatic", where "CC" is the KAI C++ compiler.
+	_LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
+
+	;;
+      RCC*)
+	# Rational C++ 2.4.1
+	# FIXME: insert proper C++ library support
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+	;;
+      cxx*)
+	_LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && echo ${wl}-set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+
+	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+	_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+	# Commands to make compiler produce verbose output that lists
+	# what "hidden" libraries, object files and flags are used when
+	# linking a shared library.
+	#
+	# There doesn't appear to be a way to prevent this compiler from
+	# explicitly linking system object files so we need to strip them
+	# from the output so that they don't get included in the library
+	# dependencies.
+	output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+	;;
+      *)
+	if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+	  _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+
+	  _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+	  _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+	  # Commands to make compiler produce verbose output that lists
+	  # what "hidden" libraries, object files and flags are used when
+	  # linking a shared library.
+	  output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+	else
+	  # FIXME: insert proper C++ library support
+	  _LT_AC_TAGVAR(ld_shlibs, $1)=no
+	fi
+	;;
+    esac
+    ;;
+  osf4* | osf5*)
+    case $cc_basename in
+      KCC*)
+	# Kuck and Associates, Inc. (KAI) C++ Compiler
+
+	# KCC will only create a shared library if the output file
+	# ends with ".so" (or ".sl" for HP-UX), so rename the library
+	# to its proper name (with version) after linking.
+	_LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+	_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+	# Archives containing C++ object files must be created using
+	# the KAI C++ compiler.
+	_LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs'
+	;;
+      RCC*)
+	# Rational C++ 2.4.1
+	# FIXME: insert proper C++ library support
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+	;;
+      cxx*)
+	_LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
+	  echo "-hidden">> $lib.exp~
+	  $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname -Wl,-input -Wl,$lib.exp  `test -n "$verstring" && echo -set_version	$verstring` -update_registry ${output_objdir}/so_locations -o $lib~
+	  $rm $lib.exp'
+
+	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+	_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+	# Commands to make compiler produce verbose output that lists
+	# what "hidden" libraries, object files and flags are used when
+	# linking a shared library.
+	#
+	# There doesn't appear to be a way to prevent this compiler from
+	# explicitly linking system object files so we need to strip them
+	# from the output so that they don't get included in the library
+	# dependencies.
+	output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+	;;
+      *)
+	if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+	  _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+	 _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+
+	  _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+	  _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+	  # Commands to make compiler produce verbose output that lists
+	  # what "hidden" libraries, object files and flags are used when
+	  # linking a shared library.
+	  output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+	else
+	  # FIXME: insert proper C++ library support
+	  _LT_AC_TAGVAR(ld_shlibs, $1)=no
+	fi
+	;;
+    esac
+    ;;
+  psos*)
+    # FIXME: insert proper C++ library support
+    _LT_AC_TAGVAR(ld_shlibs, $1)=no
+    ;;
+  sunos4*)
+    case $cc_basename in
+      CC*)
+	# Sun C++ 4.x
+	# FIXME: insert proper C++ library support
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+	;;
+      lcc*)
+	# Lucid
+	# FIXME: insert proper C++ library support
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+	;;
+      *)
+	# FIXME: insert proper C++ library support
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+	;;
+    esac
+    ;;
+  solaris*)
+    case $cc_basename in
+      CC*)
+	# Sun C++ 4.2, 5.x and Centerline C++
+        _LT_AC_TAGVAR(archive_cmds_need_lc,$1)=yes
+	_LT_AC_TAGVAR(no_undefined_flag, $1)=' -zdefs'
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag}  -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+	$CC -G${allow_undefined_flag}  ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+	_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+	case $host_os in
+	  solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+	  *)
+	    # The C++ compiler is used as linker so we must use $wl
+	    # flag to pass the commands to the underlying system
+	    # linker. We must also pass each convience library through
+	    # to the system linker between allextract/defaultextract.
+	    # The C++ compiler will combine linker options so we
+	    # cannot just pass the convience library names through
+	    # without $wl.
+	    # Supported since Solaris 2.6 (maybe 2.5.1?)
+	    _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract'
+	    ;;
+	esac
+	_LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+
+	output_verbose_link_cmd='echo'
+
+	# Archives containing C++ object files must be created using
+	# "CC -xar", where "CC" is the Sun C++ compiler.  This is
+	# necessary to make sure instantiated templates are included
+	# in the archive.
+	_LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
+	;;
+      gcx*)
+	# Green Hills C++ Compiler
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+
+	# The C++ compiler must be used to create the archive.
+	_LT_AC_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
+	;;
+      *)
+	# GNU C++ compiler with Solaris linker
+	if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+	  _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs'
+	  if $CC --version | grep -v '^2\.7' > /dev/null; then
+	    _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+	    _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+		$CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    output_verbose_link_cmd="$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\""
+	  else
+	    # g++ 2.7 appears to require `-G' NOT `-shared' on this
+	    # platform.
+	    _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+	    _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+		$CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    output_verbose_link_cmd="$CC -G $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\""
+	  fi
+
+	  _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir'
+	fi
+	;;
+    esac
+    ;;
+  sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
+    _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+    _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+    _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+    runpath_var='LD_RUN_PATH'
+
+    case $cc_basename in
+      CC*)
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	;;
+      *)
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	;;
+    esac
+    ;;
+  sysv5* | sco3.2v5* | sco5v6*)
+    # Note: We can NOT use -z defs as we might desire, because we do not
+    # link with -lc, and that would cause any symbols used from libc to
+    # always be unresolved, which means just about no library would
+    # ever link correctly.  If we're not using GNU ld we use -z text
+    # though, which does catch some bad symbols but isn't as heavy-handed
+    # as -z defs.
+    # For security reasons, it is highly recommended that you always
+    # use absolute paths for naming shared libraries, and exclude the
+    # DT_RUNPATH tag from executables and libraries.  But doing so
+    # requires that you compile everything twice, which is a pain.
+    # So that behaviour is only enabled if SCOABSPATH is set to a
+    # non-empty value in the environment.  Most likely only useful for
+    # creating official distributions of packages.
+    # This is a hack until libtool officially supports absolute path
+    # names for shared libraries.
+    _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+    _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs'
+    _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+    _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
+    _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':'
+    _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+    _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport'
+    runpath_var='LD_RUN_PATH'
+
+    case $cc_basename in
+      CC*)
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	;;
+      *)
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	;;
+    esac
+    ;;
+  tandem*)
+    case $cc_basename in
+      NCC*)
+	# NonStop-UX NCC 3.20
+	# FIXME: insert proper C++ library support
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+	;;
+      *)
+	# FIXME: insert proper C++ library support
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+	;;
+    esac
+    ;;
+  vxworks*)
+    # FIXME: insert proper C++ library support
+    _LT_AC_TAGVAR(ld_shlibs, $1)=no
+    ;;
+  *)
+    # FIXME: insert proper C++ library support
+    _LT_AC_TAGVAR(ld_shlibs, $1)=no
+    ;;
+esac
+AC_MSG_RESULT([$_LT_AC_TAGVAR(ld_shlibs, $1)])
+test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+
+_LT_AC_TAGVAR(GCC, $1)="$GXX"
+_LT_AC_TAGVAR(LD, $1)="$LD"
+
+AC_LIBTOOL_POSTDEP_PREDEP($1)
+AC_LIBTOOL_PROG_COMPILER_PIC($1)
+AC_LIBTOOL_PROG_CC_C_O($1)
+AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
+AC_LIBTOOL_PROG_LD_SHLIBS($1)
+AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
+AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_POP
+CC=$lt_save_CC
+LDCXX=$LD
+LD=$lt_save_LD
+GCC=$lt_save_GCC
+with_gnu_ldcxx=$with_gnu_ld
+with_gnu_ld=$lt_save_with_gnu_ld
+lt_cv_path_LDCXX=$lt_cv_path_LD
+lt_cv_path_LD=$lt_save_path_LD
+lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
+lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
+])# AC_LIBTOOL_LANG_CXX_CONFIG
+
+# AC_LIBTOOL_POSTDEP_PREDEP([TAGNAME])
+# ------------------------------------
+# Figure out "hidden" library dependencies from verbose
+# compiler output when linking a shared library.
+# Parse the compiler output and extract the necessary
+# objects, libraries and library flags.
+AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP],[
+dnl we can't use the lt_simple_compile_test_code here,
+dnl because it contains code intended for an executable,
+dnl not a library.  It's possible we should let each
+dnl tag define a new lt_????_link_test_code variable,
+dnl but it's only used here...
+ifelse([$1],[],[cat > conftest.$ac_ext <<EOF
+int a;
+void foo (void) { a = 0; }
+EOF
+],[$1],[CXX],[cat > conftest.$ac_ext <<EOF
+class Foo
+{
+public:
+  Foo (void) { a = 0; }
+private:
+  int a;
+};
+EOF
+],[$1],[F77],[cat > conftest.$ac_ext <<EOF
+      subroutine foo
+      implicit none
+      integer*4 a
+      a=0
+      return
+      end
+EOF
+],[$1],[GCJ],[cat > conftest.$ac_ext <<EOF
+public class foo {
+  private int a;
+  public void bar (void) {
+    a = 0;
+  }
+};
+EOF
+])
+dnl Parse the compiler output and extract the necessary
+dnl objects, libraries and library flags.
+if AC_TRY_EVAL(ac_compile); then
+  # Parse the compiler output and extract the necessary
+  # objects, libraries and library flags.
+
+  # Sentinel used to keep track of whether or not we are before
+  # the conftest object file.
+  pre_test_object_deps_done=no
+
+  # The `*' in the case matches for architectures that use `case' in
+  # $output_verbose_cmd can trigger glob expansion during the loop
+  # eval without this substitution.
+  output_verbose_link_cmd=`$echo "X$output_verbose_link_cmd" | $Xsed -e "$no_glob_subst"`
+
+  for p in `eval $output_verbose_link_cmd`; do
+    case $p in
+
+    -L* | -R* | -l*)
+       # Some compilers place space between "-{L,R}" and the path.
+       # Remove the space.
+       if test $p = "-L" \
+	  || test $p = "-R"; then
+	 prev=$p
+	 continue
+       else
+	 prev=
+       fi
+
+       if test "$pre_test_object_deps_done" = no; then
+	 case $p in
+	 -L* | -R*)
+	   # Internal compiler library paths should come after those
+	   # provided the user.  The postdeps already come after the
+	   # user supplied libs so there is no need to process them.
+	   if test -z "$_LT_AC_TAGVAR(compiler_lib_search_path, $1)"; then
+	     _LT_AC_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}"
+	   else
+	     _LT_AC_TAGVAR(compiler_lib_search_path, $1)="${_LT_AC_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}"
+	   fi
+	   ;;
+	 # The "-l" case would never come before the object being
+	 # linked, so don't bother handling this case.
+	 esac
+       else
+	 if test -z "$_LT_AC_TAGVAR(postdeps, $1)"; then
+	   _LT_AC_TAGVAR(postdeps, $1)="${prev}${p}"
+	 else
+	   _LT_AC_TAGVAR(postdeps, $1)="${_LT_AC_TAGVAR(postdeps, $1)} ${prev}${p}"
+	 fi
+       fi
+       ;;
+
+    *.$objext)
+       # This assumes that the test object file only shows up
+       # once in the compiler output.
+       if test "$p" = "conftest.$objext"; then
+	 pre_test_object_deps_done=yes
+	 continue
+       fi
+
+       if test "$pre_test_object_deps_done" = no; then
+	 if test -z "$_LT_AC_TAGVAR(predep_objects, $1)"; then
+	   _LT_AC_TAGVAR(predep_objects, $1)="$p"
+	 else
+	   _LT_AC_TAGVAR(predep_objects, $1)="$_LT_AC_TAGVAR(predep_objects, $1) $p"
+	 fi
+       else
+	 if test -z "$_LT_AC_TAGVAR(postdep_objects, $1)"; then
+	   _LT_AC_TAGVAR(postdep_objects, $1)="$p"
+	 else
+	   _LT_AC_TAGVAR(postdep_objects, $1)="$_LT_AC_TAGVAR(postdep_objects, $1) $p"
+	 fi
+       fi
+       ;;
+
+    *) ;; # Ignore the rest.
+
+    esac
+  done
+
+  # Clean up.
+  rm -f a.out a.exe
+else
+  echo "libtool.m4: error: problem compiling $1 test program"
+fi
+
+$rm -f confest.$objext
+
+# PORTME: override above test on systems where it is broken
+ifelse([$1],[CXX],
+[case $host_os in
+interix3*)
+  # Interix 3.5 installs completely hosed .la files for C++, so rather than
+  # hack all around it, let's just trust "g++" to DTRT.
+  _LT_AC_TAGVAR(predep_objects,$1)=
+  _LT_AC_TAGVAR(postdep_objects,$1)=
+  _LT_AC_TAGVAR(postdeps,$1)=
+  ;;
+
+solaris*)
+  case $cc_basename in
+  CC*)
+    # Adding this requires a known-good setup of shared libraries for
+    # Sun compiler versions before 5.6, else PIC objects from an old
+    # archive will be linked into the output, leading to subtle bugs.
+    _LT_AC_TAGVAR(postdeps,$1)='-lCstd -lCrun'
+    ;;
+  esac
+  ;;
+esac
+])
+
+case " $_LT_AC_TAGVAR(postdeps, $1) " in
+*" -lc "*) _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no ;;
+esac
+])# AC_LIBTOOL_POSTDEP_PREDEP
+
+# AC_LIBTOOL_LANG_F77_CONFIG
+# --------------------------
+# Ensure that the configuration vars for the C compiler are
+# suitably defined.  Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG], [_LT_AC_LANG_F77_CONFIG(F77)])
+AC_DEFUN([_LT_AC_LANG_F77_CONFIG],
+[AC_REQUIRE([AC_PROG_F77])
+AC_LANG_PUSH(Fortran 77)
+
+_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_AC_TAGVAR(allow_undefined_flag, $1)=
+_LT_AC_TAGVAR(always_export_symbols, $1)=no
+_LT_AC_TAGVAR(archive_expsym_cmds, $1)=
+_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_AC_TAGVAR(hardcode_direct, $1)=no
+_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_AC_TAGVAR(hardcode_minus_L, $1)=no
+_LT_AC_TAGVAR(hardcode_automatic, $1)=no
+_LT_AC_TAGVAR(module_cmds, $1)=
+_LT_AC_TAGVAR(module_expsym_cmds, $1)=
+_LT_AC_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_AC_TAGVAR(no_undefined_flag, $1)=
+_LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Source file extension for f77 test sources.
+ac_ext=f
+
+# Object file extension for compiled f77 test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="      subroutine t\n      return\n      end\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code="      program t\n      end\n"
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${F77-"f77"}
+compiler=$CC
+_LT_AC_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+
+AC_MSG_CHECKING([if libtool supports shared libraries])
+AC_MSG_RESULT([$can_build_shared])
+
+AC_MSG_CHECKING([whether to build shared libraries])
+test "$can_build_shared" = "no" && enable_shared=no
+
+# On AIX, shared libraries and static libraries use the same namespace, and
+# are all built from PIC.
+case $host_os in
+aix3*)
+  test "$enable_shared" = yes && enable_static=no
+  if test -n "$RANLIB"; then
+    archive_cmds="$archive_cmds~\$RANLIB \$lib"
+    postinstall_cmds='$RANLIB $lib'
+  fi
+  ;;
+aix4* | aix5*)
+  if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+    test "$enable_shared" = yes && enable_static=no
+  fi
+  ;;
+esac
+AC_MSG_RESULT([$enable_shared])
+
+AC_MSG_CHECKING([whether to build static libraries])
+# Make sure either enable_shared or enable_static is yes.
+test "$enable_shared" = yes || enable_static=yes
+AC_MSG_RESULT([$enable_static])
+
+_LT_AC_TAGVAR(GCC, $1)="$G77"
+_LT_AC_TAGVAR(LD, $1)="$LD"
+
+AC_LIBTOOL_PROG_COMPILER_PIC($1)
+AC_LIBTOOL_PROG_CC_C_O($1)
+AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
+AC_LIBTOOL_PROG_LD_SHLIBS($1)
+AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
+AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_POP
+CC="$lt_save_CC"
+])# AC_LIBTOOL_LANG_F77_CONFIG
+
+
+# AC_LIBTOOL_LANG_GCJ_CONFIG
+# --------------------------
+# Ensure that the configuration vars for the C compiler are
+# suitably defined.  Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG], [_LT_AC_LANG_GCJ_CONFIG(GCJ)])
+AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG],
+[AC_LANG_SAVE
+
+# Source file extension for Java test sources.
+ac_ext=java
+
+# Object file extension for compiled Java test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="class foo {}\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }\n'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${GCJ-"gcj"}
+compiler=$CC
+_LT_AC_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+
+# GCJ did not exist at the time GCC didn't implicitly link libc in.
+_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+
+_LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+
+AC_LIBTOOL_PROG_COMPILER_NO_RTTI($1)
+AC_LIBTOOL_PROG_COMPILER_PIC($1)
+AC_LIBTOOL_PROG_CC_C_O($1)
+AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1)
+AC_LIBTOOL_PROG_LD_SHLIBS($1)
+AC_LIBTOOL_SYS_DYNAMIC_LINKER($1)
+AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1)
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_RESTORE
+CC="$lt_save_CC"
+])# AC_LIBTOOL_LANG_GCJ_CONFIG
+
+
+# AC_LIBTOOL_LANG_RC_CONFIG
+# -------------------------
+# Ensure that the configuration vars for the Windows resource compiler are
+# suitably defined.  Those variables are subsequently used by
+# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'.
+AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG], [_LT_AC_LANG_RC_CONFIG(RC)])
+AC_DEFUN([_LT_AC_LANG_RC_CONFIG],
+[AC_LANG_SAVE
+
+# Source file extension for RC test sources.
+ac_ext=rc
+
+# Object file extension for compiled RC test sources.
+objext=o
+_LT_AC_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }\n'
+
+# Code to be used in simple link tests
+lt_simple_link_test_code="$lt_simple_compile_test_code"
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_AC_SYS_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${RC-"windres"}
+compiler=$CC
+_LT_AC_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
+
+AC_LIBTOOL_CONFIG($1)
+
+AC_LANG_RESTORE
+CC="$lt_save_CC"
+])# AC_LIBTOOL_LANG_RC_CONFIG
+
+
+# AC_LIBTOOL_CONFIG([TAGNAME])
+# ----------------------------
+# If TAGNAME is not passed, then create an initial libtool script
+# with a default configuration from the untagged config vars.  Otherwise
+# add code to config.status for appending the configuration named by
+# TAGNAME from the matching tagged config vars.
+AC_DEFUN([AC_LIBTOOL_CONFIG],
+[# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+  # See if we are running on zsh, and set the options which allow our commands through
+  # without removal of \ escapes.
+  if test -n "${ZSH_VERSION+set}" ; then
+    setopt NO_GLOB_SUBST
+  fi
+  # Now quote all the things that may contain metacharacters while being
+  # careful not to overquote the AC_SUBSTed values.  We take copies of the
+  # variables and quote the copies for generation of the libtool script.
+  for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \
+    SED SHELL STRIP \
+    libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+    old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+    deplibs_check_method reload_flag reload_cmds need_locks \
+    lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+    lt_cv_sys_global_symbol_to_c_name_address \
+    sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+    old_postinstall_cmds old_postuninstall_cmds \
+    _LT_AC_TAGVAR(compiler, $1) \
+    _LT_AC_TAGVAR(CC, $1) \
+    _LT_AC_TAGVAR(LD, $1) \
+    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1) \
+    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1) \
+    _LT_AC_TAGVAR(lt_prog_compiler_static, $1) \
+    _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) \
+    _LT_AC_TAGVAR(export_dynamic_flag_spec, $1) \
+    _LT_AC_TAGVAR(thread_safe_flag_spec, $1) \
+    _LT_AC_TAGVAR(whole_archive_flag_spec, $1) \
+    _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1) \
+    _LT_AC_TAGVAR(old_archive_cmds, $1) \
+    _LT_AC_TAGVAR(old_archive_from_new_cmds, $1) \
+    _LT_AC_TAGVAR(predep_objects, $1) \
+    _LT_AC_TAGVAR(postdep_objects, $1) \
+    _LT_AC_TAGVAR(predeps, $1) \
+    _LT_AC_TAGVAR(postdeps, $1) \
+    _LT_AC_TAGVAR(compiler_lib_search_path, $1) \
+    _LT_AC_TAGVAR(archive_cmds, $1) \
+    _LT_AC_TAGVAR(archive_expsym_cmds, $1) \
+    _LT_AC_TAGVAR(postinstall_cmds, $1) \
+    _LT_AC_TAGVAR(postuninstall_cmds, $1) \
+    _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1) \
+    _LT_AC_TAGVAR(allow_undefined_flag, $1) \
+    _LT_AC_TAGVAR(no_undefined_flag, $1) \
+    _LT_AC_TAGVAR(export_symbols_cmds, $1) \
+    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) \
+    _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1) \
+    _LT_AC_TAGVAR(hardcode_libdir_separator, $1) \
+    _LT_AC_TAGVAR(hardcode_automatic, $1) \
+    _LT_AC_TAGVAR(module_cmds, $1) \
+    _LT_AC_TAGVAR(module_expsym_cmds, $1) \
+    _LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1) \
+    _LT_AC_TAGVAR(exclude_expsyms, $1) \
+    _LT_AC_TAGVAR(include_expsyms, $1); do
+
+    case $var in
+    _LT_AC_TAGVAR(old_archive_cmds, $1) | \
+    _LT_AC_TAGVAR(old_archive_from_new_cmds, $1) | \
+    _LT_AC_TAGVAR(archive_cmds, $1) | \
+    _LT_AC_TAGVAR(archive_expsym_cmds, $1) | \
+    _LT_AC_TAGVAR(module_cmds, $1) | \
+    _LT_AC_TAGVAR(module_expsym_cmds, $1) | \
+    _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1) | \
+    _LT_AC_TAGVAR(export_symbols_cmds, $1) | \
+    extract_expsyms_cmds | reload_cmds | finish_cmds | \
+    postinstall_cmds | postuninstall_cmds | \
+    old_postinstall_cmds | old_postuninstall_cmds | \
+    sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+      # Double-quote double-evaled strings.
+      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+      ;;
+    *)
+      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+      ;;
+    esac
+  done
+
+  case $lt_echo in
+  *'\[$]0 --fallback-echo"')
+    lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\[$]0 --fallback-echo"[$]/[$]0 --fallback-echo"/'`
+    ;;
+  esac
+
+ifelse([$1], [],
+  [cfgfile="${ofile}T"
+  trap "$rm \"$cfgfile\"; exit 1" 1 2 15
+  $rm -f "$cfgfile"
+  AC_MSG_NOTICE([creating $ofile])],
+  [cfgfile="$ofile"])
+
+  cat <<__EOF__ >> "$cfgfile"
+ifelse([$1], [],
+[#! $SHELL
+
+# `$echo "$cfgfile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
+# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+#
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001
+# Free Software Foundation, Inc.
+#
+# This file is part of GNU Libtool:
+# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# A sed program that does not truncate output.
+SED=$lt_SED
+
+# Sed that helps us avoid accidentally triggering echo(1) options like -n.
+Xsed="$SED -e 1s/^X//"
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+# The names of the tagged configurations supported by this script.
+available_tags=
+
+# ### BEGIN LIBTOOL CONFIG],
+[# ### BEGIN LIBTOOL TAG CONFIG: $tagname])
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_LTCFLAGS
+
+# A language-specific compiler.
+CC=$lt_[]_LT_AC_TAGVAR(compiler, $1)
+
+# Is the compiler the GNU C compiler?
+with_gcc=$_LT_AC_TAGVAR(GCC, $1)
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_[]_LT_AC_TAGVAR(LD, $1)
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_[]_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_static, $1)
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_[]_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_[]_LT_AC_TAGVAR(whole_archive_flag_spec, $1)
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_[]_LT_AC_TAGVAR(thread_safe_flag_spec, $1)
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names.  First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_cmds, $1)
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_from_new_cmds, $1)
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1)
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_[]_LT_AC_TAGVAR(archive_cmds, $1)
+archive_expsym_cmds=$lt_[]_LT_AC_TAGVAR(archive_expsym_cmds, $1)
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_[]_LT_AC_TAGVAR(module_cmds, $1)
+module_expsym_cmds=$lt_[]_LT_AC_TAGVAR(module_expsym_cmds, $1)
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_[]_LT_AC_TAGVAR(predep_objects, $1)
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_[]_LT_AC_TAGVAR(postdep_objects, $1)
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_[]_LT_AC_TAGVAR(predeps, $1)
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_[]_LT_AC_TAGVAR(postdeps, $1)
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1)
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_[]_LT_AC_TAGVAR(allow_undefined_flag, $1)
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_[]_LT_AC_TAGVAR(no_undefined_flag, $1)
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$_LT_AC_TAGVAR(hardcode_action, $1)
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_separator, $1)
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$_LT_AC_TAGVAR(hardcode_direct, $1)
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$_LT_AC_TAGVAR(hardcode_minus_L, $1)
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$_LT_AC_TAGVAR(hardcode_automatic, $1)
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$_LT_AC_TAGVAR(link_all_deplibs, $1)
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$_LT_AC_TAGVAR(fix_srcfile_path, $1)"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$_LT_AC_TAGVAR(always_export_symbols, $1)
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_[]_LT_AC_TAGVAR(export_symbols_cmds, $1)
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_[]_LT_AC_TAGVAR(exclude_expsyms, $1)
+
+# Symbols that must always be exported.
+include_expsyms=$lt_[]_LT_AC_TAGVAR(include_expsyms, $1)
+
+ifelse([$1],[],
+[# ### END LIBTOOL CONFIG],
+[# ### END LIBTOOL TAG CONFIG: $tagname])
+
+__EOF__
+
+ifelse([$1],[], [
+  case $host_os in
+  aix3*)
+    cat <<\EOF >> "$cfgfile"
+
+# AIX sometimes has problems with the GCC collect2 program.  For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test "X${COLLECT_NAMES+set}" != Xset; then
+  COLLECT_NAMES=
+  export COLLECT_NAMES
+fi
+EOF
+    ;;
+  esac
+
+  # We use sed instead of cat because bash on DJGPP gets confused if
+  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
+  # text mode, it properly converts lines to CR/LF.  This bash problem
+  # is reportedly fixed, but why not run on old versions too?
+  sed '$q' "$ltmain" >> "$cfgfile" || (rm -f "$cfgfile"; exit 1)
+
+  mv -f "$cfgfile" "$ofile" || \
+    (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+  chmod +x "$ofile"
+])
+else
+  # If there is no Makefile yet, we rely on a make rule to execute
+  # `config.status --recheck' to rerun these tests and create the
+  # libtool script then.
+  ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+  if test -f "$ltmain_in"; then
+    test -f Makefile && make "$ltmain"
+  fi
+fi
+])# AC_LIBTOOL_CONFIG
+
+
+# AC_LIBTOOL_PROG_COMPILER_NO_RTTI([TAGNAME])
+# -------------------------------------------
+AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI],
+[AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl
+
+_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
+
+if test "$GCC" = yes; then
+  _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
+
+  AC_LIBTOOL_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
+    lt_cv_prog_compiler_rtti_exceptions,
+    [-fno-rtti -fno-exceptions], [],
+    [_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"])
+fi
+])# AC_LIBTOOL_PROG_COMPILER_NO_RTTI
+
+
+# AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE
+# ---------------------------------
+AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE],
+[AC_REQUIRE([AC_CANONICAL_HOST])
+AC_REQUIRE([AC_PROG_NM])
+AC_REQUIRE([AC_OBJEXT])
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+AC_MSG_CHECKING([command to parse $NM output from $compiler object])
+AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe],
+[
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[[BCDEGRST]]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
+
+# Transform an extracted symbol line into a proper C declaration
+lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern int \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/  {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode \([[^ ]]*\) \([[^ ]]*\)$/  {\"\2\", (lt_ptr) \&\2},/p'"
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+  symcode='[[BCDT]]'
+  ;;
+cygwin* | mingw* | pw32*)
+  symcode='[[ABCDGISTW]]'
+  ;;
+hpux*) # Its linker distinguishes data from code symbols
+  if test "$host_cpu" = ia64; then
+    symcode='[[ABCDEGRST]]'
+  fi
+  lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+  lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/  {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/  {\"\2\", (lt_ptr) \&\2},/p'"
+  ;;
+linux*)
+  if test "$host_cpu" = ia64; then
+    symcode='[[ABCDGIRSTW]]'
+    lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+    lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/  {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/  {\"\2\", (lt_ptr) \&\2},/p'"
+  fi
+  ;;
+irix* | nonstopux*)
+  symcode='[[BCDEGRST]]'
+  ;;
+osf*)
+  symcode='[[BCDEGQRST]]'
+  ;;
+solaris*)
+  symcode='[[BDRT]]'
+  ;;
+sco3.2v5*)
+  symcode='[[DT]]'
+  ;;
+sysv4.2uw2*)
+  symcode='[[DT]]'
+  ;;
+sysv5* | sco5v6* | unixware* | OpenUNIX*)
+  symcode='[[ABDT]]'
+  ;;
+sysv4)
+  symcode='[[DFNSTU]]'
+  ;;
+esac
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+  opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+  ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+  symcode='[[ABCDGIRSTW]]' ;;
+esac
+
+# Try without a prefix undercore, then with it.
+for ac_symprfx in "" "_"; do
+
+  # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+  symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+  # Write the raw and C identifiers.
+  lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ 	]]\($symcode$symcode*\)[[ 	]][[ 	]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+
+  # Check to see that the pipe works correctly.
+  pipe_works=no
+
+  rm -f conftest*
+  cat > conftest.$ac_ext <<EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+EOF
+
+  if AC_TRY_EVAL(ac_compile); then
+    # Now try to grab the symbols.
+    nlist=conftest.nm
+    if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) && test -s "$nlist"; then
+      # Try sorting and uniquifying the output.
+      if sort "$nlist" | uniq > "$nlist"T; then
+	mv -f "$nlist"T "$nlist"
+      else
+	rm -f "$nlist"T
+      fi
+
+      # Make sure that we snagged all the symbols we need.
+      if grep ' nm_test_var$' "$nlist" >/dev/null; then
+	if grep ' nm_test_func$' "$nlist" >/dev/null; then
+	  cat <<EOF > conftest.$ac_ext
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+EOF
+	  # Now generate the symbol file.
+	  eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | grep -v main >> conftest.$ac_ext'
+
+	  cat <<EOF >> conftest.$ac_ext
+#if defined (__STDC__) && __STDC__
+# define lt_ptr_t void *
+#else
+# define lt_ptr_t char *
+# define const
+#endif
+
+/* The mapping between symbol names and symbols. */
+const struct {
+  const char *name;
+  lt_ptr_t address;
+}
+lt_preloaded_symbols[[]] =
+{
+EOF
+	  $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/  {\"\2\", (lt_ptr_t) \&\2},/" < "$nlist" | grep -v main >> conftest.$ac_ext
+	  cat <<\EOF >> conftest.$ac_ext
+  {0, (lt_ptr_t) 0}
+};
+
+#ifdef __cplusplus
+}
+#endif
+EOF
+	  # Now try linking the two files.
+	  mv conftest.$ac_objext conftstm.$ac_objext
+	  lt_save_LIBS="$LIBS"
+	  lt_save_CFLAGS="$CFLAGS"
+	  LIBS="conftstm.$ac_objext"
+	  CFLAGS="$CFLAGS$_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
+	  if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then
+	    pipe_works=yes
+	  fi
+	  LIBS="$lt_save_LIBS"
+	  CFLAGS="$lt_save_CFLAGS"
+	else
+	  echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
+	fi
+      else
+	echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD
+      fi
+    else
+      echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
+    fi
+  else
+    echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
+    cat conftest.$ac_ext >&5
+  fi
+  rm -f conftest* conftst*
+
+  # Do not use the global_symbol_pipe unless it works.
+  if test "$pipe_works" = yes; then
+    break
+  else
+    lt_cv_sys_global_symbol_pipe=
+  fi
+done
+])
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+  lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+  AC_MSG_RESULT(failed)
+else
+  AC_MSG_RESULT(ok)
+fi
+]) # AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE
+
+
+# AC_LIBTOOL_PROG_COMPILER_PIC([TAGNAME])
+# ---------------------------------------
+AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC],
+[_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)=
+_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+_LT_AC_TAGVAR(lt_prog_compiler_static, $1)=
+
+AC_MSG_CHECKING([for $compiler option to produce PIC])
+ ifelse([$1],[CXX],[
+  # C++ specific cases for pic, static, wl, etc.
+  if test "$GXX" = yes; then
+    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
+
+    case $host_os in
+    aix*)
+      # All AIX code is PIC.
+      if test "$host_cpu" = ia64; then
+	# AIX 5 now supports IA64 processor
+	_LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      fi
+      ;;
+    amigaos*)
+      # FIXME: we need at least 68020 code to build shared libraries, but
+      # adding the `-m68020' flag to GCC prevents building anything better,
+      # like `-m68040'.
+      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
+      ;;
+    beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+      # PIC is the default for these OSes.
+      ;;
+    mingw* | os2* | pw32*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'
+      ;;
+    darwin* | rhapsody*)
+      # PIC is the default on this platform
+      # Common symbols not allowed in MH_DYLIB files
+      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+      ;;
+    *djgpp*)
+      # DJGPP does not support shared libraries at all
+      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+      ;;
+    interix3*)
+      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+      # Instead, we relocate shared libraries at runtime.
+      ;;
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
+      fi
+      ;;
+    hpux*)
+      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+      # not for PA HP-UX.
+      case $host_cpu in
+      hppa*64*|ia64*)
+	;;
+      *)
+	_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+	;;
+      esac
+      ;;
+    *)
+      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+      ;;
+    esac
+  else
+    case $host_os in
+      aix4* | aix5*)
+	# All AIX code is PIC.
+	if test "$host_cpu" = ia64; then
+	  # AIX 5 now supports IA64 processor
+	  _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	else
+	  _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
+	fi
+	;;
+      chorus*)
+	case $cc_basename in
+	cxch68*)
+	  # Green Hills C++ Compiler
+	  # _LT_AC_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
+	  ;;
+	esac
+	;;
+       darwin*)
+         # PIC is the default on this platform
+         # Common symbols not allowed in MH_DYLIB files
+         case $cc_basename in
+           xlc*)
+           _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-qnocommon'
+           _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+           ;;
+         esac
+       ;;
+      dgux*)
+	case $cc_basename in
+	  ec++*)
+	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	    ;;
+	  ghcx*)
+	    # Green Hills C++ Compiler
+	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      freebsd* | kfreebsd*-gnu | dragonfly*)
+	# FreeBSD uses GNU C++
+	;;
+      hpux9* | hpux10* | hpux11*)
+	case $cc_basename in
+	  CC*)
+	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+	    if test "$host_cpu" != ia64; then
+	      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+	    fi
+	    ;;
+	  aCC*)
+	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+	    case $host_cpu in
+	    hppa*64*|ia64*)
+	      # +Z the default
+	      ;;
+	    *)
+	      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+	      ;;
+	    esac
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      interix*)
+	# This is c89, which is MS Visual C++ (no shared libs)
+	# Anyone wants to do a port?
+	;;
+      irix5* | irix6* | nonstopux*)
+	case $cc_basename in
+	  CC*)
+	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+	    # CC pic flag -KPIC is the default.
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      linux*)
+	case $cc_basename in
+	  KCC*)
+	    # KAI C++ Compiler
+	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
+	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+	    ;;
+	  icpc* | ecpc*)
+	    # Intel C++
+	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
+	    ;;
+	  pgCC*)
+	    # Portland Group C++ compiler.
+	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	    ;;
+	  cxx*)
+	    # Compaq C++
+	    # Make sure the PIC flag is empty.  It appears that all Alpha
+	    # Linux and Compaq Tru64 Unix objects are PIC.
+	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      lynxos*)
+	;;
+      m88k*)
+	;;
+      mvs*)
+	case $cc_basename in
+	  cxx*)
+	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      netbsd*)
+	;;
+      osf3* | osf4* | osf5*)
+	case $cc_basename in
+	  KCC*)
+	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
+	    ;;
+	  RCC*)
+	    # Rational C++ 2.4.1
+	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+	    ;;
+	  cxx*)
+	    # Digital/Compaq C++
+	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    # Make sure the PIC flag is empty.  It appears that all Alpha
+	    # Linux and Compaq Tru64 Unix objects are PIC.
+	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      psos*)
+	;;
+      solaris*)
+	case $cc_basename in
+	  CC*)
+	    # Sun C++ 4.2, 5.x and Centerline C++
+	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+	    ;;
+	  gcx*)
+	    # Green Hills C++ Compiler
+	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      sunos4*)
+	case $cc_basename in
+	  CC*)
+	    # Sun C++ 4.x
+	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	    ;;
+	  lcc*)
+	    # Lucid
+	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      tandem*)
+	case $cc_basename in
+	  NCC*)
+	    # NonStop-UX NCC 3.20
+	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+	case $cc_basename in
+	  CC*)
+	    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	    ;;
+	esac
+	;;
+      vxworks*)
+	;;
+      *)
+	_LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+	;;
+    esac
+  fi
+],
+[
+  if test "$GCC" = yes; then
+    _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+    _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
+
+    case $host_os in
+      aix*)
+      # All AIX code is PIC.
+      if test "$host_cpu" = ia64; then
+	# AIX 5 now supports IA64 processor
+	_LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      fi
+      ;;
+
+    amigaos*)
+      # FIXME: we need at least 68020 code to build shared libraries, but
+      # adding the `-m68020' flag to GCC prevents building anything better,
+      # like `-m68040'.
+      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
+      ;;
+
+    beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+      # PIC is the default for these OSes.
+      ;;
+
+    mingw* | pw32* | os2*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'
+      ;;
+
+    darwin* | rhapsody*)
+      # PIC is the default on this platform
+      # Common symbols not allowed in MH_DYLIB files
+      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+      ;;
+
+    interix3*)
+      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+      # Instead, we relocate shared libraries at runtime.
+      ;;
+
+    msdosdjgpp*)
+      # Just because we use GCC doesn't mean we suddenly get shared libraries
+      # on systems that don't support them.
+      _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+      enable_shared=no
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
+      fi
+      ;;
+
+    hpux*)
+      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+      # not for PA HP-UX.
+      case $host_cpu in
+      hppa*64*|ia64*)
+	# +Z the default
+	;;
+      *)
+	_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+	;;
+      esac
+      ;;
+
+    *)
+      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+      ;;
+    esac
+  else
+    # PORTME Check for flag to pass linker flags through the system compiler.
+    case $host_os in
+    aix*)
+      _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      if test "$host_cpu" = ia64; then
+	# AIX 5 now supports IA64 processor
+	_LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      else
+	_LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
+      fi
+      ;;
+      darwin*)
+        # PIC is the default on this platform
+        # Common symbols not allowed in MH_DYLIB files
+       case $cc_basename in
+         xlc*)
+         _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-qnocommon'
+         _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+         ;;
+       esac
+       ;;
+
+    mingw* | pw32* | os2*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'
+      ;;
+
+    hpux9* | hpux10* | hpux11*)
+      _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+      # not for PA HP-UX.
+      case $host_cpu in
+      hppa*64*|ia64*)
+	# +Z the default
+	;;
+      *)
+	_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+	;;
+      esac
+      # Is there a better lt_prog_compiler_static that works with the bundled CC?
+      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+      ;;
+
+    irix5* | irix6* | nonstopux*)
+      _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      # PIC (with -KPIC) is the default.
+      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+      ;;
+
+    newsos6)
+      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      ;;
+
+    linux*)
+      case $cc_basename in
+      icc* | ecc*)
+	_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	_LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static'
+        ;;
+      pgcc* | pgf77* | pgf90* | pgf95*)
+        # Portland Group compilers (*not* the Pentium gcc compiler,
+	# which looks to be a dead project)
+	_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+	_LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+        ;;
+      ccc*)
+        _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+        # All Alpha code is PIC.
+        _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+        ;;
+      esac
+      ;;
+
+    osf3* | osf4* | osf5*)
+      _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      # All OSF/1 code is PIC.
+      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+      ;;
+
+    solaris*)
+      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      case $cc_basename in
+      f77* | f90* | f95*)
+	_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
+      *)
+	_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
+      esac
+      ;;
+
+    sunos4*)
+      _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      ;;
+
+    sysv4 | sysv4.2uw2* | sysv4.3*)
+      _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec ;then
+	_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
+	_LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      fi
+      ;;
+
+    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+      _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      ;;
+
+    unicos*)
+      _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+      ;;
+
+    uts4*)
+      _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+      _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      ;;
+
+    *)
+      _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+      ;;
+    esac
+  fi
+])
+AC_MSG_RESULT([$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)])
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)"; then
+  AC_LIBTOOL_COMPILER_OPTION([if $compiler PIC flag $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) works],
+    _LT_AC_TAGVAR(lt_prog_compiler_pic_works, $1),
+    [$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)ifelse([$1],[],[ -DPIC],[ifelse([$1],[CXX],[ -DPIC],[])])], [],
+    [case $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) in
+     "" | " "*) ;;
+     *) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)" ;;
+     esac],
+    [_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+     _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
+fi
+case $host_os in
+  # For platforms which do not support PIC, -DPIC is meaningless:
+  *djgpp*)
+    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=
+    ;;
+  *)
+    _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)ifelse([$1],[],[ -DPIC],[ifelse([$1],[CXX],[ -DPIC],[])])"
+    ;;
+esac
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$_LT_AC_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_AC_TAGVAR(lt_prog_compiler_static, $1)\"
+AC_LIBTOOL_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works],
+  _LT_AC_TAGVAR(lt_prog_compiler_static_works, $1),
+  $lt_tmp_static_flag,
+  [],
+  [_LT_AC_TAGVAR(lt_prog_compiler_static, $1)=])
+])
+
+
+# AC_LIBTOOL_PROG_LD_SHLIBS([TAGNAME])
+# ------------------------------------
+# See if the linker supports building shared libraries.
+AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS],
+[AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
+ifelse([$1],[CXX],[
+  _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+  case $host_os in
+  aix4* | aix5*)
+    # If we're using GNU nm, then we don't want the "-C" option.
+    # -C means demangle to AIX nm, but means don't demangle with GNU nm
+    if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+      _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
+    else
+      _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
+    fi
+    ;;
+  pw32*)
+    _LT_AC_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds"
+  ;;
+  cygwin* | mingw*)
+    _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]] /s/.* \([[^ ]]*\)/\1 DATA/;/^.* __nm__/s/^.* __nm__\([[^ ]]*\) [[^ ]]*/\1 DATA/;/^I /d;/^[[AITW]] /s/.* //'\'' | sort | uniq > $export_symbols'
+  ;;
+  *)
+    _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+  ;;
+  esac
+],[
+  runpath_var=
+  _LT_AC_TAGVAR(allow_undefined_flag, $1)=
+  _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+  _LT_AC_TAGVAR(archive_cmds, $1)=
+  _LT_AC_TAGVAR(archive_expsym_cmds, $1)=
+  _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)=
+  _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1)=
+  _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
+  _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+  _LT_AC_TAGVAR(thread_safe_flag_spec, $1)=
+  _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
+  _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+  _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+  _LT_AC_TAGVAR(hardcode_direct, $1)=no
+  _LT_AC_TAGVAR(hardcode_minus_L, $1)=no
+  _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+  _LT_AC_TAGVAR(link_all_deplibs, $1)=unknown
+  _LT_AC_TAGVAR(hardcode_automatic, $1)=no
+  _LT_AC_TAGVAR(module_cmds, $1)=
+  _LT_AC_TAGVAR(module_expsym_cmds, $1)=
+  _LT_AC_TAGVAR(always_export_symbols, $1)=no
+  _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+  # include_expsyms should be a list of space-separated symbols to be *always*
+  # included in the symbol list
+  _LT_AC_TAGVAR(include_expsyms, $1)=
+  # exclude_expsyms can be an extended regexp of symbols to exclude
+  # it will be wrapped by ` (' and `)$', so one must not match beginning or
+  # end of line.  Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+  # as well as any symbol that contains `d'.
+  _LT_AC_TAGVAR(exclude_expsyms, $1)="_GLOBAL_OFFSET_TABLE_"
+  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+  # platforms (ab)use it in PIC code, but their linkers get confused if
+  # the symbol is explicitly referenced.  Since portable code cannot
+  # rely on this symbol name, it's probably fine to never include it in
+  # preloaded symbol tables.
+  extract_expsyms_cmds=
+  # Just being paranoid about ensuring that cc_basename is set.
+  _LT_CC_BASENAME([$compiler])
+  case $host_os in
+  cygwin* | mingw* | pw32*)
+    # FIXME: the MSVC++ port hasn't been tested in a loooong time
+    # When not using gcc, we currently assume that we are using
+    # Microsoft Visual C++.
+    if test "$GCC" != yes; then
+      with_gnu_ld=no
+    fi
+    ;;
+  interix*)
+    # we just hope/assume this is gcc and not c89 (= MSVC++)
+    with_gnu_ld=yes
+    ;;
+  openbsd*)
+    with_gnu_ld=no
+    ;;
+  esac
+
+  _LT_AC_TAGVAR(ld_shlibs, $1)=yes
+  if test "$with_gnu_ld" = yes; then
+    # If archive_cmds runs LD, not CC, wlarc should be empty
+    wlarc='${wl}'
+
+    # Set some defaults for GNU ld with shared library support. These
+    # are reset later if shared libraries are not supported. Putting them
+    # here allows them to be overridden if necessary.
+    runpath_var=LD_RUN_PATH
+    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
+    _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+    # ancient GNU ld didn't support --whole-archive et. al.
+    if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then
+	_LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+      else
+  	_LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+    fi
+    supports_anon_versioning=no
+    case `$LD -v 2>/dev/null` in
+      *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
+      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+      *\ 2.11.*) ;; # other 2.11 versions
+      *) supports_anon_versioning=yes ;;
+    esac
+
+    # See if GNU ld supports shared libraries.
+    case $host_os in
+    aix3* | aix4* | aix5*)
+      # On AIX/PPC, the GNU linker is very broken
+      if test "$host_cpu" != ia64; then
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+	cat <<EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support.  If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+EOF
+      fi
+      ;;
+
+    amigaos*)
+      _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+      _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+
+      # Samuel A. Falvo II <kc5tja@dolphin.openprojects.net> reports
+      # that the semantics of dynamic libraries on AmigaOS, at least up
+      # to version 4, is to share data among multiple programs linked
+      # with the same dynamic library.  Since this doesn't match the
+      # behavior of shared libraries on other platforms, we can't use
+      # them.
+      _LT_AC_TAGVAR(ld_shlibs, $1)=no
+      ;;
+
+    beos*)
+      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	_LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+	# support --undefined.  This deserves some investigation.  FIXME
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+      else
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+      fi
+      ;;
+
+    cygwin* | mingw* | pw32*)
+      # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
+      # as there is no search path for DLLs.
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+      _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+      _LT_AC_TAGVAR(always_export_symbols, $1)=no
+      _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+      _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]] /s/.* \([[^ ]]*\)/\1 DATA/'\'' | $SED -e '\''/^[[AITW]] /s/.* //'\'' | sort | uniq > $export_symbols'
+
+      if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+        _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+	# If the export-symbols file already is a .def file (1st line
+	# is EXPORTS), use it as is; otherwise, prepend...
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+	  cp $export_symbols $output_objdir/$soname.def;
+	else
+	  echo EXPORTS > $output_objdir/$soname.def;
+	  cat $export_symbols >> $output_objdir/$soname.def;
+	fi~
+	$CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+      else
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+      fi
+      ;;
+
+    interix3*)
+      _LT_AC_TAGVAR(hardcode_direct, $1)=no
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+      _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+      # Instead, shared libraries are loaded at an image base (0x10000000 by
+      # default) and relocated if they conflict, which is a slow very memory
+      # consuming and fragmenting process.  To avoid this, we pick a random,
+      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
+      _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      ;;
+
+    linux*)
+      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	tmp_addflag=
+	case $cc_basename,$host_cpu in
+	pgcc*)				# Portland Group C compiler
+	  _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+	  tmp_addflag=' $pic_flag'
+	  ;;
+	pgf77* | pgf90* | pgf95*)	# Portland Group f77 and f90 compilers
+	  _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+	  tmp_addflag=' $pic_flag -Mnomain' ;;
+	ecc*,ia64* | icc*,ia64*)		# Intel C compiler on ia64
+	  tmp_addflag=' -i_dynamic' ;;
+	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
+	  tmp_addflag=' -i_dynamic -nofor_main' ;;
+	ifc* | ifort*)			# Intel Fortran compiler
+	  tmp_addflag=' -nofor_main' ;;
+	esac
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+	if test $supports_anon_versioning = yes; then
+	  _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $output_objdir/$libname.ver~
+  cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+  $echo "local: *; };" >> $output_objdir/$libname.ver~
+	  $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+	fi
+      else
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+      fi
+      ;;
+
+    netbsd*)
+      if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+	wlarc=
+      else
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      fi
+      ;;
+
+    solaris*)
+      if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+	cat <<EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems.  Therefore, libtool
+*** is disabling shared libraries support.  We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer.  Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+EOF
+      elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      else
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+      fi
+      ;;
+
+    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+      case `$LD -v 2>&1` in
+        *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) 
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+	cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** reliably create shared libraries on SCO systems.  Therefore, libtool
+*** is disabling shared libraries support.  We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+	;;
+	*)
+	  if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	    _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
+	    _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib'
+	    _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib'
+	  else
+	    _LT_AC_TAGVAR(ld_shlibs, $1)=no
+	  fi
+	;;
+      esac
+      ;;
+
+    sunos4*)
+      _LT_AC_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+      wlarc=
+      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    *)
+      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      else
+	_LT_AC_TAGVAR(ld_shlibs, $1)=no
+      fi
+      ;;
+    esac
+
+    if test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no; then
+      runpath_var=
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=
+      _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=
+      _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=
+    fi
+  else
+    # PORTME fill in a description of your system's linker (not GNU ld)
+    case $host_os in
+    aix3*)
+      _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+      _LT_AC_TAGVAR(always_export_symbols, $1)=yes
+      _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+      # Note: this linker hardcodes the directories in LIBPATH if there
+      # are no directories specified by -L.
+      _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+      if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+	# Neither direct hardcoding nor static linking is supported with a
+	# broken collect2.
+	_LT_AC_TAGVAR(hardcode_direct, $1)=unsupported
+      fi
+      ;;
+
+    aix4* | aix5*)
+      if test "$host_cpu" = ia64; then
+	# On IA64, the linker does run time linking by default, so we don't
+	# have to do anything special.
+	aix_use_runtimelinking=no
+	exp_sym_flag='-Bexport'
+	no_entry_flag=""
+      else
+	# If we're using GNU nm, then we don't want the "-C" option.
+	# -C means demangle to AIX nm, but means don't demangle with GNU nm
+	if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+	  _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
+	else
+	  _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols'
+	fi
+	aix_use_runtimelinking=no
+
+	# Test if we are trying to use run time linking or normal
+	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
+	# need to do runtime linking.
+	case $host_os in aix4.[[23]]|aix4.[[23]].*|aix5*)
+	  for ld_flag in $LDFLAGS; do
+  	  if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+  	    aix_use_runtimelinking=yes
+  	    break
+  	  fi
+	  done
+	  ;;
+	esac
+
+	exp_sym_flag='-bexport'
+	no_entry_flag='-bnoentry'
+      fi
+
+      # When large executables or shared objects are built, AIX ld can
+      # have problems creating the table of contents.  If linking a library
+      # or program results in "error TOC overflow" add -mminimal-toc to
+      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
+      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+      _LT_AC_TAGVAR(archive_cmds, $1)=''
+      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+      _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':'
+      _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+
+      if test "$GCC" = yes; then
+	case $host_os in aix4.[[012]]|aix4.[[012]].*)
+	# We only want to do this on AIX 4.2 and lower, the check
+	# below for broken collect2 doesn't work under 4.3+
+	  collect2name=`${CC} -print-prog-name=collect2`
+	  if test -f "$collect2name" && \
+  	   strings "$collect2name" | grep resolve_lib_name >/dev/null
+	  then
+  	  # We have reworked collect2
+  	  _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+	  else
+  	  # We have old collect2
+  	  _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported
+  	  # It fails to find uninstalled libraries when the uninstalled
+  	  # path is not listed in the libpath.  Setting hardcode_minus_L
+  	  # to unsupported forces relinking
+  	  _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+  	  _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+  	  _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=
+	  fi
+	  ;;
+	esac
+	shared_flag='-shared'
+	if test "$aix_use_runtimelinking" = yes; then
+	  shared_flag="$shared_flag "'${wl}-G'
+	fi
+      else
+	# not using gcc
+	if test "$host_cpu" = ia64; then
+  	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+  	# chokes on -Wl,-G. The following line is correct:
+	  shared_flag='-G'
+	else
+	  if test "$aix_use_runtimelinking" = yes; then
+	    shared_flag='${wl}-G'
+	  else
+	    shared_flag='${wl}-bM:SRE'
+	  fi
+	fi
+      fi
+
+      # It seems that -bexpall does not export symbols beginning with
+      # underscore (_), so it is better to generate a list of symbols to export.
+      _LT_AC_TAGVAR(always_export_symbols, $1)=yes
+      if test "$aix_use_runtimelinking" = yes; then
+	# Warning - without using the other runtime loading flags (-brtl),
+	# -berok will link without error, but may produce a broken library.
+	_LT_AC_TAGVAR(allow_undefined_flag, $1)='-berok'
+       # Determine the default libpath from the value encoded in an empty executable.
+       _LT_AC_SYS_LIBPATH_AIX
+       _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+       else
+	if test "$host_cpu" = ia64; then
+	  _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
+	  _LT_AC_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
+	  _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+	else
+	 # Determine the default libpath from the value encoded in an empty executable.
+	 _LT_AC_SYS_LIBPATH_AIX
+	 _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+	  # Warning - without using the other run time loading flags,
+	  # -berok will link without error, but may produce a broken library.
+	  _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
+	  _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
+	  # Exported symbols can be pulled into shared objects from archives
+	  _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
+	  _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
+	  # This is similar to how AIX traditionally builds its shared libraries.
+	  _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+	fi
+      fi
+      ;;
+
+    amigaos*)
+      _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+      _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+      # see comment about different semantics on the GNU ld section
+      _LT_AC_TAGVAR(ld_shlibs, $1)=no
+      ;;
+
+    bsdi[[45]]*)
+      _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
+      ;;
+
+    cygwin* | mingw* | pw32*)
+      # When not using gcc, we currently assume that we are using
+      # Microsoft Visual C++.
+      # hardcode_libdir_flag_spec is actually meaningless, as there is
+      # no search path for DLLs.
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
+      _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+      # Tell ltmain to make .lib files, not .a files.
+      libext=lib
+      # Tell ltmain to make .dll files, not .so files.
+      shrext_cmds=".dll"
+      # FIXME: Setting linknames here is a bad hack.
+      _LT_AC_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames='
+      # The linker will automatically build a .lib file if we build a DLL.
+      _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)='true'
+      # FIXME: Should let the user specify the lib program.
+      _LT_AC_TAGVAR(old_archive_cmds, $1)='lib /OUT:$oldlib$oldobjs$old_deplibs'
+      _LT_AC_TAGVAR(fix_srcfile_path, $1)='`cygpath -w "$srcfile"`'
+      _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+      ;;
+
+    darwin* | rhapsody*)
+      case $host_os in
+        rhapsody* | darwin1.[[012]])
+         _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}suppress'
+         ;;
+       *) # Darwin 1.3 on
+         if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+           _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+         else
+           case ${MACOSX_DEPLOYMENT_TARGET} in
+             10.[[012]])
+               _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+               ;;
+             10.*)
+               _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}dynamic_lookup'
+               ;;
+           esac
+         fi
+         ;;
+      esac
+      _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+      _LT_AC_TAGVAR(hardcode_direct, $1)=no
+      _LT_AC_TAGVAR(hardcode_automatic, $1)=yes
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+      _LT_AC_TAGVAR(whole_archive_flag_spec, $1)=''
+      _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+    if test "$GCC" = yes ; then
+    	output_verbose_link_cmd='echo'
+        _LT_AC_TAGVAR(archive_cmds, $1)='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+      _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+      # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+      _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+      _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+    else
+      case $cc_basename in
+        xlc*)
+         output_verbose_link_cmd='echo'
+         _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+         _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+          # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+         _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+          _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+          ;;
+       *)
+         _LT_AC_TAGVAR(ld_shlibs, $1)=no
+          ;;
+      esac
+    fi
+      ;;
+
+    dgux*)
+      _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    freebsd1*)
+      _LT_AC_TAGVAR(ld_shlibs, $1)=no
+      ;;
+
+    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+    # support.  Future versions do this automatically, but an explicit c++rt0.o
+    # does not break anything, and helps significantly (at the cost of a little
+    # extra space).
+    freebsd2.2*)
+      _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+    freebsd2*)
+      _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+      _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+    freebsd* | kfreebsd*-gnu | dragonfly*)
+      _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    hpux9*)
+      if test "$GCC" = yes; then
+	_LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+      else
+	_LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+      fi
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+      _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+
+      # hardcode_minus_L: Not really in the search PATH,
+      # but as the default location of the library.
+      _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+      _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+      ;;
+
+    hpux10*)
+      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+      fi
+      if test "$with_gnu_ld" = no; then
+	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+	_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+	_LT_AC_TAGVAR(hardcode_direct, $1)=yes
+	_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+
+	# hardcode_minus_L: Not really in the search PATH,
+	# but as the default location of the library.
+	_LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+      fi
+      ;;
+
+    hpux11*)
+      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+	case $host_cpu in
+	hppa*64*)
+	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	ia64*)
+	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	esac
+      else
+	case $host_cpu in
+	hppa*64*)
+	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	ia64*)
+	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	esac
+      fi
+      if test "$with_gnu_ld" = no; then
+	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+	_LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+
+	case $host_cpu in
+	hppa*64*|ia64*)
+	  _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
+	  _LT_AC_TAGVAR(hardcode_direct, $1)=no
+	  _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+	  ;;
+	*)
+	  _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+	  _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+
+	  # hardcode_minus_L: Not really in the search PATH,
+	  # but as the default location of the library.
+	  _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+	  ;;
+	esac
+      fi
+      ;;
+
+    irix5* | irix6* | nonstopux*)
+      if test "$GCC" = yes; then
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+      else
+	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+	_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir'
+      fi
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+      _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+      _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+      ;;
+
+    netbsd*)
+      if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
+      else
+	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
+      fi
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    newsos6)
+      _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+      _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    openbsd*)
+      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+      if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+	_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+      else
+       case $host_os in
+	 openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*)
+	   _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+	   _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+	   ;;
+	 *)
+	   _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	   _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+	   ;;
+       esac
+      fi
+      ;;
+
+    os2*)
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+      _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+      _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported
+      _LT_AC_TAGVAR(archive_cmds, $1)='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+      _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+      ;;
+
+    osf3*)
+      if test "$GCC" = yes; then
+	_LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+      else
+	_LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+      fi
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+      _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+      ;;
+
+    osf4* | osf5*)	# as osf3* with the addition of -msym flag
+      if test "$GCC" = yes; then
+	_LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+      else
+	_LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
+	$LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp'
+
+	# Both c and cxx compiler support -rpath directly
+	_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+      fi
+      _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=:
+      ;;
+
+    solaris*)
+      _LT_AC_TAGVAR(no_undefined_flag, $1)=' -z text'
+      if test "$GCC" = yes; then
+	wlarc='${wl}'
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+	  $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp'
+      else
+	wlarc=''
+	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+  	$LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+      fi
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+      case $host_os in
+      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+      *)
+ 	# The compiler driver will combine linker options so we
+ 	# cannot just pass the convience library names through
+ 	# without $wl, iff we do not link with $LD.
+ 	# Luckily, gcc supports the same syntax we need for Sun Studio.
+ 	# Supported since Solaris 2.6 (maybe 2.5.1?)
+ 	case $wlarc in
+ 	'')
+ 	  _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' ;;
+ 	*)
+ 	  _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;;
+ 	esac ;;
+      esac
+      _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+      ;;
+
+    sunos4*)
+      if test "x$host_vendor" = xsequent; then
+	# Use $CC to link under sequent, because it throws in some extra .o
+	# files that make .init and .fini sections work.
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+      fi
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+      _LT_AC_TAGVAR(hardcode_direct, $1)=yes
+      _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    sysv4)
+      case $host_vendor in
+	sni)
+	  _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  _LT_AC_TAGVAR(hardcode_direct, $1)=yes # is this really true???
+	;;
+	siemens)
+	  ## LD is ld it makes a PLAMLIB
+	  ## CC just makes a GrossModule.
+	  _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+	  _LT_AC_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs'
+	  _LT_AC_TAGVAR(hardcode_direct, $1)=no
+        ;;
+	motorola)
+	  _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  _LT_AC_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie
+	;;
+      esac
+      runpath_var='LD_RUN_PATH'
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    sysv4.3*)
+      _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+      _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	_LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+	runpath_var=LD_RUN_PATH
+	hardcode_runpath_var=yes
+	_LT_AC_TAGVAR(ld_shlibs, $1)=yes
+      fi
+      ;;
+
+    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7*)
+      _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+      _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+      runpath_var='LD_RUN_PATH'
+
+      if test "$GCC" = yes; then
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      fi
+      ;;
+
+    sysv5* | sco3.2v5* | sco5v6*)
+      # Note: We can NOT use -z defs as we might desire, because we do not
+      # link with -lc, and that would cause any symbols used from libc to
+      # always be unresolved, which means just about no library would
+      # ever link correctly.  If we're not using GNU ld we use -z text
+      # though, which does catch some bad symbols but isn't as heavy-handed
+      # as -z defs.
+      _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+      _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs'
+      _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
+      _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':'
+      _LT_AC_TAGVAR(link_all_deplibs, $1)=yes
+      _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport'
+      runpath_var='LD_RUN_PATH'
+
+      if test "$GCC" = yes; then
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	_LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+      fi
+      ;;
+
+    uts4*)
+      _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+      _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    *)
+      _LT_AC_TAGVAR(ld_shlibs, $1)=no
+      ;;
+    esac
+  fi
+])
+AC_MSG_RESULT([$_LT_AC_TAGVAR(ld_shlibs, $1)])
+test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)" in
+x|xyes)
+  # Assume -lc should be added
+  _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
+
+  if test "$enable_shared" = yes && test "$GCC" = yes; then
+    case $_LT_AC_TAGVAR(archive_cmds, $1) in
+    *'~'*)
+      # FIXME: we may have to deal with multi-command sequences.
+      ;;
+    '$CC '*)
+      # Test whether the compiler implicitly links with -lc since on some
+      # systems, -lgcc has to come before -lc. If gcc already passes -lc
+      # to ld, don't add -lc before -lgcc.
+      AC_MSG_CHECKING([whether -lc should be explicitly linked in])
+      $rm conftest*
+      printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+      if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
+        soname=conftest
+        lib=conftest
+        libobjs=conftest.$ac_objext
+        deplibs=
+        wl=$_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)
+	pic_flag=$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)
+        compiler_flags=-v
+        linker_flags=-v
+        verstring=
+        output_objdir=.
+        libname=conftest
+        lt_save_allow_undefined_flag=$_LT_AC_TAGVAR(allow_undefined_flag, $1)
+        _LT_AC_TAGVAR(allow_undefined_flag, $1)=
+        if AC_TRY_EVAL(_LT_AC_TAGVAR(archive_cmds, $1) 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1)
+        then
+	  _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no
+        else
+	  _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes
+        fi
+        _LT_AC_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
+      else
+        cat conftest.err 1>&5
+      fi
+      $rm conftest*
+      AC_MSG_RESULT([$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)])
+      ;;
+    esac
+  fi
+  ;;
+esac
+])# AC_LIBTOOL_PROG_LD_SHLIBS
+
+
+# _LT_AC_FILE_LTDLL_C
+# -------------------
+# Be careful that the start marker always follows a newline.
+AC_DEFUN([_LT_AC_FILE_LTDLL_C], [
+# /* ltdll.c starts here */
+# #define WIN32_LEAN_AND_MEAN
+# #include <windows.h>
+# #undef WIN32_LEAN_AND_MEAN
+# #include <stdio.h>
+#
+# #ifndef __CYGWIN__
+# #  ifdef __CYGWIN32__
+# #    define __CYGWIN__ __CYGWIN32__
+# #  endif
+# #endif
+#
+# #ifdef __cplusplus
+# extern "C" {
+# #endif
+# BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved);
+# #ifdef __cplusplus
+# }
+# #endif
+#
+# #ifdef __CYGWIN__
+# #include <cygwin/cygwin_dll.h>
+# DECLARE_CYGWIN_DLL( DllMain );
+# #endif
+# HINSTANCE __hDllInstance_base;
+#
+# BOOL APIENTRY
+# DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved)
+# {
+#   __hDllInstance_base = hInst;
+#   return TRUE;
+# }
+# /* ltdll.c ends here */
+])# _LT_AC_FILE_LTDLL_C
+
+
+# _LT_AC_TAGVAR(VARNAME, [TAGNAME])
+# ---------------------------------
+AC_DEFUN([_LT_AC_TAGVAR], [ifelse([$2], [], [$1], [$1_$2])])
+
+
+# old names
+AC_DEFUN([AM_PROG_LIBTOOL],   [AC_PROG_LIBTOOL])
+AC_DEFUN([AM_ENABLE_SHARED],  [AC_ENABLE_SHARED($@)])
+AC_DEFUN([AM_ENABLE_STATIC],  [AC_ENABLE_STATIC($@)])
+AC_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
+AC_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
+AC_DEFUN([AM_PROG_LD],        [AC_PROG_LD])
+AC_DEFUN([AM_PROG_NM],        [AC_PROG_NM])
+
+# This is just to silence aclocal about the macro not being used
+ifelse([AC_DISABLE_FAST_INSTALL])
+
+AC_DEFUN([LT_AC_PROG_GCJ],
+[AC_CHECK_TOOL(GCJ, gcj, no)
+  test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2"
+  AC_SUBST(GCJFLAGS)
+])
+
+AC_DEFUN([LT_AC_PROG_RC],
+[AC_CHECK_TOOL(RC, windres, no)
+])
+
+# NOTE: This macro has been submitted for inclusion into   #
+#  GNU Autoconf as AC_PROG_SED.  When it is available in   #
+#  a released version of Autoconf we should remove this    #
+#  macro and use it instead.                               #
+# LT_AC_PROG_SED
+# --------------
+# Check for a fully-functional sed program, that truncates
+# as few characters as possible.  Prefer GNU sed if found.
+AC_DEFUN([LT_AC_PROG_SED],
+[AC_MSG_CHECKING([for a sed that does not truncate output])
+AC_CACHE_VAL(lt_cv_path_SED,
+[# Loop through the user's path and test for sed and gsed.
+# Then use that list of sed's as ones to test for truncation.
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for lt_ac_prog in sed gsed; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
+        lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
+      fi
+    done
+  done
+done
+lt_ac_max=0
+lt_ac_count=0
+# Add /usr/xpg4/bin/sed as it is typically found on Solaris
+# along with /bin/sed that truncates output.
+for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
+  test ! -f $lt_ac_sed && continue
+  cat /dev/null > conftest.in
+  lt_ac_count=0
+  echo $ECHO_N "0123456789$ECHO_C" >conftest.in
+  # Check for GNU sed and select it if it is found.
+  if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
+    lt_cv_path_SED=$lt_ac_sed
+    break
+  fi
+  while true; do
+    cat conftest.in conftest.in >conftest.tmp
+    mv conftest.tmp conftest.in
+    cp conftest.in conftest.nl
+    echo >>conftest.nl
+    $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
+    cmp -s conftest.out conftest.nl || break
+    # 10000 chars as input seems more than enough
+    test $lt_ac_count -gt 10 && break
+    lt_ac_count=`expr $lt_ac_count + 1`
+    if test $lt_ac_count -gt $lt_ac_max; then
+      lt_ac_max=$lt_ac_count
+      lt_cv_path_SED=$lt_ac_sed
+    fi
+  done
+done
+])
+SED=$lt_cv_path_SED
+AC_MSG_RESULT([$SED])
+])
+
+# Copyright (C) 2002, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_AUTOMAKE_VERSION(VERSION)
+# ----------------------------
+# Automake X.Y traces this macro to ensure aclocal.m4 has been
+# generated from the m4 files accompanying Automake X.Y.
+AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version="1.9"])
+
+# AM_SET_CURRENT_AUTOMAKE_VERSION
+# -------------------------------
+# Call AM_AUTOMAKE_VERSION so it can be traced.
+# This function is AC_REQUIREd by AC_INIT_AUTOMAKE.
+AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+	 [AM_AUTOMAKE_VERSION([1.9.6])])
+
+# AM_AUX_DIR_EXPAND                                         -*- Autoconf -*-
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
+# $ac_aux_dir to `$srcdir/foo'.  In other projects, it is set to
+# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
+#
+# Of course, Automake must honor this variable whenever it calls a
+# tool from the auxiliary directory.  The problem is that $srcdir (and
+# therefore $ac_aux_dir as well) can be either absolute or relative,
+# depending on how configure is run.  This is pretty annoying, since
+# it makes $ac_aux_dir quite unusable in subdirectories: in the top
+# source directory, any form will work fine, but in subdirectories a
+# relative path needs to be adjusted first.
+#
+# $ac_aux_dir/missing
+#    fails when called from a subdirectory if $ac_aux_dir is relative
+# $top_srcdir/$ac_aux_dir/missing
+#    fails if $ac_aux_dir is absolute,
+#    fails when called from a subdirectory in a VPATH build with
+#          a relative $ac_aux_dir
+#
+# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
+# are both prefixed by $srcdir.  In an in-source build this is usually
+# harmless because $srcdir is `.', but things will broke when you
+# start a VPATH build or use an absolute $srcdir.
+#
+# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
+# iff we strip the leading $srcdir from $ac_aux_dir.  That would be:
+#   am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
+# and then we would define $MISSING as
+#   MISSING="\${SHELL} $am_aux_dir/missing"
+# This will work as long as MISSING is not called from configure, because
+# unfortunately $(top_srcdir) has no meaning in configure.
+# However there are other variables, like CC, which are often used in
+# configure, and could therefore not use this "fixed" $ac_aux_dir.
+#
+# Another solution, used here, is to always expand $ac_aux_dir to an
+# absolute PATH.  The drawback is that using absolute paths prevent a
+# configured tree to be moved without reconfiguration.
+
+AC_DEFUN([AM_AUX_DIR_EXPAND],
+[dnl Rely on autoconf to set up CDPATH properly.
+AC_PREREQ([2.50])dnl
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+])
+
+# AM_CONDITIONAL                                            -*- Autoconf -*-
+
+# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 7
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ(2.52)dnl
+ ifelse([$1], [TRUE],  [AC_FATAL([$0: invalid condition: $1])],
+	[$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])
+AC_SUBST([$1_FALSE])
+if $2; then
+  $1_TRUE=
+  $1_FALSE='#'
+else
+  $1_TRUE='#'
+  $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+  AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 8
+
+# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
+# written in clear, in which case automake, when reading aclocal.m4,
+# will think it sees a *use*, and therefore will trigger all it's
+# C support machinery.  Also note that it means that autoscan, seeing
+# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
+
+
+# _AM_DEPENDENCIES(NAME)
+# ----------------------
+# See how the compiler implements dependency checking.
+# NAME is "CC", "CXX", "GCJ", or "OBJC".
+# We try a few techniques and use that to set a single cache variable.
+#
+# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
+# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
+# dependency, and given that the user is not expected to run this macro,
+# just rely on AC_PROG_CC.
+AC_DEFUN([_AM_DEPENDENCIES],
+[AC_REQUIRE([AM_SET_DEPDIR])dnl
+AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
+AC_REQUIRE([AM_MAKE_INCLUDE])dnl
+AC_REQUIRE([AM_DEP_TRACK])dnl
+
+ifelse([$1], CC,   [depcc="$CC"   am_compiler_list=],
+       [$1], CXX,  [depcc="$CXX"  am_compiler_list=],
+       [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
+       [$1], GCJ,  [depcc="$GCJ"  am_compiler_list='gcc3 gcc'],
+                   [depcc="$$1"   am_compiler_list=])
+
+AC_CACHE_CHECK([dependency style of $depcc],
+               [am_cv_$1_dependencies_compiler_type],
+[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_$1_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
+  fi
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    case $depmode in
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    none) break ;;
+    esac
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.
+    if depmode=$depmode \
+       source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_$1_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_$1_dependencies_compiler_type=none
+fi
+])
+AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
+AM_CONDITIONAL([am__fastdep$1], [
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
+])
+
+
+# AM_SET_DEPDIR
+# -------------
+# Choose a directory name for dependency files.
+# This macro is AC_REQUIREd in _AM_DEPENDENCIES
+AC_DEFUN([AM_SET_DEPDIR],
+[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
+])
+
+
+# AM_DEP_TRACK
+# ------------
+AC_DEFUN([AM_DEP_TRACK],
+[AC_ARG_ENABLE(dependency-tracking,
+[  --disable-dependency-tracking  speeds up one-time build
+  --enable-dependency-tracking   do not reject slow dependency extractors])
+if test "x$enable_dependency_tracking" != xno; then
+  am_depcomp="$ac_aux_dir/depcomp"
+  AMDEPBACKSLASH='\'
+fi
+AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
+AC_SUBST([AMDEPBACKSLASH])
+])
+
+# Generate code to set up dependency tracking.              -*- Autoconf -*-
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+#serial 3
+
+# _AM_OUTPUT_DEPENDENCY_COMMANDS
+# ------------------------------
+AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
+[for mf in $CONFIG_FILES; do
+  # Strip MF so we end up with the name of the file.
+  mf=`echo "$mf" | sed -e 's/:.*$//'`
+  # Check whether this is an Automake generated Makefile or not.
+  # We used to match only the files named `Makefile.in', but
+  # some people rename them; so instead we look at the file content.
+  # Grep'ing the first line is not enough: some people post-process
+  # each Makefile.in and add a new line on top of each file to say so.
+  # So let's grep whole file.
+  if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then
+    dirpart=`AS_DIRNAME("$mf")`
+  else
+    continue
+  fi
+  # Extract the definition of DEPDIR, am__include, and am__quote
+  # from the Makefile without running `make'.
+  DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+  test -z "$DEPDIR" && continue
+  am__include=`sed -n 's/^am__include = //p' < "$mf"`
+  test -z "am__include" && continue
+  am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+  # When using ansi2knr, U may be empty or an underscore; expand it
+  U=`sed -n 's/^U = //p' < "$mf"`
+  # Find all dependency output files, they are included files with
+  # $(DEPDIR) in their names.  We invoke sed twice because it is the
+  # simplest approach to changing $(DEPDIR) to its actual value in the
+  # expansion.
+  for file in `sed -n "
+    s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+       sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+    # Make sure the directory exists.
+    test -f "$dirpart/$file" && continue
+    fdir=`AS_DIRNAME(["$file"])`
+    AS_MKDIR_P([$dirpart/$fdir])
+    # echo "creating $dirpart/$file"
+    echo '# dummy' > "$dirpart/$file"
+  done
+done
+])# _AM_OUTPUT_DEPENDENCY_COMMANDS
+
+
+# AM_OUTPUT_DEPENDENCY_COMMANDS
+# -----------------------------
+# This macro should only be invoked once -- use via AC_REQUIRE.
+#
+# This code is only required when automatic dependency tracking
+# is enabled.  FIXME.  This creates each `.P' file that we will
+# need in order to bootstrap the dependency handling code.
+AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
+[AC_CONFIG_COMMANDS([depfiles],
+     [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
+     [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
+])
+
+# Do all the work for Automake.                             -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 12
+
+# This macro actually does too much.  Some checks are only needed if
+# your package does certain things.  But this isn't really a big deal.
+
+# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
+# AM_INIT_AUTOMAKE([OPTIONS])
+# -----------------------------------------------
+# The call with PACKAGE and VERSION arguments is the old style
+# call (pre autoconf-2.50), which is being phased out.  PACKAGE
+# and VERSION should now be passed to AC_INIT and removed from
+# the call to AM_INIT_AUTOMAKE.
+# We support both call styles for the transition.  After
+# the next Automake release, Autoconf can make the AC_INIT
+# arguments mandatory, and then we can depend on a new Autoconf
+# release and drop the old call support.
+AC_DEFUN([AM_INIT_AUTOMAKE],
+[AC_PREREQ([2.58])dnl
+dnl Autoconf wants to disallow AM_ names.  We explicitly allow
+dnl the ones we care about.
+m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
+AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
+AC_REQUIRE([AC_PROG_INSTALL])dnl
+# test to see if srcdir already configured
+if test "`cd $srcdir && pwd`" != "`pwd`" &&
+   test -f $srcdir/config.status; then
+  AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+  if (cygpath --version) >/dev/null 2>/dev/null; then
+    CYGPATH_W='cygpath -w'
+  else
+    CYGPATH_W=echo
+  fi
+fi
+AC_SUBST([CYGPATH_W])
+
+# Define the identity of the package.
+dnl Distinguish between old-style and new-style calls.
+m4_ifval([$2],
+[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
+ AC_SUBST([PACKAGE], [$1])dnl
+ AC_SUBST([VERSION], [$2])],
+[_AM_SET_OPTIONS([$1])dnl
+ AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
+ AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
+
+_AM_IF_OPTION([no-define],,
+[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
+ AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
+
+# Some tools Automake needs.
+AC_REQUIRE([AM_SANITY_CHECK])dnl
+AC_REQUIRE([AC_ARG_PROGRAM])dnl
+AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
+AM_MISSING_PROG(AUTOCONF, autoconf)
+AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
+AM_MISSING_PROG(AUTOHEADER, autoheader)
+AM_MISSING_PROG(MAKEINFO, makeinfo)
+AM_PROG_INSTALL_SH
+AM_PROG_INSTALL_STRIP
+AC_REQUIRE([AM_PROG_MKDIR_P])dnl
+# We need awk for the "check" target.  The system "awk" is bad on
+# some platforms.
+AC_REQUIRE([AC_PROG_AWK])dnl
+AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
+              [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
+	      		     [_AM_PROG_TAR([v7])])])
+_AM_IF_OPTION([no-dependencies],,
+[AC_PROVIDE_IFELSE([AC_PROG_CC],
+                  [_AM_DEPENDENCIES(CC)],
+                  [define([AC_PROG_CC],
+                          defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_CXX],
+                  [_AM_DEPENDENCIES(CXX)],
+                  [define([AC_PROG_CXX],
+                          defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
+])
+])
+
+
+# When config.status generates a header, we must update the stamp-h file.
+# This file resides in the same directory as the config header
+# that is generated.  The stamp files are numbered to have different names.
+
+# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
+# loop where config.status creates the headers, so we can generate
+# our stamp files there.
+AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
+[# Compute $1's index in $config_headers.
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $1 | $1:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $1" >`AS_DIRNAME([$1])`/stamp-h[]$_am_stamp_count])
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_SH
+# ------------------
+# Define $install_sh.
+AC_DEFUN([AM_PROG_INSTALL_SH],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+install_sh=${install_sh-"$am_aux_dir/install-sh"}
+AC_SUBST(install_sh)])
+
+# Copyright (C) 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# Check whether the underlying file-system supports filenames
+# with a leading dot.  For instance MS-DOS doesn't.
+AC_DEFUN([AM_SET_LEADING_DOT],
+[rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+  am__leading_dot=.
+else
+  am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+AC_SUBST([am__leading_dot])])
+
+# Add --enable-maintainer-mode option to configure.         -*- Autoconf -*-
+# From Jim Meyering
+
+# Copyright (C) 1996, 1998, 2000, 2001, 2002, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+AC_DEFUN([AM_MAINTAINER_MODE],
+[AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
+  dnl maintainer-mode is disabled by default
+  AC_ARG_ENABLE(maintainer-mode,
+[  --enable-maintainer-mode  enable make rules and dependencies not useful
+			  (and sometimes confusing) to the casual installer],
+      USE_MAINTAINER_MODE=$enableval,
+      USE_MAINTAINER_MODE=no)
+  AC_MSG_RESULT([$USE_MAINTAINER_MODE])
+  AM_CONDITIONAL(MAINTAINER_MODE, [test $USE_MAINTAINER_MODE = yes])
+  MAINT=$MAINTAINER_MODE_TRUE
+  AC_SUBST(MAINT)dnl
+]
+)
+
+AU_DEFUN([jm_MAINTAINER_MODE], [AM_MAINTAINER_MODE])
+
+# Check to see how 'make' treats includes.	            -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 3
+
+# AM_MAKE_INCLUDE()
+# -----------------
+# Check to see how make treats includes.
+AC_DEFUN([AM_MAKE_INCLUDE],
+[am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+	@echo done
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+AC_MSG_CHECKING([for style of include used by $am_make])
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# We grep out `Entering directory' and `Leaving directory'
+# messages which can occur if `w' ends up in MAKEFLAGS.
+# In particular we don't look at `^make:' because GNU make might
+# be invoked under some other name (usually "gmake"), in which
+# case it prints its new name instead of `make'.
+if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then
+   am__include=include
+   am__quote=
+   _am_result=GNU
+fi
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+   echo '.include "confinc"' > confmf
+   if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then
+      am__include=.include
+      am__quote="\""
+      _am_result=BSD
+   fi
+fi
+AC_SUBST([am__include])
+AC_SUBST([am__quote])
+AC_MSG_RESULT([$_am_result])
+rm -f confinc confmf
+])
+
+# Copyright (C) 1999, 2000, 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 3
+
+# AM_PROG_CC_C_O
+# --------------
+# Like AC_PROG_CC_C_O, but changed for automake.
+AC_DEFUN([AM_PROG_CC_C_O],
+[AC_REQUIRE([AC_PROG_CC_C_O])dnl
+AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+# FIXME: we rely on the cache variable name because
+# there is no other way.
+set dummy $CC
+ac_cc=`echo $[2] | sed ['s/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/']`
+if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" != yes"; then
+   # Losing compiler, so override with the script.
+   # FIXME: It is wrong to rewrite CC.
+   # But if we don't then we get into trouble of one sort or another.
+   # A longer-term fix would be to have automake use am__CC in this case,
+   # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
+   CC="$am_aux_dir/compile $CC"
+fi
+])
+
+# Fake the existence of programs that GNU maintainers use.  -*- Autoconf -*-
+
+# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_MISSING_PROG(NAME, PROGRAM)
+# ------------------------------
+AC_DEFUN([AM_MISSING_PROG],
+[AC_REQUIRE([AM_MISSING_HAS_RUN])
+$1=${$1-"${am_missing_run}$2"}
+AC_SUBST($1)])
+
+
+# AM_MISSING_HAS_RUN
+# ------------------
+# Define MISSING if not defined so far and test if it supports --run.
+# If it does, set am_missing_run to use it, otherwise, to nothing.
+AC_DEFUN([AM_MISSING_HAS_RUN],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing"
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+  am_missing_run="$MISSING --run "
+else
+  am_missing_run=
+  AC_MSG_WARN([`missing' script is too old or missing])
+fi
+])
+
+# Copyright (C) 2003, 2004, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_MKDIR_P
+# ---------------
+# Check whether `mkdir -p' is supported, fallback to mkinstalldirs otherwise.
+#
+# Automake 1.8 used `mkdir -m 0755 -p --' to ensure that directories
+# created by `make install' are always world readable, even if the
+# installer happens to have an overly restrictive umask (e.g. 077).
+# This was a mistake.  There are at least two reasons why we must not
+# use `-m 0755':
+#   - it causes special bits like SGID to be ignored,
+#   - it may be too restrictive (some setups expect 775 directories).
+#
+# Do not use -m 0755 and let people choose whatever they expect by
+# setting umask.
+#
+# We cannot accept any implementation of `mkdir' that recognizes `-p'.
+# Some implementations (such as Solaris 8's) are not thread-safe: if a
+# parallel make tries to run `mkdir -p a/b' and `mkdir -p a/c'
+# concurrently, both version can detect that a/ is missing, but only
+# one can create it and the other will error out.  Consequently we
+# restrict ourselves to GNU make (using the --version option ensures
+# this.)
+AC_DEFUN([AM_PROG_MKDIR_P],
+[if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then
+  # We used to keeping the `.' as first argument, in order to
+  # allow $(mkdir_p) to be used without argument.  As in
+  #   $(mkdir_p) $(somedir)
+  # where $(somedir) is conditionally defined.  However this is wrong
+  # for two reasons:
+  #  1. if the package is installed by a user who cannot write `.'
+  #     make install will fail,
+  #  2. the above comment should most certainly read
+  #     $(mkdir_p) $(DESTDIR)$(somedir)
+  #     so it does not work when $(somedir) is undefined and
+  #     $(DESTDIR) is not.
+  #  To support the latter case, we have to write
+  #     test -z "$(somedir)" || $(mkdir_p) $(DESTDIR)$(somedir),
+  #  so the `.' trick is pointless.
+  mkdir_p='mkdir -p --'
+else
+  # On NextStep and OpenStep, the `mkdir' command does not
+  # recognize any option.  It will interpret all options as
+  # directories to create, and then abort because `.' already
+  # exists.
+  for d in ./-p ./--version;
+  do
+    test -d $d && rmdir $d
+  done
+  # $(mkinstalldirs) is defined by Automake if mkinstalldirs exists.
+  if test -f "$ac_aux_dir/mkinstalldirs"; then
+    mkdir_p='$(mkinstalldirs)'
+  else
+    mkdir_p='$(install_sh) -d'
+  fi
+fi
+AC_SUBST([mkdir_p])])
+
+# Helper functions for option handling.                     -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 3
+
+# _AM_MANGLE_OPTION(NAME)
+# -----------------------
+AC_DEFUN([_AM_MANGLE_OPTION],
+[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
+
+# _AM_SET_OPTION(NAME)
+# ------------------------------
+# Set option NAME.  Presently that only means defining a flag for this option.
+AC_DEFUN([_AM_SET_OPTION],
+[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
+
+# _AM_SET_OPTIONS(OPTIONS)
+# ----------------------------------
+# OPTIONS is a space-separated list of Automake options.
+AC_DEFUN([_AM_SET_OPTIONS],
+[AC_FOREACH([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
+
+# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
+# -------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+AC_DEFUN([_AM_IF_OPTION],
+[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+
+# Check to make sure that the build environment is sane.    -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_SANITY_CHECK
+# ---------------
+AC_DEFUN([AM_SANITY_CHECK],
+[AC_MSG_CHECKING([whether build environment is sane])
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments.  Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+   set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null`
+   if test "$[*]" = "X"; then
+      # -L didn't work.
+      set X `ls -t $srcdir/configure conftest.file`
+   fi
+   rm -f conftest.file
+   if test "$[*]" != "X $srcdir/configure conftest.file" \
+      && test "$[*]" != "X conftest.file $srcdir/configure"; then
+
+      # If neither matched, then we have a broken ls.  This can happen
+      # if, for instance, CONFIG_SHELL is bash and it inherits a
+      # broken ls alias from the environment.  This has actually
+      # happened.  Such a system could not be considered "sane".
+      AC_MSG_ERROR([ls -t appears to fail.  Make sure there is not a broken
+alias in your environment])
+   fi
+
+   test "$[2]" = conftest.file
+   )
+then
+   # Ok.
+   :
+else
+   AC_MSG_ERROR([newly created file is older than distributed files!
+Check your system clock])
+fi
+AC_MSG_RESULT(yes)])
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_STRIP
+# ---------------------
+# One issue with vendor `install' (even GNU) is that you can't
+# specify the program used to strip binaries.  This is especially
+# annoying in cross-compiling environments, where the build's strip
+# is unlikely to handle the host's binaries.
+# Fortunately install-sh will honor a STRIPPROG variable, so we
+# always use install-sh in `make install-strip', and initialize
+# STRIPPROG with the value of the STRIP variable (set by the user).
+AC_DEFUN([AM_PROG_INSTALL_STRIP],
+[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'.  However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
+if test "$cross_compiling" != no; then
+  AC_CHECK_TOOL([STRIP], [strip], :)
+fi
+INSTALL_STRIP_PROGRAM="\${SHELL} \$(install_sh) -c -s"
+AC_SUBST([INSTALL_STRIP_PROGRAM])])
+
+# Check how to create a tarball.                            -*- Autoconf -*-
+
+# Copyright (C) 2004, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_PROG_TAR(FORMAT)
+# --------------------
+# Check how to create a tarball in format FORMAT.
+# FORMAT should be one of `v7', `ustar', or `pax'.
+#
+# Substitute a variable $(am__tar) that is a command
+# writing to stdout a FORMAT-tarball containing the directory
+# $tardir.
+#     tardir=directory && $(am__tar) > result.tar
+#
+# Substitute a variable $(am__untar) that extract such
+# a tarball read from stdin.
+#     $(am__untar) < result.tar
+AC_DEFUN([_AM_PROG_TAR],
+[# Always define AMTAR for backward compatibility.
+AM_MISSING_PROG([AMTAR], [tar])
+m4_if([$1], [v7],
+     [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
+     [m4_case([$1], [ustar],, [pax],,
+              [m4_fatal([Unknown tar format])])
+AC_MSG_CHECKING([how to create a $1 tar archive])
+# Loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
+_am_tools=${am_cv_prog_tar_$1-$_am_tools}
+# Do not fold the above two line into one, because Tru64 sh and
+# Solaris sh will not grok spaces in the rhs of `-'.
+for _am_tool in $_am_tools
+do
+  case $_am_tool in
+  gnutar)
+    for _am_tar in tar gnutar gtar;
+    do
+      AM_RUN_LOG([$_am_tar --version]) && break
+    done
+    am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
+    am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
+    am__untar="$_am_tar -xf -"
+    ;;
+  plaintar)
+    # Must skip GNU tar: if it does not support --format= it doesn't create
+    # ustar tarball either.
+    (tar --version) >/dev/null 2>&1 && continue
+    am__tar='tar chf - "$$tardir"'
+    am__tar_='tar chf - "$tardir"'
+    am__untar='tar xf -'
+    ;;
+  pax)
+    am__tar='pax -L -x $1 -w "$$tardir"'
+    am__tar_='pax -L -x $1 -w "$tardir"'
+    am__untar='pax -r'
+    ;;
+  cpio)
+    am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
+    am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
+    am__untar='cpio -i -H $1 -d'
+    ;;
+  none)
+    am__tar=false
+    am__tar_=false
+    am__untar=false
+    ;;
+  esac
+
+  # If the value was cached, stop now.  We just wanted to have am__tar
+  # and am__untar set.
+  test -n "${am_cv_prog_tar_$1}" && break
+
+  # tar/untar a dummy directory, and stop if the command works
+  rm -rf conftest.dir
+  mkdir conftest.dir
+  echo GrepMe > conftest.dir/file
+  AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
+  rm -rf conftest.dir
+  if test -s conftest.tar; then
+    AM_RUN_LOG([$am__untar <conftest.tar])
+    grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+  fi
+done
+rm -rf conftest.dir
+
+AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
+AC_MSG_RESULT([$am_cv_prog_tar_$1])])
+AC_SUBST([am__tar])
+AC_SUBST([am__untar])
+]) # _AM_PROG_TAR
+
diff --git a/pki/base/tps/apache/LICENSE-2.0 b/pki/base/tps/apache/LICENSE-2.0
new file mode 100644
index 000000000..7b69c6227
--- /dev/null
+++ b/pki/base/tps/apache/LICENSE-2.0
@@ -0,0 +1,678 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+
+
+APACHE HTTP SERVER SUBCOMPONENTS: 
+
+The Apache HTTP Server includes a number of subcomponents with
+separate copyright notices and license terms. Your use of the source
+code for the these subcomponents is subject to the terms and
+conditions of the following licenses. 
+
+For the mod_mime_magic component:
+
+/*
+ * mod_mime_magic: MIME type lookup via file magic numbers
+ * Copyright (c) 1996-1997 Cisco Systems, Inc.
+ *
+ * This software was submitted by Cisco Systems to the Apache Group in July
+ * 1997.  Future revisions and derivatives of this source code must
+ * acknowledge Cisco Systems as the original contributor of this module.
+ * All other licensing and usage conditions are those of the Apache Group.
+ *
+ * Some of this code is derived from the free version of the file command
+ * originally posted to comp.sources.unix.  Copyright info for that program
+ * is included below as required.
+ * ---------------------------------------------------------------------------
+ * - Copyright (c) Ian F. Darwin, 1987. Written by Ian F. Darwin.
+ *
+ * This software is not subject to any license of the American Telephone and
+ * Telegraph Company or of the Regents of the University of California.
+ *
+ * Permission is granted to anyone to use this software for any purpose on any
+ * computer system, and to alter it and redistribute it freely, subject to
+ * the following restrictions:
+ *
+ * 1. The author is not responsible for the consequences of use of this
+ * software, no matter how awful, even if they arise from flaws in it.
+ *
+ * 2. The origin of this software must not be misrepresented, either by
+ * explicit claim or by omission.  Since few users ever read sources, credits
+ * must appear in the documentation.
+ *
+ * 3. Altered versions must be plainly marked as such, and must not be
+ * misrepresented as being the original software.  Since few users ever read
+ * sources, credits must appear in the documentation.
+ *
+ * 4. This notice may not be removed or altered.
+ * -------------------------------------------------------------------------
+ *
+ */
+
+
+For the  modules\mappers\mod_imap.c component:
+
+  "macmartinized" polygon code copyright 1992 by Eric Haines, erich@eye.com
+
+For the  server\util_md5.c component:
+
+/************************************************************************
+ * NCSA HTTPd Server
+ * Software Development Group
+ * National Center for Supercomputing Applications
+ * University of Illinois at Urbana-Champaign
+ * 605 E. Springfield, Champaign, IL 61820
+ * httpd@ncsa.uiuc.edu
+ *
+ * Copyright  (C)  1995, Board of Trustees of the University of Illinois
+ *
+ ************************************************************************
+ *
+ * md5.c: NCSA HTTPd code which uses the md5c.c RSA Code
+ *
+ *  Original Code Copyright (C) 1994, Jeff Hostetler, Spyglass, Inc.
+ *  Portions of Content-MD5 code Copyright (C) 1993, 1994 by Carnegie Mellon
+ *     University (see Copyright below).
+ *  Portions of Content-MD5 code Copyright (C) 1991 Bell Communications 
+ *     Research, Inc. (Bellcore) (see Copyright below).
+ *  Portions extracted from mpack, John G. Myers - jgm+@cmu.edu
+ *  Content-MD5 Code contributed by Martin Hamilton (martin@net.lut.ac.uk)
+ *
+ */
+
+
+/* these portions extracted from mpack, John G. Myers - jgm+@cmu.edu */
+/* (C) Copyright 1993,1994 by Carnegie Mellon University
+ * All Rights Reserved.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without
+ * fee, provided that the above copyright notice appear in all copies
+ * and that both that copyright notice and this permission notice
+ * appear in supporting documentation, and that the name of Carnegie
+ * Mellon University not be used in advertising or publicity
+ * pertaining to distribution of the software without specific,
+ * written prior permission.  Carnegie Mellon University makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied
+ * warranty.
+ *
+ * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
+ * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/*
+ * Copyright (c) 1991 Bell Communications Research, Inc. (Bellcore)
+ *
+ * Permission to use, copy, modify, and distribute this material
+ * for any purpose and without fee is hereby granted, provided
+ * that the above copyright notice and this permission notice
+ * appear in all copies, and that the name of Bellcore not be
+ * used in advertising or publicity pertaining to this
+ * material without the specific, prior written permission
+ * of an authorized representative of Bellcore.  BELLCORE
+ * MAKES NO REPRESENTATIONS ABOUT THE ACCURACY OR SUITABILITY
+ * OF THIS MATERIAL FOR ANY PURPOSE.  IT IS PROVIDED "AS IS",
+ * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES.  
+ */
+
+For the  srclib\apr\include\apr_md5.h component: 
+/*
+ * This is work is derived from material Copyright RSA Data Security, Inc.
+ *
+ * The RSA copyright statement and Licence for that original material is
+ * included below. This is followed by the Apache copyright statement and
+ * licence for the modifications made to that material.
+ */
+
+/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+   rights reserved.
+
+   License to copy and use this software is granted provided that it
+   is identified as the "RSA Data Security, Inc. MD5 Message-Digest
+   Algorithm" in all material mentioning or referencing this software
+   or this function.
+
+   License is also granted to make and use derivative works provided
+   that such works are identified as "derived from the RSA Data
+   Security, Inc. MD5 Message-Digest Algorithm" in all material
+   mentioning or referencing the derived work.
+
+   RSA Data Security, Inc. makes no representations concerning either
+   the merchantability of this software or the suitability of this
+   software for any particular purpose. It is provided "as is"
+   without express or implied warranty of any kind.
+
+   These notices must be retained in any copies of any part of this
+   documentation and/or software.
+ */
+
+For the  srclib\apr\passwd\apr_md5.c component:
+
+/*
+ * This is work is derived from material Copyright RSA Data Security, Inc.
+ *
+ * The RSA copyright statement and Licence for that original material is
+ * included below. This is followed by the Apache copyright statement and
+ * licence for the modifications made to that material.
+ */
+
+/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
+ */
+
+/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+   rights reserved.
+
+   License to copy and use this software is granted provided that it
+   is identified as the "RSA Data Security, Inc. MD5 Message-Digest
+   Algorithm" in all material mentioning or referencing this software
+   or this function.
+
+   License is also granted to make and use derivative works provided
+   that such works are identified as "derived from the RSA Data
+   Security, Inc. MD5 Message-Digest Algorithm" in all material
+   mentioning or referencing the derived work.
+
+   RSA Data Security, Inc. makes no representations concerning either
+   the merchantability of this software or the suitability of this
+   software for any particular purpose. It is provided "as is"
+   without express or implied warranty of any kind.
+
+   These notices must be retained in any copies of any part of this
+   documentation and/or software.
+ */
+/*
+ * The apr_md5_encode() routine uses much code obtained from the FreeBSD 3.0
+ * MD5 crypt() function, which is licenced as follows:
+ * ----------------------------------------------------------------------------
+ * "THE BEER-WARE LICENSE" (Revision 42):
+ * <phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
+ * can do whatever you want with this stuff. If we meet some day, and you think
+ * this stuff is worth it, you can buy me a beer in return.  Poul-Henning Kamp
+ * ----------------------------------------------------------------------------
+ */
+
+For the srclib\apr-util\crypto\apr_md4.c component:
+
+ * This is derived from material copyright RSA Data Security, Inc.
+ * Their notice is reproduced below in its entirety.
+ *
+ * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+ * rights reserved.
+ *
+ * License to copy and use this software is granted provided that it
+ * is identified as the "RSA Data Security, Inc. MD4 Message-Digest
+ * Algorithm" in all material mentioning or referencing this software
+ * or this function.
+ *
+ * License is also granted to make and use derivative works provided
+ * that such works are identified as "derived from the RSA Data
+ * Security, Inc. MD4 Message-Digest Algorithm" in all material
+ * mentioning or referencing the derived work.
+ *
+ * RSA Data Security, Inc. makes no representations concerning either
+ * the merchantability of this software or the suitability of this
+ * software for any particular purpose. It is provided "as is"
+ * without express or implied warranty of any kind.
+ *
+ * These notices must be retained in any copies of any part of this
+ * documentation and/or software.
+ */
+
+For the srclib\apr-util\include\apr_md4.h component:
+
+ *
+ * This is derived from material copyright RSA Data Security, Inc.
+ * Their notice is reproduced below in its entirety.
+ *
+ * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+ * rights reserved.
+ *
+ * License to copy and use this software is granted provided that it
+ * is identified as the "RSA Data Security, Inc. MD4 Message-Digest
+ * Algorithm" in all material mentioning or referencing this software
+ * or this function.
+ *
+ * License is also granted to make and use derivative works provided
+ * that such works are identified as "derived from the RSA Data
+ * Security, Inc. MD4 Message-Digest Algorithm" in all material
+ * mentioning or referencing the derived work.
+ *
+ * RSA Data Security, Inc. makes no representations concerning either
+ * the merchantability of this software or the suitability of this
+ * software for any particular purpose. It is provided "as is"
+ * without express or implied warranty of any kind.
+ *
+ * These notices must be retained in any copies of any part of this
+ * documentation and/or software.
+ */
+
+
+For the srclib\apr-util\test\testdbm.c component:
+
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2000-2002 The Apache Software Foundation.  All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ *    if any, must include the following acknowledgment:
+ *       "This product includes software developed by the
+ *        Apache Software Foundation (http://www.apache.org/)."
+ *    Alternately, this acknowledgment may appear in the software itself,
+ *    if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ *    not be used to endorse or promote products derived from this
+ *    software without prior written permission. For written
+ *    permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ *    nor may "Apache" appear in their name, without prior written
+ *    permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * This file came from the SDBM package (written by oz@nexus.yorku.ca).
+ * That package was under public domain. This file has been ported to
+ * APR, updated to ANSI C and other, newer idioms, and added to the Apache
+ * codebase under the above copyright and license.
+ */
+
+
+For the srclib\apr-util\test\testmd4.c component:
+
+ *
+ * This is derived from material copyright RSA Data Security, Inc.
+ * Their notice is reproduced below in its entirety.
+ *
+ * Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All
+ * rights reserved.
+ *
+ * RSA Data Security, Inc. makes no representations concerning either
+ * the merchantability of this software or the suitability of this
+ * software for any particular purpose. It is provided "as is"
+ * without express or implied warranty of any kind.
+ *
+ * These notices must be retained in any copies of any part of this
+ * documentation and/or software.
+ */
+
+For the srclib\apr-util\xml\expat\conftools\install-sh component:
+
+#
+# install - install a program, script, or datafile
+# This comes from X11R5 (mit/util/scripts/install.sh).
+#
+# Copyright 1991 by the Massachusetts Institute of Technology
+#
+# Permission to use, copy, modify, distribute, and sell this software and its
+# documentation for any purpose is hereby granted without fee, provided that
+# the above copyright notice appear in all copies and that both that
+# copyright notice and this permission notice appear in supporting
+# documentation, and that the name of M.I.T. not be used in advertising or
+# publicity pertaining to distribution of the software without specific,
+# written prior permission.  M.I.T. makes no representations about the
+# suitability of this software for any purpose.  It is provided "as is"
+# without express or implied warranty.
+#
+
+For the srclib\pcre\install-sh component:
+
+#
+# Copyright 1991 by the Massachusetts Institute of Technology
+#
+# Permission to use, copy, modify, distribute, and sell this software and its
+# documentation for any purpose is hereby granted without fee, provided that
+# the above copyright notice appear in all copies and that both that
+# copyright notice and this permission notice appear in supporting
+# documentation, and that the name of M.I.T. not be used in advertising or
+# publicity pertaining to distribution of the software without specific,
+# written prior permission.  M.I.T. makes no representations about the
+# suitability of this software for any purpose.  It is provided "as is"
+# without express or implied warranty.
+
+For the pcre component:
+
+PCRE LICENCE
+------------
+
+PCRE is a library of functions to support regular expressions whose syntax
+and semantics are as close as possible to those of the Perl 5 language.
+
+Written by: Philip Hazel <ph10@cam.ac.uk>
+
+University of Cambridge Computing Service,
+Cambridge, England. Phone: +44 1223 334714.
+
+Copyright (c) 1997-2001 University of Cambridge
+
+Permission is granted to anyone to use this software for any purpose on any
+computer system, and to redistribute it freely, subject to the following
+restrictions:
+
+1. This software is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+2. The origin of this software must not be misrepresented, either by
+   explicit claim or by omission. In practice, this means that if you use
+   PCRE in software which you distribute to others, commercially or
+   otherwise, you must put a sentence like this
+
+     Regular expression support is provided by the PCRE library package,
+     which is open source software, written by Philip Hazel, and copyright
+     by the University of Cambridge, England.
+
+   somewhere reasonably visible in your documentation and in any relevant
+   files or online help data or similar. A reference to the ftp site for
+   the source, that is, to
+
+     ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
+
+   should also be given in the documentation.
+
+3. Altered versions must be plainly marked as such, and must not be
+   misrepresented as being the original software.
+
+4. If PCRE is embedded in any software that is released under the GNU
+   General Purpose Licence (GPL), or Lesser General Purpose Licence (LGPL),
+   then the terms of that licence shall supersede any condition above with
+   which it is incompatible.
+
+The documentation for PCRE, supplied in the "doc" directory, is distributed
+under the same terms as the software itself.
+
+End PCRE LICENCE
+
+
+For the test\zb.c component:
+
+/*                          ZeusBench V1.01
+			    ===============
+
+This program is Copyright (C) Zeus Technology Limited 1996.
+
+This program may be used and copied freely providing this copyright notice
+is not removed.
+
+This software is provided "as is" and any express or implied waranties, 
+including but not limited to, the implied warranties of merchantability and
+fitness for a particular purpose are disclaimed.  In no event shall 
+Zeus Technology Ltd. be liable for any direct, indirect, incidental, special, 
+exemplary, or consequential damaged (including, but not limited to, 
+procurement of substitute good or services; loss of use, data, or profits;
+or business interruption) however caused and on theory of liability.  Whether
+in contract, strict liability or tort (including negligence or otherwise) 
+arising in any way out of the use of this software, even if advised of the
+possibility of such damage.
+
+     Written by Adam Twiss (adam@zeus.co.uk).  March 1996
+
+Thanks to the following people for their input:
+  Mike Belshe (mbelshe@netscape.com) 
+  Michael Campanella (campanella@stevms.enet.dec.com)
+
+*/
+
+For the expat xml parser component:
+
+Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd
+                               and Clark Cooper
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+	
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+	
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+====================================================================
diff --git a/pki/base/tps/apache/apachectl b/pki/base/tps/apache/apachectl
new file mode 100755
index 000000000..fc054e7e7
--- /dev/null
+++ b/pki/base/tps/apache/apachectl
@@ -0,0 +1,189 @@
+#!/bin/sh
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+#
+# Copyright 2000-2004 The Apache Software Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+#
+#  NOTICE:  This "apachectl" script has been modified to support the
+#           Token Processing System (TPS).
+#
+
+# Initialize environment variables
+LD_LIBRARY_PATH=[SYSTEM_USER_LIBRARIES]:[SYSTEM_LIBRARIES]:${LD_LIBRARY_PATH}
+LD_LIBRARY_PATH=[SECURITY_LIBRARIES]:${LD_LIBRARY_PATH}
+export LD_LIBRARY_PATH
+
+# see if httpd is linked with the openldap libraries - we need to override them
+OS=`pkiname`
+if [ $OS = "Linux" ]; then
+   hasopenldap=0
+
+   /usr/bin/ldd $httpd 2>&1 | grep libldap- > /dev/null 2>&1 && hasopenldap=1
+
+   if [ $hasopenldap -eq 1 ] ; then
+       LD_PRELOAD="[SYSTEM_USER_LIBRARIES]/libldap50.so"
+       LD_PRELOAD="[SYSTEM_USER_LIBRARIES]/libssl3.so ${LD_PRELOAD}"
+       export LD_PRELOAD
+   fi
+fi
+
+#
+# Apache control script designed to allow an easy command line interface
+# to controlling Apache.  Written by Marc Slemko, 1997/08/23
+# 
+# The exit codes returned are:
+#   XXX this doc is no longer correct now that the interesting
+#   XXX functions are handled by [INSTANCE_ID]
+#       0 - operation completed successfully
+#       1 - 
+#       2 - usage error
+#       3 - [INSTANCE_ID] could not be started
+#       4 - [INSTANCE_ID] could not be stopped
+#       5 - [INSTANCE_ID] could not be started during a restart
+#       6 - [INSTANCE_ID] could not be restarted during a restart
+#       7 - [INSTANCE_ID] could not be restarted during a graceful restart
+#       8 - configuration syntax error
+#
+# When multiple arguments are given, only the error from the _last_
+# one is reported.  Run "apachectl help" for usage info
+#
+ARGV="$@"
+#
+# |||||||||||||||||||| START CONFIGURATION SECTION  ||||||||||||||||||||
+# --------------------                              --------------------
+# 
+
+#
+# a command that outputs a formatted text version of the HTML at the
+# url given on the command line.  Designed for lynx, however other
+# programs may work.  
+if [ -x /usr/bin/links ]; then
+    LYNX="links -dump"
+elif [ -x /usr/bin/lynx ]; then
+    LYNX="lynx -dump"
+else
+    LYNX="none"
+fi
+
+#
+# the URL to your server's mod_status status page.  If you do not
+# have one, then status and fullstatus will not work.
+STATUSURL="http://localhost:80/server-status"
+#
+# Set this variable to a command that increases the maximum
+# number of file descriptors allowed per child process. This is
+# critical for configurations that use many file descriptors,
+# such as mass vhosting, or a multithreaded server.
+ULIMIT_MAX_FILES="ulimit -S -n `ulimit -H -n`"
+
+########################################################################
+#   This section contains modified content of "/etc/sysconfig/httpd"   #
+########################################################################
+# Configuration file for the [INSTANCE_ID] service.
+
+#
+# The default processing model (MPM) is the process-based
+# 'prefork' model.  A thread-based model, 'worker', is also
+# available, but does not work with some modules (such as PHP).
+# The service must be stopped before changing this variable.
+#
+HTTPD=[FORTITUDE_DIR]/sbin/httpd.worker
+
+#
+# To pass additional options (for instance, -D definitions) to the
+# httpd binary at startup, set OPTIONS here.
+#
+OPTIONS="-f [HTTPD_CONF]"
+
+#
+# By default, the httpd process is started in the C locale; to 
+# change the locale in which the server runs, the HTTPD_LANG
+# variable can be set.
+#
+HTTPD_LANG=C
+########################################################################
+#                                                                      #
+########################################################################
+
+# Set the maximum number of file descriptors allowed per child process.
+if [ "x$ULIMIT_MAX_FILES" != "x" ] ; then
+    $ULIMIT_MAX_FILES
+fi
+
+ERROR=0
+if [ "x$ARGV" = "x" ] ; then 
+    ARGV="-h"
+fi
+
+function checklynx() {
+if [ "$LYNX" = "none" ]; then
+    echo "The 'links' package is required for this functionality."
+    exit 8
+fi
+}
+
+function testconfig() {
+# [INSTANCE_ID] is denied terminal access in SELinux, so run in the
+# current context to get stdout from $HTTPD -t.
+if test -x /usr/sbin/selinuxenabled && /usr/sbin/selinuxenabled; then
+    runcon -- `id -Z` $HTTPD $OPTIONS -t
+else
+    $HTTPD $OPTIONS -t
+fi
+ERROR=$?
+}
+
+case $ARGV in
+restart|graceful)
+    if $HTTPD -t >&/dev/null; then
+        $HTTPD $OPTIONS -k $ARGV
+        ERROR=$?
+    else
+        echo "apachectl: Configuration syntax error, will not run \"$ARGV\":"
+        testconfig
+    fi
+    ;;
+start|stop)
+    $HTTPD $OPTIONS -k $ARGV
+    ERROR=$?
+    ;;
+startssl|sslstart|start-SSL)
+    $HTTPD $OPTIONS -DSSL -k start
+    ERROR=$?
+    ;;
+configtest)
+    testconfig
+    ;;
+status)
+    checklynx
+    $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } '
+    ;;
+fullstatus)
+    checklynx
+    $LYNX $STATUSURL
+    ;;
+*)
+    $HTTPD $OPTIONS $ARGV
+    ERROR=$?
+esac
+
+exit $ERROR
+
diff --git a/pki/base/tps/apache/conf/httpd.conf b/pki/base/tps/apache/conf/httpd.conf
new file mode 100644
index 000000000..d3ec8e050
--- /dev/null
+++ b/pki/base/tps/apache/conf/httpd.conf
@@ -0,0 +1,1080 @@
+#
+# Based upon the NCSA server configuration files originally by Rob McCool.
+#
+# This is the main Apache server configuration file.  It contains the
+# configuration directives that give the server its instructions.
+# See <URL:http://httpd.apache.org/docs-2.0/> for detailed information about
+# the directives.
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+# The configuration directives are grouped into three basic sections:
+#  1. Directives that control the operation of the Apache server process as a
+#     whole (the 'global environment').
+#  2. Directives that define the parameters of the 'main' or 'default' server,
+#     which responds to requests that aren't handled by a virtual host.
+#     These directives also provide default values for the settings
+#     of all virtual hosts.
+#  3. Settings for virtual hosts, which allow Web requests to be sent to
+#     different IP addresses or hostnames and have them handled by the
+#     same Apache server process.
+#
+# Configuration and logfile names: If the filenames you specify for many
+# of the server's control files begin with "/" (or "drive:/" for Win32), the
+# server will use that explicit path.  If the filenames do *not* begin
+# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
+# with ServerRoot set to "/export/apache" will be interpreted by the
+# server as "/export/apache/logs/foo.log".
+#
+
+### Section 1: Global Environment
+#
+# The directives in this section affect the overall operation of Apache,
+# such as the number of concurrent requests it can handle or where it
+# can find its configuration files.
+#
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# NOTE!  If you intend to place this on an NFS (or otherwise network)
+# mounted filesystem then please read the LockFile documentation (available
+# at <URL:http://httpd.apache.org/docs-2.0/mod/mpm_common.html#lockfile>);
+# you will save yourself a lot of trouble.
+#
+# Do NOT add a slash at the end of the directory path.
+#
+ServerRoot "[SERVER_ROOT]"
+
+#
+# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
+#
+<IfModule !mpm_winnt.c>
+<IfModule !mpm_netware.c>
+#LockFile logs/accept.lock
+</IfModule>
+</IfModule>
+
+#
+# ScoreBoardFile: File used to store internal server process information.
+# If unspecified (the default), the scoreboard will be stored in an
+# anonymous shared memory segment, and will be unavailable to third-party
+# applications.
+# If specified, ensure that no two invocations of Apache share the same
+# scoreboard file. The scoreboard file MUST BE STORED ON A LOCAL DISK.
+#
+<IfModule !mpm_netware.c>
+<IfModule !perchild.c>
+#ScoreBoardFile logs/apache_runtime_status
+</IfModule>
+</IfModule>
+
+
+#
+# PidFile: The file in which the server should record its process
+# identification number when it starts.
+#
+<IfModule !mpm_netware.c>
+PidFile logs/[INSTANCE_ID].pid
+</IfModule>
+
+#
+# Timeout: The number of seconds before receives and sends time out.
+#
+Timeout 300
+
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive On
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 15
+
+##
+## Server-Pool Size Regulation (MPM specific)
+## 
+
+# prefork MPM
+# StartServers: number of server processes to start
+# MinSpareServers: minimum number of server processes which are kept spare
+# MaxSpareServers: maximum number of server processes which are kept spare
+# MaxClients: maximum number of server processes allowed to start
+# MaxRequestsPerChild: maximum number of requests a server process serves
+<IfModule prefork.c>
+StartServers         5
+MinSpareServers      5
+MaxSpareServers     10
+MaxClients         150
+MaxRequestsPerChild  0
+</IfModule>
+
+# worker MPM
+# StartServers: initial number of server processes to start
+# MaxClients: maximum number of simultaneous client connections
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestsPerChild: maximum number of requests a server process serves
+<IfModule worker.c>
+ServerLimit          1
+StartServers         1
+MaxClients          64
+MinSpareThreads     1
+MaxSpareThreads     75 
+ThreadsPerChild     64
+MaxRequestsPerChild  0
+</IfModule>
+
+# perchild MPM
+# NumServers: constant number of server processes
+# StartThreads: initial number of worker threads in each server process
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# MaxThreadsPerChild: maximum number of worker threads in each server process
+# MaxRequestsPerChild: maximum number of connections per server process
+<IfModule perchild.c>
+NumServers           5
+StartThreads         5
+MinSpareThreads      5
+MaxSpareThreads     10
+MaxThreadsPerChild  20
+MaxRequestsPerChild  0
+</IfModule>
+
+# WinNT MPM
+# ThreadsPerChild: constant number of worker threads in the server process
+# MaxRequestsPerChild: maximum  number of requests a server process serves
+<IfModule mpm_winnt.c>
+ThreadsPerChild 250
+MaxRequestsPerChild  0
+</IfModule>
+
+# BeOS MPM
+# StartThreads: how many threads do we initially spawn?
+# MaxClients:   max number of threads we can have (1 thread == 1 client)
+# MaxRequestsPerThread: maximum number of requests each thread will process
+<IfModule beos.c>
+StartThreads               10
+MaxClients                 50
+MaxRequestsPerThread       10000
+</IfModule>    
+
+# NetWare MPM
+# ThreadStackSize: Stack size allocated for each worker thread
+# StartThreads: Number of worker threads launched at server startup
+# MinSpareThreads: Minimum number of idle threads, to handle request spikes
+# MaxSpareThreads: Maximum number of idle threads
+# MaxThreads: Maximum number of worker threads alive at the same time
+# MaxRequestsPerChild: Maximum  number of requests a thread serves. It is 
+#                      recommended that the default value of 0 be set for this
+#                      directive on NetWare.  This will allow the thread to 
+#                      continue to service requests indefinitely.                          
+<IfModule mpm_netware.c>
+ThreadStackSize      65536
+StartThreads           250
+MinSpareThreads         25
+MaxSpareThreads        250
+MaxThreads            1000
+MaxRequestsPerChild      0
+MaxMemFree             100
+</IfModule>
+
+# OS/2 MPM
+# StartServers: Number of server processes to maintain
+# MinSpareThreads: Minimum number of idle threads per process, 
+#                  to handle request spikes
+# MaxSpareThreads: Maximum number of idle threads per process
+# MaxRequestsPerChild: Maximum number of connections per server process
+<IfModule mpmt_os2.c>
+StartServers           2
+MinSpareThreads        5
+MaxSpareThreads       10
+MaxRequestsPerChild    0
+</IfModule>
+
+#
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, instead of the default. See also the <VirtualHost>
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to 
+# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
+#
+#Listen 12.34.56.78:80
+
+Listen 0.0.0.0:[PORT]
+
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
+
+# Required modules for command 'Order':
+[FORTITUDE_AUTH_MODULES]
+# Required module for command 'UserDir':
+LoadModule userdir_module [FORTITUDE_LIB_DIR]/modules/mod_userdir.so
+# Required module for command 'DirectoryIndex':
+LoadModule dir_module [FORTITUDE_LIB_DIR]/modules/mod_dir.so
+# Required module for command 'TypesConfig':
+LoadModule mime_module [FORTITUDE_LIB_DIR]/modules/mod_mime.so
+# Required module for command 'LogFormat':
+LoadModule log_config_module [FORTITUDE_LIB_DIR]/modules/mod_log_config.so
+# Required module for command 'Alias':
+LoadModule alias_module [FORTITUDE_LIB_DIR]/modules/mod_alias.so
+# Required module for command 'SetEnvIf':
+LoadModule setenvif_module [FORTITUDE_LIB_DIR]/modules/mod_setenvif.so
+# Required module for command 'IndexOptions':
+LoadModule autoindex_module [FORTITUDE_LIB_DIR]/modules/mod_autoindex.so
+# Required module for command 'LanguagePriority':
+LoadModule negotiation_module [FORTITUDE_LIB_DIR]/modules/mod_negotiation.so
+# Required module for command 'CGI Scripts':
+LoadModule cgi_module [FORTITUDE_LIB_DIR]/modules/mod_cgi.so
+# Required module for commands in nss.conf:
+[FORTITUDE_NSS_MODULES]
+# Required module for command 'TPSConfigPathFile':
+LoadModule tps_module         [FORTITUDE_MODULE]/mod_tps.so
+# Required module for command 'TokendbConfigPathFile':
+LoadModule tokendb_module     [FORTITUDE_MODULE]/mod_tokendb.so
+
+<Location /nk_service>
+    SetHandler nk_service
+</Location>
+
+<Location /tus>
+    SetHandler tus
+</Location>
+
+#
+# Load config files from the config directory "/etc/[INSTANCE_ID]/conf.d".
+#
+#Include conf.d/*.conf
+Include [SERVER_ROOT]/conf/perl.conf
+
+#
+# ExtendedStatus controls whether Apache will generate "full" status
+# information (ExtendedStatus On) or just basic information (ExtendedStatus
+# Off) when the "server-status" handler is called. The default is Off.
+#
+#ExtendedStatus On
+
+### Section 2: 'Main' server configuration
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# <VirtualHost> definition.  These values also provide defaults for
+# any <VirtualHost> containers you may define later in the file.
+#
+# All of these directives may appear inside <VirtualHost> containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+
+<IfModule !mpm_winnt.c>
+<IfModule !mpm_netware.c>
+#
+# If you wish [INSTANCE_ID] to run as a different user or group, you must run
+# [INSTANCE_ID] as root initially and it will switch.  
+#
+# User/Group: The name (or #number) of the user/group to run [INSTANCE_ID] as.
+#  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
+#  . On HPUX you may not be able to use shared memory as nobody, and the
+#    suggested workaround is to create a user www and use that user.
+#  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
+#  when the value of (unsigned)Group is above 60000; 
+#  don't use Group #-1 on these systems!
+#
+User [USERID]
+Group [GROUPID]
+#Group #-1
+</IfModule>
+</IfModule>
+
+#
+# ServerAdmin: Your address, where problems with the server should be
+# e-mailed.  This address appears on some server-generated pages, such
+# as error documents.  e.g. admin@your-domain.com
+#
+ServerAdmin you@example.com
+
+#
+# ServerName gives the name and port that the server uses to identify itself.
+# This can often be determined automatically, but we recommend you specify
+# it explicitly to prevent problems during startup.
+#
+# If this is not set to valid DNS name for your host, server-generated
+# redirections will not work.  See also the UseCanonicalName directive.
+#
+# If your host doesn't have a registered DNS name, enter its IP address here.
+# You will have to access it by its address anyway, and this will make 
+# redirections work in a sensible way.
+#
+#ServerName www.example.com:80
+
+#
+# UseCanonicalName: Determines how Apache constructs self-referencing 
+# URLs and the SERVER_NAME and SERVER_PORT variables.
+# When set "Off", Apache will use the Hostname and Port supplied
+# by the client.  When set "On", Apache will use the value of the
+# ServerName directive.
+#
+UseCanonicalName Off
+
+#
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "[SERVER_ROOT]/docroot"
+
+#
+# Each directory to which Apache has access can be configured with respect
+# to which services and features are allowed and/or disabled in that
+# directory (and its subdirectories). 
+#
+# First, we configure the "default" to be a very restrictive set of 
+# features.  
+#
+<Directory />
+    Options FollowSymLinks
+    AllowOverride None
+</Directory>
+
+#
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.
+#
+
+#
+# This should be changed to whatever you set DocumentRoot to.
+#
+<Directory "[SERVER_ROOT]/docroot">
+
+#
+# Possible values for the Options directive are "None", "All",
+# or any combination of:
+#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+#
+# Note that "MultiViews" must be named *explicitly* --- "Options All"
+# doesn't give it to you.
+#
+# The Options directive is both complicated and important.  Please see
+# http://httpd.apache.org/docs-2.0/mod/core.html#options
+# for more information.
+#
+    Options Indexes ExecCGI FollowSymLinks
+
+#
+# AllowOverride controls what directives may be placed in .htaccess files.
+# It can be "All", "None", or any combination of the keywords:
+#   Options FileInfo AuthConfig Limit
+#
+    AllowOverride None
+
+#
+# Controls who can get stuff from this server.
+#
+    Order allow,deny
+    Allow from all
+
+</Directory>
+
+#
+# UserDir: The name of the directory that is appended onto a user's home
+# directory if a ~user request is received.
+#
+UserDir public_html
+
+#
+# Control access to UserDir directories.  The following is an example
+# for a site where these directories are restricted to read-only.
+#
+#<Directory /home/*/public_html>
+#    AllowOverride FileInfo AuthConfig Limit Indexes
+#    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+#    <Limit GET POST OPTIONS PROPFIND>
+#        Order allow,deny
+#        Allow from all
+#    </Limit>
+#    <LimitExcept GET POST OPTIONS PROPFIND>
+#        Order deny,allow
+#        Deny from all
+#    </LimitExcept>
+#</Directory>
+
+#
+# DirectoryIndex: sets the file that Apache will serve if a directory
+# is requested.
+#
+# The index.html.var file (a type-map) is used to deliver content-
+# negotiated documents.  The MultiViews Option can be used for the 
+# same purpose, but it is much slower.
+#
+DirectoryIndex index.html index.html.var
+
+#
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives.  See also the AllowOverride 
+# directive.
+#
+AccessFileName .htaccess
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being 
+# viewed by Web clients. 
+#
+<Files ~ "^\.ht">
+    Order allow,deny
+    Deny from all
+</Files>
+
+#
+# TypesConfig describes where the mime.types file (or equivalent) is
+# to be found.
+#
+TypesConfig conf/mime.types
+
+#
+# DefaultType is the default MIME type the server will use for a document
+# if it cannot otherwise determine one, such as from filename extensions.
+# If your server contains mostly text or HTML documents, "text/plain" is
+# a good value.  If most of your content is binary, such as applications
+# or images, you may want to use "application/octet-stream" instead to
+# keep browsers from trying to display binary files as though they are
+# text.
+#
+DefaultType text/plain
+
+#
+# The mod_mime_magic module allows the server to use various hints from the
+# contents of the file itself to determine its type.  The MIMEMagicFile
+# directive tells the module where the hint definitions are located.
+#
+<IfModule mod_mime_magic.c>
+    MIMEMagicFile conf/magic
+</IfModule>
+
+#
+# HostnameLookups: Log the names of clients or just their IP addresses
+# e.g., www.apache.org (on) or 204.62.129.132 (off).
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on, since enabling it means that
+# each client request will result in AT LEAST one lookup request to the
+# nameserver.
+#
+HostnameLookups Off
+
+#
+# EnableMMAP: Control whether memory-mapping is used to deliver
+# files (assuming that the underlying OS supports it).
+# The default is on; turn this off if you serve from NFS-mounted 
+# filesystems.  On some systems, turning it off (regardless of
+# filesystem) can improve performance; for details, please see
+# http://httpd.apache.org/docs-2.0/mod/core.html#enablemmap
+#
+#EnableMMAP off
+
+#
+# EnableSendfile: Control whether the sendfile kernel support is 
+# used  to deliver files (assuming that the OS supports it).
+# The default is on; turn this off if you serve from NFS-mounted 
+# filesystems.  Please see
+# http://httpd.apache.org/docs-2.0/mod/core.html#enablesendfile
+#
+#EnableSendfile off
+
+#
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here.  If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog logs/error_log
+
+#
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+#
+#LogLevel warn
+LogLevel debug
+
+#
+# The following directives define some format nicknames for use with
+# a CustomLog directive (see below).
+#
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+
+# You need to enable mod_logio.c to use %I and %O
+#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+
+#
+# The location and format of the access logfile (Common Logfile Format).
+# If you do not define any access logfiles within a <VirtualHost>
+# container, they will be logged here.  Contrariwise, if you *do*
+# define per-<VirtualHost> access logfiles, transactions will be
+# logged therein and *not* in this file.
+#
+CustomLog logs/access_log common
+
+#
+# If you would like to have agent and referer logfiles, uncomment the
+# following directives.
+#
+#CustomLog logs/referer_log referer
+#CustomLog logs/agent_log agent
+
+#
+# If you prefer a single logfile with access, agent, and referer information
+# (Combined Logfile Format) you can use the following directive.
+#
+#CustomLog logs/access_log combined
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of:  Full | OS | Minor | Minimal | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#
+ServerTokens Full
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory 
+# listings, mod_status and mod_info output etc., but not CGI generated 
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of:  On | Off | EMail
+#
+ServerSignature On
+
+#
+# Aliases: Add here as many aliases as you need (with no limit). The format is 
+# Alias fakename realname
+#
+# Note that if you include a trailing / on fakename then the server will
+# require it to be present in the URL.  So "/icons" isn't aliased in this
+# example, only "/icons/".  If the fakename is slash-terminated, then the 
+# realname must also be slash terminated, and if the fakename omits the 
+# trailing slash, the realname must also omit it.
+#
+# We include the /icons/ alias for FancyIndexed directory listings.  If you
+# do not use FancyIndexing, you may comment this out.
+#
+Alias /icons/ "[SERVER_ROOT]/icons/"
+
+<Directory "[SERVER_ROOT]/icons">
+    Options Indexes MultiViews
+    AllowOverride None
+    Order allow,deny
+    Allow from all
+</Directory>
+
+#
+# This should be changed to the ServerRoot/manual/.  The alias provides
+# the manual, even if you choose to move your DocumentRoot.  You may comment
+# this out if you do not care for the documentation.
+#
+AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "[SERVER_ROOT]/manual$1"
+
+<Directory "[SERVER_ROOT]/manual">
+    Options Indexes
+    AllowOverride None
+    Order allow,deny
+    Allow from all
+
+    <Files *.html>
+        SetHandler type-map
+    </Files>
+
+    SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1
+    RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2
+</Directory>
+
+#
+# ScriptAlias: This controls which directories contain server scripts.
+# ScriptAliases are essentially the same as Aliases, except that
+# documents in the realname directory are treated as applications and
+# run by the server when requested rather than as documents sent to the client.
+# The same rules about trailing "/" apply to ScriptAlias directives as to
+# Alias.
+#
+ScriptAlias /cgi-bin/ "[SERVER_ROOT]/cgi-bin/"
+
+<IfModule mod_cgid.c>
+#
+# Additional to mod_cgid.c settings, mod_cgid has Scriptsock <path>
+# for setting UNIX socket for communicating with cgid.
+#
+#Scriptsock            logs/cgisock
+</IfModule>
+
+#
+# "[SERVER_ROOT]/cgi-bin" should be changed to whatever your ScriptAliased
+# CGI directory exists, if you have that configured.
+#
+<Directory "[SERVER_ROOT]/cgi-bin">
+    AllowOverride None
+    Options ExecCGI
+    Order allow,deny
+    Allow from all
+</Directory>
+
+#
+# Redirect allows you to tell clients about documents which used to exist in
+# your server's namespace, but do not anymore. This allows you to tell the
+# clients where to look for the relocated document.
+# Example:
+# Redirect permanent /foo http://www.example.com/bar
+
+#
+# Directives controlling the display of server-generated directory listings.
+#
+
+#
+# IndexOptions: Controls the appearance of server-generated directory
+# listings.
+#
+IndexOptions FancyIndexing VersionSort
+
+#
+# AddIcon* directives tell the server which icon to show for different
+# files or filename extensions.  These are only displayed for
+# FancyIndexed directories.
+#
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
+
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
+
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+AddIcon /icons/bomb.gif core
+
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
+
+#
+# DefaultIcon is which icon to show for files which do not have an icon
+# explicitly set.
+#
+DefaultIcon /icons/unknown.gif
+
+#
+# AddDescription allows you to place a short description after a file in
+# server-generated indexes.  These are only displayed for FancyIndexed
+# directories.
+# Format: AddDescription "description" filename
+#
+#AddDescription "GZIP compressed document" .gz
+#AddDescription "tar archive" .tar
+#AddDescription "GZIP compressed tar archive" .tgz
+
+#
+# ReadmeName is the name of the README file the server will look for by
+# default, and append to directory listings.
+#
+# HeaderName is the name of a file which should be prepended to
+# directory indexes. 
+ReadmeName README.html
+HeaderName HEADER.html
+
+#
+# IndexIgnore is a set of filenames which directory indexing should ignore
+# and not include in the listing.  Shell-style wildcarding is permitted.
+#
+IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
+
+#
+# DefaultLanguage and AddLanguage allows you to specify the language of 
+# a document. You can then use content negotiation to give a browser a 
+# file in a language the user can understand.
+#
+# Specify a default language. This means that all data
+# going out without a specific language tag (see below) will 
+# be marked with this one. You probably do NOT want to set
+# this unless you are sure it is correct for all cases.
+#
+# * It is generally better to not mark a page as 
+# * being a certain language than marking it with the wrong
+# * language!
+#
+# DefaultLanguage nl
+#
+# Note 1: The suffix does not have to be the same as the language
+# keyword --- those with documents in Polish (whose net-standard
+# language code is pl) may wish to use "AddLanguage pl .po" to
+# avoid the ambiguity with the common suffix for perl scripts.
+#
+# Note 2: The example entries below illustrate that in some cases 
+# the two character 'Language' abbreviation is not identical to 
+# the two character 'Country' code for its country,
+# E.g. 'Danmark/dk' versus 'Danish/da'.
+#
+# Note 3: In the case of 'ltz' we violate the RFC by using a three char
+# specifier. There is 'work in progress' to fix this and get
+# the reference data for rfc1766 cleaned up.
+#
+# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
+# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
+# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
+# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
+# Norwegian (no) - Polish (pl) - Portugese (pt)
+# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
+# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
+#
+AddLanguage ca .ca
+AddLanguage cs .cz .cs
+AddLanguage da .dk
+AddLanguage de .de
+AddLanguage el .el
+AddLanguage en .en
+AddLanguage eo .eo
+AddLanguage es .es
+AddLanguage et .et
+AddLanguage fr .fr
+AddLanguage he .he
+AddLanguage hr .hr
+AddLanguage it .it
+AddLanguage ja .ja
+AddLanguage ko .ko
+AddLanguage ltz .ltz
+AddLanguage nl .nl
+AddLanguage nn .nn
+AddLanguage no .no
+AddLanguage pl .po
+AddLanguage pt .pt
+AddLanguage pt-BR .pt-br
+AddLanguage ru .ru
+AddLanguage sv .sv
+AddLanguage zh-CN .zh-cn
+AddLanguage zh-TW .zh-tw
+
+#
+# LanguagePriority allows you to give precedence to some languages
+# in case of a tie during content negotiation.
+#
+# Just list the languages in decreasing order of preference. We have
+# more or less alphabetized them here. You probably want to change this.
+#
+LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
+
+#
+# ForceLanguagePriority allows you to serve a result page rather than
+# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
+# [in case no accepted languages matched the available variants]
+#
+ForceLanguagePriority Prefer Fallback
+
+#
+# Commonly used filename extensions to character sets. You probably
+# want to avoid clashes with the language extensions, unless you
+# are good at carefully testing your setup after each change.
+# See http://www.iana.org/assignments/character-sets for the
+# official list of charset names and their respective RFCs.
+#
+AddCharset ISO-8859-1  .iso8859-1  .latin1
+AddCharset ISO-8859-2  .iso8859-2  .latin2 .cen
+AddCharset ISO-8859-3  .iso8859-3  .latin3
+AddCharset ISO-8859-4  .iso8859-4  .latin4
+AddCharset ISO-8859-5  .iso8859-5  .latin5 .cyr .iso-ru
+AddCharset ISO-8859-6  .iso8859-6  .latin6 .arb
+AddCharset ISO-8859-7  .iso8859-7  .latin7 .grk
+AddCharset ISO-8859-8  .iso8859-8  .latin8 .heb
+AddCharset ISO-8859-9  .iso8859-9  .latin9 .trk
+AddCharset ISO-2022-JP .iso2022-jp .jis
+AddCharset ISO-2022-KR .iso2022-kr .kis
+AddCharset ISO-2022-CN .iso2022-cn .cis
+AddCharset Big5        .Big5       .big5
+# For russian, more than one charset is used (depends on client, mostly):
+AddCharset WINDOWS-1251 .cp-1251   .win-1251
+AddCharset CP866       .cp866
+AddCharset KOI8-r      .koi8-r .koi8-ru
+AddCharset KOI8-ru     .koi8-uk .ua
+AddCharset ISO-10646-UCS-2 .ucs2
+AddCharset ISO-10646-UCS-4 .ucs4
+AddCharset UTF-8       .utf8
+
+# The set below does not map to a specific (iso) standard
+# but works on a fairly wide range of browsers. Note that
+# capitalization actually matters (it should not, but it
+# does for some browsers).
+#
+# See http://www.iana.org/assignments/character-sets
+# for a list of sorts. But browsers support few.
+#
+AddCharset GB2312      .gb2312 .gb 
+AddCharset utf-7       .utf7
+AddCharset utf-8       .utf8
+AddCharset big5        .big5 .b5
+AddCharset EUC-TW      .euc-tw
+AddCharset EUC-JP      .euc-jp
+AddCharset EUC-KR      .euc-kr
+AddCharset shift_jis   .sjis
+
+#
+# AddType allows you to add to or override the MIME configuration
+# file mime.types for specific file types.
+#
+#AddType application/x-tar .tgz
+#
+# AddEncoding allows you to have certain browsers uncompress
+# information on the fly. Note: Not all browsers support this.
+# Despite the name similarity, the following Add* directives have nothing
+# to do with the FancyIndexing customization directives above.
+#
+#AddEncoding x-compress .Z
+#AddEncoding x-gzip .gz .tgz
+#
+# If the AddEncoding directives above are commented-out, then you
+# probably should define those extensions to indicate media types:
+#
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+
+#
+# AddHandler allows you to map certain file extensions to "handlers":
+# actions unrelated to filetype. These can be either built into the server
+# or added with the Action directive (see below)
+#
+# To use CGI scripts outside of ScriptAliased directories:
+# (You will also need to add "ExecCGI" to the "Options" directive.)
+#
+AddHandler cgi-script .cgi
+
+#
+# For files that include their own HTTP headers:
+#
+#AddHandler send-as-is asis
+
+#
+# For server-parsed imagemap files:
+#
+#AddHandler imap-file map
+
+#
+# For type maps (negotiated resources):
+# (This is enabled by default to allow the Apache "It Worked" page
+#  to be distributed in multiple languages.)
+#
+AddHandler type-map var
+
+#
+# Filters allow you to process content before it is sent to the client.
+#
+# To parse .shtml files for server-side includes (SSI):
+# (You will also need to add "Includes" to the "Options" directive.)
+#
+#AddType text/html .shtml
+#AddOutputFilter INCLUDES .shtml
+
+#
+# Action lets you define media types that will execute a script whenever
+# a matching file is called. This eliminates the need for repeated URL
+# pathnames for oft-used CGI file processors.
+# Format: Action media/type /cgi-script/location
+# Format: Action handler-name /cgi-script/location
+#
+
+#
+# Customizable error responses come in three flavors:
+# 1) plain text 2) local redirects 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# Putting this all together, we can internationalize error responses.
+#
+# We use Alias to redirect any /error/HTTP_<error>.html.var response to
+# our collection of by-error message multi-language collections.  We use 
+# includes to substitute the appropriate text.
+#
+# You can modify the messages' appearance without changing any of the
+# default HTTP_<error>.html.var files by adding the line:
+#
+#   Alias /error/include/ "/your/include/path/"
+#
+# which allows you to create your own set of files by starting with the
+# /export/apache/error/include/ files and copying them to /your/include/path/, 
+# even on a per-VirtualHost basis.  The default include files will display
+# your Apache version number and your ServerAdmin email address regardless
+# of the setting of ServerSignature.
+#
+# The internationalized error documents require mod_alias, mod_include
+# and mod_negotiation.  To activate them, uncomment the following 30 lines.
+
+#    Alias /error/ "/export/apache/error/"
+#
+#    <Directory "/export/apache/error">
+#        AllowOverride None
+#        Options IncludesNoExec
+#        AddOutputFilter Includes html
+#        AddHandler type-map var
+#        Order allow,deny
+#        Allow from all
+#        LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
+#        ForceLanguagePriority Prefer Fallback
+#    </Directory>
+#
+#    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+#    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+#    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+#    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+#    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+#    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+#    ErrorDocument 410 /error/HTTP_GONE.html.var
+#    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+#    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+#    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+#    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+#    ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+#    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+#    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+#    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+#    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+#    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
+
+
+#
+# The following directives modify normal HTTP response behavior to
+# handle known problems with browser implementations.
+#
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
+
+#
+# The following directive disables redirects on non-GET requests for
+# a directory that does not include the trailing slash.  This fixes a 
+# problem with Microsoft WebFolders which does not appropriately handle 
+# redirects for folders with DAV methods.
+# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
+#
+BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+BrowserMatch "^WebDrive" redirect-carefully
+BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
+BrowserMatch "^gnome-vfs" redirect-carefully
+
+#
+# Allow server status reports generated by mod_status,
+# with the URL of http://servername/server-status
+# Change the ".example.com" to match your domain to enable.
+#
+#<Location /server-status>
+#    SetHandler server-status
+#    Order deny,allow
+#    Deny from all
+#    Allow from .example.com
+#</Location>
+
+#
+# Allow remote server configuration reports, with the URL of
+#  http://servername/server-info (requires that mod_info.c be loaded).
+# Change the ".example.com" to match your domain to enable.
+#
+#<Location /server-info>
+#    SetHandler server-info
+#    Order deny,allow
+#    Deny from all
+#    Allow from .example.com
+#</Location>
+
+
+#
+# Bring in additional module-specific configurations
+#
+#<IfModule mod_ssl.c>
+#    Include conf/ssl.conf
+#</IfModule>
+Include [SERVER_ROOT]/conf/nss.conf
+
+TPSConfigPathFile [SERVER_ROOT]/conf/CS.cfg
+
+TokendbConfigPathFile [SERVER_ROOT]/conf/CS.cfg
+
+### Section 3: Virtual Hosts
+#
+# VirtualHost: If you want to maintain multiple domains/hostnames on your
+# machine you can setup VirtualHost containers for them. Most configurations
+# use only name-based virtual hosts so the server doesn't need to worry about
+# IP addresses. This is indicated by the asterisks in the directives below.
+#
+# Please see the documentation at 
+# <URL:http://httpd.apache.org/docs-2.0/vhosts/>
+# for further details before you try to setup virtual hosts.
+#
+# You may use the command line option '-S' to verify your virtual host
+# configuration.
+
+#
+# Use name-based virtual hosting.
+#
+#NameVirtualHost *:80
+
+#
+# VirtualHost example:
+# Almost any Apache directive may go into a VirtualHost container.
+# The first VirtualHost section is used for requests without a known
+# server name.
+#
+#<VirtualHost *:80>
+#    ServerAdmin webmaster@dummy-host.example.com
+#    DocumentRoot /www/docs/dummy-host.example.com
+#    ServerName dummy-host.example.com
+#    ErrorLog logs/dummy-host.example.com-error_log
+#    CustomLog logs/dummy-host.example.com-access_log common
+#</VirtualHost>
diff --git a/pki/base/tps/apache/conf/magic b/pki/base/tps/apache/conf/magic
new file mode 100644
index 000000000..0de73361f
--- /dev/null
+++ b/pki/base/tps/apache/conf/magic
@@ -0,0 +1,382 @@
+# Magic data for mod_mime_magic Apache module (originally for file(1) command)
+# The module is described in /manual/mod/mod_mime_magic.html
+#
+# The format is 4-5 columns:
+#    Column #1: byte number to begin checking from, ">" indicates continuation
+#    Column #2: type of data to match
+#    Column #3: contents of data to match
+#    Column #4: MIME type of result
+#    Column #5: MIME encoding of result (optional)
+
+#------------------------------------------------------------------------------
+# Localstuff:  file(1) magic for locally observed files
+# Add any locally observed files here.
+
+#------------------------------------------------------------------------------
+# end local stuff
+#------------------------------------------------------------------------------
+
+#------------------------------------------------------------------------------
+# Java
+
+0	short		0xcafe
+>2	short		0xbabe		application/java
+
+#------------------------------------------------------------------------------
+# audio:  file(1) magic for sound formats
+#
+# from Jan Nicolai Langfeldt <janl@ifi.uio.no>,
+#
+
+# Sun/NeXT audio data
+0	string		.snd
+>12	belong		1		audio/basic
+>12	belong		2		audio/basic
+>12	belong		3		audio/basic
+>12	belong		4		audio/basic
+>12	belong		5		audio/basic
+>12	belong		6		audio/basic
+>12	belong		7		audio/basic
+
+>12	belong		23		audio/x-adpcm
+
+# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format
+# that uses little-endian encoding and has a different magic number
+# (0x0064732E in little-endian encoding).
+0	lelong		0x0064732E	
+>12	lelong		1		audio/x-dec-basic
+>12	lelong		2		audio/x-dec-basic
+>12	lelong		3		audio/x-dec-basic
+>12	lelong		4		audio/x-dec-basic
+>12	lelong		5		audio/x-dec-basic
+>12	lelong		6		audio/x-dec-basic
+>12	lelong		7		audio/x-dec-basic
+#                                       compressed (G.721 ADPCM)
+>12	lelong		23		audio/x-dec-adpcm
+
+# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM"
+#					AIFF audio data
+8	string		AIFF		audio/x-aiff	
+#					AIFF-C audio data
+8	string		AIFC		audio/x-aiff	
+#					IFF/8SVX audio data
+8	string		8SVX		audio/x-aiff	
+
+# Creative Labs AUDIO stuff
+#					Standard MIDI data
+0	string	MThd			audio/unknown	
+#>9 	byte	>0			(format %d)
+#>11	byte	>1			using %d channels
+#					Creative Music (CMF) data
+0	string	CTMF			audio/unknown	
+#					SoundBlaster instrument data
+0	string	SBI			audio/unknown	
+#					Creative Labs voice data
+0	string	Creative\ Voice\ File	audio/unknown	
+## is this next line right?  it came this way...
+#>19	byte	0x1A
+#>23	byte	>0			- version %d
+#>22	byte	>0			\b.%d
+
+# [GRR 950115:  is this also Creative Labs?  Guessing that first line
+#  should be string instead of unknown-endian long...]
+#0	long		0x4e54524b	MultiTrack sound data
+#0	string		NTRK		MultiTrack sound data
+#>4	long		x		- version %ld
+
+# Microsoft WAVE format (*.wav)
+# [GRR 950115:  probably all of the shorts and longs should be leshort/lelong]
+#					Microsoft RIFF
+0	string		RIFF		audio/unknown
+#					- WAVE format
+>8	string		WAVE		audio/x-wav
+# MPEG audio.
+0   beshort&0xfff0  0xfff0  audio/mpeg
+# C64 SID Music files, from Linus Walleij <triad@df.lth.se>
+0   string      PSID        audio/prs.sid
+
+#------------------------------------------------------------------------------
+# c-lang:  file(1) magic for C programs or various scripts
+#
+
+# XPM icons (Greg Roelofs, newt@uchicago.edu)
+# ideally should go into "images", but entries below would tag XPM as C source
+0	string		/*\ XPM		image/x-xbm	7bit
+
+# this first will upset you if you're a PL/1 shop... (are there any left?)
+# in which case rm it; ascmagic will catch real C programs
+#					C or REXX program text
+0	string		/*		text/plain
+#					C++ program text
+0	string		//		text/plain
+
+#------------------------------------------------------------------------------
+# compress:  file(1) magic for pure-compression formats (no archives)
+#
+# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc.
+#
+# Formats for various forms of compressed data
+# Formats for "compress" proper have been moved into "compress.c",
+# because it tries to uncompress it to figure out what's inside.
+
+# standard unix compress
+0	string		\037\235	application/octet-stream	x-compress
+
+# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver)
+0       string          \037\213        application/octet-stream	x-gzip
+
+# According to gzip.h, this is the correct byte order for packed data.
+0	string		\037\036	application/octet-stream
+#
+# This magic number is byte-order-independent.
+#
+0	short		017437		application/octet-stream
+
+# XXX - why *two* entries for "compacted data", one of which is
+# byte-order independent, and one of which is byte-order dependent?
+#
+# compacted data
+0	short		0x1fff		application/octet-stream
+0	string		\377\037	application/octet-stream
+# huf output
+0	short		0145405		application/octet-stream
+
+# Squeeze and Crunch...
+# These numbers were gleaned from the Unix versions of the programs to
+# handle these formats.  Note that I can only uncrunch, not crunch, and
+# I didn't have a crunched file handy, so the crunch number is untested.
+#				Keith Waclena <keith@cerberus.uchicago.edu>
+#0	leshort		0x76FF		squeezed data (CP/M, DOS)
+#0	leshort		0x76FE		crunched data (CP/M, DOS)
+
+# Freeze
+#0	string		\037\237	Frozen file 2.1
+#0	string		\037\236	Frozen file 1.0 (or gzip 0.5)
+
+# lzh?
+#0	string		\037\240	LZH compressed data
+
+#------------------------------------------------------------------------------
+# frame:  file(1) magic for FrameMaker files
+#
+# This stuff came on a FrameMaker demo tape, most of which is
+# copyright, but this file is "published" as witness the following:
+#
+0	string		\<MakerFile	application/x-frame
+0	string		\<MIFFile	application/x-frame
+0	string		\<MakerDictionary	application/x-frame
+0	string		\<MakerScreenFon	application/x-frame
+0	string		\<MML		application/x-frame
+0	string		\<Book		application/x-frame
+0	string		\<Maker		application/x-frame
+
+#------------------------------------------------------------------------------
+# html:  file(1) magic for HTML (HyperText Markup Language) docs
+#
+# from Daniel Quinlan <quinlan@yggdrasil.com>
+# and Anna Shergold <anna@inext.co.uk>
+#
+0   string      \<!DOCTYPE\ HTML    text/html
+0   string      \<!doctype\ html    text/html
+0   string      \<HEAD      text/html
+0   string      \<head      text/html
+0   string      \<TITLE     text/html
+0   string      \<title     text/html
+0   string      \<html      text/html
+0   string      \<HTML      text/html
+0   string      \<!--       text/html
+0   string      \<h1        text/html
+0   string      \<H1        text/html
+
+# XML eXtensible Markup Language, from Linus Walleij <triad@df.lth.se>
+0   string      \<?xml      text/xml
+
+#------------------------------------------------------------------------------
+# images:  file(1) magic for image formats (see also "c-lang" for XPM bitmaps)
+#
+# originally from jef@helios.ee.lbl.gov (Jef Poskanzer),
+# additions by janl@ifi.uio.no as well as others. Jan also suggested
+# merging several one- and two-line files into here.
+#
+# XXX - byte order for GIF and TIFF fields?
+# [GRR:  TIFF allows both byte orders; GIF is probably little-endian]
+#
+
+# [GRR:  what the hell is this doing in here?]
+#0	string		xbtoa		btoa'd file
+
+# PBMPLUS
+#					PBM file
+0	string		P1		image/x-portable-bitmap	7bit
+#					PGM file
+0	string		P2		image/x-portable-greymap	7bit
+#					PPM file
+0	string		P3		image/x-portable-pixmap	7bit
+#					PBM "rawbits" file
+0	string		P4		image/x-portable-bitmap
+#					PGM "rawbits" file
+0	string		P5		image/x-portable-greymap
+#					PPM "rawbits" file
+0	string		P6		image/x-portable-pixmap
+
+# NIFF (Navy Interchange File Format, a modification of TIFF)
+# [GRR:  this *must* go before TIFF]
+0	string		IIN1		image/x-niff
+
+# TIFF and friends
+#					TIFF file, big-endian
+0	string		MM		image/tiff
+#					TIFF file, little-endian
+0	string		II		image/tiff
+
+# possible GIF replacements; none yet released!
+# (Greg Roelofs, newt@uchicago.edu)
+#
+# GRR 950115:  this was mine ("Zip GIF"):
+#					ZIF image (GIF+deflate alpha)
+0	string		GIF94z		image/unknown
+#
+# GRR 950115:  this is Jeremy Wohl's Free Graphics Format (better):
+#					FGF image (GIF+deflate beta)
+0	string		FGF95a		image/unknown
+#
+# GRR 950115:  this is Thomas Boutell's Portable Bitmap Format proposal
+# (best; not yet implemented):
+#					PBF image (deflate compression)
+0	string		PBF		image/unknown
+
+# GIF
+0	string		GIF		image/gif
+
+# JPEG images
+0	beshort		0xffd8		image/jpeg
+
+# PC bitmaps (OS/2, Windoze BMP files)  (Greg Roelofs, newt@uchicago.edu)
+0	string		BM		image/bmp
+#>14	byte		12		(OS/2 1.x format)
+#>14	byte		64		(OS/2 2.x format)
+#>14	byte		40		(Windows 3.x format)
+#0	string		IC		icon
+#0	string		PI		pointer
+#0	string		CI		color icon
+#0	string		CP		color pointer
+#0	string		BA		bitmap array
+
+
+#------------------------------------------------------------------------------
+# lisp:  file(1) magic for lisp programs
+#
+# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com)
+0	string	;;			text/plain	8bit
+# Emacs 18 - this is always correct, but not very magical.
+0	string	\012(			application/x-elc
+# Emacs 19
+0	string	;ELC\023\000\000\000	application/x-elc
+
+#------------------------------------------------------------------------------
+# mail.news:  file(1) magic for mail and news
+#
+# There are tests to ascmagic.c to cope with mail and news.
+0	string		Relay-Version: 	message/rfc822	7bit
+0	string		#!\ rnews	message/rfc822	7bit
+0	string		N#!\ rnews	message/rfc822	7bit
+0	string		Forward\ to 	message/rfc822	7bit
+0	string		Pipe\ to 	message/rfc822	7bit
+0	string		Return-Path:	message/rfc822	7bit
+0	string		Path:		message/news	8bit
+0	string		Xref:		message/news	8bit
+0	string		From:		message/rfc822	7bit
+0	string		Article 	message/news	8bit
+#------------------------------------------------------------------------------
+# msword: file(1) magic for MS Word files
+#
+# Contributor claims:
+# Reversed-engineered MS Word magic numbers
+#
+
+0	string		\376\067\0\043			application/msword
+0	string		\333\245-\0\0\0			application/msword
+
+# disable this one because it applies also to other
+# Office/OLE documents for which msword is not correct. See PR#2608.
+#0	string		\320\317\021\340\241\261	application/msword
+
+
+
+#------------------------------------------------------------------------------
+# printer:  file(1) magic for printer-formatted files
+#
+
+# PostScript
+0	string		%!		application/postscript
+0	string		\004%!		application/postscript
+
+# Acrobat
+# (due to clamen@cs.cmu.edu)
+0	string		%PDF-		application/pdf
+
+#------------------------------------------------------------------------------
+# sc:  file(1) magic for "sc" spreadsheet
+#
+38	string		Spreadsheet	application/x-sc
+
+#------------------------------------------------------------------------------
+# tex:  file(1) magic for TeX files
+#
+# XXX - needs byte-endian stuff (big-endian and little-endian DVI?)
+#
+# From <conklin@talisman.kaleida.com>
+
+# Although we may know the offset of certain text fields in TeX DVI
+# and font files, we can't use them reliably because they are not
+# zero terminated. [but we do anyway, christos]
+0	string		\367\002	application/x-dvi
+#0	string		\367\203	TeX generic font data
+#0	string		\367\131	TeX packed font data
+#0	string		\367\312	TeX virtual font data
+#0	string		This\ is\ TeX,	TeX transcript text	
+#0	string		This\ is\ METAFONT,	METAFONT transcript text
+
+# There is no way to detect TeX Font Metric (*.tfm) files without
+# breaking them apart and reading the data.  The following patterns
+# match most *.tfm files generated by METAFONT or afm2tfm.
+#2	string		\000\021	TeX font metric data
+#2	string		\000\022	TeX font metric data
+#>34	string		>\0		(%s)
+
+# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com)
+#0	string		\\input\ texinfo	Texinfo source text
+#0	string		This\ is\ Info\ file	GNU Info text
+
+# correct TeX magic for Linux (and maybe more)
+# from Peter Tobias (tobias@server.et-inf.fho-emden.de)
+#
+0	leshort		0x02f7		application/x-dvi
+
+# RTF - Rich Text Format
+0	string		{\\rtf		application/rtf
+
+#------------------------------------------------------------------------------
+# animation:  file(1) magic for animation/movie formats
+#
+# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8)
+#						MPEG file
+0	string		\000\000\001\263	video/mpeg
+#
+# The contributor claims:
+#   I couldn't find a real magic number for these, however, this
+#   -appears- to work.  Note that it might catch other files, too,
+#   so BE CAREFUL!
+#
+# Note that title and author appear in the two 20-byte chunks
+# at decimal offsets 2 and 22, respectively, but they are XOR'ed with
+# 255 (hex FF)! DL format SUCKS BIG ROCKS.
+#
+#						DL file version 1 , medium format (160x100, 4 images/screen)
+0	byte		1			video/unknown
+0	byte		2			video/unknown
+# Quicktime video, from Linus Walleij <triad@df.lth.se>
+# from Apple quicktime file format documentation.
+4   string      moov        video/quicktime
+4   string      mdat        video/quicktime
+
diff --git a/pki/base/tps/apache/conf/mime.types b/pki/base/tps/apache/conf/mime.types
new file mode 100644
index 000000000..3485692d1
--- /dev/null
+++ b/pki/base/tps/apache/conf/mime.types
@@ -0,0 +1,592 @@
+# This is a comment. I love comments.
+
+# This file controls what Internet media types are sent to the client for
+# given file extension(s).  Sending the correct media type to the client
+# is important so they know how to handle the content of the file.
+# Extra types can either be added here or by using an AddType directive
+# in your config files. For more information about Internet media types,
+# please read RFC 2045, 2046, 2047, 2048, and 2077.  The Internet media type
+# registry is at <http://www.iana.org/assignments/media-types/>.
+
+# MIME type			Extensions
+application/activemessage
+application/andrew-inset	ez
+application/applefile
+application/atom+xml		atom
+application/atomicmail
+application/batch-smtp
+application/beep+xml
+application/cals-1840
+application/cnrp+xml
+application/commonground
+application/cpl+xml
+application/cybercash
+application/dca-rft
+application/dec-dx
+application/dvcs
+application/edi-consent
+application/edifact
+application/edi-x12
+application/eshop
+application/font-tdpfr
+application/http
+application/hyperstudio
+application/iges
+application/index
+application/index.cmd
+application/index.obj
+application/index.response
+application/index.vnd
+application/iotp
+application/ipp
+application/isup
+application/mac-binhex40	hqx
+application/mac-compactpro	cpt
+application/macwriteii
+application/marc
+application/mathematica
+application/mathml+xml		mathml
+application/msword		doc
+application/news-message-id
+application/news-transmission
+application/ocsp-request
+application/ocsp-response
+application/octet-stream	bin dms lha lzh exe class so dll dmg
+application/oda			oda
+application/ogg			ogg
+application/parityfec
+application/pdf			pdf
+application/pgp-encrypted
+application/pgp-keys
+application/pgp-signature
+application/pkcs10
+application/pkcs7-mime
+application/pkcs7-signature
+application/pkix-cert
+application/pkix-crl
+application/pkixcmp
+application/postscript		ai eps ps
+application/prs.alvestrand.titrax-sheet
+application/prs.cww
+application/prs.nprend
+application/prs.plucker
+application/qsig
+application/rdf+xml		rdf
+application/reginfo+xml
+application/remote-printing
+application/riscos
+application/rtf
+application/sdp
+application/set-payment
+application/set-payment-initiation
+application/set-registration
+application/set-registration-initiation
+application/sgml
+application/sgml-open-catalog
+application/sieve
+application/slate
+application/smil		smi smil
+application/srgs		gram
+application/srgs+xml		grxml
+application/timestamp-query
+application/timestamp-reply
+application/tve-trigger
+application/vemmi
+application/vnd.3gpp.pic-bw-large
+application/vnd.3gpp.pic-bw-small
+application/vnd.3gpp.pic-bw-var
+application/vnd.3gpp.sms
+application/vnd.3m.post-it-notes
+application/vnd.accpac.simply.aso
+application/vnd.accpac.simply.imp
+application/vnd.acucobol
+application/vnd.acucorp
+application/vnd.adobe.xfdf
+application/vnd.aether.imp
+application/vnd.amiga.ami
+application/vnd.anser-web-certificate-issue-initiation
+application/vnd.anser-web-funds-transfer-initiation
+application/vnd.audiograph
+application/vnd.blueice.multipass
+application/vnd.bmi
+application/vnd.businessobjects
+application/vnd.canon-cpdl
+application/vnd.canon-lips
+application/vnd.cinderella
+application/vnd.claymore
+application/vnd.commerce-battelle
+application/vnd.commonspace
+application/vnd.contact.cmsg
+application/vnd.cosmocaller
+application/vnd.criticaltools.wbs+xml
+application/vnd.ctc-posml
+application/vnd.cups-postscript
+application/vnd.cups-raster
+application/vnd.cups-raw
+application/vnd.curl
+application/vnd.cybank
+application/vnd.data-vision.rdz
+application/vnd.dna
+application/vnd.dpgraph
+application/vnd.dreamfactory
+application/vnd.dxr
+application/vnd.ecdis-update
+application/vnd.ecowin.chart
+application/vnd.ecowin.filerequest
+application/vnd.ecowin.fileupdate
+application/vnd.ecowin.series
+application/vnd.ecowin.seriesrequest
+application/vnd.ecowin.seriesupdate
+application/vnd.enliven
+application/vnd.epson.esf
+application/vnd.epson.msf
+application/vnd.epson.quickanime
+application/vnd.epson.salt
+application/vnd.epson.ssf
+application/vnd.ericsson.quickcall
+application/vnd.eudora.data
+application/vnd.fdf
+application/vnd.ffsns
+application/vnd.fints
+application/vnd.flographit
+application/vnd.framemaker
+application/vnd.fsc.weblaunch
+application/vnd.fujitsu.oasys
+application/vnd.fujitsu.oasys2
+application/vnd.fujitsu.oasys3
+application/vnd.fujitsu.oasysgp
+application/vnd.fujitsu.oasysprs
+application/vnd.fujixerox.ddd
+application/vnd.fujixerox.docuworks
+application/vnd.fujixerox.docuworks.binder
+application/vnd.fut-misnet
+application/vnd.grafeq
+application/vnd.groove-account
+application/vnd.groove-help
+application/vnd.groove-identity-message
+application/vnd.groove-injector
+application/vnd.groove-tool-message
+application/vnd.groove-tool-template
+application/vnd.groove-vcard
+application/vnd.hbci
+application/vnd.hhe.lesson-player
+application/vnd.hp-hpgl
+application/vnd.hp-hpid
+application/vnd.hp-hps
+application/vnd.hp-pcl
+application/vnd.hp-pclxl
+application/vnd.httphone
+application/vnd.hzn-3d-crossword
+application/vnd.ibm.afplinedata
+application/vnd.ibm.electronic-media
+application/vnd.ibm.minipay
+application/vnd.ibm.modcap
+application/vnd.ibm.rights-management
+application/vnd.ibm.secure-container
+application/vnd.informix-visionary
+application/vnd.intercon.formnet
+application/vnd.intertrust.digibox
+application/vnd.intertrust.nncp
+application/vnd.intu.qbo
+application/vnd.intu.qfx
+application/vnd.irepository.package+xml
+application/vnd.is-xpr
+application/vnd.japannet-directory-service
+application/vnd.japannet-jpnstore-wakeup
+application/vnd.japannet-payment-wakeup
+application/vnd.japannet-registration
+application/vnd.japannet-registration-wakeup
+application/vnd.japannet-setstore-wakeup
+application/vnd.japannet-verification
+application/vnd.japannet-verification-wakeup
+application/vnd.jisp
+application/vnd.kde.karbon
+application/vnd.kde.kchart
+application/vnd.kde.kformula
+application/vnd.kde.kivio
+application/vnd.kde.kontour
+application/vnd.kde.kpresenter
+application/vnd.kde.kspread
+application/vnd.kde.kword
+application/vnd.kenameaapp
+application/vnd.koan
+application/vnd.liberty-request+xml
+application/vnd.llamagraphics.life-balance.desktop
+application/vnd.llamagraphics.life-balance.exchange+xml
+application/vnd.lotus-1-2-3
+application/vnd.lotus-approach
+application/vnd.lotus-freelance
+application/vnd.lotus-notes
+application/vnd.lotus-organizer
+application/vnd.lotus-screencam
+application/vnd.lotus-wordpro
+application/vnd.mcd
+application/vnd.mediastation.cdkey
+application/vnd.meridian-slingshot
+application/vnd.micrografx.flo
+application/vnd.micrografx.igx
+application/vnd.mif		mif
+application/vnd.minisoft-hp3000-save
+application/vnd.mitsubishi.misty-guard.trustweb
+application/vnd.mobius.daf
+application/vnd.mobius.dis
+application/vnd.mobius.mbk
+application/vnd.mobius.mqy
+application/vnd.mobius.msl
+application/vnd.mobius.plc
+application/vnd.mobius.txf
+application/vnd.mophun.application
+application/vnd.mophun.certificate
+application/vnd.motorola.flexsuite
+application/vnd.motorola.flexsuite.adsi
+application/vnd.motorola.flexsuite.fis
+application/vnd.motorola.flexsuite.gotap
+application/vnd.motorola.flexsuite.kmr
+application/vnd.motorola.flexsuite.ttc
+application/vnd.motorola.flexsuite.wem
+application/vnd.mozilla.xul+xml	xul
+application/vnd.ms-artgalry
+application/vnd.ms-asf
+application/vnd.ms-excel	xls
+application/vnd.ms-lrm
+application/vnd.ms-powerpoint	ppt
+application/vnd.ms-project
+application/vnd.ms-tnef
+application/vnd.ms-works
+application/vnd.ms-wpl
+application/vnd.mseq
+application/vnd.msign
+application/vnd.music-niff
+application/vnd.musician
+application/vnd.netfpx
+application/vnd.noblenet-directory
+application/vnd.noblenet-sealer
+application/vnd.noblenet-web
+application/vnd.novadigm.edm
+application/vnd.novadigm.edx
+application/vnd.novadigm.ext
+application/vnd.obn
+application/vnd.osa.netdeploy
+application/vnd.palm
+application/vnd.pg.format
+application/vnd.pg.osasli
+application/vnd.powerbuilder6
+application/vnd.powerbuilder6-s
+application/vnd.powerbuilder7
+application/vnd.powerbuilder7-s
+application/vnd.powerbuilder75
+application/vnd.powerbuilder75-s
+application/vnd.previewsystems.box
+application/vnd.publishare-delta-tree
+application/vnd.pvi.ptid1
+application/vnd.pwg-multiplexed
+application/vnd.pwg-xhtml-print+xml
+application/vnd.quark.quarkxpress
+application/vnd.rapid
+application/vnd.s3sms
+application/vnd.sealed.net
+application/vnd.seemail
+application/vnd.shana.informed.formdata
+application/vnd.shana.informed.formtemplate
+application/vnd.shana.informed.interchange
+application/vnd.shana.informed.package
+application/vnd.smaf
+application/vnd.sss-cod
+application/vnd.sss-dtf
+application/vnd.sss-ntf
+application/vnd.street-stream
+application/vnd.svd
+application/vnd.swiftview-ics
+application/vnd.triscape.mxs
+application/vnd.trueapp
+application/vnd.truedoc
+application/vnd.ufdl
+application/vnd.uplanet.alert
+application/vnd.uplanet.alert-wbxml
+application/vnd.uplanet.bearer-choice
+application/vnd.uplanet.bearer-choice-wbxml
+application/vnd.uplanet.cacheop
+application/vnd.uplanet.cacheop-wbxml
+application/vnd.uplanet.channel
+application/vnd.uplanet.channel-wbxml
+application/vnd.uplanet.list
+application/vnd.uplanet.list-wbxml
+application/vnd.uplanet.listcmd
+application/vnd.uplanet.listcmd-wbxml
+application/vnd.uplanet.signal
+application/vnd.vcx
+application/vnd.vectorworks
+application/vnd.vidsoft.vidconference
+application/vnd.visio
+application/vnd.visionary
+application/vnd.vividence.scriptfile
+application/vnd.vsf
+application/vnd.wap.sic
+application/vnd.wap.slc
+application/vnd.wap.wbxml	wbxml
+application/vnd.wap.wmlc	wmlc
+application/vnd.wap.wmlscriptc	wmlsc
+application/vnd.webturbo
+application/vnd.wrq-hp3000-labelled
+application/vnd.wt.stf
+application/vnd.wv.csp+wbxml
+application/vnd.xara
+application/vnd.xfdl
+application/vnd.yamaha.hv-dic
+application/vnd.yamaha.hv-script
+application/vnd.yamaha.hv-voice
+application/vnd.yellowriver-custom-menu
+application/voicexml+xml	vxml
+application/watcherinfo+xml
+application/whoispp-query
+application/whoispp-response
+application/wita
+application/wordperfect5.1
+application/x-bcpio		bcpio
+application/x-cdlink		vcd
+application/x-chess-pgn		pgn
+application/x-compress
+application/x-cpio		cpio
+application/x-csh		csh
+application/x-director		dcr dir dxr
+application/x-dvi		dvi
+application/x-futuresplash	spl
+application/x-gtar		gtar
+application/x-gzip
+application/x-hdf		hdf
+application/x-javascript	js
+application/x-koan		skp skd skt skm
+application/x-latex		latex
+application/x-netcdf		nc cdf
+application/x-sh		sh
+application/x-shar		shar
+application/x-shockwave-flash	swf
+application/x-stuffit		sit
+application/x-sv4cpio		sv4cpio
+application/x-sv4crc		sv4crc
+application/x-tar		tar
+application/x-tcl		tcl
+application/x-tex		tex
+application/x-texinfo		texinfo texi
+application/x-troff		t tr roff
+application/x-troff-man		man
+application/x-troff-me		me
+application/x-troff-ms		ms
+application/x-ustar		ustar
+application/x-wais-source	src
+application/x400-bp
+application/xhtml+xml		xhtml xht
+application/xslt+xml		xslt
+application/xml			xml xsl
+application/xml-dtd		dtd
+application/xml-external-parsed-entity
+application/zip			zip
+audio/32kadpcm
+audio/amr
+audio/amr-wb
+audio/basic			au snd
+audio/cn
+audio/dat12
+audio/dsr-es201108
+audio/dvi4
+audio/evrc
+audio/evrc0
+audio/g722
+audio/g.722.1
+audio/g723
+audio/g726-16
+audio/g726-24
+audio/g726-32
+audio/g726-40
+audio/g728
+audio/g729
+audio/g729D
+audio/g729E
+audio/gsm
+audio/gsm-efr
+audio/l8
+audio/l16
+audio/l20
+audio/l24
+audio/lpc
+audio/midi			mid midi kar
+audio/mpa
+audio/mpa-robust
+audio/mp4a-latm
+audio/mpeg			mpga mp2 mp3
+audio/parityfec
+audio/pcma
+audio/pcmu
+audio/prs.sid
+audio/qcelp
+audio/red
+audio/smv
+audio/smv0
+audio/telephone-event
+audio/tone
+audio/vdvi
+audio/vnd.3gpp.iufp
+audio/vnd.cisco.nse
+audio/vnd.cns.anp1
+audio/vnd.cns.inf1
+audio/vnd.digital-winds
+audio/vnd.everad.plj
+audio/vnd.lucent.voice
+audio/vnd.nortel.vbk
+audio/vnd.nuera.ecelp4800
+audio/vnd.nuera.ecelp7470
+audio/vnd.nuera.ecelp9600
+audio/vnd.octel.sbc
+audio/vnd.qcelp
+audio/vnd.rhetorex.32kadpcm
+audio/vnd.vmx.cvsd
+audio/x-aiff			aif aiff aifc
+audio/x-alaw-basic
+audio/x-mpegurl			m3u
+audio/x-pn-realaudio		ram ra
+audio/x-pn-realaudio-plugin
+application/vnd.rn-realmedia	rm
+audio/x-wav			wav
+chemical/x-pdb			pdb
+chemical/x-xyz			xyz
+image/bmp			bmp
+image/cgm			cgm
+image/g3fax
+image/gif			gif
+image/ief			ief
+image/jpeg			jpeg jpg jpe
+image/naplps
+image/png			png
+image/prs.btif
+image/prs.pti
+image/svg+xml			svg
+image/t38
+image/tiff			tiff tif
+image/tiff-fx
+image/vnd.cns.inf2
+image/vnd.djvu			djvu djv
+image/vnd.dwg
+image/vnd.dxf
+image/vnd.fastbidsheet
+image/vnd.fpx
+image/vnd.fst
+image/vnd.fujixerox.edmics-mmr
+image/vnd.fujixerox.edmics-rlc
+image/vnd.globalgraphics.pgb
+image/vnd.mix
+image/vnd.ms-modi
+image/vnd.net-fpx
+image/vnd.svf
+image/vnd.wap.wbmp		wbmp
+image/vnd.xiff
+image/x-cmu-raster		ras
+image/x-icon			ico
+image/x-portable-anymap		pnm
+image/x-portable-bitmap		pbm
+image/x-portable-graymap	pgm
+image/x-portable-pixmap		ppm
+image/x-rgb			rgb
+image/x-xbitmap			xbm
+image/x-xpixmap			xpm
+image/x-xwindowdump		xwd
+message/delivery-status
+message/disposition-notification
+message/external-body
+message/http
+message/news
+message/partial
+message/rfc822
+message/s-http
+message/sip
+message/sipfrag
+model/iges			igs iges
+model/mesh			msh mesh silo
+model/vnd.dwf
+model/vnd.flatland.3dml
+model/vnd.gdl
+model/vnd.gs-gdl
+model/vnd.gtw
+model/vnd.mts
+model/vnd.parasolid.transmit.binary
+model/vnd.parasolid.transmit.text
+model/vnd.vtu
+model/vrml			wrl vrml
+multipart/alternative
+multipart/appledouble
+multipart/byteranges
+multipart/digest
+multipart/encrypted
+multipart/form-data
+multipart/header-set
+multipart/mixed
+multipart/parallel
+multipart/related
+multipart/report
+multipart/signed
+multipart/voice-message
+text/calendar			ics ifb
+text/css			css
+text/directory
+text/enriched
+text/html			html htm
+text/parityfec
+text/plain			asc txt
+text/prs.lines.tag
+text/rfc822-headers
+text/richtext			rtx
+text/rtf			rtf
+text/sgml			sgml sgm
+text/t140
+text/tab-separated-values	tsv
+text/uri-list
+text/vnd.abc
+text/vnd.curl
+text/vnd.dmclientscript
+text/vnd.fly
+text/vnd.fmi.flexstor
+text/vnd.in3d.3dml
+text/vnd.in3d.spot
+text/vnd.iptc.nitf
+text/vnd.iptc.newsml
+text/vnd.latex-z
+text/vnd.motorola.reflex
+text/vnd.ms-mediapackage
+text/vnd.net2phone.commcenter.command
+text/vnd.sun.j2me.app-descriptor
+text/vnd.wap.si
+text/vnd.wap.sl
+text/vnd.wap.wml		wml
+text/vnd.wap.wmlscript		wmls
+text/x-setext			etx
+text/xml
+text/xml-external-parsed-entity
+video/bmpeg
+video/bt656
+video/celb
+video/dv
+video/h261
+video/h263
+video/h263-1998
+video/h263-2000
+video/jpeg
+video/mp1s
+video/mp2p
+video/mp2t
+video/mp4v-es
+video/mpv
+video/mpeg			mpeg mpg mpe
+video/nv
+video/parityfec
+video/pointer
+video/quicktime			qt mov
+video/smpte292m
+video/vnd.fvt
+video/vnd.motorola.video
+video/vnd.motorola.videop
+video/vnd.mpegurl		mxu m4u
+video/vnd.nokia.interleaved-multimedia
+video/vnd.objectvideo
+video/vnd.vivo
+video/x-msvideo			avi
+video/x-sgi-movie		movie
+x-conference/x-cooltalk		ice
diff --git a/pki/base/tps/apache/conf/nss.conf b/pki/base/tps/apache/conf/nss.conf
new file mode 100644
index 000000000..43f7753da
--- /dev/null
+++ b/pki/base/tps/apache/conf/nss.conf
@@ -0,0 +1,152 @@
+#
+# This is the Apache server configuration file providing SSL support using.
+# the mod_nss plugin.  It contains the configuration directives to instruct
+# the server how to serve pages over an https connection.
+# 
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+
+#
+# When we also provide SSL we have to listen to the 
+# standard HTTP port (see above) and to the HTTPS port
+#
+# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
+#       Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
+#
+Listen 0.0.0.0:[SECURE_PORT]
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#
+#   Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl    .crl
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+#NSSPassPhraseDialog  builtin
+NSSPassPhraseDialog  defer:[SERVER_ROOT]/conf/password.conf
+
+
+#   Pass Phrase Helper:
+#   This helper program stores the token password pins between
+#   restarts of Apache.
+NSSPassPhraseHelper /usr/share/pki/tps/scripts/nss_pcache
+
+#   Configure the SSL Session Cache. 
+#   SSLSessionCacheSize is the number of entries in the cache.
+#   SSLSessionCacheTimeout is the SSL2 session timeout (in seconds).
+#   SSL3SessionCacheTimeout is the SSL3/TLS session timeout (in seconds).
+NSSSessionCacheSize 10000
+NSSSessionCacheTimeout 100
+NSSSession3CacheTimeout 86400
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:[SECURE_PORT]>
+
+#   General setup for the virtual host
+#DocumentRoot "/htdocs"
+#ServerName [SERVER_NAME]:[SECURE_PORT]
+#ServerAdmin you@example.com
+
+# mod_ssl logs to separate log files, you can choose to do that if you'd like
+ErrorLog [SERVER_ROOT]/logs/error_log
+TransferLog [SERVER_ROOT]/logs/access_log
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+NSSEngine on
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate.
+#   See the mod_nss documentation for a complete list.
+NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha,+ecdhe_ecdsa_aes_256_sha
+
+NSSProtocol SSLv3,TLSv1
+
+#   SSL Certificate Nickname:
+#   The nickname of the server certificate you are going to use.
+NSSNickname "Server-Cert cert-[INSTANCE_ID]"
+
+#   Server Certificate Database:
+#   The NSS security database directory that holds the certificates and
+#   keys. The database consists of 3 files: cert8.db, key3.db and secmod.db.
+#   Provide the directory that these files exist.
+NSSCertificateDatabase  [SERVER_ROOT]/alias
+
+#   Client Authentication (Type):
+#   Client certificate verification type.  Types are none, optional and
+#   require.
+NSSVerifyClient none
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_nss documentation
+#   for more details.
+#<Location />
+#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    NSSOptions +StdEnvVars
+</Files>
+<Directory "/cgi-bin">
+    NSSOptions +StdEnvVars
+</Directory>
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+#CustomLog [SERVER_ROOT]/logs/ssl_request_log \
+#          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>                                  
+
diff --git a/pki/base/tps/apache/conf/perl.conf b/pki/base/tps/apache/conf/perl.conf
new file mode 100644
index 000000000..feb51e860
--- /dev/null
+++ b/pki/base/tps/apache/conf/perl.conf
@@ -0,0 +1,70 @@
+#
+# Mod_perl incorporates a Perl interpreter into the Apache web server,
+# so that the Apache web server can directly execute Perl code.
+# Mod_perl links the Perl runtime library into the Apache web server
+# and provides an object-oriented Perl interface for Apache's C
+# language API.  The end result is a quicker CGI script turnaround
+# process, since no external Perl interpreter has to be started.
+#
+
+LoadModule perl_module [FORTITUDE_LIB_DIR]/modules/mod_perl.so
+
+# Uncomment this line to globally enable warnings, which will be
+# written to the server's error log.  Warnings should be enabled
+# during the development process, but should be disabled on a
+# production server as they affect performance.
+#
+#PerlWarn On
+
+# Uncomment this line to enable taint checking globally.  When Perl is
+# running in taint mode various checks are performed to reduce the
+# risk of insecure data being passed to a subshell or being used to
+# modify the filesystem.  Unfortunatly many Perl modules are not
+# taint-safe, so you should exercise care before enabling it on a
+# production server.
+#
+#PerlTaintCheck On
+
+# This will allow execution of mod_perl to compile your scripts to
+# subroutines which it will execute directly, avoiding the costly
+# compile process for most requests.
+#
+#Alias /perl /var/www/perl
+#<Directory /var/www/perl>
+#    SetHandler perl-script
+#    PerlResponseHandler ModPerl::Registry
+#    PerlOptions +ParseHeaders
+#    Options +ExecCGI
+#</Directory>
+
+# This will allow remote server configuration reports, with the URL of
+#  http://servername/perl-status
+# Change the ".your-domain.com" to match your domain to enable.
+#
+#PerlModule Apache::compat
+#<Location /perl-status>
+#    SetHandler perl-script
+#    PerlResponseHandler Apache::Status
+#    Order deny,allow
+#    Deny from all
+#    Allow from .your-domain.com
+#</Location>
+
+PerlModule ModPerl::Registry
+PerlModule [FORTITUDE_APACHE]::compat
+PerlModule PKI::TPS::wizard
+PerlSetEnv PKI_DOCROOT [SERVER_ROOT]/docroot
+PerlSetEnv PKI_ROOT [SERVER_ROOT]
+<Location /tps/admin/console/config/wizard>
+   SetHandler perl-script
+   PerlHandler PKI::TPS::Wizard
+   Order deny,allow
+   Allow from all
+</Location>
+
+<Location /tps/admin/console/config/login>
+   SetHandler perl-script
+   PerlHandler PKI::TPS::Login
+   Order deny,allow
+   Allow from all
+</Location>
diff --git a/pki/base/tps/apache/pki_instance_command_wrapper b/pki/base/tps/apache/pki_instance_command_wrapper
new file mode 100644
index 000000000..061526f69
--- /dev/null
+++ b/pki/base/tps/apache/pki_instance_command_wrapper
@@ -0,0 +1,195 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+# Check to insure that this script's original invocation directory
+# has not been deleted!
+CWD=`/bin/pwd > /dev/null 2>&1`
+if [ $? -ne 0 ] ; then
+	echo "Cannot invoke '$0' from non-existent directory!"
+	exit 255
+fi
+ 
+# Check to insure that at least one PKI subsystem
+# currently resides on this system.
+if	[ ! -x /usr/bin/pkiarch   ] ||
+	[ ! -x /usr/bin/pkiflavor ] ||
+	[ ! -x /usr/bin/pkiname   ]; then
+	echo "This machine is missing all PKI subsystems!"
+	exit 255
+fi
+
+
+###############################################################################
+##  (1) Specify variables used by this script.                               ##
+###############################################################################
+
+PRODUCT=[PKI_PRODUCT]
+SUBSYSTEM=[PKI_SUBSYSTEM]
+INSTANCE=[PKI_INSTANCE]
+COMMAND=[PKI_COMMAND]
+
+
+###############################################################################
+##  (2) Define helper functions.                                             ##
+###############################################################################
+
+invalid_operating_system() {
+   	echo
+   	echo "ERROR:  '$0' does not execute on the '$1' operating system!"
+   	echo
+}
+
+invalid_architecture() {
+   	echo
+   	echo "ERROR:  '$0' does not execute on the '$1' architecture!"
+   	echo
+}
+
+
+###############################################################################
+##  (3) Set environment variables.                                           ##
+##                                                                           ##
+##      Set the LD_LIBRARY_PATH environment variable to determine the        ##
+##      search order this command wrapper uses to find shared libraries.     ##
+##                                                                           ##
+##      Set the PATH environment variable to determine the search            ##
+##      order this command wrapper uses to find binary executables.          ##
+##                                                                           ##
+##      NOTE:  Since the wrappers themselves are ALWAYS located in           ##
+##             "/usr/bin" on 32-bit and 64-bit Linux as well as both         ##
+##             32-bit Solaris and 64-bit Solaris, this directory             ##
+##             will always be excluded from the search path.                 ##
+##                                                                           ##
+##             Additionally, since "/bin" is nothing more than a symbolic    ##
+##             link to "/usr/bin" on Solaris, this directory will also       ##
+##             always be excluded from the search path on this platform.     ##
+##                                                                           ##
+###############################################################################
+
+OS=`pkiname`
+ARCHITECTURE=`pkiarch`
+
+if [ "${OS}" = "Linux" ] ; then
+	if [ "${ARCHITECTURE}" = "i386" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/var/lib/${INSTANCE}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}:/bin
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		PATH=/var/lib/${INSTANCE}:${PATH}
+		export PATH
+	elif [ "${ARCHITECTURE}" = "x86_64" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/var/lib/${INSTANCE}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/java:/usr/lib64:/lib64:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		PATH=/var/lib/${INSTANCE}:${PATH}
+		PATH=/usr/lib64/${PRODUCT}:/bin:${PATH}
+		PATH=/usr/lib64/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		export PATH
+	else
+		invalid_architecture "${ARCHITECTURE}"
+		exit 255
+	fi
+elif [ "${OS}" = "SunOS" ] ; then
+	if [ "${ARCHITECTURE}" = "sparc" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/var/lib/${INSTANCE}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		PATH=/var/lib/${INSTANCE}:${PATH}
+		export PATH
+	elif [ "${ARCHITECTURE}" = "sparcv9" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/var/lib/${INSTANCE}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9:/lib/sparcv9:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/java:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/bin/sparcv9
+		PATH=/usr/lib/${PRODUCT}:${PATH}
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		PATH=/var/lib/${INSTANCE}:${PATH}
+		PATH=/usr/lib/sparcv9/${PRODUCT}:${PATH}
+		PATH=/usr/lib/sparcv9/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		export PATH
+	else
+		invalid_architecture "${ARCHITECTURE}"
+		exit 255
+	fi
+else
+	invalid_operating_system "${OS}"
+	exit 255
+fi
+
+
+###############################################################################
+##  (4) Execute the binary executable specified by this command wrapper      ##
+##      based upon the preset LD_LIBRARY_PATH and PATH environment variables.##
+###############################################################################
+
+ORIGINAL_IFS=${IFS}
+IFS=:
+
+for dir in ${PATH}
+do
+	if [ -x ${dir}/${COMMAND} ]
+	then
+		IFS=${ORIGINAL_IFS}
+		${dir}/${COMMAND} "$@"
+		exit $?
+	fi
+done
+
+echo "Unable to find \"${COMMAND}\" in \"${PATH}\"!"
+
+exit 255
+
diff --git a/pki/base/tps/apache/pki_subsystem_command_wrapper b/pki/base/tps/apache/pki_subsystem_command_wrapper
new file mode 100644
index 000000000..a8f4344b7
--- /dev/null
+++ b/pki/base/tps/apache/pki_subsystem_command_wrapper
@@ -0,0 +1,176 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+# Check to insure that this script's original invocation directory
+# has not been deleted!
+CWD=`/bin/pwd > /dev/null 2>&1`
+if [ $? -ne 0 ] ; then
+	echo "Cannot invoke '$0' from non-existent directory!"
+	exit 255
+fi
+ 
+
+###############################################################################
+##  (1) Specify variables used by this script.                               ##
+###############################################################################
+
+PRODUCT=[PKI_PRODUCT]
+SUBSYSTEM=[PKI_SUBSYSTEM]
+COMMAND=[PKI_COMMAND]
+
+
+###############################################################################
+##  (2) Define helper functions.                                             ##
+###############################################################################
+
+invalid_operating_system() {
+   	echo
+   	echo "ERROR:  '$0' does not execute on the '$1' operating system!"
+   	echo
+}
+
+invalid_architecture() {
+   	echo
+   	echo "ERROR:  '$0' does not execute on the '$1' architecture!"
+   	echo
+}
+
+
+###############################################################################
+##  (3) Set environment variables.                                           ##
+##                                                                           ##
+##      Set the LD_LIBRARY_PATH environment variable to determine the        ##
+##      search order this command wrapper uses to find shared libraries.     ##
+##                                                                           ##
+##      Set the PATH environment variable to determine the search            ##
+##      order this command wrapper uses to find binary executables.          ##
+##                                                                           ##
+##      NOTE:  Since the wrappers themselves are ALWAYS located in           ##
+##             "/usr/bin" on 32-bit and 64-bit Linux as well as both         ##
+##             32-bit Solaris and 64-bit Solaris, this directory             ##
+##             will always be excluded from the search path.                 ##
+##                                                                           ##
+##             Additionally, since "/bin" is nothing more than a symbolic    ##
+##             link to "/usr/bin" on Solaris, this directory will also       ##
+##             always be excluded from the search path on this platform.     ##
+##                                                                           ##
+###############################################################################
+
+OS=`pkiname`
+ARCHITECTURE=`pkiarch`
+
+if [ "${OS}" = "Linux" ] ; then
+	if [ "${ARCHITECTURE}" = "i386" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}:/bin
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		export PATH
+	elif [ "${ARCHITECTURE}" = "x86_64" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/java:/usr/lib64:/lib64:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		PATH=/usr/lib64/${PRODUCT}:/bin:${PATH}
+		PATH=/usr/lib64/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		export PATH
+	else
+		invalid_architecture "${ARCHITECTURE}"
+		exit 255
+	fi
+elif [ "${OS}" = "SunOS" ] ; then
+	if [ "${ARCHITECTURE}" = "sparc" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		export PATH
+	elif [ "${ARCHITECTURE}" = "sparcv9" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9:/lib/sparcv9:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/java:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		PATH=/usr/lib/sparcv9/${PRODUCT}:${PATH}
+		PATH=/usr/lib/sparcv9/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		export PATH
+	else
+		invalid_architecture "${ARCHITECTURE}"
+		exit 255
+	fi
+else
+	invalid_operating_system "${OS}"
+	exit 255
+fi
+
+
+###############################################################################
+##  (4) Execute the binary executable specified by this command wrapper      ##
+##      based upon the preset LD_LIBRARY_PATH and PATH environment variables.##
+###############################################################################
+
+ORIGINAL_IFS=${IFS}
+IFS=:
+
+for dir in ${PATH}
+do
+	if [ -x ${dir}/${COMMAND} ]
+	then
+		IFS=${ORIGINAL_IFS}
+		${dir}/${COMMAND} "$@"
+		exit $?
+	fi
+done
+
+echo "Unable to find \"${COMMAND}\" in \"${PATH}\"!"
+
+exit 255
+
diff --git a/pki/base/tps/apache/readme.html b/pki/base/tps/apache/readme.html
new file mode 100644
index 000000000..3b741e6ae
--- /dev/null
+++ b/pki/base/tps/apache/readme.html
@@ -0,0 +1,1222 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation;
+     version 2.1 of the License.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<body>
+<h1>
+<center><b>
+How to Setup and Configure "mod_tps" and "mod_tokendb" on Apache
+</b></center>
+<hr>
+<h2>Overview</h2>
+<ul>
+<p>This document describes how to install and configure the "mod_tps" and
+"mod_tokendb" modules required by CoolKey.
+</ul>
+<h2>Dependencies</h2>
+<ul>
+<p>"mod_tps" is dependent upon the following components:
+<ul>
+<li>Fedora Certificate System (FCS) 1.0.0 Certificate Authority (CA)
+<li>FCS 1.0.0 Token Key Service (TKS)
+<li>FCS 1.0.0 Data Recovery Manager (DRM) [optional]
+<li>FCS 1.0.0 Token Processing System (TPS)
+<li>Fedora Directory Server (FDS) 1.0 (TPS internaldb instance)
+<li>Apache 2.0.52
+<li>"mod_nss" module installed and available from this Apache 2.0.52 (Fortitude)
+</ul>
+<p>"mod_tokendb" is dependent upon the following components:
+<ul>
+<li>FCS 1.0.0 TPS
+<li>FDS 1.0 TPS internaldb instance
+<li>Apache 2.0.52
+<li>"mod_nss" module installed and available from this Apache 2.0.52 (Fortitude)
+<li>"mod_tps" module installed and available from this Apache 2.0.52 (Fortitude)
+</ul>
+</ul>
+<h2>Supported Platforms</h2>
+<ul>
+<li>Fedora Core 6 (32-bit),
+<li>Fedora Core 6 (64-bit), and
+<li>Solaris 9 (64-bit)
+</ul>
+<h2>Installing and Configuring "mod_tps" and "mod_tokendb"</h2>
+<ol>
+<li>Insure that a pre-installed version 1.0.0 of the FCS common subsystems area
+exists on the desired machine running on the desired platform<br>
+(e. g. - &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;)
+<li>Insure that a pre-installed version 1.0.0 of the FCS CA exists on the
+desired machine running on the desired platform<br>
+(e. g. - &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_ca_subsystems&gt; and &lt;pki_server_root&gt;/&lt;ca_instance&gt;)
+<li>Insure that a pre-installed version 1.0.0 of the FCS TKS exists on the
+desired machine running on the desired platform<br>
+(e. g. - &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tks_subsystems&gt; and &lt;pki_server_root&gt;/&lt;tks_instance&gt;)
+<li>Optionally, insure that a pre-installed version 1.0.0 of the FCS DRM exists
+on the desired machine running on the desired platform<br>
+(e. g. - &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_drm_subsystems&gt; and &lt;pki_server_root&gt;/&lt;drm_instance&gt;)
+<li>Insure that a pre-installed version 1.0 of the FDS exists on the desired
+machine running on the desired platform.<br>
+This is needed to create a TPS internaldb instance<br>
+(e. g. - &lt;rhds_server_root&gt;/&lt;tps_internaldb&gt;)
+<li>Insure that a pre-installed threaded version 2.0.52 of the Apache server
+exists on the desired machine running on the desired platform<br>
+(e. g. - &lt;apache_server_root&gt;)
+<li>Insure that this Apache server has "mod_nss" (Fortitude) installed and
+available from its &lt;apache_server_root&gt;
+<li>Download and unpack the entire contents of the TPS package into the
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;, the
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;, and the
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;
+<li>Change directory to &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/bin
+<li>Execute &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/bin/setup_tps:
+<ol type="a">
+<li>Creates a wrapper script called
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/bin/tpsclient for
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/bin/tpsclient
+<li>Creates an empty
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/bin directory
+(instance-specific binaries)
+<li>Creates an empty
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/cgi-bin directory
+(user customization)
+<li>Creates an empty
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/docroot directory
+(user customization)
+<li>Creates an empty
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/lib directory
+(instance-specific libraries)
+<li>Creates an empty
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/logs directory
+(instance-specific logs)
+<li>Sets up the CA connector in
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/CS.cfg
+<li>Optionally, sets up the DRM connector in
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/CS.cfg
+<li>Creates a cert8.db in
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/cert8.db
+<li>Creates a key3.db in
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/key3.db
+<li>Populates the cert8.db and key3.db security databases located in the
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/config directory with the
+ServerCert
+<li>Populates the TPS internaldb located in the
+&lt;rhds_server_root&gt;/&lt;tps_internaldb&gt; directory by executing the
+LDIF scripts located in the
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup directory
+<li>Generates the
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/config/httpd.conf
+Apache Configuration file:
+<pre>
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
+LoadModule nss_module         &lt;apache_server_root&gt;/modules/libmodnss.so
+
+#
+# Bring in additional module-specific configurations
+#
+Include &lt;apache_server_root&gt;/conf/nss.conf
+Include &lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/tps.conf
+</pre>
+<li>Generates the
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/tps.conf
+Apache TPS Module Configuration file:
+<pre>
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
+LoadModule tps_module         &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/mod_tps.so
+LoadModule tokendb_module     &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/mod_tokendb.so
+
+&lt;Location /nk_service&gt;
+    SetHandler nk_service
+&lt;/Location&gt;
+                                                                                
+&lt;Location /tus&gt;
+    SetHandler tus
+&lt;/Location&gt;
+
+#
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot"
+
+#
+# ScriptAlias: This controls which directories contain server scripts.
+# ScriptAliases are essentially the same as Aliases, except that
+# documents in the realname directory are treated as applications and
+# run by the server when requested rather than as documents sent to the client.
+# The same rules about trailing "/" apply to ScriptAlias directives as to
+# Alias.
+#
+ScriptAlias /cgi-bin/ "&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/"
+
+#
+# Bring in additional module-specific configurations
+#
+TPSConfigPathFile &lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/CS.cfg
+</ol>
+<li>Assume "root" privilege
+<li>Execute &lt;apache_server_root&gt;/bin/apachectl -f 
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/config/httpd.conf
+start
+</ol>
+
+<h2>Inventory of cs-tps-{version} Package</h2>
+<ul>
+<table border=1>
+<tr>
+<th>Packaged File</th>
+<th>Unpackaged File</th>
+</tr>
+<tr>
+<td>applets/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/applets/</td>
+</tr>
+<tr>
+<td>applets/1.3.427BDDB8.ijc</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/applets/1.3.427BDDB8.ijc</td>
+</tr>
+<tr>
+<td>bin/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/bin/</td>
+</tr>
+<tr>
+<td>bin/setup_tps</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/bin/setup_tps</td>
+</tr>
+<tr>
+<td>bin/setup_tps</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/bin/uninstall_tps</td>
+</tr>
+<tr>
+<td>bin/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/bin/</td>
+</tr>
+<tr>
+<td>bin/tpsclient</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/bin/tpsclient</td>
+</tr>
+<tr>
+<td>cgi-bin/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/</td>
+</tr>
+<tr>
+<td>cgi-bin/AdminEsc.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/AdminEsc.html</td>
+</tr>
+<tr>
+<td>cgi-bin/AdvancePopup.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/AdvancePopup.html</td>
+</tr>
+<tr>
+<td>cgi-bin/EnrollPopup.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/EnrollPopup.html</td>
+</tr>
+<tr>
+<td>cgi-bin/SettingsEsc.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/SettingsEsc.html</td>
+</tr>
+<tr>
+<td>cgi-bin/TokenManager.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/TokenManager.html</td>
+</tr>
+<tr>
+<td>cgi-bin/TokenPin.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/TokenPin.html</td>
+</tr>
+<tr>
+<td>cgi-bin/esc.cgi</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/esc.cgi</td>
+</tr>
+<tr>
+<td>cgi-bin/style.css</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/style.css</td>
+</tr>
+<tr>
+<td>config/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/config/</td>
+</tr>
+<tr>
+<td>config/CS.cfg</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/config/CS.cfg</td>
+</tr>
+<tr>
+<td>config/enroll.test</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/config/enroll.test</td>
+</tr>
+<tr>
+<td>config/format.test</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/config/format.test</td>
+</tr>
+<tr>
+<td>config/reset_pin.test</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/config/reset_pin.test</td>
+</tr>
+<tr>
+<td>docroot/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/</td>
+</tr>
+<tr>
+<td>docroot/GenericAuth.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/GenericAuth.html</td>
+</tr>
+<tr>
+<td>docroot/images/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/</td>
+</tr>
+<tr>
+<td>docroot/images/BannerBackground.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/BannerBackground.gif</td>
+</tr>
+<tr>
+<td>docroot/images/BindSettingsPrototype.jpg</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/BindSettingsPrototype.jpg</td>
+</tr>
+<tr>
+<td>docroot/images/CancelButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/CancelButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/CloseButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/CloseButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/ContinueButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/ContinueButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/HelpButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/HelpButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/NetKey-Small.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/NetKey-Small.gif</td>
+</tr>
+<tr>
+<td>docroot/images/NetKeyInsert.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/NetKeyInsert.gif</td>
+</tr>
+<tr>
+<td>docroot/images/NetKeyLogo.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/NetKeyLogo.gif</td>
+</tr>
+<tr>
+<td>docroot/images/NetKeyPair.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/NetKeyPair.gif</td>
+</tr>
+<tr>
+<td>docroot/images/NetKeyProgress.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/NetKeyProgress.gif</td>
+</tr>
+<tr>
+<td>docroot/images/NetKeyQuestionMark.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/NetKeyQuestionMark.gif</td>
+</tr>
+<tr>
+<td>docroot/images/OKButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/OKButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/PadLock.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/PadLock.gif</td>
+</tr>
+<tr>
+<td>docroot/images/PurchaseButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/PurchaseButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/ReactivateButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/ReactivateButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/ReleaseButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/ReleaseButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/SecureButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/SecureButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/SuspendButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/SuspendButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/TryAgainButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/TryAgainButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/bg.jpg</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/bg.jpg</td>
+</tr>
+<tr>
+<td>docroot/images/logo.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/logo.gif</td>
+</tr>
+<tr>
+<td>docroot/style.css</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/style.css</td>
+</tr>
+<tr>
+<td>docroot/tus/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/</td>
+</tr>
+<tr>
+<td>docroot/tus/addResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/addResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/delete.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/delete.template</td>
+</tr>
+<tr>
+<td>docroot/tus/deleteResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/deleteResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/doToken.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/doToken.template</td>
+</tr>
+<tr>
+<td>docroot/tus/doTokenConfirm.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/doTokenConfirm.template</td>
+</tr>
+<tr>
+<td>docroot/tus/edit.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/edit.template</td>
+</tr>
+<tr>
+<td>docroot/tus/editAdmin.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/editAdmin.template</td>
+</tr>
+<tr>
+<td>docroot/tus/editAdminResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/editAdminResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/editResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/editResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/error.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/error.template</td>
+</tr>
+<tr>
+<td>docroot/tus/index.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/index.template</td>
+</tr>
+<tr>
+<td>docroot/tus/indexAdmin.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/indexAdmin.template</td>
+</tr>
+<tr>
+<td>docroot/tus/new.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/new.template</td>
+</tr>
+<tr>
+<td>docroot/tus/revoke.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/revoke.template</td>
+</tr>
+<tr>
+<td>docroot/tus/search.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/search.template</td>
+</tr>
+<tr>
+<td>docroot/tus/searchActivity.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/searchActivity.template</td>
+</tr>
+<tr>
+<td>docroot/tus/searchActivityResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/searchActivityResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/searchAdmin.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/searchAdmin.template</td>
+</tr>
+<tr>
+<td>docroot/tus/searchAdminResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/searchAdminResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/searchCertificateResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/searchCertificateResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/searchResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/searchResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/show.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/show.template</td>
+</tr>
+<tr>
+<td>docroot/tus/showAdmin.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/showAdmin.template</td>
+</tr>
+<tr>
+<td>docroot/tus/showCert.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/showCert.template</td>
+</tr>
+<tr>
+<td>lib/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/</td>
+</tr>
+<tr>
+<td>lib/libldapauth.so</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/libldapauth.so</td>
+</tr>
+<tr>
+<td>lib/libtokendb.so</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/libtokendb.so</td>
+</tr>
+<tr>
+<td>lib/libtps.so</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/libtps.so</td>
+</tr>
+<tr>
+<td>lib/mod_tokendb.so</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/mod_tokendb.so</td>
+</tr>
+<tr>
+<td>lib/mod_tps.so</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/mod_tps.so</td>
+</tr>
+<tr>
+<td>setup/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup/</td>
+</tr>
+<tr>
+<td>setup/addAgents.ldif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup/addAgents.ldif</td>
+</tr>
+<tr>
+<td>setup/addIndexes.ldif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup/addIndexes.ldif</td>
+</tr>
+<tr>
+<td>setup/addTokens.ldif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup/addTokens.ldif</td>
+</tr>
+<tr>
+<td>setup/addVLVIndexes.ldif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup/addVLVIndexes.ldif</td>
+</tr>
+<tr>
+<td>setup/schemaMods.ldif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup/schemaMods.ldif</td>
+</tr>
+</table>
+</ul>
+
+<h2>Inventory of cs-tps-devel-{version} Package</h2>
+<ul>
+<table border=1>
+<tr>
+<th>Packaged File</th>
+<th>Unpackaged File</th>
+</tr>
+<tr>
+<td>include/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/APDU_Response.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Create_Object_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Create_Pin_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Delete_File_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/External_Authenticate_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Format_Muscle_Applet_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Generate_Key_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Get_Data_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Get_Status_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Get_Version_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Import_Key_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Import_Key_Enc_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Initialize_Update_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Install_Applet_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Install_Load_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Lifecycle_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/List_Objects_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/List_Pins_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Load_File_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Put_Key_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Read_Buffer_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Read_Object_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Select_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Set_Pin_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Unblock_Pin_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Write_Object_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/authentication/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/authentication/AuthParams.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/authentication/Authentication.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/authentication/LDAP_Authentication.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/channel/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/channel/Channel.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/channel/Secure_Channel.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/cms/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/cms/CertEnroll.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/cms/ConnectionInfo.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/cms/HttpConnection.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/engine/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/engine/RA.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/AccessLogger.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Auth.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ByteBuffer.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/CERTUtil.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Cache.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Connection.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ConnectionListener.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/DebugLogger.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Defines.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ErrorLogger.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Iterator.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/LogRotationTask.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Logger.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/NSPRerrs.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSBuddy.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSBuddyCache.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSBuddyList.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSBuddyListener.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSBuddyService.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSCertExtension.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSCommonLib.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSConfig.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSConfigManager.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSConfigReader.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSCrypt.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSDataSourceListener.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSDataSourceManager.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSGroup.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSGroupCache.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSHelper.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSListener.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSPRUtil.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSPlugin.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSPluginManager.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSServer.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSServerLib.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSServerListener.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSServerManager.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSServiceListener.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSServiceManager.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSUser.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSWaspLib.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Pool.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PresenceManager.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PresenceServer.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PresenceServerImpl.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SECerrs.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SSLServerSocket.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SSLSocket.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SSLerrs.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ScheduledTask.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Scheduler.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SecurityHeaders.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ServerConnection.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ServerHeaderProcessor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ServerSocket.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Socket.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SocketINC.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SocketLib.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/StringList.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/StringUtil.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/TaskList.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ThreadPool.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/URLUtil.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/engine.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/http.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/request.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/response.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/RA_pblock.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/AttributeSpec.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/AuthenticationEntry.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/Base.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/Buffer.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/ConfigStore.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/Login.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/Memory.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/MemoryMgr.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/NameValueSet.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/ObjectSpec.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/PKCS11Obj.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/PublishEntry.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/RA_Context.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/RA_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/RA_Session.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/SecureId.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/Util.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/modules/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/modules/tps/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/modules/tps/AP_Context.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/modules/tps/AP_Session.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_ASQ_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_ASQ_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Begin_Op_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_End_Op_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Extended_Login_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Extended_Login_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Login_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Login_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_New_Pin_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_New_Pin_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_SecureId_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_SecureId_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Status_Update_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Status_Update_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Token_PDU_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Token_PDU_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/RA_Enroll_Processor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/RA_Format_Processor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/RA_Pin_Reset_Processor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/RA_Processor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/RA_Renew_Processor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/RA_Unblock_Processor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/publisher/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/publisher/IConnector.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/publisher/IPublish_Data.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/publisher/IPublisher.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/publisher/NetkeyPublisher.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/tus/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/tus/tus_db.h</td>
+<td>&nbsp;</td>
+</tr>
+</table>
+</ul>
+</body>
+</html>
+
diff --git a/pki/base/tps/applets/1.2.4122DFB4.ijc b/pki/base/tps/applets/1.2.4122DFB4.ijc
new file mode 100644
index 000000000..2a8ea0733
--- /dev/null
+++ b/pki/base/tps/applets/1.2.4122DFB4.ijc
diff --git a/pki/base/tps/applets/1.2.416DA155.ijc b/pki/base/tps/applets/1.2.416DA155.ijc
new file mode 100755
index 000000000..21b0312a8
--- /dev/null
+++ b/pki/base/tps/applets/1.2.416DA155.ijc
diff --git a/pki/base/tps/applets/1.3.42260AFA.ijc b/pki/base/tps/applets/1.3.42260AFA.ijc
new file mode 100755
index 000000000..f17f98281
--- /dev/null
+++ b/pki/base/tps/applets/1.3.42260AFA.ijc
diff --git a/pki/base/tps/applets/1.3.4255CC01.ijc b/pki/base/tps/applets/1.3.4255CC01.ijc
new file mode 100644
index 000000000..322fe86e2
--- /dev/null
+++ b/pki/base/tps/applets/1.3.4255CC01.ijc
diff --git a/pki/base/tps/applets/1.3.42659461.ijc b/pki/base/tps/applets/1.3.42659461.ijc
new file mode 100755
index 000000000..ccf8ba451
--- /dev/null
+++ b/pki/base/tps/applets/1.3.42659461.ijc
diff --git a/pki/base/tps/applets/1.3.427BDDB8.ijc b/pki/base/tps/applets/1.3.427BDDB8.ijc
new file mode 100644
index 000000000..4a633e8d3
--- /dev/null
+++ b/pki/base/tps/applets/1.3.427BDDB8.ijc
diff --git a/pki/base/tps/applets/1.3.44724DDE.ijc b/pki/base/tps/applets/1.3.44724DDE.ijc
new file mode 100755
index 000000000..e56705dff
--- /dev/null
+++ b/pki/base/tps/applets/1.3.44724DDE.ijc
diff --git a/pki/base/tps/applets/1.3.45787308.ijc b/pki/base/tps/applets/1.3.45787308.ijc
new file mode 100755
index 000000000..164c7e0cd
--- /dev/null
+++ b/pki/base/tps/applets/1.3.45787308.ijc
diff --git a/pki/base/tps/applets/3FD00877.ijc b/pki/base/tps/applets/3FD00877.ijc
new file mode 100644
index 000000000..5e6624d5a
--- /dev/null
+++ b/pki/base/tps/applets/3FD00877.ijc
diff --git a/pki/base/tps/applets/4003196C.ijc b/pki/base/tps/applets/4003196C.ijc
new file mode 100644
index 000000000..bed8a7900
--- /dev/null
+++ b/pki/base/tps/applets/4003196C.ijc
diff --git a/pki/base/tps/applets/402428AD.ijc b/pki/base/tps/applets/402428AD.ijc
new file mode 100644
index 000000000..b91a64334
--- /dev/null
+++ b/pki/base/tps/applets/402428AD.ijc
diff --git a/pki/base/tps/applets/404E4697.ijc b/pki/base/tps/applets/404E4697.ijc
new file mode 100644
index 000000000..9c927c0f0
--- /dev/null
+++ b/pki/base/tps/applets/404E4697.ijc
diff --git a/pki/base/tps/applets/4122DFB4.ijc b/pki/base/tps/applets/4122DFB4.ijc
new file mode 100644
index 000000000..2a8ea0733
--- /dev/null
+++ b/pki/base/tps/applets/4122DFB4.ijc
diff --git a/pki/base/tps/applets/listappletdates b/pki/base/tps/applets/listappletdates
new file mode 100755
index 000000000..a9e5c49ca
--- /dev/null
+++ b/pki/base/tps/applets/listappletdates
@@ -0,0 +1,42 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+
+$f = `/bin/ls *.ijc`;
+
+@filenames = split /\n/ms, $f;
+
+foreach $file (@filenames) {
+	$timestamp = $file;
+    $timestamp =~ s/1\.\d\.//;
+
+	($root) = ($timestamp =~ /(.*).ijc/);
+   
+	($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(hex($root));
+	
+	printf "  %16s    %4d/%02d/%02d  %02d:%02d\n", $file, 
+             $year+1900, $mon+1, $mday,
+			 $hour, $min;
+
+}
+
diff --git a/pki/base/tps/applets/readme.txt b/pki/base/tps/applets/readme.txt
new file mode 100644
index 000000000..9dd2a87ef
--- /dev/null
+++ b/pki/base/tps/applets/readme.txt
@@ -0,0 +1,52 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+This directory contains a list of CoolKey applets
+that can be used by the TPS for applet upgrade.
+
+
+Applet Information:
+------------------
+
+File Name     Creation Date    Applet Ver Major Ver Minor Ver Remark
+============  ================ ========== ========= ========= ==========
+427BDDB8.ijc  2005/05/06  14:12 427BDDB8   1         3         Official Applet
+
+Token Information:
+-----------------
+
+Type                      CUID (Token ID)     ATR       Remark
+======================== ==================== =======  ==================
+Old "E" and ealier cards 40900062ff00ssssssss 
+(Acquired From WebSite)
+"F" cards                40900062ff00ssssssss
+(Acquired From WebSite)
+"G" & later (Oct/Nov)    409000620103ssssssss 
+(Acquired From WebSite)
+Fortezza cards           409000620103ssssssss     
+(Acquired From WebSite)
+Developement Keyed cards 409000620101ssssssss 3B76940000FF6276010000
+
+where ssssssss is the serial number. 
+
+
+Remark
+======
+1.3.45787308.ijc - this is the unofficial jForte applet with hacks
diff --git a/pki/base/tps/autogen.sh b/pki/base/tps/autogen.sh
new file mode 100755
index 000000000..0e425b2b5
--- /dev/null
+++ b/pki/base/tps/autogen.sh
@@ -0,0 +1,60 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+# Check autoconf version
+AC_VERSION=`autoconf --version | grep '^autoconf' | sed 's/.*) *//'`
+case $AC_VERSION in
+'' | 0.* | 1.* | 2.[0-4]* | 2.[0-9] | 2.5[0-8]* )
+    echo "You must have autoconf version 2.59 or later installed (found version $AC_VERSION)."
+    exit 1
+    ;;
+* )
+    echo "Found autoconf version $AC_VERSION"
+    ;;
+esac
+
+# Check automake version
+AM_VERSION=`automake --version | grep '^automake' | sed 's/.*) *//'`
+case $AM_VERSION in
+'' | 0.* | 1.[0-8].* | 1.9.[0-5]* )
+    echo "You must have automake version 1.9.6 or later installed (found version $AM_VERSION)."
+    exit 1
+    ;;
+* )
+    echo "Found automake version $AM_VERSION"
+    ;;
+esac
+
+# Check libtool version
+LT_VERSION=`libtool --version | grep ' libtool)' | sed 's/.*) \([0-9][0-9.]*\)[^ ]* .*/\1/'`
+case $LT_VERSION in
+'' | 0.* | 1.[0-4]* | 1.5.[0-9] | 1.5.[0-1]* | 1.5.2[0-1]* )
+    echo "You must have libtool version 1.5.22 or later installed (found version $LT_VERSION)."
+    exit 1
+    ;;
+* )
+    echo "Found libtool version $LT_VERSION"
+    ;;
+esac
+
+# Run autoreconf
+echo "Running autoreconf -fvi"
+autoreconf -fvi
diff --git a/pki/base/tps/build.xml b/pki/base/tps/build.xml
new file mode 100644
index 000000000..f4b4d2d4b
--- /dev/null
+++ b/pki/base/tps/build.xml
@@ -0,0 +1,307 @@
+<!-- ### BEGIN COPYRIGHT BLOCK ###
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License along
+  with this program; if not, write to the Free Software Foundation, Inc.,
+  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+  Copyright (C) 2007 Red Hat, Inc.
+  All rights reserved.
+     ### END COPYRIGHT BLOCK ### -->
+<project name="tps" default="main" basedir=".">
+
+    <import file="config/product.xml"/>
+    <import file="config/product-ext.xml" optional="true"/>
+
+    <!-- Set up component-specific properties -->
+    <exec executable="perl"
+          failonerror="true"
+          outputproperty="config.desktop.version">
+        <arg value="-pi -e"/>
+        <arg value="s/Version=.*/Version=${version}/"/>
+        <arg value="setup/config.desktop"/>
+    </exec>
+
+    <exec executable="perl"
+          failonerror="true"
+          outputproperty="wizard.pm.version">
+        <arg value="-pi -e"/>
+        <arg value='s/\$symbol{productversion}    = ".*";/\$symbol{productversion}    = "${version}";/'/>
+        <arg value="lib/perl/PKI/TPS/wizard.pm"/>
+    </exec>
+
+
+    <target name="clean"
+            depends=""
+            description="--> remove component directories">
+        <echo message="${begin.clean.log.message}"/>
+        <delete dir="${dist.base}"/>
+        <delete dir="${build.dir}"/>
+        <echo message="${end.clean.log.message}"/>
+    </target>
+
+
+    <target name="download"
+            depends=""
+            description="--> download dependent components">
+        <echo message="${begin.download.log.message}"/>
+        <echo message="${empty.download.log.message}"/>
+        <echo message="${end.download.log.message}"/>
+    </target>
+
+
+    <target name="compile_java"
+            depends=""
+            description="--> compile java source code into classes">
+        <echo message="${begin.compile.java.log.message}"/>
+        <echo message="${empty.compile.java.log.message}"/>
+        <echo message="${end.compile.java.log.message}"/>
+    </target>
+
+
+    <target name="build_jars"
+            depends="compile_java"
+            description="--> generate jar files">
+        <echo message="${begin.build.jars.log.message}"/>
+        <echo message="${empty.build.jars.log.message}"/>
+        <echo message="${end.build.jars.log.message}"/>
+    </target>
+
+
+    <target name="build_jni_headers"
+            depends="compile_java"
+            description="--> generate jni header files">
+        <echo message="${begin.build.jni.headers.log.message}"/>
+        <echo message="${empty.build.jni.headers.log.message}"/>
+        <echo message="${end.build.jni.headers.log.message}"/>
+    </target>
+
+
+    <target name="build"
+            depends="build_jars,build_jni_headers"
+            description="--> build classes, jars, and jni headers">
+        <echo message="${notify.build.log.message}"/>
+    </target>
+
+
+    <target name="compile_junit_tests"
+            depends="build"
+            description="--> compile junit test source code">
+        <echo message="${begin.compile.junit.tests.log.message}"/>
+        <echo message="${empty.compile.junit.tests.log.message}"/>
+        <echo message="${end.compile.junit.tests.log.message}"/>
+    </target>
+
+
+    <target name="run_junit_tests"
+            depends="compile_junit_tests"
+            description="--> execute junit tests">
+        <echo message="${begin.run.junit.tests.log.message}"/>
+        <echo message="${empty.run.junit.tests.log.message}"/>
+        <echo message="${end.run.junit.tests.log.message}"/>
+    </target>
+
+
+    <target name="verify"
+            depends="run_junit_tests"
+            description="--> build and execute junit tests">
+        <echo message="${notify.verify.log.message}"/>
+    </target>
+
+
+    <target name="clean_javadocs"
+            depends=""
+            description="--> remove javadocs directory">
+        <echo message="${begin.clean.javadocs.log.message}"/>
+        <echo message="${empty.clean.javadocs.log.message}"/>
+        <echo message="${end.clean.javadocs.log.message}"/>
+    </target>
+
+
+    <target name="compose_javadocs"
+            depends="build"
+            description="--> generate javadocs">
+        <echo message="${begin.compose.javadocs.log.message}"/>
+        <echo message="${empty.compose.javadocs.log.message}"/>
+        <echo message="${end.compose.javadocs.log.message}"/>
+    </target>
+
+
+    <target name="document"
+            depends="clean_javadocs,compose_javadocs"
+            description="--> remove old javadocs and compose new javadocs">
+        <echo message="${notify.document.log.message}"/>
+    </target>
+
+
+    <target name="distribute_binaries"
+            depends="document"
+            description="--> create the zip and gzipped tar binary distributions">
+        <echo message="${begin.distribute.binaries.log.message}"/>
+
+        <echo message="${begin.binary.wrappers.log.message}"/>
+        <echo message="${empty.binary.wrappers.log.message}"/>
+        <echo message="${end.binary.wrappers.log.message}"/>
+
+        <echo message="${begin.binary.zip.log.message}"/>
+        <echo message="${empty.binary.zip.log.message}"/>
+        <echo message="${end.binary.zip.log.message}"/>
+
+        <echo message="${begin.binary.tar.log.message}"/>
+        <echo message="${empty.binary.tar.log.message}"/>
+        <echo message="${end.binary.tar.log.message}"/>
+
+        <echo message="${begin.binary.gtar.log.message}"/>
+        <echo message="${empty.binary.gtar.log.message}"/>
+        <echo message="${end.binary.gtar.log.message}"/>
+
+        <echo message="${end.distribute.binaries.log.message}"/>
+    </target>
+
+
+    <target name="distribute_source"
+            depends=""
+            description="--> create the zip and gzipped tar source distributions">
+        <echo message="${begin.distribute.source.log.message}"/>
+        <mkdir dir="${dist.base.source}"/>
+
+        <echo message="${begin.source.zip.log.message}"/>
+        <zip destfile="${dist.base.source}/${src.dist.name}.zip">
+            <zipfileset dir="."
+                        filemode="755"
+                        prefix="${src.dist.name}">
+                <include name="${specfile}"/>
+                <include name="LICENSE"/>
+                <include name="Makefile.*"/>
+                <include name="aclocal.m4"/>
+                <include name="alias/**"/>
+                <include name="apache/**"/>
+                <include name="applets/**"/>
+                <include name="autogen.sh"/>
+                <include name="build.xml"/>
+                <include name="compile"/>
+                <include name="config/product*.xml"/>
+                <include name="config/release*.xml"/>
+                <include name="config.guess"/>
+                <include name="config.h.in"/>
+                <include name="config.sub"/>
+                <include name="configure"/>
+                <include name="configure.ac"/>
+                <include name="depcomp"/>
+                <include name="doc/**"/>
+                <include name="etc/**"/>
+                <include name="forms/**"/>
+                <include name="install-sh"/>
+                <include name="lib/**"/>
+                <include name="logs/**"/>
+                <include name="ltmain.sh"/>
+                <include name="m4/**"/>
+                <include name="missing"/>
+                <include name="release"/>
+                <include name="scripts/**"/>
+                <include name="setup/**"/>
+                <include name="setup_package"/>
+                <include name="src/**"/>
+                <include name="stubs/**"/>
+                <include name="tools/**"/>
+                <include name="ui/**"/>
+                <include name="wrappers/**"/>
+            </zipfileset>
+        </zip>
+        <echo message="${end.source.zip.log.message}"/>
+
+        <echo message="${begin.source.tar.log.message}"/>
+        <tar longfile="gnu"
+             destfile="${dist.base.source}/${src.dist.name}.tar">
+            <tarfileset dir="."
+                        mode="755"
+                        prefix="${src.dist.name}">
+                <include name="${specfile}"/>
+                <include name="LICENSE"/>
+                <include name="Makefile.*"/>
+                <include name="aclocal.m4"/>
+                <include name="alias/**"/>
+                <include name="apache/**"/>
+                <include name="applets/**"/>
+                <include name="autogen.sh"/>
+                <include name="build.xml"/>
+                <include name="compile"/>
+                <include name="config/product*.xml"/>
+                <include name="config/release*.xml"/>
+                <include name="config.guess"/>
+                <include name="config.h.in"/>
+                <include name="config.sub"/>
+                <include name="configure"/>
+                <include name="configure.ac"/>
+                <include name="depcomp"/>
+                <include name="doc/**"/>
+                <include name="etc/**"/>
+                <include name="forms/**"/>
+                <include name="install-sh"/>
+                <include name="lib/**"/>
+                <include name="logs/**"/>
+                <include name="ltmain.sh"/>
+                <include name="m4/**"/>
+                <include name="missing"/>
+                <include name="release"/>
+                <include name="scripts/**"/>
+                <include name="setup/**"/>
+                <include name="setup_package"/>
+                <include name="src/**"/>
+                <include name="stubs/**"/>
+                <include name="tools/**"/>
+                <include name="ui/**"/>
+                <include name="wrappers/**"/>
+            </tarfileset>
+        </tar>
+        <echo message="${end.source.tar.log.message}"/>
+
+        <echo message="${begin.source.gtar.log.message}"/>
+        <gzip destfile="${dist.base.source}/${src.dist.name}.tar.gz"
+              src="${dist.base.source}/${src.dist.name}.tar"/>
+        <delete file="${dist.base.source}/${src.dist.name}.tar"/>
+        <delete dir="${dist.name}"/>
+        <checksum fileext=".md5">
+            <fileset dir="${dist.base.source}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <checksum fileext=".sha1"
+                  algorithm="SHA">
+            <fileset dir="${dist.base.source}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <echo message="${end.source.gtar.log.message}"/>
+
+        <echo message="${end.distribute.source.log.message}"/>
+    </target>
+
+
+    <target name="distribute"
+            depends="distribute_binaries,distribute_source"
+            description="--> create binary and source component distributions">
+        <echo message="${notify.distribute.log.message}"/>
+    </target>
+
+
+    <target name="main"
+            depends="clean,distribute"
+            description="--> clean, build, verify, document, distribute [default]">
+        <echo message="${notify.main.log.message}"/>
+    </target>
+
+</project>
+
diff --git a/pki/base/tps/compile b/pki/base/tps/compile
new file mode 100755
index 000000000..5be4171d4
--- /dev/null
+++ b/pki/base/tps/compile
@@ -0,0 +1,142 @@
+#! /bin/sh
+# Wrapper for compilers which do not understand `-c -o'.
+
+scriptversion=2005-05-14.22
+
+# Copyright (C) 1999, 2000, 2003, 2004, 2005 Free Software Foundation, Inc.
+# Written by Tom Tromey <tromey@cygnus.com>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+case $1 in
+  '')
+     echo "$0: No command.  Try \`$0 --help' for more information." 1>&2
+     exit 1;
+     ;;
+  -h | --h*)
+    cat <<\EOF
+Usage: compile [--help] [--version] PROGRAM [ARGS]
+
+Wrapper for compilers which do not understand `-c -o'.
+Remove `-o dest.o' from ARGS, run PROGRAM with the remaining
+arguments, and rename the output as expected.
+
+If you are trying to build a whole package this is not the
+right script to run: please start by reading the file `INSTALL'.
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+    exit $?
+    ;;
+  -v | --v*)
+    echo "compile $scriptversion"
+    exit $?
+    ;;
+esac
+
+ofile=
+cfile=
+eat=
+
+for arg
+do
+  if test -n "$eat"; then
+    eat=
+  else
+    case $1 in
+      -o)
+	# configure might choose to run compile as `compile cc -o foo foo.c'.
+	# So we strip `-o arg' only if arg is an object.
+	eat=1
+	case $2 in
+	  *.o | *.obj)
+	    ofile=$2
+	    ;;
+	  *)
+	    set x "$@" -o "$2"
+	    shift
+	    ;;
+	esac
+	;;
+      *.c)
+	cfile=$1
+	set x "$@" "$1"
+	shift
+	;;
+      *)
+	set x "$@" "$1"
+	shift
+	;;
+    esac
+  fi
+  shift
+done
+
+if test -z "$ofile" || test -z "$cfile"; then
+  # If no `-o' option was seen then we might have been invoked from a
+  # pattern rule where we don't need one.  That is ok -- this is a
+  # normal compilation that the losing compiler can handle.  If no
+  # `.c' file was seen then we are probably linking.  That is also
+  # ok.
+  exec "$@"
+fi
+
+# Name of file we expect compiler to create.
+cofile=`echo "$cfile" | sed -e 's|^.*/||' -e 's/\.c$/.o/'`
+
+# Create the lock directory.
+# Note: use `[/.-]' here to ensure that we don't use the same name
+# that we are using for the .o file.  Also, base the name on the expected
+# object file name, since that is what matters with a parallel build.
+lockdir=`echo "$cofile" | sed -e 's|[/.-]|_|g'`.d
+while true; do
+  if mkdir "$lockdir" >/dev/null 2>&1; then
+    break
+  fi
+  sleep 1
+done
+# FIXME: race condition here if user kills between mkdir and trap.
+trap "rmdir '$lockdir'; exit 1" 1 2 15
+
+# Run the compile.
+"$@"
+ret=$?
+
+if test -f "$cofile"; then
+  mv "$cofile" "$ofile"
+elif test -f "${cofile}bj"; then
+  mv "${cofile}bj" "$ofile"
+fi
+
+rmdir "$lockdir"
+exit $ret
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/pki/base/tps/config.guess b/pki/base/tps/config.guess
new file mode 100755
index 000000000..6168b75bc
--- /dev/null
+++ b/pki/base/tps/config.guess
@@ -0,0 +1,1463 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+
+timestamp='2005-07-08'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner <per@bothner.com>.
+# Please send patches to <config-patches@gnu.org>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# The plan is that this can be called by configure scripts if you
+# don't specify an explicit build system type.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+	for c in cc gcc c89 c99 ; do
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+	case "${UNAME_MACHINE_ARCH}" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep __ELF__ >/dev/null
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "${UNAME_VERSION}" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerppc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE="alphaev5" ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE="alphaev56" ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE="alphapca56" ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE="alphapca57" ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE="alphaev6" ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE="alphaev67" ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE="alphaev69" ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE="alphaev7" ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE="alphaev79" ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+        echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit ;;
+    arm:riscos:*:*|arm:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    i86pc:SunOS:5.*:*)
+	echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[45])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ ${HP_ARCH} = "hppa2.0w" ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep __LP64__ >/dev/null
+	    then
+		HP_ARCH="hppa2.0w"
+	    else
+		HP_ARCH="hppa64"
+	    fi
+	fi
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit ;;
+    5000:UNIX_System_V:4.*:*)
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:FreeBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit ;;
+    i*:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit ;;
+    i*:windows32*:*)
+    	# uname -m includes "-pc" on this system.
+    	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit ;;
+    x86:Interix*:[34]*)
+	echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//'
+	exit ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+	echo i${UNAME_MACHINE}-pc-mks
+	exit ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i586-pc-interix
+	exit ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+	exit ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit ;;
+    arm*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    cris:Linux:*:*)
+	echo cris-axis-linux-gnu
+	exit ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-gnu
+	exit ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-gnu
+	exit ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    mips:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips
+	#undef mipsel
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mipsel
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    mips64:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips64
+	#undef mips64el
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=mips64el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=mips64
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-gnu
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-gnu
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-gnu ;;
+	  PA8*) echo hppa2.0-unknown-linux-gnu ;;
+	  *)    echo hppa-unknown-linux-gnu ;;
+	esac
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-gnu
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit ;;
+    sh64*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-gnu
+	exit ;;
+    i*86:Linux:*:*)
+	# The BFD linker knows what the default object file format is, so
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	# Set LC_ALL=C to ensure ld outputs messages in English.
+	ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+			 | sed -ne '/supported targets:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported targets: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_targets" in
+	  elf32-i386)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
+		;;
+	  a.out-i386-linux)
+		echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+		exit ;;
+	  coff-i386)
+		echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+		exit ;;
+	  "")
+		# Either a pre-BFD a.out linker (linux-gnuoldld) or
+		# one that does not give us useful --help.
+		echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
+		exit ;;
+	esac
+	# Determine whether the default compiler is a.out or elf
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <features.h>
+	#ifdef __ELF__
+	# ifdef __GLIBC__
+	#  if __GLIBC__ >= 2
+	LIBC=gnu
+	#  else
+	LIBC=gnulibc1
+	#  endif
+	# else
+	LIBC=gnulibc1
+	# endif
+	#else
+	#ifdef __INTEL_COMPILER
+	LIBC=gnu
+	#else
+	LIBC=gnuaout
+	#endif
+	#endif
+	#ifdef __dietlibc__
+	LIBC=dietlibc
+	#endif
+EOF
+	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
+	test x"${LIBC}" != x && {
+		echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+		exit
+	}
+	test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i386.
+	echo i386-pc-msdosdjgpp
+        exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && { echo i486-ncr-sysv4; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <Richard.M.Bartel@ccMail.Census.GOV>
+        echo i586-unisys-sysv4
+        exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <hewes@openmarket.com>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From seanf@swdc.stratus.com.
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux${UNAME_RELEASE}
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	case $UNAME_PROCESSOR in
+	    *86) UNAME_PROCESSOR=i686 ;;
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = "x86"; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    c34*)
+	echo c34-convex-bsd
+	exit ;;
+    c38*)
+	echo c38-convex-bsd
+	exit ;;
+    c4*)
+	echo c4-convex-bsd
+	exit ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+and
+  http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/pki/base/tps/config.h.in b/pki/base/tps/config.h.in
new file mode 100644
index 000000000..ece501b4e
--- /dev/null
+++ b/pki/base/tps/config.h.in
@@ -0,0 +1,432 @@
+/* config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define to 1 if the `closedir' function returns void instead of `int'. */
+#undef CLOSEDIR_VOID
+
+/* cpu type pa-risc */
+#undef CPU_hppa
+
+/* cpu type ia64 */
+#undef CPU_ia64
+
+/* cpu type sparc */
+#undef CPU_sparc
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#undef HAVE_ARPA_INET_H
+
+/* Define to 1 if your system has a working `chown' function. */
+#undef HAVE_CHOWN
+
+/* Define to 1 if you have the declaration of `strerror_r', and to 0 if you
+   don't. */
+#undef HAVE_DECL_STRERROR_R
+
+/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'.
+   */
+#undef HAVE_DIRENT_H
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */
+#undef HAVE_DOPRNT
+
+/* Define to 1 if you have the `endpwent' function. */
+#undef HAVE_ENDPWENT
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#undef HAVE_FCNTL_H
+
+/* Define to 1 if you have the `fork' function. */
+#undef HAVE_FORK
+
+/* Define to 1 if you have the `ftruncate' function. */
+#undef HAVE_FTRUNCATE
+
+/* Define to 1 if you have the `getcwd' function. */
+#undef HAVE_GETCWD
+
+/* Define to 1 if you have the `gethostbyname' function. */
+#undef HAVE_GETHOSTBYNAME
+
+/* Define to 1 if you have the `getpagesize' function. */
+#undef HAVE_GETPAGESIZE
+
+/* Define to 1 if you have the `inet_ntoa' function. */
+#undef HAVE_INET_NTOA
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the `localtime_r' function. */
+#undef HAVE_LOCALTIME_R
+
+/* Define to 1 if `lstat' has the bug that it succeeds when given the
+   zero-length file name argument. */
+#undef HAVE_LSTAT_EMPTY_STRING_BUG
+
+/* Define to 1 if your system has a GNU libc compatible `malloc' function, and
+   to 0 otherwise. */
+#undef HAVE_MALLOC
+
+/* Define to 1 if you have the <malloc.h> header file. */
+#undef HAVE_MALLOC_H
+
+/* Define to 1 if you have the `memmove' function. */
+#undef HAVE_MEMMOVE
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the `memset' function. */
+#undef HAVE_MEMSET
+
+/* Define to 1 if you have the `mkdir' function. */
+#undef HAVE_MKDIR
+
+/* Define to 1 if you have a working `mmap' system call. */
+#undef HAVE_MMAP
+
+/* Define to 1 if you have the `munmap' function. */
+#undef HAVE_MUNMAP
+
+/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
+#undef HAVE_NDIR_H
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#undef HAVE_NETDB_H
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#undef HAVE_NETINET_IN_H
+
+/* Define to 1 if you have the `putenv' function. */
+#undef HAVE_PUTENV
+
+/* Define to 1 if you have the `rmdir' function. */
+#undef HAVE_RMDIR
+
+/* Define to 1 if you have the `setrlimit' function. */
+#undef HAVE_SETRLIMIT
+
+/* HAVE_SIGNED_CHAR */
+#undef HAVE_SIGNED_CHAR
+
+/* Define to 1 if you have the `socket' function. */
+#undef HAVE_SOCKET
+
+/* Define to 1 if `stat' has the bug that it succeeds when given the
+   zero-length file name argument. */
+#undef HAVE_STAT_EMPTY_STRING_BUG
+
+/* Define to 1 if stdbool.h conforms to C99. */
+#undef HAVE_STDBOOL_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the `strcasecmp' function. */
+#undef HAVE_STRCASECMP
+
+/* Define to 1 if you have the `strchr' function. */
+#undef HAVE_STRCHR
+
+/* Define to 1 if you have the `strcspn' function. */
+#undef HAVE_STRCSPN
+
+/* Define to 1 if you have the `strdup' function. */
+#undef HAVE_STRDUP
+
+/* HAVE_STRERROR */
+#undef HAVE_STRERROR
+
+/* Define to 1 if you have the `strerror_r' function. */
+#undef HAVE_STRERROR_R
+
+/* Define to 1 if you have the `strftime' function. */
+#undef HAVE_STRFTIME
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the `strncasecmp' function. */
+#undef HAVE_STRNCASECMP
+
+/* Define to 1 if you have the `strpbrk' function. */
+#undef HAVE_STRPBRK
+
+/* Define to 1 if you have the `strrchr' function. */
+#undef HAVE_STRRCHR
+
+/* Define to 1 if you have the `strstr' function. */
+#undef HAVE_STRSTR
+
+/* Define to 1 if you have the `strtol' function. */
+#undef HAVE_STRTOL
+
+/* HAVE_SYS_BITYPES_H */
+#undef HAVE_SYS_BITYPES_H
+
+/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
+   */
+#undef HAVE_SYS_DIR_H
+
+/* Define to 1 if you have the <sys/file.h> header file. */
+#undef HAVE_SYS_FILE_H
+
+/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'.
+   */
+#undef HAVE_SYS_NDIR_H
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#undef HAVE_SYS_TIME_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have <sys/wait.h> that is POSIX.1 compatible. */
+#undef HAVE_SYS_WAIT_H
+
+/* Define to 1 if you have the `tzset' function. */
+#undef HAVE_TZSET
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to 1 if you have the `vfork' function. */
+#undef HAVE_VFORK
+
+/* Define to 1 if you have the <vfork.h> header file. */
+#undef HAVE_VFORK_H
+
+/* Define to 1 if you have the `vprintf' function. */
+#undef HAVE_VPRINTF
+
+/* HAVE_WEAK_IO_SYMBOLS */
+#undef HAVE_WEAK_IO_SYMBOLS
+
+/* Define to 1 if `fork' works. */
+#undef HAVE_WORKING_FORK
+
+/* Define to 1 if `vfork' works. */
+#undef HAVE_WORKING_VFORK
+
+/* Define to 1 if the system has the type `_Bool'. */
+#undef HAVE__BOOL
+
+/* HP-UX */
+#undef HPUX
+
+/* HP-UX 11 */
+#undef HPUX11
+
+/* HP-UX 11.11 */
+#undef HPUX11_11
+
+/* HP-UX 11.23 */
+#undef HPUX11_23
+
+/* HPUX_SOURCE */
+#undef HPUX_SOURCE
+
+/* Linux */
+#undef LINUX
+
+/* Linux 2.6 */
+#undef LINUX2_0
+
+/* Linux 2.6 */
+#undef LINUX2_2
+
+/* Linux 2.6 */
+#undef LINUX2_4
+
+/* Linux 2.6 */
+#undef LINUX2_6
+
+/* Define to 1 if `lstat' dereferences a symlink specified with a trailing
+   slash. */
+#undef LSTAT_FOLLOWS_SLASHED_SYMLINK
+
+/* Linux */
+#undef Linux
+
+/* NEED_ENDIAN_H */
+#undef NEED_ENDIAN_H
+
+/* NEED_GETOPT_H */
+#undef NEED_GETOPT_H
+
+/* NEED_IOCTL_H */
+#undef NEED_IOCTL_H
+
+/* NEED_SYS_TIME_H */
+#undef NEED_SYS_TIME_H
+
+/* NEED_UINT_T */
+#undef NEED_UINT_T
+
+/* NET_SSL */
+#undef NET_SSL
+
+/* NO_INT64_T */
+#undef NO_INT64_T
+
+/* Define to 1 if your C compiler doesn't accept -c and -o together. */
+#undef NO_MINUS_C_MINUS_O
+
+/* NSPR */
+#undef NSPR
+
+/* NSPR20 */
+#undef NSPR20
+
+/* NS_USE_NATIVE */
+#undef NS_USE_NATIVE
+
+/* OS version */
+#undef OSVERSION
+
+/* OS HP-UX */
+#undef OS_hpux
+
+/* OS SOLARIS */
+#undef OS_solaris
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Define as the return type of signal handlers (`int' or `void'). */
+#undef RETSIGTYPE
+
+/* SOLARIS */
+#undef SOLARIS
+
+/* SOLARIS_55_OR_GREATER */
+#undef SOLARIS_55_OR_GREATER
+
+/* Define to 1 if the `S_IS*' macros in <sys/stat.h> do not work properly. */
+#undef STAT_MACROS_BROKEN
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Define to 1 if strerror_r returns char *. */
+#undef STRERROR_R_CHAR_P
+
+/* SVR4 */
+#undef SVR4
+
+/* SW_THREADS */
+#undef SW_THREADS
+
+/* SYSV */
+#undef SYSV
+
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
+#undef TIME_WITH_SYS_TIME
+
+/* Define to 1 if your <sys/time.h> declares `struct tm'. */
+#undef TM_IN_SYS_TIME
+
+/* USE_NODL_TABS */
+#undef USE_NODL_TABS
+
+/* Version number of package */
+#undef VERSION
+
+/* UNIX */
+#undef XP_UNIX
+
+/* _BSD_SOURCE */
+#undef _BSD_SOURCE
+
+/* _HPUX_SOURCE */
+#undef _HPUX_SOURCE
+
+/* POSIX revision */
+#undef _POSIX_C_SOURCE
+
+/* _POSIX_SOURCE */
+#undef _POSIX_SOURCE
+
+/* _PR_NEED_FAKE_POLL */
+#undef _PR_NEED_FAKE_POLL
+
+/* _PR_NTHREAD */
+#undef _PR_NTHREAD
+
+/* _REENTRANT */
+#undef _REENTRANT
+
+/* SVID_GETTOD */
+#undef _SVID_GETTOD
+
+/* _SVID_SOURCE */
+#undef _SVID_SOURCE
+
+/* SVR4 */
+#undef __svr4
+
+/* SVR4 */
+#undef __svr4__
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#undef const
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef gid_t
+
+/* HP-UX pa-risc */
+#undef hppa
+
+/* HP-UX */
+#undef hpux
+
+/* linux */
+#undef linux
+
+/* Define to rpl_malloc if the replacement function should be used. */
+#undef malloc
+
+/* Define to `int' if <sys/types.h> does not define. */
+#undef pid_t
+
+/* Define to `unsigned' if <sys/types.h> does not define. */
+#undef size_t
+
+/* SunOS5 */
+#undef sunos5
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef uid_t
+
+/* Define as `fork' if `vfork' does not work. */
+#undef vfork
diff --git a/pki/base/tps/config.sub b/pki/base/tps/config.sub
new file mode 100755
index 000000000..1a53f485c
--- /dev/null
+++ b/pki/base/tps/config.sub
@@ -0,0 +1,1579 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+
+timestamp='2005-07-08'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <config-patches@gnu.org>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \
+  kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis | -knuth | -cray)
+		os=
+		basic_machine=$1
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
+	| bfin \
+	| c4x | clipper \
+	| d10v | d30v | dlx | dsp16xx \
+	| fr30 | frv \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| i370 | i860 | i960 | ia64 \
+	| ip2k | iq2000 \
+	| m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \
+	| mips | mipsbe | mipseb | mipsel | mipsle \
+	| mips16 \
+	| mips64 | mips64el \
+	| mips64vr | mips64vrel \
+	| mips64orion | mips64orionel \
+	| mips64vr4100 | mips64vr4100el \
+	| mips64vr4300 | mips64vr4300el \
+	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
+	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64sb1 | mipsisa64sb1el \
+	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipstx39 | mipstx39el \
+	| mn10200 | mn10300 \
+	| ms1 \
+	| msp430 \
+	| ns16k | ns32k \
+	| or32 \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| pyramid \
+	| sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
+	| sh64 | sh64le \
+	| sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b \
+	| strongarm \
+	| tahoe | thumb | tic4x | tic80 | tron \
+	| v850 | v850e \
+	| we32k \
+	| x86 | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| z8k)
+		basic_machine=$basic_machine-unknown
+		;;
+	m32c)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+	| avr-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+	| clipper-* | craynv-* | cydra-* \
+	| d10v-* | d30v-* | dlx-* \
+	| elxsi-* \
+	| f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| ip2k-* | iq2000-* \
+	| m32r-* | m32rle-* \
+	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* \
+	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+	| mips16-* \
+	| mips64-* | mips64el-* \
+	| mips64vr-* | mips64vrel-* \
+	| mips64orion-* | mips64orionel-* \
+	| mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* \
+	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
+	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64sb1-* | mipsisa64sb1el-* \
+	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| ms1-* \
+	| msp430-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| pyramid-* \
+	| romp-* | rs6000-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | shbe-* \
+	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
+	| tahoe-* | thumb-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+	| tron-* \
+	| v850-* | v850e-* | vax-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa-* \
+	| ymp-* \
+	| z8k-*)
+		;;
+	m32c-*)
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amd64)
+		basic_machine=x86_64-pc
+		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	c90)
+		basic_machine=c90-cray
+		os=-unicos
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | j90)
+		basic_machine=j90-cray
+		os=-unicos
+		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16c)
+		basic_machine=cr16c-unknown
+		os=-elf
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	decsystem10* | dec10*)
+		basic_machine=pdp10-dec
+		os=-tops10
+		;;
+	decsystem20* | dec20*)
+		basic_machine=pdp10-dec
+		os=-tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	morphos)
+		basic_machine=powerpc-unknown
+		os=-morphos
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	openrisc | openrisc-*)
+		basic_machine=or32-unknown
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+	pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon | athlon_*)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2 | pentiumiii | pentium3)
+		basic_machine=i686-pc
+		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+		;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+		;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+		;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+		;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sb1)
+		basic_machine=mipsisa64sb1-unknown
+		;;
+	sb1el)
+		basic_machine=mipsisa64sb1el-unknown
+		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=alphaev5-cray
+		os=-unicos
+		;;
+	t90)
+		basic_machine=t90-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tic55x | c55x*)
+		basic_machine=tic55x-unknown
+		os=-coff
+		;;
+	tic6x | c6x*)
+		basic_machine=tic6x-unknown
+		os=-coff
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	toad1)
+		basic_machine=pdp10-xkl
+		os=-tops20
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv8 | sparcv9 | sparcv9b)
+		basic_machine=sparc-sun
+		;;
+	cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto-qnx*)
+		;;
+	-nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+        -os400*)
+		os=-os400
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-syllable*)
+		os=-syllable
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-nova*)
+		os=-rtmk-nova
+		;;
+	-ns2 )
+		os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+        -tpf*)
+		os=-tpf
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+		os=-mint
+		;;
+	-aros*)
+		os=-aros
+		;;
+	-kaos*)
+		os=-kaos
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+    c4x-* | tic4x-*)
+        os=-coff
+        ;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=-tops20
+		;;
+	pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	or32-*)
+		os=-coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-haiku)
+		os=-haiku
+		;;
+	*-ibm)
+		os=-aix
+		;;
+    	*-knuth)
+		os=-mmixware
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+	*-gould)
+		os=-sysv
+		;;
+	*-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+	*-sgi)
+		os=-irix
+		;;
+	*-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-os400*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-tpf*)
+				vendor=ibm
+				;;
+			-vxsim* | -vxworks* | -windiss*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/pki/base/tps/config/product.xml b/pki/base/tps/config/product.xml
new file mode 100644
index 000000000..33caf48ed
--- /dev/null
+++ b/pki/base/tps/config/product.xml
@@ -0,0 +1,305 @@
+<!-- ### BEGIN COPYRIGHT BLOCK ###
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; version 2 of the License.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License along
+  with this program; if not, write to the Free Software Foundation, Inc.,
+  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+  Copyright (C) 2007 Red Hat, Inc.
+  All rights reserved.
+     ### END COPYRIGHT BLOCK ### -->
+<project name="product.xml" default="main" basedir=".">
+
+    <!-- Set up properties based upon the user's default Ant configuration -->
+    <property file=".ant.properties"/>
+    <property file="${user.home}/.ant.properties"/>
+    <property environment="env"/>
+
+
+    <!-- Check for required properties passed-in via the build scripts -->
+    <fail message="The '-Dspecfile=SPECFILE' property MUST always be specified!"
+          unless="specfile"/>
+
+
+    <!-- Set up optional properties passed-in via the build scripts -->
+    <property name="basedir" value=""/>
+    <property name="dirsec" value=""/>
+    <property name="target" value=""/>
+
+
+    <!-- Set up properties obtained from the spec file -->
+    <exec executable="perl"
+          failonerror="true"
+          outputproperty="Name">
+        <arg value="-ne"/>
+        <arg value="print $1 if /%define base_product\s+(.*)/"/>
+        <arg value="${specfile}"/>
+    </exec>
+
+    <exec executable="perl"
+          failonerror="true"
+          outputproperty="spec.product.ui.prefix">
+        <arg value="-ne"/>
+        <arg value="print $1 if /%define base_ui_prefix\s+(\S+)/"/>
+        <arg value="${specfile}"/>
+    </exec>
+
+    <exec executable="perl"
+          failonerror="true"
+          outputproperty="product.prefix">
+        <arg value="-ne"/>
+        <arg value="print $1 if /%define base_prefix\s+(\S+)/"/>
+        <arg value="${specfile}"/>
+    </exec>
+
+    <exec executable="perl"
+          failonerror="true"
+          outputproperty="product">
+        <arg value="-ne"/>
+        <arg value="print $1 if /%define base_component\s+(\S+)/"/>
+        <arg value="${specfile}"/>
+    </exec>
+
+    <!-- if "spec.product.ui.prefix" is "" or "linux",       -->
+    <!-- set "product.ui.prefix" to ""; otherwise            -->
+    <!-- set "product.ui.prefix" to "spec.product.ui.prefix" -->
+    <condition property="product.ui.prefix"
+               value=""
+               else="${spec.product.ui.prefix}">
+        <or>
+        <equals arg1="${spec.product.ui.prefix}"
+                arg2=""/>
+        <equals arg1="${spec.product.ui.prefix}"
+                arg2="linux"/>
+        </or>
+    </condition>
+
+    <!-- "product.name" is of the form "x-y-z" -->
+    <condition property="product.name"
+               value="${product.ui.prefix}-${product.prefix}-${product}">
+        <not>
+        <equals arg1="${product.ui.prefix}"
+                arg2=""/>
+        </not>
+    </condition>
+
+    <!-- "product.name" is of the form "x-y" -->
+    <condition property="product.name"
+               value="${product.prefix}-${product}">
+        <and>
+        <equals arg1="${product.ui.prefix}"
+                arg2=""/>
+        <not>
+        <equals arg1="${product.prefix}"
+                arg2=""/>
+        </not>
+        </and>
+    </condition>
+
+    <!-- "product.name" is of the form "x" -->
+    <condition property="product.name"
+               value="${product}">
+        <and>
+        <equals arg1="${product.ui.prefix}"
+                arg2=""/>
+        <equals arg1="${product.prefix}"
+                arg2=""/>
+        </and>
+    </condition>
+
+    <exec executable="perl"
+          failonerror="true"
+          outputproperty="version">
+        <arg value="-ne"/>
+        <arg value="print $1 if /%define base_version\s+(\S+)/"/>
+        <arg value="${specfile}"/>
+    </exec>
+
+
+    <!-- Set up architecture-dependent properties -->
+    <exec executable="uname"
+          failonerror="true"
+          outputproperty="arch">
+        <arg line="-i"/>
+    </exec> 
+
+    <!-- Set up architecture-independent properties -->
+    <property name="jar.home" value="/usr/share/java"/>
+    <property name="pki-jar.home" value="${jar.home}/${product.prefix}"/>
+    <property name="jni-jar.home" value="/usr/lib/java"/>
+
+    <!-- Set up properties that control various build options -->
+    <property name="debug" value="true"/>
+    <property name="chmod.fail" value="true"/>
+    <property name="chmod.maxparallel" value="250"/>
+    <property name="deprecation" value="false"/>
+    <property name="optimize" value="true"/>
+
+
+    <!-- Set up properties related to the source tree -->
+    <property name="docs.dir" value="docs"/>
+    <property name="lib.dir" value="lib"/>
+    <property name="src.dir" value="src"/>
+    <property name="test.dir" value="test"/>
+    <property name="etc.dir" value="${src.dir}/etc"/>
+    <property name="script.dir" value="${src.dir}/script"/>
+
+
+    <!-- Set up properties for the release area -->
+    <property name="release.root" value="."/>
+
+
+    <!-- Set up properties for the build area -->
+    <property name="build.dir" value="build"/>
+    <property name="bootstrap.dir" value="bootstrap"/>
+    <property name="build.jars" value="${build.dir}/jars"/>
+    <property name="build.classes" value="${build.dir}/classes"/>
+    <property name="build.lib" value="${build.dir}/lib"/>
+    <property name="build.javadocs" value="${build.dir}/javadocs"/>
+    <property name="build.tests" value="${build.dir}/testcases"/>
+    <property name="build.tests.javadocs" value="${build.dir}/javadocs.test/"/>
+    <property name="manifest.tmp" value="${build.dir}/optional.manifest"/>
+
+
+    <!-- Set up properties for the distribution area -->
+    <property name="dist.name" value="${product.name}-${version}"/>
+    <property name="dist.base" value="dist"/>
+    <property name="dist.base.source" value="${dist.base}/source"/>
+    <property name="dist.base.binaries" value="${dist.base}/binary"/>
+    <property name="dist.dir" value="dist"/>
+    <property name="dist.bin" value="${dist.dir}/bin"/>
+    <property name="dist.lib" value="${dist.dir}/lib"/>
+    <property name="dist.docs" value="${dist.dir}/docs"/>
+    <property name="dist.etc" value="${dist.dir}/etc"/>
+    <property name="src.dist.name" value="${product.name}-${version}"/>
+    <property name="src.dist.dir" value="dist-src"/>
+    <property name="src.dist.src" value="${src.dist.dir}/src"/>
+    <property name="src.dist.docs" value="${src.dist.dir}/docs"/>
+    <property name="src.dist.lib" value="${src.dist.dir}/lib"/>
+
+
+    <!-- Set up properties for log messages -->
+    <property name="begin.clean.log.message"
+              value="Removing '${product.name}' component directories ..."/>
+    <property name="empty.clean.log.message"
+              value="Nothing to do!"/>
+    <property name="end.clean.log.message"
+              value="Completed removing '${product.name}' component directories."/>
+    <property name="begin.download.log.message"
+              value="Downloading '${product.name}' dependent components ..."/>
+    <property name="empty.download.log.message"
+              value="Nothing to do!"/>
+    <property name="end.download.log.message"
+              value="Completed downloading '${product.name}' dependent components."/>
+    <property name="begin.compile.java.log.message"
+              value="Compiling '${product.name}' java code from '${src.dir}' into '${build.classes}' ..."/>
+    <property name="empty.compile.java.log.message"
+              value="Nothing to do!"/>
+    <property name="end.compile.java.log.message"
+              value="Completed compiling '${product.name}' java code from '${src.dir}' into '${build.classes}'."/>
+    <property name="begin.build.jars.log.message"
+              value="Generating '${product.name}' jar files ..."/>
+    <property name="empty.build.jars.log.message"
+              value="Nothing to do!"/>
+    <property name="end.build.jars.log.message"
+              value="Completed generating '${product.name}' jar files."/>
+    <property name="begin.build.jni.headers.log.message"
+              value="Generating '${product.name}' java header files ..."/>
+    <property name="empty.build.jni.headers.log.message"
+              value="Nothing to do!"/>
+    <property name="end.build.jni.headers.log.message"
+              value="Completed generating '${product.name}' java header files."/>
+    <property name="notify.build.log.message"
+              value="Built classes, jars, and jni headers for the '${product.name}' component."/>
+    <property name="begin.compile.junit.tests.log.message"
+              value="Compiling '${product.name}' junit tests from '${test.dir}' into '${build.tests}' ..."/>
+    <property name="empty.compile.junit.tests.log.message"
+              value="Nothing to do!"/>
+    <property name="end.compile.junit.tests.log.message"
+              value="Completed compiling '${product.name}' junit tests from '${test.dir}' into '${build.tests}'."/>
+    <property name="begin.run.junit.tests.log.message"
+              value="Executing '${product.name}' tests ..."/>
+    <property name="empty.run.junit.tests.log.message"
+              value="Nothing to do!"/>
+    <property name="end.run.junit.tests.log.message"
+              value="Completed executing '${product.name}' tests."/>
+    <property name="notify.verify.log.message"
+              value="Verified the '${product.name}' component."/>
+    <property name="begin.clean.javadocs.log.message"
+              value="Removing '${product.name}' javadocs directory ..."/>
+    <property name="empty.clean.javadocs.log.message"
+              value="Nothing to do!"/>
+    <property name="end.clean.javadocs.log.message"
+              value="Completed removing '${product.name}' javadocs directory."/>
+    <property name="begin.compose.javadocs.log.message"
+              value="Composing '${product.name}' javadocs ..."/>
+    <property name="empty.compose.javadocs.log.message"
+              value="Nothing to do!"/>
+    <property name="end.compose.javadocs.log.message"
+              value="Completed composing '${product.name}' javadocs."/>
+    <property name="notify.document.log.message"
+              value="Documented '${product.name}' javadocs."/>
+    <property name="begin.distribute.binaries.log.message"
+              value="Creating '${product.name}' binary distributions ..."/>
+    <property name="begin.binary.wrappers.log.message"
+              value="    Creating '${product.name}' binary wrappers ..."/>
+    <property name="empty.binary.wrappers.log.message"
+              value="    Nothing to do!"/>
+    <property name="end.binary.wrappers.log.message"
+              value="    Completed creating '${product.name}' binary wrappers."/>
+    <property name="begin.binary.zip.log.message"
+              value="    Creating '${product.name}' binary zip files ..."/>
+    <property name="empty.binary.zip.log.message"
+              value="    Nothing to do!"/>
+    <property name="end.binary.zip.log.message"
+              value="    Completed creating '${product.name}' binary zip files."/>
+    <property name="begin.binary.tar.log.message"
+              value="    Creating '${product.name}' binary tar files ..."/>
+    <property name="empty.binary.tar.log.message"
+              value="    Nothing to do!"/>
+    <property name="end.binary.tar.log.message"
+              value="    Completed creating '${product.name}' binary tar files."/>
+    <property name="begin.binary.gtar.log.message"
+              value="    Creating '${product.name}' binary gzip files ..."/>
+    <property name="empty.binary.gtar.log.message"
+              value="    Nothing to do!"/>
+    <property name="end.binary.gtar.log.message"
+              value="    Completed creating '${product.name}' binary gzip files."/>
+    <property name="end.distribute.binaries.log.message"
+              value="Completed creating '${product.name}' binary distributions."/>
+    <property name="begin.distribute.source.log.message"
+              value="Creating '${product.name}' source distributions ..."/>
+    <property name="begin.source.zip.log.message"
+              value="    Creating '${product.name}' source zip files ..."/>
+    <property name="empty.source.zip.log.message"
+              value="    Nothing to do!"/>
+    <property name="end.source.zip.log.message"
+              value="    Completed creating '${product.name}' source zip files."/>
+    <property name="begin.source.tar.log.message"
+              value="    Creating '${product.name}' source tar files ..."/>
+    <property name="empty.source.tar.log.message"
+              value="    Nothing to do!"/>
+    <property name="end.source.tar.log.message"
+              value="    Completed creating '${product.name}' source tar files."/>
+    <property name="begin.source.gtar.log.message"
+              value="    Creating '${product.name}' source gzip files ..."/>
+    <property name="empty.source.gtar.log.message"
+              value="    Nothing to do!"/>
+    <property name="end.source.gtar.log.message"
+              value="    Completed creating '${product.name}' source gzip files."/>
+    <property name="end.distribute.source.log.message"
+              value="Completed creating '${product.name}' source distributions."/>
+    <property name="notify.distribute.log.message"
+              value="Distributed '${product.name}' distribution packages."/>
+    <property name="notify.main.log.message"
+              value="Built, verified, documented, and distributed a fresh '${product.name}' component."/>
+
+</project>
+
diff --git a/pki/base/tps/config/release.xml b/pki/base/tps/config/release.xml
new file mode 100644
index 000000000..fc43aaeb7
--- /dev/null
+++ b/pki/base/tps/config/release.xml
@@ -0,0 +1,86 @@
+<!-- ### BEGIN COPYRIGHT BLOCK ###
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; version 2 of the License.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License along
+  with this program; if not, write to the Free Software Foundation, Inc.,
+  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+  Copyright (C) 2007 Red Hat, Inc.
+  All rights reserved.
+     ### END COPYRIGHT BLOCK ### -->
+<project name="release.xml" default="main" basedir="${basedir}">
+
+    <echo message="Importing shared properties ..."/>
+    <import file="product.xml"/>
+    <import file="product-ext.xml" optional="true"/>
+    <import file="release-ext.xml" optional="true"/>
+    <echo message="Completed importing shared properties."/>
+
+
+    <target name="local"
+            depends=""
+            description="--> Generate this target locally">
+        <echo message="Generating the '${product.name}' target locally ..."/>
+        <exec executable="ant" dir="${release.root}">
+            <arg value="-Dspecfile=${product.name}.spec"/>
+            <arg value="-Ddirsec=${dirsec}"/>
+            <arg value="${target}"/>
+        </exec>
+        <echo message="Completed generating the '${product.name}' target locally."/>
+    </target>
+
+
+    <target name="main"
+            depends=""
+            description="--> Generate component RPMS and SRPMS">
+        <echo message="Generating '${product.name}' RPMS and SRPMS ..."/>
+
+        <exec executable="pwd"
+              failonerror="true"
+              outputproperty="top.dir"/>
+        <echo message="Established the '${top.dir}' top-level directory."/>
+
+        <echo message="Creating the '${product.name}' source distribution ..."/>
+        <exec executable="ant"
+              dir="${release.root}">
+            <arg value="-Dspecfile=${product.name}.spec"/>
+            <arg value="-Ddirsec=${dirsec}"/>
+            <arg value="distribute_source"/>
+        </exec>
+        <echo message="Completed creating the '${product.name}' source distribution."/>
+
+        <echo message="Creating '${product.name}' RPM directories ..."/>
+        <mkdir dir="${release.root}/dist/rpmpkg"/>
+        <mkdir dir="${release.root}/dist/rpmpkg/SOURCES"/>
+        <mkdir dir="${release.root}/dist/rpmpkg/RPMS"/>
+        <mkdir dir="${release.root}/dist/rpmpkg/SRPMS"/>
+        <mkdir dir="${release.root}/dist/rpmpkg/SPECS"/>
+        <mkdir dir="${release.root}/dist/rpmpkg/BUILD"/>
+        <echo message="Completed creating '${product.name}' RPM directories."/>
+
+        <echo message="Building '${product.name}' RPMS and SRPMS ..."/>
+        <exec executable="rpmbuild"
+              dir="${release.root}">
+            <arg value="--define"/>
+            <arg value="_topdir ${top.dir}/${release.root}/dist/rpmpkg"/>
+            <arg value="-ta"/>
+            <arg value="${top.dir}/${release.root}/dist/source/${product.name}-${version}.tar.gz"/>
+        </exec>
+        <echo message="Completed building '${product.name}' RPMS and SRPMS."/>
+
+        <echo message="Removing various '${product.name}' RPM directories and files ..."/>
+        <delete dir="${release.root}/dist/rpmpkg/BUILD"/>
+        <echo message="Completed removing various '${product.name}' RPM directories and files."/>
+
+        <echo message="Completed generating '${product.name}' RPMS and SRPMS."/>
+    </target>
+
+</project>
+
diff --git a/pki/base/tps/configure b/pki/base/tps/configure
new file mode 100755
index 000000000..c9104ba67
--- /dev/null
+++ b/pki/base/tps/configure
@@ -0,0 +1,26728 @@
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.59 for pki-tps 8.0.0.
+#
+# Report bugs to <http://bugzilla.redhat.com/>.
+#
+# Copyright (C) 2003 Free Software Foundation, Inc.
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be Bourne compatible
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
+  set -o posix
+fi
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# Work around bugs in pre-3.0 UWIN ksh.
+$as_unset ENV MAIL MAILPATH
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+for as_var in \
+  LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
+  LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
+  LC_TELEPHONE LC_TIME
+do
+  if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
+    eval $as_var=C; export $as_var
+  else
+    $as_unset $as_var
+  fi
+done
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)$' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
+  	  /^X\/\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\/\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`
+
+
+# PATH needs CR, and LINENO needs CR and PATH.
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  echo "#! /bin/sh" >conf$$.sh
+  echo  "exit 0"   >>conf$$.sh
+  chmod +x conf$$.sh
+  if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+    PATH_SEPARATOR=';'
+  else
+    PATH_SEPARATOR=:
+  fi
+  rm -f conf$$.sh
+fi
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x$as_lineno_3"  = "x$as_lineno_2"  || {
+  # Find who we are.  Look in the path if we contain no path at all
+  # relative or not.
+  case $0 in
+    *[\\/]* ) as_myself=$0 ;;
+    *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+
+       ;;
+  esac
+  # We did not find ourselves, most probably we were run as `sh COMMAND'
+  # in which case we are not to be found in the path.
+  if test "x$as_myself" = x; then
+    as_myself=$0
+  fi
+  if test ! -f "$as_myself"; then
+    { echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2
+   { (exit 1); exit 1; }; }
+  fi
+  case $CONFIG_SHELL in
+  '')
+    as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for as_base in sh bash ksh sh5; do
+	 case $as_dir in
+	 /*)
+	   if ("$as_dir/$as_base" -c '
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x$as_lineno_3"  = "x$as_lineno_2" ') 2>/dev/null; then
+	     $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; }
+	     $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; }
+	     CONFIG_SHELL=$as_dir/$as_base
+	     export CONFIG_SHELL
+	     exec "$CONFIG_SHELL" "$0" ${1+"$@"}
+	   fi;;
+	 esac
+       done
+done
+;;
+  esac
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line before each line; the second 'sed' does the real
+  # work.  The second script uses 'N' to pair each line-number line
+  # with the numbered line, and appends trailing '-' during
+  # substitution so that $LINENO is not a special case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # second 'sed' script.  Blame Lee E. McMahon for sed's syntax.  :-)
+  sed '=' <$as_myself |
+    sed '
+      N
+      s,$,-,
+      : loop
+      s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
+      t loop
+      s,-$,,
+      s,^['$as_cr_digits']*\n,,
+    ' >$as_me.lineno &&
+  chmod +x $as_me.lineno ||
+    { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensible to this).
+  . ./$as_me.lineno
+  # Exit status is that of the last command.
+  exit
+}
+
+
+case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
+  *c*,-n*) ECHO_N= ECHO_C='
+' ECHO_T='	' ;;
+  *c*,*  ) ECHO_N=-n ECHO_C= ECHO_T= ;;
+  *)       ECHO_N= ECHO_C='\c' ECHO_T= ;;
+esac
+
+if expr a : '\(a\)' >/dev/null 2>&1; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+echo >conf$$.file
+if ln -s conf$$.file conf$$ 2>/dev/null; then
+  # We could just check for DJGPP; but this test a) works b) is more generic
+  # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
+  if test -f conf$$.exe; then
+    # Don't use ln at all; we don't have any links
+    as_ln_s='cp -p'
+  else
+    as_ln_s='ln -s'
+  fi
+elif ln conf$$.file conf$$ 2>/dev/null; then
+  as_ln_s=ln
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.file
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+as_executable_p="test -f"
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.
+as_nl='
+'
+IFS=" 	$as_nl"
+
+# CDPATH.
+$as_unset CDPATH
+
+
+
+# Check that we are running under the correct shell.
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+case X$ECHO in
+X*--fallback-echo)
+  # Remove one level of quotation (which was required for Make).
+  ECHO=`echo "$ECHO" | sed 's,\\\\\$\\$0,'$0','`
+  ;;
+esac
+
+echo=${ECHO-echo}
+if test "X$1" = X--no-reexec; then
+  # Discard the --no-reexec flag, and continue.
+  shift
+elif test "X$1" = X--fallback-echo; then
+  # Avoid inline document here, it may be left over
+  :
+elif test "X`($echo '\t') 2>/dev/null`" = 'X\t' ; then
+  # Yippee, $echo works!
+  :
+else
+  # Restart under the correct shell.
+  exec $SHELL "$0" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+  # used as fallback echo
+  shift
+  cat <<EOF
+$*
+EOF
+  exit 0
+fi
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test -z "$ECHO"; then
+if test "X${echo_test_string+set}" != Xset; then
+# find a string as large as possible, as long as the shell can cope with it
+  for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do
+    # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
+    if (echo_test_string=`eval $cmd`) 2>/dev/null &&
+       echo_test_string=`eval $cmd` &&
+       (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null
+    then
+      break
+    fi
+  done
+fi
+
+if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
+   echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
+   test "X$echo_testing_string" = "X$echo_test_string"; then
+  :
+else
+  # The Solaris, AIX, and Digital Unix default echo programs unquote
+  # backslashes.  This makes it impossible to quote backslashes using
+  #   echo "$something" | sed 's/\\/\\\\/g'
+  #
+  # So, first we look for a working echo in the user's PATH.
+
+  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+  for dir in $PATH /usr/ucb; do
+    IFS="$lt_save_ifs"
+    if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
+       test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
+       echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
+       test "X$echo_testing_string" = "X$echo_test_string"; then
+      echo="$dir/echo"
+      break
+    fi
+  done
+  IFS="$lt_save_ifs"
+
+  if test "X$echo" = Xecho; then
+    # We didn't find a better echo, so look for alternatives.
+    if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' &&
+       echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` &&
+       test "X$echo_testing_string" = "X$echo_test_string"; then
+      # This shell has a builtin print -r that does the trick.
+      echo='print -r'
+    elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) &&
+	 test "X$CONFIG_SHELL" != X/bin/ksh; then
+      # If we have ksh, try running configure again with it.
+      ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
+      export ORIGINAL_CONFIG_SHELL
+      CONFIG_SHELL=/bin/ksh
+      export CONFIG_SHELL
+      exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"}
+    else
+      # Try using printf.
+      echo='printf %s\n'
+      if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
+	 echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
+	 test "X$echo_testing_string" = "X$echo_test_string"; then
+	# Cool, printf works
+	:
+      elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+	   test "X$echo_testing_string" = 'X\t' &&
+	   echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+	   test "X$echo_testing_string" = "X$echo_test_string"; then
+	CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
+	export CONFIG_SHELL
+	SHELL="$CONFIG_SHELL"
+	export SHELL
+	echo="$CONFIG_SHELL $0 --fallback-echo"
+      elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+	   test "X$echo_testing_string" = 'X\t' &&
+	   echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+	   test "X$echo_testing_string" = "X$echo_test_string"; then
+	echo="$CONFIG_SHELL $0 --fallback-echo"
+      else
+	# maybe with a smaller string...
+	prev=:
+
+	for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do
+	  if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null
+	  then
+	    break
+	  fi
+	  prev="$cmd"
+	done
+
+	if test "$prev" != 'sed 50q "$0"'; then
+	  echo_test_string=`eval $prev`
+	  export echo_test_string
+	  exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"}
+	else
+	  # Oops.  We lost completely, so just stick with echo.
+	  echo=echo
+	fi
+      fi
+    fi
+  fi
+fi
+fi
+
+# Copy echo and quote the copy suitably for passing to libtool from
+# the Makefile, instead of quoting the original, which is used later.
+ECHO=$echo
+if test "X$ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then
+   ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo"
+fi
+
+
+
+
+tagnames=${tagnames+${tagnames},}CXX
+
+tagnames=${tagnames+${tagnames},}F77
+
+# Name of the host.
+# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+exec 6>&1
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_config_libobj_dir=.
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+# Maximum number of lines to put in a shell here document.
+# This variable seems obsolete.  It should probably be removed, and
+# only ac_max_sed_lines should be used.
+: ${ac_max_here_lines=38}
+
+# Identity of this package.
+PACKAGE_NAME='pki-tps'
+PACKAGE_TARNAME='pki-tps'
+PACKAGE_VERSION='8.0.0'
+PACKAGE_STRING='pki-tps 8.0.0'
+PACKAGE_BUGREPORT='http://bugzilla.redhat.com/'
+
+# Factoring default headers for most tests.
+ac_includes_default="\
+#include <stdio.h>
+#if HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#if HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#if STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# if HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif
+#if HAVE_STRING_H
+# if !STDC_HEADERS && HAVE_MEMORY_H
+#  include <memory.h>
+# endif
+# include <string.h>
+#endif
+#if HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#if HAVE_INTTYPES_H
+# include <inttypes.h>
+#else
+# if HAVE_STDINT_H
+#  include <stdint.h>
+# endif
+#endif
+#if HAVE_UNISTD_H
+# include <unistd.h>
+#endif"
+
+ac_default_prefix=/opt/tps
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar MAINTAINER_MODE_TRUE MAINTAINER_MODE_FALSE MAINT build build_cpu build_vendor build_os host host_cpu host_vendor host_os CXX CXXFLAGS LDFLAGS CPPFLAGS ac_ct_CXX EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CXXDEPMODE am__fastdepCXX_TRUE am__fastdepCXX_FALSE CC CFLAGS ac_ct_CC CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO AR ac_ct_AR RANLIB ac_ct_RANLIB CPP CXXCPP F77 FFLAGS ac_ct_F77 LIBTOOL LIBOBJS debug_defs aliasdir apache_modulesdir appletsdir cgibin_demodir cgibin_homedir cgibin_sodir cgibin_sowdir confdir docrootdir docroot_demodir docroot_homedir docroot_sodir docroot_sowdir docroot_sow_cssdir docroot_sow_imagesdir docroot_sow_jsdir docroot_tokendbdir docroot_tps_configdir docroot_tps_cssdir docroot_tps_imgdir docroot_tps_jsdir initddir licensedir logsdir perl_modulesdir perl_templatesdir samplesdir scriptsdir setupdir templatesdir WINNT_TRUE WINNT_FALSE LIBSOCKET LIBNSL LIBDL LIBCSTD LIBCRUN LINUX_TRUE LINUX_FALSE HPUX_TRUE HPUX_FALSE SOLARIS_TRUE SOLARIS_FALSE PKG_CONFIG nspr_inc nspr_lib nspr_libdir nss_inc nss_lib nss_libdir ldapsdk_inc ldapsdk_lib ldapsdk_libdir ldapsdk_bindir sasl_inc sasl_lib sasl_libdir svrcore_inc svrcore_lib APRDIR apr_inc apr_lib apr_lib_version apr_libutil_version apr_libdir apr_bindir apache_inc apache_lib apache_libdir db_lib db_libdir apache_bindir LTLIBOBJS'
+ac_subst_files=''
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datadir='${prefix}/share'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+libdir='${exec_prefix}/lib'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+infodir='${prefix}/info'
+mandir='${prefix}/man'
+
+ac_prev=
+for ac_option
+do
+  # If the previous option needs an argument, assign it.
+  if test -n "$ac_prev"; then
+    eval "$ac_prev=\$ac_option"
+    ac_prev=
+    continue
+  fi
+
+  ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'`
+
+  # Accept the important Cygnus configure options, so we can diagnose typos.
+
+  case $ac_option in
+
+  -bindir | --bindir | --bindi | --bind | --bin | --bi)
+    ac_prev=bindir ;;
+  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+    bindir=$ac_optarg ;;
+
+  -build | --build | --buil | --bui | --bu)
+    ac_prev=build_alias ;;
+  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+    build_alias=$ac_optarg ;;
+
+  -cache-file | --cache-file | --cache-fil | --cache-fi \
+  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+    ac_prev=cache_file ;;
+  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+    cache_file=$ac_optarg ;;
+
+  --config-cache | -C)
+    cache_file=config.cache ;;
+
+  -datadir | --datadir | --datadi | --datad | --data | --dat | --da)
+    ac_prev=datadir ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \
+  | --da=*)
+    datadir=$ac_optarg ;;
+
+  -disable-* | --disable-*)
+    ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+      { echo "$as_me: error: invalid feature name: $ac_feature" >&2
+   { (exit 1); exit 1; }; }
+    ac_feature=`echo $ac_feature | sed 's/-/_/g'`
+    eval "enable_$ac_feature=no" ;;
+
+  -enable-* | --enable-*)
+    ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+      { echo "$as_me: error: invalid feature name: $ac_feature" >&2
+   { (exit 1); exit 1; }; }
+    ac_feature=`echo $ac_feature | sed 's/-/_/g'`
+    case $ac_option in
+      *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
+      *) ac_optarg=yes ;;
+    esac
+    eval "enable_$ac_feature='$ac_optarg'" ;;
+
+  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+  | --exec | --exe | --ex)
+    ac_prev=exec_prefix ;;
+  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+  | --exec=* | --exe=* | --ex=*)
+    exec_prefix=$ac_optarg ;;
+
+  -gas | --gas | --ga | --g)
+    # Obsolete; use --with-gas.
+    with_gas=yes ;;
+
+  -help | --help | --hel | --he | -h)
+    ac_init_help=long ;;
+  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+    ac_init_help=recursive ;;
+  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+    ac_init_help=short ;;
+
+  -host | --host | --hos | --ho)
+    ac_prev=host_alias ;;
+  -host=* | --host=* | --hos=* | --ho=*)
+    host_alias=$ac_optarg ;;
+
+  -includedir | --includedir | --includedi | --included | --include \
+  | --includ | --inclu | --incl | --inc)
+    ac_prev=includedir ;;
+  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+  | --includ=* | --inclu=* | --incl=* | --inc=*)
+    includedir=$ac_optarg ;;
+
+  -infodir | --infodir | --infodi | --infod | --info | --inf)
+    ac_prev=infodir ;;
+  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+    infodir=$ac_optarg ;;
+
+  -libdir | --libdir | --libdi | --libd)
+    ac_prev=libdir ;;
+  -libdir=* | --libdir=* | --libdi=* | --libd=*)
+    libdir=$ac_optarg ;;
+
+  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+  | --libexe | --libex | --libe)
+    ac_prev=libexecdir ;;
+  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+  | --libexe=* | --libex=* | --libe=*)
+    libexecdir=$ac_optarg ;;
+
+  -localstatedir | --localstatedir | --localstatedi | --localstated \
+  | --localstate | --localstat | --localsta | --localst \
+  | --locals | --local | --loca | --loc | --lo)
+    ac_prev=localstatedir ;;
+  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* \
+  | --locals=* | --local=* | --loca=* | --loc=* | --lo=*)
+    localstatedir=$ac_optarg ;;
+
+  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+    ac_prev=mandir ;;
+  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+    mandir=$ac_optarg ;;
+
+  -nfp | --nfp | --nf)
+    # Obsolete; use --without-fp.
+    with_fp=no ;;
+
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c | -n)
+    no_create=yes ;;
+
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+    no_recursion=yes ;;
+
+  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+  | --oldin | --oldi | --old | --ol | --o)
+    ac_prev=oldincludedir ;;
+  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+    oldincludedir=$ac_optarg ;;
+
+  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+    ac_prev=prefix ;;
+  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+    prefix=$ac_optarg ;;
+
+  -program-prefix | --program-prefix | --program-prefi | --program-pref \
+  | --program-pre | --program-pr | --program-p)
+    ac_prev=program_prefix ;;
+  -program-prefix=* | --program-prefix=* | --program-prefi=* \
+  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+    program_prefix=$ac_optarg ;;
+
+  -program-suffix | --program-suffix | --program-suffi | --program-suff \
+  | --program-suf | --program-su | --program-s)
+    ac_prev=program_suffix ;;
+  -program-suffix=* | --program-suffix=* | --program-suffi=* \
+  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+    program_suffix=$ac_optarg ;;
+
+  -program-transform-name | --program-transform-name \
+  | --program-transform-nam | --program-transform-na \
+  | --program-transform-n | --program-transform- \
+  | --program-transform | --program-transfor \
+  | --program-transfo | --program-transf \
+  | --program-trans | --program-tran \
+  | --progr-tra | --program-tr | --program-t)
+    ac_prev=program_transform_name ;;
+  -program-transform-name=* | --program-transform-name=* \
+  | --program-transform-nam=* | --program-transform-na=* \
+  | --program-transform-n=* | --program-transform-=* \
+  | --program-transform=* | --program-transfor=* \
+  | --program-transfo=* | --program-transf=* \
+  | --program-trans=* | --program-tran=* \
+  | --progr-tra=* | --program-tr=* | --program-t=*)
+    program_transform_name=$ac_optarg ;;
+
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil)
+    silent=yes ;;
+
+  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+    ac_prev=sbindir ;;
+  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+  | --sbi=* | --sb=*)
+    sbindir=$ac_optarg ;;
+
+  -sharedstatedir | --sharedstatedir | --sharedstatedi \
+  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+  | --sharedst | --shareds | --shared | --share | --shar \
+  | --sha | --sh)
+    ac_prev=sharedstatedir ;;
+  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+  | --sha=* | --sh=*)
+    sharedstatedir=$ac_optarg ;;
+
+  -site | --site | --sit)
+    ac_prev=site ;;
+  -site=* | --site=* | --sit=*)
+    site=$ac_optarg ;;
+
+  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+    ac_prev=srcdir ;;
+  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+    srcdir=$ac_optarg ;;
+
+  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+  | --syscon | --sysco | --sysc | --sys | --sy)
+    ac_prev=sysconfdir ;;
+  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+    sysconfdir=$ac_optarg ;;
+
+  -target | --target | --targe | --targ | --tar | --ta | --t)
+    ac_prev=target_alias ;;
+  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+    target_alias=$ac_optarg ;;
+
+  -v | -verbose | --verbose | --verbos | --verbo | --verb)
+    verbose=yes ;;
+
+  -version | --version | --versio | --versi | --vers | -V)
+    ac_init_version=: ;;
+
+  -with-* | --with-*)
+    ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+      { echo "$as_me: error: invalid package name: $ac_package" >&2
+   { (exit 1); exit 1; }; }
+    ac_package=`echo $ac_package| sed 's/-/_/g'`
+    case $ac_option in
+      *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
+      *) ac_optarg=yes ;;
+    esac
+    eval "with_$ac_package='$ac_optarg'" ;;
+
+  -without-* | --without-*)
+    ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+      { echo "$as_me: error: invalid package name: $ac_package" >&2
+   { (exit 1); exit 1; }; }
+    ac_package=`echo $ac_package | sed 's/-/_/g'`
+    eval "with_$ac_package=no" ;;
+
+  --x)
+    # Obsolete; use --with-x.
+    with_x=yes ;;
+
+  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+  | --x-incl | --x-inc | --x-in | --x-i)
+    ac_prev=x_includes ;;
+  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+    x_includes=$ac_optarg ;;
+
+  -x-libraries | --x-libraries | --x-librarie | --x-librari \
+  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+    ac_prev=x_libraries ;;
+  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+    x_libraries=$ac_optarg ;;
+
+  -*) { echo "$as_me: error: unrecognized option: $ac_option
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; }
+    ;;
+
+  *=*)
+    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
+      { echo "$as_me: error: invalid variable name: $ac_envvar" >&2
+   { (exit 1); exit 1; }; }
+    ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`
+    eval "$ac_envvar='$ac_optarg'"
+    export $ac_envvar ;;
+
+  *)
+    # FIXME: should be removed in autoconf 3.0.
+    echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+    : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+    ;;
+
+  esac
+done
+
+if test -n "$ac_prev"; then
+  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+  { echo "$as_me: error: missing argument to $ac_option" >&2
+   { (exit 1); exit 1; }; }
+fi
+
+# Be sure to have absolute paths.
+for ac_var in exec_prefix prefix
+do
+  eval ac_val=$`echo $ac_var`
+  case $ac_val in
+    [\\/$]* | ?:[\\/]* | NONE | '' ) ;;
+    *)  { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
+   { (exit 1); exit 1; }; };;
+  esac
+done
+
+# Be sure to have absolute paths.
+for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \
+	      localstatedir libdir includedir oldincludedir infodir mandir
+do
+  eval ac_val=$`echo $ac_var`
+  case $ac_val in
+    [\\/$]* | ?:[\\/]* ) ;;
+    *)  { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
+   { (exit 1); exit 1; }; };;
+  esac
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+  if test "x$build_alias" = x; then
+    cross_compiling=maybe
+    echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
+    If a cross compiler is detected then cross compile mode will be used." >&2
+  elif test "x$build_alias" != "x$host_alias"; then
+    cross_compiling=yes
+  fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+  ac_srcdir_defaulted=yes
+  # Try the directory containing this script, then its parent.
+  ac_confdir=`(dirname "$0") 2>/dev/null ||
+$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$0" : 'X\(//\)[^/]' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X"$0" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+  	  /^X\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`
+  srcdir=$ac_confdir
+  if test ! -r $srcdir/$ac_unique_file; then
+    srcdir=..
+  fi
+else
+  ac_srcdir_defaulted=no
+fi
+if test ! -r $srcdir/$ac_unique_file; then
+  if test "$ac_srcdir_defaulted" = yes; then
+    { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2
+   { (exit 1); exit 1; }; }
+  else
+    { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
+   { (exit 1); exit 1; }; }
+  fi
+fi
+(cd $srcdir && test -r ./$ac_unique_file) 2>/dev/null ||
+  { echo "$as_me: error: sources are in $srcdir, but \`cd $srcdir' does not work" >&2
+   { (exit 1); exit 1; }; }
+srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'`
+ac_env_build_alias_set=${build_alias+set}
+ac_env_build_alias_value=$build_alias
+ac_cv_env_build_alias_set=${build_alias+set}
+ac_cv_env_build_alias_value=$build_alias
+ac_env_host_alias_set=${host_alias+set}
+ac_env_host_alias_value=$host_alias
+ac_cv_env_host_alias_set=${host_alias+set}
+ac_cv_env_host_alias_value=$host_alias
+ac_env_target_alias_set=${target_alias+set}
+ac_env_target_alias_value=$target_alias
+ac_cv_env_target_alias_set=${target_alias+set}
+ac_cv_env_target_alias_value=$target_alias
+ac_env_CXX_set=${CXX+set}
+ac_env_CXX_value=$CXX
+ac_cv_env_CXX_set=${CXX+set}
+ac_cv_env_CXX_value=$CXX
+ac_env_CXXFLAGS_set=${CXXFLAGS+set}
+ac_env_CXXFLAGS_value=$CXXFLAGS
+ac_cv_env_CXXFLAGS_set=${CXXFLAGS+set}
+ac_cv_env_CXXFLAGS_value=$CXXFLAGS
+ac_env_LDFLAGS_set=${LDFLAGS+set}
+ac_env_LDFLAGS_value=$LDFLAGS
+ac_cv_env_LDFLAGS_set=${LDFLAGS+set}
+ac_cv_env_LDFLAGS_value=$LDFLAGS
+ac_env_CPPFLAGS_set=${CPPFLAGS+set}
+ac_env_CPPFLAGS_value=$CPPFLAGS
+ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set}
+ac_cv_env_CPPFLAGS_value=$CPPFLAGS
+ac_env_CC_set=${CC+set}
+ac_env_CC_value=$CC
+ac_cv_env_CC_set=${CC+set}
+ac_cv_env_CC_value=$CC
+ac_env_CFLAGS_set=${CFLAGS+set}
+ac_env_CFLAGS_value=$CFLAGS
+ac_cv_env_CFLAGS_set=${CFLAGS+set}
+ac_cv_env_CFLAGS_value=$CFLAGS
+ac_env_CPP_set=${CPP+set}
+ac_env_CPP_value=$CPP
+ac_cv_env_CPP_set=${CPP+set}
+ac_cv_env_CPP_value=$CPP
+ac_env_CXXCPP_set=${CXXCPP+set}
+ac_env_CXXCPP_value=$CXXCPP
+ac_cv_env_CXXCPP_set=${CXXCPP+set}
+ac_cv_env_CXXCPP_value=$CXXCPP
+ac_env_F77_set=${F77+set}
+ac_env_F77_value=$F77
+ac_cv_env_F77_set=${F77+set}
+ac_cv_env_F77_value=$F77
+ac_env_FFLAGS_set=${FFLAGS+set}
+ac_env_FFLAGS_value=$FFLAGS
+ac_cv_env_FFLAGS_set=${FFLAGS+set}
+ac_cv_env_FFLAGS_value=$FFLAGS
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+  # Omit some internal or obsolete options to make the list less imposing.
+  # This message is too long to be a string in the A/UX 3.1 sh.
+  cat <<_ACEOF
+\`configure' configures pki-tps 8.0.0 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE.  See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+  -h, --help              display this help and exit
+      --help=short        display options specific to this package
+      --help=recursive    display the short help of all the included packages
+  -V, --version           display version information and exit
+  -q, --quiet, --silent   do not print \`checking...' messages
+      --cache-file=FILE   cache test results in FILE [disabled]
+  -C, --config-cache      alias for \`--cache-file=config.cache'
+  -n, --no-create         do not create output files
+      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
+
+_ACEOF
+
+  cat <<_ACEOF
+Installation directories:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+			  [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+			  [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+  --bindir=DIR           user executables [EPREFIX/bin]
+  --sbindir=DIR          system admin executables [EPREFIX/sbin]
+  --libexecdir=DIR       program executables [EPREFIX/libexec]
+  --datadir=DIR          read-only architecture-independent data [PREFIX/share]
+  --sysconfdir=DIR       read-only single-machine data [PREFIX/etc]
+  --sharedstatedir=DIR   modifiable architecture-independent data [PREFIX/com]
+  --localstatedir=DIR    modifiable single-machine data [PREFIX/var]
+  --libdir=DIR           object code libraries [EPREFIX/lib]
+  --includedir=DIR       C header files [PREFIX/include]
+  --oldincludedir=DIR    C header files for non-gcc [/usr/include]
+  --infodir=DIR          info documentation [PREFIX/info]
+  --mandir=DIR           man documentation [PREFIX/man]
+_ACEOF
+
+  cat <<\_ACEOF
+
+Program names:
+  --program-prefix=PREFIX            prepend PREFIX to installed program names
+  --program-suffix=SUFFIX            append SUFFIX to installed program names
+  --program-transform-name=PROGRAM   run sed PROGRAM on installed program names
+
+System types:
+  --build=BUILD     configure for building on BUILD [guessed]
+  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+  case $ac_init_help in
+     short | recursive ) echo "Configuration of pki-tps 8.0.0:";;
+   esac
+  cat <<\_ACEOF
+
+Optional Features:
+  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
+  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --enable-maintainer-mode  enable make rules and dependencies not useful
+			  (and sometimes confusing) to the casual installer
+  --disable-dependency-tracking  speeds up one-time build
+  --enable-dependency-tracking   do not reject slow dependency extractors
+  --enable-static[=PKGS]
+                          build static libraries [default=no]
+  --enable-shared[=PKGS]
+                          build shared libraries [default=yes]
+  --enable-fast-install[=PKGS]
+                          optimize for fast installation [default=yes]
+  --disable-libtool-lock  avoid locking (might break parallel builds)
+  --enable-64bit         Enable 64-bit features
+  --enable-debug         Enable debug features
+
+Optional Packages:
+  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
+  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
+  --with-gnu-ld           assume the C compiler uses GNU ld [default=no]
+  --with-pic              try to use only PIC/non-PIC objects [default=use
+                          both]
+  --with-tags[=TAGS]
+                          include additional configurations [automatic]
+  --with-nspr=PATH        Netscape Portable Runtime (NSPR) directory
+  --with-nspr-inc=PATH        Netscape Portable Runtime (NSPR) include file directory
+  --with-nspr-lib=PATH        Netscape Portable Runtime (NSPR) library directory
+  --with-nss=PATH         Network Security Services (NSS) directory
+  --with-nss-inc=PATH         Network Security Services (NSS) include directory
+  --with-nss-lib=PATH         Network Security Services (NSS) library directory
+  --with-ldapsdk=PATH     Mozilla LDAP SDK directory
+  --with-ldapsdk-inc=PATH     Mozilla LDAP SDK include directory
+  --with-ldapsdk-lib=PATH     Mozilla LDAP SDK library directory
+  --with-sasl=PATH   Use sasl from supplied path
+  --with-sasl-inc=PATH   SASL include file directory
+  --with-sasl-lib=PATH   SASL library directory
+  --with-svrcore[=PATH]   Use system installed svrcore - optional path for svrcore
+  --with-svrcore-inc=PATH   SVRCORE include file directory
+  --with-svrcore-lib=PATH   SVRCORE library directory
+  --with-apr=PATH        Apr directory
+  --with-apr-inc=PATH        Apr include file directory
+  --with-apr-lib=PATH        Apr library directory
+  --with-apr-bin=PATH        Apr executables directory
+  --with-apache=PATH        Apache directory
+  --with-apache-inc=PATH        Apache include file directory
+  --with-apache-lib=PATH        Apache library directory
+  --with-apache-bin=PATH        Apache executables directory
+
+Some influential environment variables:
+  CXX         C++ compiler command
+  CXXFLAGS    C++ compiler flags
+  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
+              nonstandard directory <lib dir>
+  CPPFLAGS    C/C++ preprocessor flags, e.g. -I<include dir> if you have
+              headers in a nonstandard directory <include dir>
+  CC          C compiler command
+  CFLAGS      C compiler flags
+  CPP         C preprocessor
+  CXXCPP      C++ preprocessor
+  F77         Fortran 77 compiler command
+  FFLAGS      Fortran 77 compiler flags
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+Report bugs to <http://bugzilla.redhat.com/>.
+_ACEOF
+fi
+
+if test "$ac_init_help" = "recursive"; then
+  # If there are subdirs, report their specific --help.
+  ac_popdir=`pwd`
+  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+    test -d $ac_dir || continue
+    ac_builddir=.
+
+if test "$ac_dir" != .; then
+  ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
+  # A "../" for each directory in $ac_dir_suffix.
+  ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
+else
+  ac_dir_suffix= ac_top_builddir=
+fi
+
+case $srcdir in
+  .)  # No --srcdir option.  We are building in place.
+    ac_srcdir=.
+    if test -z "$ac_top_builddir"; then
+       ac_top_srcdir=.
+    else
+       ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
+    fi ;;
+  [\\/]* | ?:[\\/]* )  # Absolute path.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir ;;
+  *) # Relative path.
+    ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_builddir$srcdir ;;
+esac
+
+# Do not use `cd foo && pwd` to compute absolute paths, because
+# the directories may not exist.
+case `pwd` in
+.) ac_abs_builddir="$ac_dir";;
+*)
+  case "$ac_dir" in
+  .) ac_abs_builddir=`pwd`;;
+  [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
+  *) ac_abs_builddir=`pwd`/"$ac_dir";;
+  esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_builddir=${ac_top_builddir}.;;
+*)
+  case ${ac_top_builddir}. in
+  .) ac_abs_top_builddir=$ac_abs_builddir;;
+  [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
+  *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
+  esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_srcdir=$ac_srcdir;;
+*)
+  case $ac_srcdir in
+  .) ac_abs_srcdir=$ac_abs_builddir;;
+  [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
+  *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
+  esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_srcdir=$ac_top_srcdir;;
+*)
+  case $ac_top_srcdir in
+  .) ac_abs_top_srcdir=$ac_abs_builddir;;
+  [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
+  *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
+  esac;;
+esac
+
+    cd $ac_dir
+    # Check for guested configure; otherwise get Cygnus style configure.
+    if test -f $ac_srcdir/configure.gnu; then
+      echo
+      $SHELL $ac_srcdir/configure.gnu  --help=recursive
+    elif test -f $ac_srcdir/configure; then
+      echo
+      $SHELL $ac_srcdir/configure  --help=recursive
+    elif test -f $ac_srcdir/configure.ac ||
+	   test -f $ac_srcdir/configure.in; then
+      echo
+      $ac_configure --help
+    else
+      echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+    fi
+    cd $ac_popdir
+  done
+fi
+
+test -n "$ac_init_help" && exit 0
+if $ac_init_version; then
+  cat <<\_ACEOF
+pki-tps configure 8.0.0
+generated by GNU Autoconf 2.59
+
+Copyright (C) 2003 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+  exit 0
+fi
+exec 5>config.log
+cat >&5 <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by pki-tps $as_me 8.0.0, which was
+generated by GNU Autoconf 2.59.  Invocation command line was
+
+  $ $0 $@
+
+_ACEOF
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
+
+/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+hostinfo               = `(hostinfo) 2>/dev/null               || echo unknown`
+/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
+/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  echo "PATH: $as_dir"
+done
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_sep=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+  for ac_arg
+  do
+    case $ac_arg in
+    -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+    -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+    | -silent | --silent | --silen | --sile | --sil)
+      continue ;;
+    *" "*|*"	"*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
+      ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    case $ac_pass in
+    1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;;
+    2)
+      ac_configure_args1="$ac_configure_args1 '$ac_arg'"
+      if test $ac_must_keep_next = true; then
+	ac_must_keep_next=false # Got value, back to normal.
+      else
+	case $ac_arg in
+	  *=* | --config-cache | -C | -disable-* | --disable-* \
+	  | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+	  | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+	  | -with-* | --with-* | -without-* | --without-* | --x)
+	    case "$ac_configure_args0 " in
+	      "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+	    esac
+	    ;;
+	  -* ) ac_must_keep_next=true ;;
+	esac
+      fi
+      ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'"
+      # Get rid of the leading space.
+      ac_sep=" "
+      ;;
+    esac
+  done
+done
+$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; }
+$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; }
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log.  We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Be sure not to use single quotes in there, as some shells,
+# such as our DU 5.0 friend, will then `close' the trap.
+trap 'exit_status=$?
+  # Save into config.log some information that might help in debugging.
+  {
+    echo
+
+    cat <<\_ASBOX
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+_ASBOX
+    echo
+    # The following way of writing the cache mishandles newlines in values,
+{
+  (set) 2>&1 |
+    case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in
+    *ac_space=\ *)
+      sed -n \
+	"s/'"'"'/'"'"'\\\\'"'"''"'"'/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p"
+      ;;
+    *)
+      sed -n \
+	"s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
+      ;;
+    esac;
+}
+    echo
+
+    cat <<\_ASBOX
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+_ASBOX
+    echo
+    for ac_var in $ac_subst_vars
+    do
+      eval ac_val=$`echo $ac_var`
+      echo "$ac_var='"'"'$ac_val'"'"'"
+    done | sort
+    echo
+
+    if test -n "$ac_subst_files"; then
+      cat <<\_ASBOX
+## ------------- ##
+## Output files. ##
+## ------------- ##
+_ASBOX
+      echo
+      for ac_var in $ac_subst_files
+      do
+	eval ac_val=$`echo $ac_var`
+	echo "$ac_var='"'"'$ac_val'"'"'"
+      done | sort
+      echo
+    fi
+
+    if test -s confdefs.h; then
+      cat <<\_ASBOX
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+_ASBOX
+      echo
+      sed "/^$/d" confdefs.h | sort
+      echo
+    fi
+    test "$ac_signal" != 0 &&
+      echo "$as_me: caught signal $ac_signal"
+    echo "$as_me: exit $exit_status"
+  } >&5
+  rm -f core *.core &&
+  rm -rf conftest* confdefs* conf$$* $ac_clean_files &&
+    exit $exit_status
+     ' 0
+for ac_signal in 1 2 13 15; do
+  trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -rf conftest* confdefs.h
+# AIX cpp loses on an empty file, so make sure it contains at least a newline.
+echo >confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer explicitly selected file to automatically selected ones.
+if test -z "$CONFIG_SITE"; then
+  if test "x$prefix" != xNONE; then
+    CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site"
+  else
+    CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
+  fi
+fi
+for ac_site_file in $CONFIG_SITE; do
+  if test -r "$ac_site_file"; then
+    { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
+echo "$as_me: loading site script $ac_site_file" >&6;}
+    sed 's/^/| /' "$ac_site_file" >&5
+    . "$ac_site_file"
+  fi
+done
+
+if test -r "$cache_file"; then
+  # Some versions of bash will fail to source /dev/null (special
+  # files actually), so we avoid doing that.
+  if test -f "$cache_file"; then
+    { echo "$as_me:$LINENO: loading cache $cache_file" >&5
+echo "$as_me: loading cache $cache_file" >&6;}
+    case $cache_file in
+      [\\/]* | ?:[\\/]* ) . $cache_file;;
+      *)                      . ./$cache_file;;
+    esac
+  fi
+else
+  { echo "$as_me:$LINENO: creating cache $cache_file" >&5
+echo "$as_me: creating cache $cache_file" >&6;}
+  >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in `(set) 2>&1 |
+	       sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do
+  eval ac_old_set=\$ac_cv_env_${ac_var}_set
+  eval ac_new_set=\$ac_env_${ac_var}_set
+  eval ac_old_val="\$ac_cv_env_${ac_var}_value"
+  eval ac_new_val="\$ac_env_${ac_var}_value"
+  case $ac_old_set,$ac_new_set in
+    set,)
+      { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,set)
+      { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
+echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,);;
+    *)
+      if test "x$ac_old_val" != "x$ac_new_val"; then
+	{ echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
+echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+	{ echo "$as_me:$LINENO:   former value:  $ac_old_val" >&5
+echo "$as_me:   former value:  $ac_old_val" >&2;}
+	{ echo "$as_me:$LINENO:   current value: $ac_new_val" >&5
+echo "$as_me:   current value: $ac_new_val" >&2;}
+	ac_cache_corrupted=:
+      fi;;
+  esac
+  # Pass precious variables to config.status.
+  if test "$ac_new_set" = set; then
+    case $ac_new_val in
+    *" "*|*"	"*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
+      ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+    *) ac_arg=$ac_var=$ac_new_val ;;
+    esac
+    case " $ac_configure_args " in
+      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
+      *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
+    esac
+  fi
+done
+if $ac_cache_corrupted; then
+  { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
+echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+  { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
+echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# AC_CONFIG_HEADER must be called right after AC_INIT.
+          ac_config_headers="$ac_config_headers config.h"
+
+am__api_version="1.9"
+ac_aux_dir=
+for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
+  if test -f $ac_dir/install-sh; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install-sh -c"
+    break
+  elif test -f $ac_dir/install.sh; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install.sh -c"
+    break
+  elif test -f $ac_dir/shtool; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/shtool install -c"
+    break
+  fi
+done
+if test -z "$ac_aux_dir"; then
+  { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5
+echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+ac_config_guess="$SHELL $ac_aux_dir/config.guess"
+ac_config_sub="$SHELL $ac_aux_dir/config.sub"
+ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure.
+
+# Find a good install program.  We prefer a C program (faster),
+# so one script is as good as another.  But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
+echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6
+if test -z "$INSTALL"; then
+if test "${ac_cv_path_install+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in
+  ./ | .// | /cC/* | \
+  /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+  ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \
+  /usr/ucb/* ) ;;
+  *)
+    # OSF1 and SCO ODT 3.0 have their own names for install.
+    # Don't use installbsd from OSF since it installs stuff as root
+    # by default.
+    for ac_prog in ginstall scoinst install; do
+      for ac_exec_ext in '' $ac_executable_extensions; do
+	if $as_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
+	  if test $ac_prog = install &&
+	    grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # AIX install.  It has an incompatible calling convention.
+	    :
+	  elif test $ac_prog = install &&
+	    grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # program-specific install script used by HP pwplus--don't use.
+	    :
+	  else
+	    ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+	    break 3
+	  fi
+	fi
+      done
+    done
+    ;;
+esac
+done
+
+
+fi
+  if test "${ac_cv_path_install+set}" = set; then
+    INSTALL=$ac_cv_path_install
+  else
+    # As a last resort, use the slow shell script.  We don't cache a
+    # path for INSTALL within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the path is relative.
+    INSTALL=$ac_install_sh
+  fi
+fi
+echo "$as_me:$LINENO: result: $INSTALL" >&5
+echo "${ECHO_T}$INSTALL" >&6
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+echo "$as_me:$LINENO: checking whether build environment is sane" >&5
+echo $ECHO_N "checking whether build environment is sane... $ECHO_C" >&6
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments.  Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+   set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null`
+   if test "$*" = "X"; then
+      # -L didn't work.
+      set X `ls -t $srcdir/configure conftest.file`
+   fi
+   rm -f conftest.file
+   if test "$*" != "X $srcdir/configure conftest.file" \
+      && test "$*" != "X conftest.file $srcdir/configure"; then
+
+      # If neither matched, then we have a broken ls.  This can happen
+      # if, for instance, CONFIG_SHELL is bash and it inherits a
+      # broken ls alias from the environment.  This has actually
+      # happened.  Such a system could not be considered "sane".
+      { { echo "$as_me:$LINENO: error: ls -t appears to fail.  Make sure there is not a broken
+alias in your environment" >&5
+echo "$as_me: error: ls -t appears to fail.  Make sure there is not a broken
+alias in your environment" >&2;}
+   { (exit 1); exit 1; }; }
+   fi
+
+   test "$2" = conftest.file
+   )
+then
+   # Ok.
+   :
+else
+   { { echo "$as_me:$LINENO: error: newly created file is older than distributed files!
+Check your system clock" >&5
+echo "$as_me: error: newly created file is older than distributed files!
+Check your system clock" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+test "$program_prefix" != NONE &&
+  program_transform_name="s,^,$program_prefix,;$program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+  program_transform_name="s,\$,$program_suffix,;$program_transform_name"
+# Double any \ or $.  echo might interpret backslashes.
+# By default was `s,x,x', remove it if useless.
+cat <<\_ACEOF >conftest.sed
+s/[\\$]/&&/g;s/;s,x,x,$//
+_ACEOF
+program_transform_name=`echo $program_transform_name | sed -f conftest.sed`
+rm conftest.sed
+
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+
+test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing"
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+  am_missing_run="$MISSING --run "
+else
+  am_missing_run=
+  { echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5
+echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
+fi
+
+if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then
+  # We used to keeping the `.' as first argument, in order to
+  # allow $(mkdir_p) to be used without argument.  As in
+  #   $(mkdir_p) $(somedir)
+  # where $(somedir) is conditionally defined.  However this is wrong
+  # for two reasons:
+  #  1. if the package is installed by a user who cannot write `.'
+  #     make install will fail,
+  #  2. the above comment should most certainly read
+  #     $(mkdir_p) $(DESTDIR)$(somedir)
+  #     so it does not work when $(somedir) is undefined and
+  #     $(DESTDIR) is not.
+  #  To support the latter case, we have to write
+  #     test -z "$(somedir)" || $(mkdir_p) $(DESTDIR)$(somedir),
+  #  so the `.' trick is pointless.
+  mkdir_p='mkdir -p --'
+else
+  # On NextStep and OpenStep, the `mkdir' command does not
+  # recognize any option.  It will interpret all options as
+  # directories to create, and then abort because `.' already
+  # exists.
+  for d in ./-p ./--version;
+  do
+    test -d $d && rmdir $d
+  done
+  # $(mkinstalldirs) is defined by Automake if mkinstalldirs exists.
+  if test -f "$ac_aux_dir/mkinstalldirs"; then
+    mkdir_p='$(mkinstalldirs)'
+  else
+    mkdir_p='$(install_sh) -d'
+  fi
+fi
+
+for ac_prog in gawk mawk nawk awk
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_AWK+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$AWK"; then
+  ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_AWK="$ac_prog"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+  echo "$as_me:$LINENO: result: $AWK" >&5
+echo "${ECHO_T}$AWK" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+  test -n "$AWK" && break
+done
+
+echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6
+set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y,:./+-,___p_,'`
+if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.make <<\_ACEOF
+all:
+	@echo 'ac_maketemp="$(MAKE)"'
+_ACEOF
+# GNU make sometimes prints "make[1]: Entering...", which would confuse us.
+eval `${MAKE-make} -f conftest.make 2>/dev/null | grep temp=`
+if test -n "$ac_maketemp"; then
+  eval ac_cv_prog_make_${ac_make}_set=yes
+else
+  eval ac_cv_prog_make_${ac_make}_set=no
+fi
+rm -f conftest.make
+fi
+if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then
+  echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+  SET_MAKE=
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+  SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+  am__leading_dot=.
+else
+  am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+
+# test to see if srcdir already configured
+if test "`cd $srcdir && pwd`" != "`pwd`" &&
+   test -f $srcdir/config.status; then
+  { { echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5
+echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+  if (cygpath --version) >/dev/null 2>/dev/null; then
+    CYGPATH_W='cygpath -w'
+  else
+    CYGPATH_W=echo
+  fi
+fi
+
+
+# Define the identity of the package.
+ PACKAGE='pki-tps'
+ VERSION='8.0.0'
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE "$PACKAGE"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define VERSION "$VERSION"
+_ACEOF
+
+# Some tools Automake needs.
+
+ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
+
+
+AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
+
+
+AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
+
+
+AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
+
+
+MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
+
+install_sh=${install_sh-"$am_aux_dir/install-sh"}
+
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'.  However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+if test "$cross_compiling" != no; then
+  if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_STRIP+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$STRIP"; then
+  ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+  echo "$as_me:$LINENO: result: $STRIP" >&5
+echo "${ECHO_T}$STRIP" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+  ac_ct_STRIP=$STRIP
+  # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$ac_ct_STRIP"; then
+  ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_STRIP="strip"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+  test -z "$ac_cv_prog_ac_ct_STRIP" && ac_cv_prog_ac_ct_STRIP=":"
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+  echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
+echo "${ECHO_T}$ac_ct_STRIP" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+  STRIP=$ac_ct_STRIP
+else
+  STRIP="$ac_cv_prog_STRIP"
+fi
+
+fi
+INSTALL_STRIP_PROGRAM="\${SHELL} \$(install_sh) -c -s"
+
+# We need awk for the "check" target.  The system "awk" is bad on
+# some platforms.
+# Always define AMTAR for backward compatibility.
+
+AMTAR=${AMTAR-"${am_missing_run}tar"}
+
+am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'
+
+
+
+
+
+echo "$as_me:$LINENO: checking whether to enable maintainer-specific portions of Makefiles" >&5
+echo $ECHO_N "checking whether to enable maintainer-specific portions of Makefiles... $ECHO_C" >&6
+    # Check whether --enable-maintainer-mode or --disable-maintainer-mode was given.
+if test "${enable_maintainer_mode+set}" = set; then
+  enableval="$enable_maintainer_mode"
+  USE_MAINTAINER_MODE=$enableval
+else
+  USE_MAINTAINER_MODE=no
+fi;
+  echo "$as_me:$LINENO: result: $USE_MAINTAINER_MODE" >&5
+echo "${ECHO_T}$USE_MAINTAINER_MODE" >&6
+
+
+if test $USE_MAINTAINER_MODE = yes; then
+  MAINTAINER_MODE_TRUE=
+  MAINTAINER_MODE_FALSE='#'
+else
+  MAINTAINER_MODE_TRUE='#'
+  MAINTAINER_MODE_FALSE=
+fi
+
+  MAINT=$MAINTAINER_MODE_TRUE
+
+
+# Make sure we can run config.sub.
+$ac_config_sub sun4 >/dev/null 2>&1 ||
+  { { echo "$as_me:$LINENO: error: cannot run $ac_config_sub" >&5
+echo "$as_me: error: cannot run $ac_config_sub" >&2;}
+   { (exit 1); exit 1; }; }
+
+echo "$as_me:$LINENO: checking build system type" >&5
+echo $ECHO_N "checking build system type... $ECHO_C" >&6
+if test "${ac_cv_build+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_cv_build_alias=$build_alias
+test -z "$ac_cv_build_alias" &&
+  ac_cv_build_alias=`$ac_config_guess`
+test -z "$ac_cv_build_alias" &&
+  { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
+echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
+   { (exit 1); exit 1; }; }
+ac_cv_build=`$ac_config_sub $ac_cv_build_alias` ||
+  { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_build_alias failed" >&5
+echo "$as_me: error: $ac_config_sub $ac_cv_build_alias failed" >&2;}
+   { (exit 1); exit 1; }; }
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_build" >&5
+echo "${ECHO_T}$ac_cv_build" >&6
+build=$ac_cv_build
+build_cpu=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
+build_vendor=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
+build_os=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+
+
+echo "$as_me:$LINENO: checking host system type" >&5
+echo $ECHO_N "checking host system type... $ECHO_C" >&6
+if test "${ac_cv_host+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_cv_host_alias=$host_alias
+test -z "$ac_cv_host_alias" &&
+  ac_cv_host_alias=$ac_cv_build_alias
+ac_cv_host=`$ac_config_sub $ac_cv_host_alias` ||
+  { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_host_alias failed" >&5
+echo "$as_me: error: $ac_config_sub $ac_cv_host_alias failed" >&2;}
+   { (exit 1); exit 1; }; }
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_host" >&5
+echo "${ECHO_T}$ac_cv_host" >&6
+host=$ac_cv_host
+host_cpu=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
+host_vendor=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
+host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+
+
+
+# Checks for programs.
+ac_ext=cc
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+  for ac_prog in $CCC g++ c++ gpp aCC CC cxx cc++ cl FCC KCC RCC xlC_r xlC
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CXX+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$CXX"; then
+  ac_cv_prog_CXX="$CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CXX="$ac_tool_prefix$ac_prog"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+CXX=$ac_cv_prog_CXX
+if test -n "$CXX"; then
+  echo "$as_me:$LINENO: result: $CXX" >&5
+echo "${ECHO_T}$CXX" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+    test -n "$CXX" && break
+  done
+fi
+if test -z "$CXX"; then
+  ac_ct_CXX=$CXX
+  for ac_prog in $CCC g++ c++ gpp aCC CC cxx cc++ cl FCC KCC RCC xlC_r xlC
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_CXX+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$ac_ct_CXX"; then
+  ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_CXX="$ac_prog"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+ac_ct_CXX=$ac_cv_prog_ac_ct_CXX
+if test -n "$ac_ct_CXX"; then
+  echo "$as_me:$LINENO: result: $ac_ct_CXX" >&5
+echo "${ECHO_T}$ac_ct_CXX" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+  test -n "$ac_ct_CXX" && break
+done
+test -n "$ac_ct_CXX" || ac_ct_CXX="g++"
+
+  CXX=$ac_ct_CXX
+fi
+
+
+# Provide some information about the compiler.
+echo "$as_me:$LINENO:" \
+     "checking for C++ compiler version" >&5
+ac_compiler=`set X $ac_compile; echo $2`
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
+  (eval $ac_compiler --version </dev/null >&5) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v </dev/null >&5\"") >&5
+  (eval $ac_compiler -v </dev/null >&5) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V </dev/null >&5\"") >&5
+  (eval $ac_compiler -V </dev/null >&5) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+echo "$as_me:$LINENO: checking for C++ compiler default output file name" >&5
+echo $ECHO_N "checking for C++ compiler default output file name... $ECHO_C" >&6
+ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+if { (eval echo "$as_me:$LINENO: \"$ac_link_default\"") >&5
+  (eval $ac_link_default) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  # Find the output, starting from the most likely.  This scheme is
+# not robust to junk in `.', hence go to wildcards (a.*) only as a last
+# resort.
+
+# Be careful to initialize this variable, since it used to be cached.
+# Otherwise an old cache value of `no' led to `EXEEXT = no' in a Makefile.
+ac_cv_exeext=
+# b.out is created by i960 compilers.
+for ac_file in a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out
+do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj )
+	;;
+    conftest.$ac_ext )
+	# This is the source file.
+	;;
+    [ab].out )
+	# We found the default executable, but exeext='' is most
+	# certainly right.
+	break;;
+    *.* )
+	ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	# FIXME: I believe we export ac_cv_exeext for Libtool,
+	# but it would be cool to find out if it's true.  Does anybody
+	# maintain Libtool? --akim.
+	export ac_cv_exeext
+	break;;
+    * )
+	break;;
+  esac
+done
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { echo "$as_me:$LINENO: error: C++ compiler cannot create executables
+See \`config.log' for more details." >&5
+echo "$as_me: error: C++ compiler cannot create executables
+See \`config.log' for more details." >&2;}
+   { (exit 77); exit 77; }; }
+fi
+
+ac_exeext=$ac_cv_exeext
+echo "$as_me:$LINENO: result: $ac_file" >&5
+echo "${ECHO_T}$ac_file" >&6
+
+# Check the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+echo "$as_me:$LINENO: checking whether the C++ compiler works" >&5
+echo $ECHO_N "checking whether the C++ compiler works... $ECHO_C" >&6
+# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
+# If not cross compiling, check that we can run a simple program.
+if test "$cross_compiling" != yes; then
+  if { ac_try='./$ac_file'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+    cross_compiling=no
+  else
+    if test "$cross_compiling" = maybe; then
+	cross_compiling=yes
+    else
+	{ { echo "$as_me:$LINENO: error: cannot run C++ compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot run C++ compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+  fi
+fi
+echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+
+rm -f a.out a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+# Check the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
+echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6
+echo "$as_me:$LINENO: result: $cross_compiling" >&5
+echo "${ECHO_T}$cross_compiling" >&6
+
+echo "$as_me:$LINENO: checking for suffix of executables" >&5
+echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) ;;
+    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	  export ac_cv_exeext
+	  break;;
+    * ) break;;
+  esac
+done
+else
+  { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+rm -f conftest$ac_cv_exeext
+echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
+echo "${ECHO_T}$ac_cv_exeext" >&6
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+echo "$as_me:$LINENO: checking for suffix of object files" >&5
+echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6
+if test "${ac_cv_objext+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg ) ;;
+    *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+       break;;
+  esac
+done
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
+echo "${ECHO_T}$ac_cv_objext" >&6
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+echo "$as_me:$LINENO: checking whether we are using the GNU C++ compiler" >&5
+echo $ECHO_N "checking whether we are using the GNU C++ compiler... $ECHO_C" >&6
+if test "${ac_cv_cxx_compiler_gnu+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_cxx_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_compiler_gnu=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_compiler_gnu=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_cxx_compiler_gnu=$ac_compiler_gnu
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_cxx_compiler_gnu" >&5
+echo "${ECHO_T}$ac_cv_cxx_compiler_gnu" >&6
+GXX=`test $ac_compiler_gnu = yes && echo yes`
+ac_test_CXXFLAGS=${CXXFLAGS+set}
+ac_save_CXXFLAGS=$CXXFLAGS
+CXXFLAGS="-g"
+echo "$as_me:$LINENO: checking whether $CXX accepts -g" >&5
+echo $ECHO_N "checking whether $CXX accepts -g... $ECHO_C" >&6
+if test "${ac_cv_prog_cxx_g+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_cxx_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_prog_cxx_g=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_prog_cxx_g=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_prog_cxx_g" >&5
+echo "${ECHO_T}$ac_cv_prog_cxx_g" >&6
+if test "$ac_test_CXXFLAGS" = set; then
+  CXXFLAGS=$ac_save_CXXFLAGS
+elif test $ac_cv_prog_cxx_g = yes; then
+  if test "$GXX" = yes; then
+    CXXFLAGS="-g -O2"
+  else
+    CXXFLAGS="-g"
+  fi
+else
+  if test "$GXX" = yes; then
+    CXXFLAGS="-O2"
+  else
+    CXXFLAGS=
+  fi
+fi
+for ac_declaration in \
+   '' \
+   'extern "C" void std::exit (int) throw (); using std::exit;' \
+   'extern "C" void std::exit (int); using std::exit;' \
+   'extern "C" void exit (int) throw ();' \
+   'extern "C" void exit (int);' \
+   'void exit (int);'
+do
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_declaration
+#include <stdlib.h>
+int
+main ()
+{
+exit (42);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_cxx_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  :
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+continue
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_declaration
+int
+main ()
+{
+exit (42);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_cxx_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  break
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+rm -f conftest*
+if test -n "$ac_declaration"; then
+  echo '#ifdef __cplusplus' >>confdefs.h
+  echo $ac_declaration      >>confdefs.h
+  echo '#endif'             >>confdefs.h
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+DEPDIR="${am__leading_dot}deps"
+
+          ac_config_commands="$ac_config_commands depfiles"
+
+
+am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+	@echo done
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+echo "$as_me:$LINENO: checking for style of include used by $am_make" >&5
+echo $ECHO_N "checking for style of include used by $am_make... $ECHO_C" >&6
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# We grep out `Entering directory' and `Leaving directory'
+# messages which can occur if `w' ends up in MAKEFLAGS.
+# In particular we don't look at `^make:' because GNU make might
+# be invoked under some other name (usually "gmake"), in which
+# case it prints its new name instead of `make'.
+if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then
+   am__include=include
+   am__quote=
+   _am_result=GNU
+fi
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+   echo '.include "confinc"' > confmf
+   if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then
+      am__include=.include
+      am__quote="\""
+      _am_result=BSD
+   fi
+fi
+
+
+echo "$as_me:$LINENO: result: $_am_result" >&5
+echo "${ECHO_T}$_am_result" >&6
+rm -f confinc confmf
+
+# Check whether --enable-dependency-tracking or --disable-dependency-tracking was given.
+if test "${enable_dependency_tracking+set}" = set; then
+  enableval="$enable_dependency_tracking"
+
+fi;
+if test "x$enable_dependency_tracking" != xno; then
+  am_depcomp="$ac_aux_dir/depcomp"
+  AMDEPBACKSLASH='\'
+fi
+
+
+if test "x$enable_dependency_tracking" != xno; then
+  AMDEP_TRUE=
+  AMDEP_FALSE='#'
+else
+  AMDEP_TRUE='#'
+  AMDEP_FALSE=
+fi
+
+
+
+
+depcc="$CXX"  am_compiler_list=
+
+echo "$as_me:$LINENO: checking dependency style of $depcc" >&5
+echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6
+if test "${am_cv_CXX_dependencies_compiler_type+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_CXX_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+  fi
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    case $depmode in
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    none) break ;;
+    esac
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.
+    if depmode=$depmode \
+       source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_CXX_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_CXX_dependencies_compiler_type=none
+fi
+
+fi
+echo "$as_me:$LINENO: result: $am_cv_CXX_dependencies_compiler_type" >&5
+echo "${ECHO_T}$am_cv_CXX_dependencies_compiler_type" >&6
+CXXDEPMODE=depmode=$am_cv_CXX_dependencies_compiler_type
+
+
+
+if
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_CXX_dependencies_compiler_type" = gcc3; then
+  am__fastdepCXX_TRUE=
+  am__fastdepCXX_FALSE='#'
+else
+  am__fastdepCXX_TRUE='#'
+  am__fastdepCXX_FALSE=
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CC="${ac_tool_prefix}gcc"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+  ac_ct_CC=$CC
+  # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_CC="gcc"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+  CC=$ac_ct_CC
+else
+  CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+  if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CC="${ac_tool_prefix}cc"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+  ac_ct_CC=$CC
+  # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_CC="cc"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+  CC=$ac_ct_CC
+else
+  CC="$ac_cv_prog_CC"
+fi
+
+fi
+if test -z "$CC"; then
+  # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+       ac_prog_rejected=yes
+       continue
+     fi
+    ac_cv_prog_CC="cc"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+if test $ac_prog_rejected = yes; then
+  # We found a bogon in the path, so make sure we never use it.
+  set dummy $ac_cv_prog_CC
+  shift
+  if test $# != 0; then
+    # We chose a different compiler from the bogus one.
+    # However, it has the same basename, so the bogon will be chosen
+    # first if we set CC to just the basename; use the full file name.
+    shift
+    ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+  fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$CC"; then
+  if test -n "$ac_tool_prefix"; then
+  for ac_prog in cl
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+    test -n "$CC" && break
+  done
+fi
+if test -z "$CC"; then
+  ac_ct_CC=$CC
+  for ac_prog in cl
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_CC="$ac_prog"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+  test -n "$ac_ct_CC" && break
+done
+
+  CC=$ac_ct_CC
+fi
+
+fi
+
+
+test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&5
+echo "$as_me: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }
+
+# Provide some information about the compiler.
+echo "$as_me:$LINENO:" \
+     "checking for C compiler version" >&5
+ac_compiler=`set X $ac_compile; echo $2`
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
+  (eval $ac_compiler --version </dev/null >&5) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v </dev/null >&5\"") >&5
+  (eval $ac_compiler -v </dev/null >&5) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V </dev/null >&5\"") >&5
+  (eval $ac_compiler -V </dev/null >&5) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+
+echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
+echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6
+if test "${ac_cv_c_compiler_gnu+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_compiler_gnu=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_compiler_gnu=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
+echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6
+GCC=`test $ac_compiler_gnu = yes && echo yes`
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+CFLAGS="-g"
+echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
+echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6
+if test "${ac_cv_prog_cc_g+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_prog_cc_g=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_prog_cc_g=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
+echo "${ECHO_T}$ac_cv_prog_cc_g" >&6
+if test "$ac_test_CFLAGS" = set; then
+  CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+  if test "$GCC" = yes; then
+    CFLAGS="-g -O2"
+  else
+    CFLAGS="-g"
+  fi
+else
+  if test "$GCC" = yes; then
+    CFLAGS="-O2"
+  else
+    CFLAGS=
+  fi
+fi
+echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5
+echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6
+if test "${ac_cv_prog_cc_stdc+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_cv_prog_cc_stdc=no
+ac_save_CC=$CC
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh.  */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+     char **p;
+     int i;
+{
+  return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+  char *s;
+  va_list v;
+  va_start (v,p);
+  s = g (p, va_arg (v,int));
+  va_end (v);
+  return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
+   function prototypes and stuff, but not '\xHH' hex character constants.
+   These don't provoke an error unfortunately, instead are silently treated
+   as 'x'.  The following induces an error, until -std1 is added to get
+   proper ANSI mode.  Curiously '\x00'!='x' always comes out true, for an
+   array size at least.  It's necessary to write '\x00'==0 to get something
+   that's true only with -std1.  */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0]  ||  f (e, argv, 1) != argv[1];
+  ;
+  return 0;
+}
+_ACEOF
+# Don't try gcc -ansi; that turns off useful extensions and
+# breaks some systems' header files.
+# AIX			-qlanglvl=ansi
+# Ultrix and OSF/1	-std1
+# HP-UX 10.20 and later	-Ae
+# HP-UX older versions	-Aa -D_HPUX_SOURCE
+# SVR4			-Xc -D__EXTENSIONS__
+for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+  CC="$ac_save_CC $ac_arg"
+  rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_prog_cc_stdc=$ac_arg
+break
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext
+done
+rm -f conftest.$ac_ext conftest.$ac_objext
+CC=$ac_save_CC
+
+fi
+
+case "x$ac_cv_prog_cc_stdc" in
+  x|xno)
+    echo "$as_me:$LINENO: result: none needed" >&5
+echo "${ECHO_T}none needed" >&6 ;;
+  *)
+    echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5
+echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6
+    CC="$CC $ac_cv_prog_cc_stdc" ;;
+esac
+
+# Some people use a C++ compiler to compile C.  Since we use `exit',
+# in C++ we need to declare it.  In case someone uses the same compiler
+# for both compiling C and C++ we need to have the C++ compiler decide
+# the declaration of exit, since it's the most demanding environment.
+cat >conftest.$ac_ext <<_ACEOF
+#ifndef __cplusplus
+  choke me
+#endif
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  for ac_declaration in \
+   '' \
+   'extern "C" void std::exit (int) throw (); using std::exit;' \
+   'extern "C" void std::exit (int); using std::exit;' \
+   'extern "C" void exit (int) throw ();' \
+   'extern "C" void exit (int);' \
+   'void exit (int);'
+do
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_declaration
+#include <stdlib.h>
+int
+main ()
+{
+exit (42);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  :
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+continue
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_declaration
+int
+main ()
+{
+exit (42);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  break
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+rm -f conftest*
+if test -n "$ac_declaration"; then
+  echo '#ifdef __cplusplus' >>confdefs.h
+  echo $ac_declaration      >>confdefs.h
+  echo '#endif'             >>confdefs.h
+fi
+
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+depcc="$CC"   am_compiler_list=
+
+echo "$as_me:$LINENO: checking dependency style of $depcc" >&5
+echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6
+if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_CC_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+  fi
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    case $depmode in
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    none) break ;;
+    esac
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.
+    if depmode=$depmode \
+       source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_CC_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_CC_dependencies_compiler_type=none
+fi
+
+fi
+echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5
+echo "${ECHO_T}$am_cv_CC_dependencies_compiler_type" >&6
+CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
+
+
+
+if
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
+  am__fastdepCC_TRUE=
+  am__fastdepCC_FALSE='#'
+else
+  am__fastdepCC_TRUE='#'
+  am__fastdepCC_FALSE=
+fi
+
+
+if test "x$CC" != xcc; then
+  echo "$as_me:$LINENO: checking whether $CC and cc understand -c and -o together" >&5
+echo $ECHO_N "checking whether $CC and cc understand -c and -o together... $ECHO_C" >&6
+else
+  echo "$as_me:$LINENO: checking whether cc understands -c and -o together" >&5
+echo $ECHO_N "checking whether cc understands -c and -o together... $ECHO_C" >&6
+fi
+set dummy $CC; ac_cc=`echo $2 |
+		      sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
+if eval "test \"\${ac_cv_prog_cc_${ac_cc}_c_o+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+# Make sure it works both with $CC and with simple cc.
+# We do the test twice because some compilers refuse to overwrite an
+# existing .o file with -o, though they will create one.
+ac_try='$CC -c conftest.$ac_ext -o conftest.$ac_objext >&5'
+if { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+   test -f conftest.$ac_objext && { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); };
+then
+  eval ac_cv_prog_cc_${ac_cc}_c_o=yes
+  if test "x$CC" != xcc; then
+    # Test first that cc exists at all.
+    if { ac_try='cc -c conftest.$ac_ext >&5'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+      ac_try='cc -c conftest.$ac_ext -o conftest.$ac_objext >&5'
+      if { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 test -f conftest.$ac_objext && { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); };
+      then
+	# cc works too.
+	:
+      else
+	# cc exists but doesn't like -o.
+	eval ac_cv_prog_cc_${ac_cc}_c_o=no
+      fi
+    fi
+  fi
+else
+  eval ac_cv_prog_cc_${ac_cc}_c_o=no
+fi
+rm -f conftest*
+
+fi
+if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" = yes"; then
+  echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+
+cat >>confdefs.h <<\_ACEOF
+#define NO_MINUS_C_MINUS_O 1
+_ACEOF
+
+fi
+
+# FIXME: we rely on the cache variable name because
+# there is no other way.
+set dummy $CC
+ac_cc=`echo $2 | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
+if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" != yes"; then
+   # Losing compiler, so override with the script.
+   # FIXME: It is wrong to rewrite CC.
+   # But if we don't then we get into trouble of one sort or another.
+   # A longer-term fix would be to have automake use am__CC in this case,
+   # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
+   CC="$am_aux_dir/compile $CC"
+fi
+
+# disable static libs by default - we only use a couple
+# Check whether --enable-static or --disable-static was given.
+if test "${enable_static+set}" = set; then
+  enableval="$enable_static"
+  p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_static=yes ;;
+    no) enable_static=no ;;
+    *)
+     enable_static=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+      for pkg in $enableval; do
+	IFS="$lt_save_ifs"
+	if test "X$pkg" = "X$p"; then
+	  enable_static=yes
+	fi
+      done
+      IFS="$lt_save_ifs"
+      ;;
+    esac
+else
+  enable_static=no
+fi;
+
+
+# Check whether --enable-shared or --disable-shared was given.
+if test "${enable_shared+set}" = set; then
+  enableval="$enable_shared"
+  p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_shared=yes ;;
+    no) enable_shared=no ;;
+    *)
+      enable_shared=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+      for pkg in $enableval; do
+	IFS="$lt_save_ifs"
+	if test "X$pkg" = "X$p"; then
+	  enable_shared=yes
+	fi
+      done
+      IFS="$lt_save_ifs"
+      ;;
+    esac
+else
+  enable_shared=yes
+fi;
+
+# Check whether --enable-fast-install or --disable-fast-install was given.
+if test "${enable_fast_install+set}" = set; then
+  enableval="$enable_fast_install"
+  p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_fast_install=yes ;;
+    no) enable_fast_install=no ;;
+    *)
+      enable_fast_install=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+      for pkg in $enableval; do
+	IFS="$lt_save_ifs"
+	if test "X$pkg" = "X$p"; then
+	  enable_fast_install=yes
+	fi
+      done
+      IFS="$lt_save_ifs"
+      ;;
+    esac
+else
+  enable_fast_install=yes
+fi;
+
+echo "$as_me:$LINENO: checking for a sed that does not truncate output" >&5
+echo $ECHO_N "checking for a sed that does not truncate output... $ECHO_C" >&6
+if test "${lt_cv_path_SED+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  # Loop through the user's path and test for sed and gsed.
+# Then use that list of sed's as ones to test for truncation.
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for lt_ac_prog in sed gsed; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
+        lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
+      fi
+    done
+  done
+done
+lt_ac_max=0
+lt_ac_count=0
+# Add /usr/xpg4/bin/sed as it is typically found on Solaris
+# along with /bin/sed that truncates output.
+for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
+  test ! -f $lt_ac_sed && continue
+  cat /dev/null > conftest.in
+  lt_ac_count=0
+  echo $ECHO_N "0123456789$ECHO_C" >conftest.in
+  # Check for GNU sed and select it if it is found.
+  if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
+    lt_cv_path_SED=$lt_ac_sed
+    break
+  fi
+  while true; do
+    cat conftest.in conftest.in >conftest.tmp
+    mv conftest.tmp conftest.in
+    cp conftest.in conftest.nl
+    echo >>conftest.nl
+    $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
+    cmp -s conftest.out conftest.nl || break
+    # 10000 chars as input seems more than enough
+    test $lt_ac_count -gt 10 && break
+    lt_ac_count=`expr $lt_ac_count + 1`
+    if test $lt_ac_count -gt $lt_ac_max; then
+      lt_ac_max=$lt_ac_count
+      lt_cv_path_SED=$lt_ac_sed
+    fi
+  done
+done
+
+fi
+
+SED=$lt_cv_path_SED
+echo "$as_me:$LINENO: result: $SED" >&5
+echo "${ECHO_T}$SED" >&6
+
+echo "$as_me:$LINENO: checking for egrep" >&5
+echo $ECHO_N "checking for egrep... $ECHO_C" >&6
+if test "${ac_cv_prog_egrep+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if echo a | (grep -E '(a|b)') >/dev/null 2>&1
+    then ac_cv_prog_egrep='grep -E'
+    else ac_cv_prog_egrep='egrep'
+    fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_prog_egrep" >&5
+echo "${ECHO_T}$ac_cv_prog_egrep" >&6
+ EGREP=$ac_cv_prog_egrep
+
+
+
+# Check whether --with-gnu-ld or --without-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then
+  withval="$with_gnu_ld"
+  test "$withval" = no || with_gnu_ld=yes
+else
+  with_gnu_ld=no
+fi;
+ac_prog=ld
+if test "$GCC" = yes; then
+  # Check if gcc -print-prog-name=ld gives a path.
+  echo "$as_me:$LINENO: checking for ld used by $CC" >&5
+echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6
+  case $host in
+  *-*-mingw*)
+    # gcc leaves a trailing carriage return which upsets mingw
+    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+  *)
+    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+  esac
+  case $ac_prog in
+    # Accept absolute paths.
+    [\\/]* | ?:[\\/]*)
+      re_direlt='/[^/][^/]*/\.\./'
+      # Canonicalize the pathname of ld
+      ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'`
+      while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
+	ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"`
+      done
+      test -z "$LD" && LD="$ac_prog"
+      ;;
+  "")
+    # If it fails, then pretend we aren't using GCC.
+    ac_prog=ld
+    ;;
+  *)
+    # If it is relative, then search for the first ld in PATH.
+    with_gnu_ld=unknown
+    ;;
+  esac
+elif test "$with_gnu_ld" = yes; then
+  echo "$as_me:$LINENO: checking for GNU ld" >&5
+echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6
+else
+  echo "$as_me:$LINENO: checking for non-GNU ld" >&5
+echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6
+fi
+if test "${lt_cv_path_LD+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -z "$LD"; then
+  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+  for ac_dir in $PATH; do
+    IFS="$lt_save_ifs"
+    test -z "$ac_dir" && ac_dir=.
+    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+      lt_cv_path_LD="$ac_dir/$ac_prog"
+      # Check to see if the program is GNU ld.  I'd rather use --version,
+      # but apparently some variants of GNU ld only accept -v.
+      # Break only if it was the GNU/non-GNU ld that we prefer.
+      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+      *GNU* | *'with BFD'*)
+	test "$with_gnu_ld" != no && break
+	;;
+      *)
+	test "$with_gnu_ld" != yes && break
+	;;
+      esac
+    fi
+  done
+  IFS="$lt_save_ifs"
+else
+  lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi
+fi
+
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+  echo "$as_me:$LINENO: result: $LD" >&5
+echo "${ECHO_T}$LD" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+test -z "$LD" && { { echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5
+echo "$as_me: error: no acceptable ld found in \$PATH" >&2;}
+   { (exit 1); exit 1; }; }
+echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5
+echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6
+if test "${lt_cv_prog_gnu_ld+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  # I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+  lt_cv_prog_gnu_ld=yes
+  ;;
+*)
+  lt_cv_prog_gnu_ld=no
+  ;;
+esac
+fi
+echo "$as_me:$LINENO: result: $lt_cv_prog_gnu_ld" >&5
+echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+
+echo "$as_me:$LINENO: checking for $LD option to reload object files" >&5
+echo $ECHO_N "checking for $LD option to reload object files... $ECHO_C" >&6
+if test "${lt_cv_ld_reload_flag+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  lt_cv_ld_reload_flag='-r'
+fi
+echo "$as_me:$LINENO: result: $lt_cv_ld_reload_flag" >&5
+echo "${ECHO_T}$lt_cv_ld_reload_flag" >&6
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+  darwin*)
+    if test "$GCC" = yes; then
+      reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
+    else
+      reload_cmds='$LD$reload_flag -o $output$reload_objs'
+    fi
+    ;;
+esac
+
+echo "$as_me:$LINENO: checking for BSD-compatible nm" >&5
+echo $ECHO_N "checking for BSD-compatible nm... $ECHO_C" >&6
+if test "${lt_cv_path_NM+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$NM"; then
+  # Let the user override the test.
+  lt_cv_path_NM="$NM"
+else
+  lt_nm_to_check="${ac_tool_prefix}nm"
+  if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
+    lt_nm_to_check="$lt_nm_to_check nm"
+  fi
+  for lt_tmp_nm in $lt_nm_to_check; do
+    lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+    for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
+      IFS="$lt_save_ifs"
+      test -z "$ac_dir" && ac_dir=.
+      tmp_nm="$ac_dir/$lt_tmp_nm"
+      if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+	# Check to see if the nm accepts a BSD-compat flag.
+	# Adding the `sed 1q' prevents false positives on HP-UX, which says:
+	#   nm: unknown option "B" ignored
+	# Tru64's nm complains that /dev/null is an invalid object file
+	case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
+	*/dev/null* | *'Invalid file or object type'*)
+	  lt_cv_path_NM="$tmp_nm -B"
+	  break
+	  ;;
+	*)
+	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+	  */dev/null*)
+	    lt_cv_path_NM="$tmp_nm -p"
+	    break
+	    ;;
+	  *)
+	    lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+	    continue # so that we can try to find one that supports BSD flags
+	    ;;
+	  esac
+	  ;;
+	esac
+      fi
+    done
+    IFS="$lt_save_ifs"
+  done
+  test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm
+fi
+fi
+echo "$as_me:$LINENO: result: $lt_cv_path_NM" >&5
+echo "${ECHO_T}$lt_cv_path_NM" >&6
+NM="$lt_cv_path_NM"
+
+echo "$as_me:$LINENO: checking whether ln -s works" >&5
+echo $ECHO_N "checking whether ln -s works... $ECHO_C" >&6
+LN_S=$as_ln_s
+if test "$LN_S" = "ln -s"; then
+  echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+else
+  echo "$as_me:$LINENO: result: no, using $LN_S" >&5
+echo "${ECHO_T}no, using $LN_S" >&6
+fi
+
+echo "$as_me:$LINENO: checking how to recognise dependent libraries" >&5
+echo $ECHO_N "checking how to recognise dependent libraries... $ECHO_C" >&6
+if test "${lt_cv_deplibs_check_method+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# `unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# which responds to the $file_magic_cmd with a given extended regex.
+# If you have `file' or equivalent on your system and you're not sure
+# whether `pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix4* | aix5*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+beos*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+bsdi[45]*)
+  lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
+  lt_cv_file_magic_cmd='/usr/bin/file -L'
+  lt_cv_file_magic_test_file=/shlib/libc.so
+  ;;
+
+cygwin*)
+  # func_win32_libid is a shell function defined in ltmain.sh
+  lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+  lt_cv_file_magic_cmd='func_win32_libid'
+  ;;
+
+mingw* | pw32*)
+  # Base MSYS/MinGW do not provide the 'file' command needed by
+  # func_win32_libid shell function, so use a weaker test based on 'objdump'.
+  lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+  lt_cv_file_magic_cmd='$OBJDUMP -f'
+  ;;
+
+darwin* | rhapsody*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+freebsd* | kfreebsd*-gnu | dragonfly*)
+  if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
+    case $host_cpu in
+    i*86 )
+      # Not sure whether the presence of OpenBSD here was a mistake.
+      # Let's accept both of them until this is cleared up.
+      lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
+      lt_cv_file_magic_cmd=/usr/bin/file
+      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+      ;;
+    esac
+  else
+    lt_cv_deplibs_check_method=pass_all
+  fi
+  ;;
+
+gnu*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+hpux10.20* | hpux11*)
+  lt_cv_file_magic_cmd=/usr/bin/file
+  case $host_cpu in
+  ia64*)
+    lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
+    lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+    ;;
+  hppa*64*)
+    lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'
+    lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+    ;;
+  *)
+    lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library'
+    lt_cv_file_magic_test_file=/usr/lib/libc.sl
+    ;;
+  esac
+  ;;
+
+interix3*)
+  # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
+  lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$'
+  ;;
+
+irix5* | irix6* | nonstopux*)
+  case $LD in
+  *-32|*"-32 ") libmagic=32-bit;;
+  *-n32|*"-n32 ") libmagic=N32;;
+  *-64|*"-64 ") libmagic=64-bit;;
+  *) libmagic=never-match;;
+  esac
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+# This must be Linux ELF.
+linux*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+netbsd*)
+  if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then
+    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+  else
+    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$'
+  fi
+  ;;
+
+newos6*)
+  lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
+  lt_cv_file_magic_cmd=/usr/bin/file
+  lt_cv_file_magic_test_file=/usr/lib/libnls.so
+  ;;
+
+nto-qnx*)
+  lt_cv_deplibs_check_method=unknown
+  ;;
+
+openbsd*)
+  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
+  else
+    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+  fi
+  ;;
+
+osf3* | osf4* | osf5*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+solaris*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+sysv4 | sysv4.3*)
+  case $host_vendor in
+  motorola)
+    lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
+    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+    ;;
+  ncr)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  sequent)
+    lt_cv_file_magic_cmd='/bin/file'
+    lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
+    ;;
+  sni)
+    lt_cv_file_magic_cmd='/bin/file'
+    lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
+    lt_cv_file_magic_test_file=/lib/libc.so
+    ;;
+  siemens)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  pc)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  esac
+  ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+esac
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_deplibs_check_method" >&5
+echo "${ECHO_T}$lt_cv_deplibs_check_method" >&6
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# Check whether --enable-libtool-lock or --disable-libtool-lock was given.
+if test "${enable_libtool_lock+set}" = set; then
+  enableval="$enable_libtool_lock"
+
+fi;
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+  # Find out which ABI we are using.
+  echo 'int i;' > conftest.$ac_ext
+  if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+    case `/usr/bin/file conftest.$ac_objext` in
+    *ELF-32*)
+      HPUX_IA64_MODE="32"
+      ;;
+    *ELF-64*)
+      HPUX_IA64_MODE="64"
+      ;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+*-*-irix6*)
+  # Find out which ABI we are using.
+  echo '#line 4298 "configure"' > conftest.$ac_ext
+  if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+   if test "$lt_cv_prog_gnu_ld" = yes; then
+    case `/usr/bin/file conftest.$ac_objext` in
+    *32-bit*)
+      LD="${LD-ld} -melf32bsmip"
+      ;;
+    *N32*)
+      LD="${LD-ld} -melf32bmipn32"
+      ;;
+    *64-bit*)
+      LD="${LD-ld} -melf64bmip"
+      ;;
+    esac
+   else
+    case `/usr/bin/file conftest.$ac_objext` in
+    *32-bit*)
+      LD="${LD-ld} -32"
+      ;;
+    *N32*)
+      LD="${LD-ld} -n32"
+      ;;
+    *64-bit*)
+      LD="${LD-ld} -64"
+      ;;
+    esac
+   fi
+  fi
+  rm -rf conftest*
+  ;;
+
+x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*|s390*-*linux*|sparc*-*linux*)
+  # Find out which ABI we are using.
+  echo 'int i;' > conftest.$ac_ext
+  if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+    case `/usr/bin/file conftest.o` in
+    *32-bit*)
+      case $host in
+        x86_64-*linux*)
+          LD="${LD-ld} -m elf_i386"
+          ;;
+        ppc64-*linux*|powerpc64-*linux*)
+          LD="${LD-ld} -m elf32ppclinux"
+          ;;
+        s390x-*linux*)
+          LD="${LD-ld} -m elf_s390"
+          ;;
+        sparc64-*linux*)
+          LD="${LD-ld} -m elf32_sparc"
+          ;;
+      esac
+      ;;
+    *64-bit*)
+      case $host in
+        x86_64-*linux*)
+          LD="${LD-ld} -m elf_x86_64"
+          ;;
+        ppc*-*linux*|powerpc*-*linux*)
+          LD="${LD-ld} -m elf64ppc"
+          ;;
+        s390*-*linux*)
+          LD="${LD-ld} -m elf64_s390"
+          ;;
+        sparc*-*linux*)
+          LD="${LD-ld} -m elf64_sparc"
+          ;;
+      esac
+      ;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+
+*-*-sco3.2v5*)
+  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+  SAVE_CFLAGS="$CFLAGS"
+  CFLAGS="$CFLAGS -belf"
+  echo "$as_me:$LINENO: checking whether the C compiler needs -belf" >&5
+echo $ECHO_N "checking whether the C compiler needs -belf... $ECHO_C" >&6
+if test "${lt_cv_cc_needs_belf+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+     cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  lt_cv_cc_needs_belf=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+lt_cv_cc_needs_belf=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+     ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_cc_needs_belf" >&5
+echo "${ECHO_T}$lt_cv_cc_needs_belf" >&6
+  if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+    CFLAGS="$SAVE_CFLAGS"
+  fi
+  ;;
+sparc*-*solaris*)
+  # Find out which ABI we are using.
+  echo 'int i;' > conftest.$ac_ext
+  if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+    case `/usr/bin/file conftest.o` in
+    *64-bit*)
+      case $lt_cv_prog_gnu_ld in
+      yes*) LD="${LD-ld} -m elf64_sparc" ;;
+      *)    LD="${LD-ld} -64" ;;
+      esac
+      ;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+
+
+esac
+
+need_locks="$enable_libtool_lock"
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5
+echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+  CPP=
+fi
+if test -z "$CPP"; then
+  if test "${ac_cv_prog_CPP+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+      # Double quotes because CPP needs to be expanded
+    for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+    do
+      ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  :
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether non-existent headers
+  # can be detected and how.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  # Broken: success on invalid input.
+continue
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
+  break
+fi
+
+    done
+    ac_cv_prog_CPP=$CPP
+
+fi
+  CPP=$ac_cv_prog_CPP
+else
+  ac_cv_prog_CPP=$CPP
+fi
+echo "$as_me:$LINENO: result: $CPP" >&5
+echo "${ECHO_T}$CPP" >&6
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  :
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether non-existent headers
+  # can be detected and how.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  # Broken: success on invalid input.
+continue
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
+  :
+else
+  { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details." >&5
+echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+echo "$as_me:$LINENO: checking for ANSI C header files" >&5
+echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
+if test "${ac_cv_header_stdc+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_header_stdc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_header_stdc=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "memchr" >/dev/null 2>&1; then
+  :
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "free" >/dev/null 2>&1; then
+  :
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+  if test "$cross_compiling" = yes; then
+  :
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <ctype.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+		   (('a' <= (c) && (c) <= 'i') \
+		     || ('j' <= (c) && (c) <= 'r') \
+		     || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+  int i;
+  for (i = 0; i < 256; i++)
+    if (XOR (islower (i), ISLOWER (i))
+	|| toupper (i) != TOUPPER (i))
+      exit(2);
+  exit (0);
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  :
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_header_stdc=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
+echo "${ECHO_T}$ac_cv_header_stdc" >&6
+if test $ac_cv_header_stdc = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define STDC_HEADERS 1
+_ACEOF
+
+fi
+
+# On IRIX 5.3, sys/types and inttypes.h are conflicting.
+
+
+
+
+
+
+
+
+
+for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+		  inttypes.h stdint.h unistd.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_Header=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_Header=no"
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_header in dlfcn.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+  # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_header_compiler=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  ac_header_preproc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So?  What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+  yes:no: )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+    ac_header_preproc=yes
+    ;;
+  no:yes:* )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+    (
+      cat <<\_ASBOX
+## ------------------------------------------ ##
+## Report this to http://bugzilla.redhat.com/ ##
+## ------------------------------------------ ##
+_ASBOX
+    ) |
+      sed "s/^/$as_me: WARNING:     /" >&2
+    ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+    ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+    (test "X$CXX" != "Xg++"))) ; then
+  ac_ext=cc
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+echo "$as_me:$LINENO: checking how to run the C++ preprocessor" >&5
+echo $ECHO_N "checking how to run the C++ preprocessor... $ECHO_C" >&6
+if test -z "$CXXCPP"; then
+  if test "${ac_cv_prog_CXXCPP+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+      # Double quotes because CXXCPP needs to be expanded
+    for CXXCPP in "$CXX -E" "/lib/cpp"
+    do
+      ac_preproc_ok=false
+for ac_cxx_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_cxx_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_cxx_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  :
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether non-existent headers
+  # can be detected and how.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_cxx_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_cxx_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  # Broken: success on invalid input.
+continue
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
+  break
+fi
+
+    done
+    ac_cv_prog_CXXCPP=$CXXCPP
+
+fi
+  CXXCPP=$ac_cv_prog_CXXCPP
+else
+  ac_cv_prog_CXXCPP=$CXXCPP
+fi
+echo "$as_me:$LINENO: result: $CXXCPP" >&5
+echo "${ECHO_T}$CXXCPP" >&6
+ac_preproc_ok=false
+for ac_cxx_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_cxx_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_cxx_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  :
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether non-existent headers
+  # can be detected and how.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_cxx_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_cxx_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  # Broken: success on invalid input.
+continue
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
+  :
+else
+  { { echo "$as_me:$LINENO: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+See \`config.log' for more details." >&5
+echo "$as_me: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+ac_ext=cc
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+fi
+
+
+ac_ext=f
+ac_compile='$F77 -c $FFLAGS conftest.$ac_ext >&5'
+ac_link='$F77 -o conftest$ac_exeext $FFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_f77_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+  for ac_prog in g77 f77 xlf frt pgf77 fort77 fl32 af77 f90 xlf90 pgf90 epcf90 f95 fort xlf95 ifc efc pgf95 lf95 gfortran
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_F77+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$F77"; then
+  ac_cv_prog_F77="$F77" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_F77="$ac_tool_prefix$ac_prog"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+F77=$ac_cv_prog_F77
+if test -n "$F77"; then
+  echo "$as_me:$LINENO: result: $F77" >&5
+echo "${ECHO_T}$F77" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+    test -n "$F77" && break
+  done
+fi
+if test -z "$F77"; then
+  ac_ct_F77=$F77
+  for ac_prog in g77 f77 xlf frt pgf77 fort77 fl32 af77 f90 xlf90 pgf90 epcf90 f95 fort xlf95 ifc efc pgf95 lf95 gfortran
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_F77+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$ac_ct_F77"; then
+  ac_cv_prog_ac_ct_F77="$ac_ct_F77" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_F77="$ac_prog"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+ac_ct_F77=$ac_cv_prog_ac_ct_F77
+if test -n "$ac_ct_F77"; then
+  echo "$as_me:$LINENO: result: $ac_ct_F77" >&5
+echo "${ECHO_T}$ac_ct_F77" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+  test -n "$ac_ct_F77" && break
+done
+
+  F77=$ac_ct_F77
+fi
+
+
+# Provide some information about the compiler.
+echo "$as_me:5433:" \
+     "checking for Fortran 77 compiler version" >&5
+ac_compiler=`set X $ac_compile; echo $2`
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
+  (eval $ac_compiler --version </dev/null >&5) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v </dev/null >&5\"") >&5
+  (eval $ac_compiler -v </dev/null >&5) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V </dev/null >&5\"") >&5
+  (eval $ac_compiler -V </dev/null >&5) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+rm -f a.out
+
+# If we don't use `.F' as extension, the preprocessor is not run on the
+# input file.  (Note that this only needs to work for GNU compilers.)
+ac_save_ext=$ac_ext
+ac_ext=F
+echo "$as_me:$LINENO: checking whether we are using the GNU Fortran 77 compiler" >&5
+echo $ECHO_N "checking whether we are using the GNU Fortran 77 compiler... $ECHO_C" >&6
+if test "${ac_cv_f77_compiler_gnu+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+      program main
+#ifndef __GNUC__
+       choke me
+#endif
+
+      end
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_f77_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_compiler_gnu=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_compiler_gnu=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_f77_compiler_gnu=$ac_compiler_gnu
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_f77_compiler_gnu" >&5
+echo "${ECHO_T}$ac_cv_f77_compiler_gnu" >&6
+ac_ext=$ac_save_ext
+ac_test_FFLAGS=${FFLAGS+set}
+ac_save_FFLAGS=$FFLAGS
+FFLAGS=
+echo "$as_me:$LINENO: checking whether $F77 accepts -g" >&5
+echo $ECHO_N "checking whether $F77 accepts -g... $ECHO_C" >&6
+if test "${ac_cv_prog_f77_g+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  FFLAGS=-g
+cat >conftest.$ac_ext <<_ACEOF
+      program main
+
+      end
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_f77_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_prog_f77_g=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_prog_f77_g=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_prog_f77_g" >&5
+echo "${ECHO_T}$ac_cv_prog_f77_g" >&6
+if test "$ac_test_FFLAGS" = set; then
+  FFLAGS=$ac_save_FFLAGS
+elif test $ac_cv_prog_f77_g = yes; then
+  if test "x$ac_cv_f77_compiler_gnu" = xyes; then
+    FFLAGS="-g -O2"
+  else
+    FFLAGS="-g"
+  fi
+else
+  if test "x$ac_cv_f77_compiler_gnu" = xyes; then
+    FFLAGS="-O2"
+  else
+    FFLAGS=
+  fi
+fi
+
+G77=`test $ac_compiler_gnu = yes && echo yes`
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+# Autoconf 2.13's AC_OBJEXT and AC_EXEEXT macros only works for C compilers!
+
+# find the maximum length of command line arguments
+echo "$as_me:$LINENO: checking the maximum length of command line arguments" >&5
+echo $ECHO_N "checking the maximum length of command line arguments... $ECHO_C" >&6
+if test "${lt_cv_sys_max_cmd_len+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+    i=0
+  teststring="ABCD"
+
+  case $build_os in
+  msdosdjgpp*)
+    # On DJGPP, this test can blow up pretty badly due to problems in libc
+    # (any single argument exceeding 2000 bytes causes a buffer overrun
+    # during glob expansion).  Even if it were fixed, the result of this
+    # check would be larger than it should be.
+    lt_cv_sys_max_cmd_len=12288;    # 12K is about right
+    ;;
+
+  gnu*)
+    # Under GNU Hurd, this test is not required because there is
+    # no limit to the length of command line arguments.
+    # Libtool will interpret -1 as no limit whatsoever
+    lt_cv_sys_max_cmd_len=-1;
+    ;;
+
+  cygwin* | mingw*)
+    # On Win9x/ME, this test blows up -- it succeeds, but takes
+    # about 5 minutes as the teststring grows exponentially.
+    # Worse, since 9x/ME are not pre-emptively multitasking,
+    # you end up with a "frozen" computer, even though with patience
+    # the test eventually succeeds (with a max line length of 256k).
+    # Instead, let's just punt: use the minimum linelength reported by
+    # all of the supported platforms: 8192 (on NT/2K/XP).
+    lt_cv_sys_max_cmd_len=8192;
+    ;;
+
+  amigaos*)
+    # On AmigaOS with pdksh, this test takes hours, literally.
+    # So we just punt and use a minimum line length of 8192.
+    lt_cv_sys_max_cmd_len=8192;
+    ;;
+
+  netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+    # This has been around since 386BSD, at least.  Likely further.
+    if test -x /sbin/sysctl; then
+      lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+    elif test -x /usr/sbin/sysctl; then
+      lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+    else
+      lt_cv_sys_max_cmd_len=65536	# usable default for all BSDs
+    fi
+    # And add a safety zone
+    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+    ;;
+
+  interix*)
+    # We know the value 262144 and hardcode it with a safety zone (like BSD)
+    lt_cv_sys_max_cmd_len=196608
+    ;;
+
+  osf*)
+    # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+    # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+    # nice to cause kernel panics so lets avoid the loop below.
+    # First set a reasonable default.
+    lt_cv_sys_max_cmd_len=16384
+    #
+    if test -x /sbin/sysconfig; then
+      case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+        *1*) lt_cv_sys_max_cmd_len=-1 ;;
+      esac
+    fi
+    ;;
+  sco3.2v5*)
+    lt_cv_sys_max_cmd_len=102400
+    ;;
+  sysv5* | sco5v6* | sysv4.2uw2*)
+    kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
+    if test -n "$kargmax"; then
+      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ 	]//'`
+    else
+      lt_cv_sys_max_cmd_len=32768
+    fi
+    ;;
+  *)
+    # If test is not a shell built-in, we'll probably end up computing a
+    # maximum length that is only half of the actual maximum length, but
+    # we can't tell.
+    SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+    while (test "X"`$SHELL $0 --fallback-echo "X$teststring" 2>/dev/null` \
+	       = "XX$teststring") >/dev/null 2>&1 &&
+	    new_result=`expr "X$teststring" : ".*" 2>&1` &&
+	    lt_cv_sys_max_cmd_len=$new_result &&
+	    test $i != 17 # 1/2 MB should be enough
+    do
+      i=`expr $i + 1`
+      teststring=$teststring$teststring
+    done
+    teststring=
+    # Add a significant safety factor because C++ compilers can tack on massive
+    # amounts of additional arguments before passing them to the linker.
+    # It appears as though 1/2 is a usable value.
+    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+    ;;
+  esac
+
+fi
+
+if test -n $lt_cv_sys_max_cmd_len ; then
+  echo "$as_me:$LINENO: result: $lt_cv_sys_max_cmd_len" >&5
+echo "${ECHO_T}$lt_cv_sys_max_cmd_len" >&6
+else
+  echo "$as_me:$LINENO: result: none" >&5
+echo "${ECHO_T}none" >&6
+fi
+
+
+
+
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+echo "$as_me:$LINENO: checking command to parse $NM output from $compiler object" >&5
+echo $ECHO_N "checking command to parse $NM output from $compiler object... $ECHO_C" >&6
+if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[BCDEGRST]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
+
+# Transform an extracted symbol line into a proper C declaration
+lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern int \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/  {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode \([^ ]*\) \([^ ]*\)$/  {\"\2\", (lt_ptr) \&\2},/p'"
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+  symcode='[BCDT]'
+  ;;
+cygwin* | mingw* | pw32*)
+  symcode='[ABCDGISTW]'
+  ;;
+hpux*) # Its linker distinguishes data from code symbols
+  if test "$host_cpu" = ia64; then
+    symcode='[ABCDEGRST]'
+  fi
+  lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+  lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/  {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/  {\"\2\", (lt_ptr) \&\2},/p'"
+  ;;
+linux*)
+  if test "$host_cpu" = ia64; then
+    symcode='[ABCDGIRSTW]'
+    lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+    lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/  {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/  {\"\2\", (lt_ptr) \&\2},/p'"
+  fi
+  ;;
+irix* | nonstopux*)
+  symcode='[BCDEGRST]'
+  ;;
+osf*)
+  symcode='[BCDEGQRST]'
+  ;;
+solaris*)
+  symcode='[BDRT]'
+  ;;
+sco3.2v5*)
+  symcode='[DT]'
+  ;;
+sysv4.2uw2*)
+  symcode='[DT]'
+  ;;
+sysv5* | sco5v6* | unixware* | OpenUNIX*)
+  symcode='[ABDT]'
+  ;;
+sysv4)
+  symcode='[DFNSTU]'
+  ;;
+esac
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+  opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+  ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+  symcode='[ABCDGIRSTW]' ;;
+esac
+
+# Try without a prefix undercore, then with it.
+for ac_symprfx in "" "_"; do
+
+  # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+  symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+  # Write the raw and C identifiers.
+  lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ 	]\($symcode$symcode*\)[ 	][ 	]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+
+  # Check to see that the pipe works correctly.
+  pipe_works=no
+
+  rm -f conftest*
+  cat > conftest.$ac_ext <<EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+EOF
+
+  if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+    # Now try to grab the symbols.
+    nlist=conftest.nm
+    if { (eval echo "$as_me:$LINENO: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\"") >&5
+  (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && test -s "$nlist"; then
+      # Try sorting and uniquifying the output.
+      if sort "$nlist" | uniq > "$nlist"T; then
+	mv -f "$nlist"T "$nlist"
+      else
+	rm -f "$nlist"T
+      fi
+
+      # Make sure that we snagged all the symbols we need.
+      if grep ' nm_test_var$' "$nlist" >/dev/null; then
+	if grep ' nm_test_func$' "$nlist" >/dev/null; then
+	  cat <<EOF > conftest.$ac_ext
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+EOF
+	  # Now generate the symbol file.
+	  eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | grep -v main >> conftest.$ac_ext'
+
+	  cat <<EOF >> conftest.$ac_ext
+#if defined (__STDC__) && __STDC__
+# define lt_ptr_t void *
+#else
+# define lt_ptr_t char *
+# define const
+#endif
+
+/* The mapping between symbol names and symbols. */
+const struct {
+  const char *name;
+  lt_ptr_t address;
+}
+lt_preloaded_symbols[] =
+{
+EOF
+	  $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/  {\"\2\", (lt_ptr_t) \&\2},/" < "$nlist" | grep -v main >> conftest.$ac_ext
+	  cat <<\EOF >> conftest.$ac_ext
+  {0, (lt_ptr_t) 0}
+};
+
+#ifdef __cplusplus
+}
+#endif
+EOF
+	  # Now try linking the two files.
+	  mv conftest.$ac_objext conftstm.$ac_objext
+	  lt_save_LIBS="$LIBS"
+	  lt_save_CFLAGS="$CFLAGS"
+	  LIBS="conftstm.$ac_objext"
+	  CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
+	  if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && test -s conftest${ac_exeext}; then
+	    pipe_works=yes
+	  fi
+	  LIBS="$lt_save_LIBS"
+	  CFLAGS="$lt_save_CFLAGS"
+	else
+	  echo "cannot find nm_test_func in $nlist" >&5
+	fi
+      else
+	echo "cannot find nm_test_var in $nlist" >&5
+      fi
+    else
+      echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
+    fi
+  else
+    echo "$progname: failed program was:" >&5
+    cat conftest.$ac_ext >&5
+  fi
+  rm -f conftest* conftst*
+
+  # Do not use the global_symbol_pipe unless it works.
+  if test "$pipe_works" = yes; then
+    break
+  else
+    lt_cv_sys_global_symbol_pipe=
+  fi
+done
+
+fi
+
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+  lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+  echo "$as_me:$LINENO: result: failed" >&5
+echo "${ECHO_T}failed" >&6
+else
+  echo "$as_me:$LINENO: result: ok" >&5
+echo "${ECHO_T}ok" >&6
+fi
+
+echo "$as_me:$LINENO: checking for objdir" >&5
+echo $ECHO_N "checking for objdir... $ECHO_C" >&6
+if test "${lt_cv_objdir+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+  lt_cv_objdir=.libs
+else
+  # MS-DOS does not allow filenames that begin with a dot.
+  lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null
+fi
+echo "$as_me:$LINENO: result: $lt_cv_objdir" >&5
+echo "${ECHO_T}$lt_cv_objdir" >&6
+objdir=$lt_cv_objdir
+
+
+
+
+
+case $host_os in
+aix3*)
+  # AIX sometimes has problems with the GCC collect2 program.  For some
+  # reason, if we set the COLLECT_NAMES environment variable, the problems
+  # vanish in a puff of smoke.
+  if test "X${COLLECT_NAMES+set}" != Xset; then
+    COLLECT_NAMES=
+    export COLLECT_NAMES
+  fi
+  ;;
+esac
+
+# Sed substitution that helps us do robust quoting.  It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed='sed -e 1s/^X//'
+sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g'
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+# Constants:
+rm="rm -f"
+
+# Global variables:
+default_ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+ltmain="$ac_aux_dir/ltmain.sh"
+ofile="$default_ofile"
+with_gnu_ld="$lt_cv_prog_gnu_ld"
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ar; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_AR+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$AR"; then
+  ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_AR="${ac_tool_prefix}ar"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+  echo "$as_me:$LINENO: result: $AR" >&5
+echo "${ECHO_T}$AR" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_AR"; then
+  ac_ct_AR=$AR
+  # Extract the first word of "ar", so it can be a program name with args.
+set dummy ar; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_AR+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$ac_ct_AR"; then
+  ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_AR="ar"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+  test -z "$ac_cv_prog_ac_ct_AR" && ac_cv_prog_ac_ct_AR="false"
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+  echo "$as_me:$LINENO: result: $ac_ct_AR" >&5
+echo "${ECHO_T}$ac_ct_AR" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+  AR=$ac_ct_AR
+else
+  AR="$ac_cv_prog_AR"
+fi
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_RANLIB+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$RANLIB"; then
+  ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+  echo "$as_me:$LINENO: result: $RANLIB" >&5
+echo "${ECHO_T}$RANLIB" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+  ac_ct_RANLIB=$RANLIB
+  # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$ac_ct_RANLIB"; then
+  ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_RANLIB="ranlib"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+  test -z "$ac_cv_prog_ac_ct_RANLIB" && ac_cv_prog_ac_ct_RANLIB=":"
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+  echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5
+echo "${ECHO_T}$ac_ct_RANLIB" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+  RANLIB=$ac_ct_RANLIB
+else
+  RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_STRIP+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$STRIP"; then
+  ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+  echo "$as_me:$LINENO: result: $STRIP" >&5
+echo "${ECHO_T}$STRIP" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+  ac_ct_STRIP=$STRIP
+  # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$ac_ct_STRIP"; then
+  ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_STRIP="strip"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+  test -z "$ac_cv_prog_ac_ct_STRIP" && ac_cv_prog_ac_ct_STRIP=":"
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+  echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
+echo "${ECHO_T}$ac_ct_STRIP" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+  STRIP=$ac_ct_STRIP
+else
+  STRIP="$ac_cv_prog_STRIP"
+fi
+
+
+old_CC="$CC"
+old_CFLAGS="$CFLAGS"
+
+# Set sane defaults for various variables
+test -z "$AR" && AR=ar
+test -z "$AR_FLAGS" && AR_FLAGS=cru
+test -z "$AS" && AS=as
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
+test -z "$DLLTOOL" && DLLTOOL=dlltool
+test -z "$LD" && LD=ld
+test -z "$LN_S" && LN_S="ln -s"
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+test -z "$NM" && NM=nm
+test -z "$SED" && SED=sed
+test -z "$OBJDUMP" && OBJDUMP=objdump
+test -z "$RANLIB" && RANLIB=:
+test -z "$STRIP" && STRIP=:
+test -z "$ac_objext" && ac_objext=o
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+  case $host_os in
+  openbsd*)
+    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+    ;;
+  *)
+    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+    ;;
+  esac
+  old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+fi
+
+for cc_temp in $compiler""; do
+  case $cc_temp in
+    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+    \-*) ;;
+    *) break;;
+  esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+# Only perform the check for file, if the check method requires it
+case $deplibs_check_method in
+file_magic*)
+  if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+    echo "$as_me:$LINENO: checking for ${ac_tool_prefix}file" >&5
+echo $ECHO_N "checking for ${ac_tool_prefix}file... $ECHO_C" >&6
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  case $MAGIC_CMD in
+[\\/*] |  ?:[\\/]*)
+  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+  ;;
+*)
+  lt_save_MAGIC_CMD="$MAGIC_CMD"
+  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+  ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+  for ac_dir in $ac_dummy; do
+    IFS="$lt_save_ifs"
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/${ac_tool_prefix}file; then
+      lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file"
+      if test -n "$file_magic_test_file"; then
+	case $deplibs_check_method in
+	"file_magic "*)
+	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+	  MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+	    $EGREP "$file_magic_regex" > /dev/null; then
+	    :
+	  else
+	    cat <<EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such.  This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem.  Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+EOF
+	  fi ;;
+	esac
+      fi
+      break
+    fi
+  done
+  IFS="$lt_save_ifs"
+  MAGIC_CMD="$lt_save_MAGIC_CMD"
+  ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+  echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5
+echo "${ECHO_T}$MAGIC_CMD" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+  if test -n "$ac_tool_prefix"; then
+    echo "$as_me:$LINENO: checking for file" >&5
+echo $ECHO_N "checking for file... $ECHO_C" >&6
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  case $MAGIC_CMD in
+[\\/*] |  ?:[\\/]*)
+  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+  ;;
+*)
+  lt_save_MAGIC_CMD="$MAGIC_CMD"
+  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+  ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+  for ac_dir in $ac_dummy; do
+    IFS="$lt_save_ifs"
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/file; then
+      lt_cv_path_MAGIC_CMD="$ac_dir/file"
+      if test -n "$file_magic_test_file"; then
+	case $deplibs_check_method in
+	"file_magic "*)
+	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+	  MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+	    $EGREP "$file_magic_regex" > /dev/null; then
+	    :
+	  else
+	    cat <<EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such.  This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem.  Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+EOF
+	  fi ;;
+	esac
+      fi
+      break
+    fi
+  done
+  IFS="$lt_save_ifs"
+  MAGIC_CMD="$lt_save_MAGIC_CMD"
+  ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+  echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5
+echo "${ECHO_T}$MAGIC_CMD" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+  else
+    MAGIC_CMD=:
+  fi
+fi
+
+  fi
+  ;;
+esac
+
+enable_dlopen=no
+enable_win32_dll=no
+
+# Check whether --enable-libtool-lock or --disable-libtool-lock was given.
+if test "${enable_libtool_lock+set}" = set; then
+  enableval="$enable_libtool_lock"
+
+fi;
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+
+# Check whether --with-pic or --without-pic was given.
+if test "${with_pic+set}" = set; then
+  withval="$with_pic"
+  pic_mode="$withval"
+else
+  pic_mode=default
+fi;
+test -z "$pic_mode" && pic_mode=default
+
+# Use C for the default configuration in the libtool script
+tagname=
+lt_save_CC="$CC"
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+objext=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}\n'
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+
+
+
+lt_prog_compiler_no_builtin_flag=
+
+if test "$GCC" = yes; then
+  lt_prog_compiler_no_builtin_flag=' -fno-builtin'
+
+
+echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6
+if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  lt_cv_prog_compiler_rtti_exceptions=no
+  ac_outfile=conftest.$ac_objext
+   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+   lt_compiler_flag="-fno-rtti -fno-exceptions"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   # The option is referenced via a variable to avoid confusing sed.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:6496: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>conftest.err)
+   ac_status=$?
+   cat conftest.err >&5
+   echo "$as_me:6500: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s "$ac_outfile"; then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings other than the usual output.
+     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_rtti_exceptions=yes
+     fi
+   fi
+   $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_rtti_exceptions" >&6
+
+if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then
+    lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
+else
+    :
+fi
+
+fi
+
+lt_prog_compiler_wl=
+lt_prog_compiler_pic=
+lt_prog_compiler_static=
+
+echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
+echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6
+
+  if test "$GCC" = yes; then
+    lt_prog_compiler_wl='-Wl,'
+    lt_prog_compiler_static='-static'
+
+    case $host_os in
+      aix*)
+      # All AIX code is PIC.
+      if test "$host_cpu" = ia64; then
+	# AIX 5 now supports IA64 processor
+	lt_prog_compiler_static='-Bstatic'
+      fi
+      ;;
+
+    amigaos*)
+      # FIXME: we need at least 68020 code to build shared libraries, but
+      # adding the `-m68020' flag to GCC prevents building anything better,
+      # like `-m68040'.
+      lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
+      ;;
+
+    beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+      # PIC is the default for these OSes.
+      ;;
+
+    mingw* | pw32* | os2*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      lt_prog_compiler_pic='-DDLL_EXPORT'
+      ;;
+
+    darwin* | rhapsody*)
+      # PIC is the default on this platform
+      # Common symbols not allowed in MH_DYLIB files
+      lt_prog_compiler_pic='-fno-common'
+      ;;
+
+    interix3*)
+      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+      # Instead, we relocate shared libraries at runtime.
+      ;;
+
+    msdosdjgpp*)
+      # Just because we use GCC doesn't mean we suddenly get shared libraries
+      # on systems that don't support them.
+      lt_prog_compiler_can_build_shared=no
+      enable_shared=no
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	lt_prog_compiler_pic=-Kconform_pic
+      fi
+      ;;
+
+    hpux*)
+      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+      # not for PA HP-UX.
+      case $host_cpu in
+      hppa*64*|ia64*)
+	# +Z the default
+	;;
+      *)
+	lt_prog_compiler_pic='-fPIC'
+	;;
+      esac
+      ;;
+
+    *)
+      lt_prog_compiler_pic='-fPIC'
+      ;;
+    esac
+  else
+    # PORTME Check for flag to pass linker flags through the system compiler.
+    case $host_os in
+    aix*)
+      lt_prog_compiler_wl='-Wl,'
+      if test "$host_cpu" = ia64; then
+	# AIX 5 now supports IA64 processor
+	lt_prog_compiler_static='-Bstatic'
+      else
+	lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
+      fi
+      ;;
+      darwin*)
+        # PIC is the default on this platform
+        # Common symbols not allowed in MH_DYLIB files
+       case $cc_basename in
+         xlc*)
+         lt_prog_compiler_pic='-qnocommon'
+         lt_prog_compiler_wl='-Wl,'
+         ;;
+       esac
+       ;;
+
+    mingw* | pw32* | os2*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      lt_prog_compiler_pic='-DDLL_EXPORT'
+      ;;
+
+    hpux9* | hpux10* | hpux11*)
+      lt_prog_compiler_wl='-Wl,'
+      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+      # not for PA HP-UX.
+      case $host_cpu in
+      hppa*64*|ia64*)
+	# +Z the default
+	;;
+      *)
+	lt_prog_compiler_pic='+Z'
+	;;
+      esac
+      # Is there a better lt_prog_compiler_static that works with the bundled CC?
+      lt_prog_compiler_static='${wl}-a ${wl}archive'
+      ;;
+
+    irix5* | irix6* | nonstopux*)
+      lt_prog_compiler_wl='-Wl,'
+      # PIC (with -KPIC) is the default.
+      lt_prog_compiler_static='-non_shared'
+      ;;
+
+    newsos6)
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    linux*)
+      case $cc_basename in
+      icc* | ecc*)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-KPIC'
+	lt_prog_compiler_static='-static'
+        ;;
+      pgcc* | pgf77* | pgf90* | pgf95*)
+        # Portland Group compilers (*not* the Pentium gcc compiler,
+	# which looks to be a dead project)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-fpic'
+	lt_prog_compiler_static='-Bstatic'
+        ;;
+      ccc*)
+        lt_prog_compiler_wl='-Wl,'
+        # All Alpha code is PIC.
+        lt_prog_compiler_static='-non_shared'
+        ;;
+      esac
+      ;;
+
+    osf3* | osf4* | osf5*)
+      lt_prog_compiler_wl='-Wl,'
+      # All OSF/1 code is PIC.
+      lt_prog_compiler_static='-non_shared'
+      ;;
+
+    solaris*)
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      case $cc_basename in
+      f77* | f90* | f95*)
+	lt_prog_compiler_wl='-Qoption ld ';;
+      *)
+	lt_prog_compiler_wl='-Wl,';;
+      esac
+      ;;
+
+    sunos4*)
+      lt_prog_compiler_wl='-Qoption ld '
+      lt_prog_compiler_pic='-PIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    sysv4 | sysv4.2uw2* | sysv4.3*)
+      lt_prog_compiler_wl='-Wl,'
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec ;then
+	lt_prog_compiler_pic='-Kconform_pic'
+	lt_prog_compiler_static='-Bstatic'
+      fi
+      ;;
+
+    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+      lt_prog_compiler_wl='-Wl,'
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    unicos*)
+      lt_prog_compiler_wl='-Wl,'
+      lt_prog_compiler_can_build_shared=no
+      ;;
+
+    uts4*)
+      lt_prog_compiler_pic='-pic'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    *)
+      lt_prog_compiler_can_build_shared=no
+      ;;
+    esac
+  fi
+
+echo "$as_me:$LINENO: result: $lt_prog_compiler_pic" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic" >&6
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic"; then
+
+echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
+echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic works... $ECHO_C" >&6
+if test "${lt_prog_compiler_pic_works+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  lt_prog_compiler_pic_works=no
+  ac_outfile=conftest.$ac_objext
+   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+   lt_compiler_flag="$lt_prog_compiler_pic -DPIC"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   # The option is referenced via a variable to avoid confusing sed.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:6764: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>conftest.err)
+   ac_status=$?
+   cat conftest.err >&5
+   echo "$as_me:6768: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s "$ac_outfile"; then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings other than the usual output.
+     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+       lt_prog_compiler_pic_works=yes
+     fi
+   fi
+   $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_works" >&6
+
+if test x"$lt_prog_compiler_pic_works" = xyes; then
+    case $lt_prog_compiler_pic in
+     "" | " "*) ;;
+     *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
+     esac
+else
+    lt_prog_compiler_pic=
+     lt_prog_compiler_can_build_shared=no
+fi
+
+fi
+case $host_os in
+  # For platforms which do not support PIC, -DPIC is meaningless:
+  *djgpp*)
+    lt_prog_compiler_pic=
+    ;;
+  *)
+    lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC"
+    ;;
+esac
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
+echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6
+if test "${lt_prog_compiler_static_works+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  lt_prog_compiler_static_works=no
+   save_LDFLAGS="$LDFLAGS"
+   LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+   printf "$lt_simple_link_test_code" > conftest.$ac_ext
+   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+     # The linker can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     if test -s conftest.err; then
+       # Append any errors to the config.log.
+       cat conftest.err 1>&5
+       $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+       if diff conftest.exp conftest.er2 >/dev/null; then
+         lt_prog_compiler_static_works=yes
+       fi
+     else
+       lt_prog_compiler_static_works=yes
+     fi
+   fi
+   $rm conftest*
+   LDFLAGS="$save_LDFLAGS"
+
+fi
+echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works" >&5
+echo "${ECHO_T}$lt_prog_compiler_static_works" >&6
+
+if test x"$lt_prog_compiler_static_works" = xyes; then
+    :
+else
+    lt_prog_compiler_static=
+fi
+
+
+echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
+echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6
+if test "${lt_cv_prog_compiler_c_o+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  lt_cv_prog_compiler_c_o=no
+   $rm -r conftest 2>/dev/null
+   mkdir conftest
+   cd conftest
+   mkdir out
+   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+   lt_compiler_flag="-o out/conftest2.$ac_objext"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:6868: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>out/conftest.err)
+   ac_status=$?
+   cat out/conftest.err >&5
+   echo "$as_me:6872: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s out/conftest2.$ac_objext
+   then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_c_o=yes
+     fi
+   fi
+   chmod u+w . 2>&5
+   $rm conftest*
+   # SGI C++ compiler will create directory out/ii_files/ for
+   # template instantiation
+   test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
+   $rm out/* && rmdir out
+   cd ..
+   rmdir conftest
+   $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_c_o" >&6
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then
+  # do not overwrite the value of need_locks provided by the user
+  echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
+echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6
+  hard_links=yes
+  $rm conftest*
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  touch conftest.a
+  ln conftest.a conftest.b 2>&5 || hard_links=no
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  echo "$as_me:$LINENO: result: $hard_links" >&5
+echo "${ECHO_T}$hard_links" >&6
+  if test "$hard_links" = no; then
+    { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+    need_locks=warn
+  fi
+else
+  need_locks=no
+fi
+
+echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6
+
+  runpath_var=
+  allow_undefined_flag=
+  enable_shared_with_static_runtimes=no
+  archive_cmds=
+  archive_expsym_cmds=
+  old_archive_From_new_cmds=
+  old_archive_from_expsyms_cmds=
+  export_dynamic_flag_spec=
+  whole_archive_flag_spec=
+  thread_safe_flag_spec=
+  hardcode_libdir_flag_spec=
+  hardcode_libdir_flag_spec_ld=
+  hardcode_libdir_separator=
+  hardcode_direct=no
+  hardcode_minus_L=no
+  hardcode_shlibpath_var=unsupported
+  link_all_deplibs=unknown
+  hardcode_automatic=no
+  module_cmds=
+  module_expsym_cmds=
+  always_export_symbols=no
+  export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+  # include_expsyms should be a list of space-separated symbols to be *always*
+  # included in the symbol list
+  include_expsyms=
+  # exclude_expsyms can be an extended regexp of symbols to exclude
+  # it will be wrapped by ` (' and `)$', so one must not match beginning or
+  # end of line.  Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+  # as well as any symbol that contains `d'.
+  exclude_expsyms="_GLOBAL_OFFSET_TABLE_"
+  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+  # platforms (ab)use it in PIC code, but their linkers get confused if
+  # the symbol is explicitly referenced.  Since portable code cannot
+  # rely on this symbol name, it's probably fine to never include it in
+  # preloaded symbol tables.
+  extract_expsyms_cmds=
+  # Just being paranoid about ensuring that cc_basename is set.
+  for cc_temp in $compiler""; do
+  case $cc_temp in
+    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+    \-*) ;;
+    *) break;;
+  esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+  case $host_os in
+  cygwin* | mingw* | pw32*)
+    # FIXME: the MSVC++ port hasn't been tested in a loooong time
+    # When not using gcc, we currently assume that we are using
+    # Microsoft Visual C++.
+    if test "$GCC" != yes; then
+      with_gnu_ld=no
+    fi
+    ;;
+  interix*)
+    # we just hope/assume this is gcc and not c89 (= MSVC++)
+    with_gnu_ld=yes
+    ;;
+  openbsd*)
+    with_gnu_ld=no
+    ;;
+  esac
+
+  ld_shlibs=yes
+  if test "$with_gnu_ld" = yes; then
+    # If archive_cmds runs LD, not CC, wlarc should be empty
+    wlarc='${wl}'
+
+    # Set some defaults for GNU ld with shared library support. These
+    # are reset later if shared libraries are not supported. Putting them
+    # here allows them to be overridden if necessary.
+    runpath_var=LD_RUN_PATH
+    hardcode_libdir_flag_spec='${wl}--rpath ${wl}$libdir'
+    export_dynamic_flag_spec='${wl}--export-dynamic'
+    # ancient GNU ld didn't support --whole-archive et. al.
+    if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then
+	whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+      else
+  	whole_archive_flag_spec=
+    fi
+    supports_anon_versioning=no
+    case `$LD -v 2>/dev/null` in
+      *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
+      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+      *\ 2.11.*) ;; # other 2.11 versions
+      *) supports_anon_versioning=yes ;;
+    esac
+
+    # See if GNU ld supports shared libraries.
+    case $host_os in
+    aix3* | aix4* | aix5*)
+      # On AIX/PPC, the GNU linker is very broken
+      if test "$host_cpu" != ia64; then
+	ld_shlibs=no
+	cat <<EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support.  If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+EOF
+      fi
+      ;;
+
+    amigaos*)
+      archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_minus_L=yes
+
+      # Samuel A. Falvo II <kc5tja@dolphin.openprojects.net> reports
+      # that the semantics of dynamic libraries on AmigaOS, at least up
+      # to version 4, is to share data among multiple programs linked
+      # with the same dynamic library.  Since this doesn't match the
+      # behavior of shared libraries on other platforms, we can't use
+      # them.
+      ld_shlibs=no
+      ;;
+
+    beos*)
+      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	allow_undefined_flag=unsupported
+	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+	# support --undefined.  This deserves some investigation.  FIXME
+	archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+      else
+	ld_shlibs=no
+      fi
+      ;;
+
+    cygwin* | mingw* | pw32*)
+      # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
+      # as there is no search path for DLLs.
+      hardcode_libdir_flag_spec='-L$libdir'
+      allow_undefined_flag=unsupported
+      always_export_symbols=no
+      enable_shared_with_static_runtimes=yes
+      export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
+
+      if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+        archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+	# If the export-symbols file already is a .def file (1st line
+	# is EXPORTS), use it as is; otherwise, prepend...
+	archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+	  cp $export_symbols $output_objdir/$soname.def;
+	else
+	  echo EXPORTS > $output_objdir/$soname.def;
+	  cat $export_symbols >> $output_objdir/$soname.def;
+	fi~
+	$CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+      else
+	ld_shlibs=no
+      fi
+      ;;
+
+    interix3*)
+      hardcode_direct=no
+      hardcode_shlibpath_var=no
+      hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+      export_dynamic_flag_spec='${wl}-E'
+      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+      # Instead, shared libraries are loaded at an image base (0x10000000 by
+      # default) and relocated if they conflict, which is a slow very memory
+      # consuming and fragmenting process.  To avoid this, we pick a random,
+      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
+      archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      ;;
+
+    linux*)
+      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	tmp_addflag=
+	case $cc_basename,$host_cpu in
+	pgcc*)				# Portland Group C compiler
+	  whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+	  tmp_addflag=' $pic_flag'
+	  ;;
+	pgf77* | pgf90* | pgf95*)	# Portland Group f77 and f90 compilers
+	  whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+	  tmp_addflag=' $pic_flag -Mnomain' ;;
+	ecc*,ia64* | icc*,ia64*)		# Intel C compiler on ia64
+	  tmp_addflag=' -i_dynamic' ;;
+	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
+	  tmp_addflag=' -i_dynamic -nofor_main' ;;
+	ifc* | ifort*)			# Intel Fortran compiler
+	  tmp_addflag=' -nofor_main' ;;
+	esac
+	archive_cmds='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+	if test $supports_anon_versioning = yes; then
+	  archive_expsym_cmds='$echo "{ global:" > $output_objdir/$libname.ver~
+  cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+  $echo "local: *; };" >> $output_objdir/$libname.ver~
+	  $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+	fi
+      else
+	ld_shlibs=no
+      fi
+      ;;
+
+    netbsd*)
+      if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+	archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+	wlarc=
+      else
+	archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      fi
+      ;;
+
+    solaris*)
+      if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
+	ld_shlibs=no
+	cat <<EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems.  Therefore, libtool
+*** is disabling shared libraries support.  We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer.  Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+EOF
+      elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      else
+	ld_shlibs=no
+      fi
+      ;;
+
+    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+      case `$LD -v 2>&1` in
+        *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
+	ld_shlibs=no
+	cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** reliably create shared libraries on SCO systems.  Therefore, libtool
+*** is disabling shared libraries support.  We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+	;;
+	*)
+	  if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	    hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
+	    archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib'
+	    archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib'
+	  else
+	    ld_shlibs=no
+	  fi
+	;;
+      esac
+      ;;
+
+    sunos4*)
+      archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+      wlarc=
+      hardcode_direct=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    *)
+      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      else
+	ld_shlibs=no
+      fi
+      ;;
+    esac
+
+    if test "$ld_shlibs" = no; then
+      runpath_var=
+      hardcode_libdir_flag_spec=
+      export_dynamic_flag_spec=
+      whole_archive_flag_spec=
+    fi
+  else
+    # PORTME fill in a description of your system's linker (not GNU ld)
+    case $host_os in
+    aix3*)
+      allow_undefined_flag=unsupported
+      always_export_symbols=yes
+      archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+      # Note: this linker hardcodes the directories in LIBPATH if there
+      # are no directories specified by -L.
+      hardcode_minus_L=yes
+      if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+	# Neither direct hardcoding nor static linking is supported with a
+	# broken collect2.
+	hardcode_direct=unsupported
+      fi
+      ;;
+
+    aix4* | aix5*)
+      if test "$host_cpu" = ia64; then
+	# On IA64, the linker does run time linking by default, so we don't
+	# have to do anything special.
+	aix_use_runtimelinking=no
+	exp_sym_flag='-Bexport'
+	no_entry_flag=""
+      else
+	# If we're using GNU nm, then we don't want the "-C" option.
+	# -C means demangle to AIX nm, but means don't demangle with GNU nm
+	if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+	  export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+	else
+	  export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+	fi
+	aix_use_runtimelinking=no
+
+	# Test if we are trying to use run time linking or normal
+	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
+	# need to do runtime linking.
+	case $host_os in aix4.[23]|aix4.[23].*|aix5*)
+	  for ld_flag in $LDFLAGS; do
+  	  if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+  	    aix_use_runtimelinking=yes
+  	    break
+  	  fi
+	  done
+	  ;;
+	esac
+
+	exp_sym_flag='-bexport'
+	no_entry_flag='-bnoentry'
+      fi
+
+      # When large executables or shared objects are built, AIX ld can
+      # have problems creating the table of contents.  If linking a library
+      # or program results in "error TOC overflow" add -mminimal-toc to
+      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
+      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+      archive_cmds=''
+      hardcode_direct=yes
+      hardcode_libdir_separator=':'
+      link_all_deplibs=yes
+
+      if test "$GCC" = yes; then
+	case $host_os in aix4.[012]|aix4.[012].*)
+	# We only want to do this on AIX 4.2 and lower, the check
+	# below for broken collect2 doesn't work under 4.3+
+	  collect2name=`${CC} -print-prog-name=collect2`
+	  if test -f "$collect2name" && \
+  	   strings "$collect2name" | grep resolve_lib_name >/dev/null
+	  then
+  	  # We have reworked collect2
+  	  hardcode_direct=yes
+	  else
+  	  # We have old collect2
+  	  hardcode_direct=unsupported
+  	  # It fails to find uninstalled libraries when the uninstalled
+  	  # path is not listed in the libpath.  Setting hardcode_minus_L
+  	  # to unsupported forces relinking
+  	  hardcode_minus_L=yes
+  	  hardcode_libdir_flag_spec='-L$libdir'
+  	  hardcode_libdir_separator=
+	  fi
+	  ;;
+	esac
+	shared_flag='-shared'
+	if test "$aix_use_runtimelinking" = yes; then
+	  shared_flag="$shared_flag "'${wl}-G'
+	fi
+      else
+	# not using gcc
+	if test "$host_cpu" = ia64; then
+  	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+  	# chokes on -Wl,-G. The following line is correct:
+	  shared_flag='-G'
+	else
+	  if test "$aix_use_runtimelinking" = yes; then
+	    shared_flag='${wl}-G'
+	  else
+	    shared_flag='${wl}-bM:SRE'
+	  fi
+	fi
+      fi
+
+      # It seems that -bexpall does not export symbols beginning with
+      # underscore (_), so it is better to generate a list of symbols to export.
+      always_export_symbols=yes
+      if test "$aix_use_runtimelinking" = yes; then
+	# Warning - without using the other runtime loading flags (-brtl),
+	# -berok will link without error, but may produce a broken library.
+	allow_undefined_flag='-berok'
+       # Determine the default libpath from the value encoded in an empty executable.
+       cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`; fi
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+       hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+	archive_expsym_cmds="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+       else
+	if test "$host_cpu" = ia64; then
+	  hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
+	  allow_undefined_flag="-z nodefs"
+	  archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+	else
+	 # Determine the default libpath from the value encoded in an empty executable.
+	 cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`; fi
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+	 hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+	  # Warning - without using the other run time loading flags,
+	  # -berok will link without error, but may produce a broken library.
+	  no_undefined_flag=' ${wl}-bernotok'
+	  allow_undefined_flag=' ${wl}-berok'
+	  # Exported symbols can be pulled into shared objects from archives
+	  whole_archive_flag_spec='$convenience'
+	  archive_cmds_need_lc=yes
+	  # This is similar to how AIX traditionally builds its shared libraries.
+	  archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+	fi
+      fi
+      ;;
+
+    amigaos*)
+      archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_minus_L=yes
+      # see comment about different semantics on the GNU ld section
+      ld_shlibs=no
+      ;;
+
+    bsdi[45]*)
+      export_dynamic_flag_spec=-rdynamic
+      ;;
+
+    cygwin* | mingw* | pw32*)
+      # When not using gcc, we currently assume that we are using
+      # Microsoft Visual C++.
+      # hardcode_libdir_flag_spec is actually meaningless, as there is
+      # no search path for DLLs.
+      hardcode_libdir_flag_spec=' '
+      allow_undefined_flag=unsupported
+      # Tell ltmain to make .lib files, not .a files.
+      libext=lib
+      # Tell ltmain to make .dll files, not .so files.
+      shrext_cmds=".dll"
+      # FIXME: Setting linknames here is a bad hack.
+      archive_cmds='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames='
+      # The linker will automatically build a .lib file if we build a DLL.
+      old_archive_From_new_cmds='true'
+      # FIXME: Should let the user specify the lib program.
+      old_archive_cmds='lib /OUT:$oldlib$oldobjs$old_deplibs'
+      fix_srcfile_path='`cygpath -w "$srcfile"`'
+      enable_shared_with_static_runtimes=yes
+      ;;
+
+    darwin* | rhapsody*)
+      case $host_os in
+        rhapsody* | darwin1.[012])
+         allow_undefined_flag='${wl}-undefined ${wl}suppress'
+         ;;
+       *) # Darwin 1.3 on
+         if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+           allow_undefined_flag='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+         else
+           case ${MACOSX_DEPLOYMENT_TARGET} in
+             10.[012])
+               allow_undefined_flag='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+               ;;
+             10.*)
+               allow_undefined_flag='${wl}-undefined ${wl}dynamic_lookup'
+               ;;
+           esac
+         fi
+         ;;
+      esac
+      archive_cmds_need_lc=no
+      hardcode_direct=no
+      hardcode_automatic=yes
+      hardcode_shlibpath_var=unsupported
+      whole_archive_flag_spec=''
+      link_all_deplibs=yes
+    if test "$GCC" = yes ; then
+    	output_verbose_link_cmd='echo'
+        archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+      module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+      # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+      archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+      module_expsym_cmds='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+    else
+      case $cc_basename in
+        xlc*)
+         output_verbose_link_cmd='echo'
+         archive_cmds='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+         module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+          # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+         archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+          module_expsym_cmds='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+          ;;
+       *)
+         ld_shlibs=no
+          ;;
+      esac
+    fi
+      ;;
+
+    dgux*)
+      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_shlibpath_var=no
+      ;;
+
+    freebsd1*)
+      ld_shlibs=no
+      ;;
+
+    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+    # support.  Future versions do this automatically, but an explicit c++rt0.o
+    # does not break anything, and helps significantly (at the cost of a little
+    # extra space).
+    freebsd2.2*)
+      archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+      hardcode_libdir_flag_spec='-R$libdir'
+      hardcode_direct=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+    freebsd2*)
+      archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_direct=yes
+      hardcode_minus_L=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+    freebsd* | kfreebsd*-gnu | dragonfly*)
+      archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+      hardcode_libdir_flag_spec='-R$libdir'
+      hardcode_direct=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    hpux9*)
+      if test "$GCC" = yes; then
+	archive_cmds='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+      else
+	archive_cmds='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+      fi
+      hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+      hardcode_libdir_separator=:
+      hardcode_direct=yes
+
+      # hardcode_minus_L: Not really in the search PATH,
+      # but as the default location of the library.
+      hardcode_minus_L=yes
+      export_dynamic_flag_spec='${wl}-E'
+      ;;
+
+    hpux10*)
+      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+	archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+      fi
+      if test "$with_gnu_ld" = no; then
+	hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+	hardcode_libdir_separator=:
+
+	hardcode_direct=yes
+	export_dynamic_flag_spec='${wl}-E'
+
+	# hardcode_minus_L: Not really in the search PATH,
+	# but as the default location of the library.
+	hardcode_minus_L=yes
+      fi
+      ;;
+
+    hpux11*)
+      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+	case $host_cpu in
+	hppa*64*)
+	  archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	ia64*)
+	  archive_cmds='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	esac
+      else
+	case $host_cpu in
+	hppa*64*)
+	  archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	ia64*)
+	  archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	esac
+      fi
+      if test "$with_gnu_ld" = no; then
+	hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+	hardcode_libdir_separator=:
+
+	case $host_cpu in
+	hppa*64*|ia64*)
+	  hardcode_libdir_flag_spec_ld='+b $libdir'
+	  hardcode_direct=no
+	  hardcode_shlibpath_var=no
+	  ;;
+	*)
+	  hardcode_direct=yes
+	  export_dynamic_flag_spec='${wl}-E'
+
+	  # hardcode_minus_L: Not really in the search PATH,
+	  # but as the default location of the library.
+	  hardcode_minus_L=yes
+	  ;;
+	esac
+      fi
+      ;;
+
+    irix5* | irix6* | nonstopux*)
+      if test "$GCC" = yes; then
+	archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+      else
+	archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+	hardcode_libdir_flag_spec_ld='-rpath $libdir'
+      fi
+      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+      hardcode_libdir_separator=:
+      link_all_deplibs=yes
+      ;;
+
+    netbsd*)
+      if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+	archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
+      else
+	archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
+      fi
+      hardcode_libdir_flag_spec='-R$libdir'
+      hardcode_direct=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    newsos6)
+      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_direct=yes
+      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+      hardcode_libdir_separator=:
+      hardcode_shlibpath_var=no
+      ;;
+
+    openbsd*)
+      hardcode_direct=yes
+      hardcode_shlibpath_var=no
+      if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+	archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+	hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+	export_dynamic_flag_spec='${wl}-E'
+      else
+       case $host_os in
+	 openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+	   archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+	   hardcode_libdir_flag_spec='-R$libdir'
+	   ;;
+	 *)
+	   archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	   hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+	   ;;
+       esac
+      fi
+      ;;
+
+    os2*)
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_minus_L=yes
+      allow_undefined_flag=unsupported
+      archive_cmds='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+      old_archive_From_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+      ;;
+
+    osf3*)
+      if test "$GCC" = yes; then
+	allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+	archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+      else
+	allow_undefined_flag=' -expect_unresolved \*'
+	archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+      fi
+      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+      hardcode_libdir_separator=:
+      ;;
+
+    osf4* | osf5*)	# as osf3* with the addition of -msym flag
+      if test "$GCC" = yes; then
+	allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+	archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+	hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+      else
+	allow_undefined_flag=' -expect_unresolved \*'
+	archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+	archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
+	$LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp'
+
+	# Both c and cxx compiler support -rpath directly
+	hardcode_libdir_flag_spec='-rpath $libdir'
+      fi
+      hardcode_libdir_separator=:
+      ;;
+
+    solaris*)
+      no_undefined_flag=' -z text'
+      if test "$GCC" = yes; then
+	wlarc='${wl}'
+	archive_cmds='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+	  $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp'
+      else
+	wlarc=''
+	archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+  	$LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+      fi
+      hardcode_libdir_flag_spec='-R$libdir'
+      hardcode_shlibpath_var=no
+      case $host_os in
+      solaris2.[0-5] | solaris2.[0-5].*) ;;
+      *)
+ 	# The compiler driver will combine linker options so we
+ 	# cannot just pass the convience library names through
+ 	# without $wl, iff we do not link with $LD.
+ 	# Luckily, gcc supports the same syntax we need for Sun Studio.
+ 	# Supported since Solaris 2.6 (maybe 2.5.1?)
+ 	case $wlarc in
+ 	'')
+ 	  whole_archive_flag_spec='-z allextract$convenience -z defaultextract' ;;
+ 	*)
+ 	  whole_archive_flag_spec='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;;
+ 	esac ;;
+      esac
+      link_all_deplibs=yes
+      ;;
+
+    sunos4*)
+      if test "x$host_vendor" = xsequent; then
+	# Use $CC to link under sequent, because it throws in some extra .o
+	# files that make .init and .fini sections work.
+	archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+      fi
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_direct=yes
+      hardcode_minus_L=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    sysv4)
+      case $host_vendor in
+	sni)
+	  archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  hardcode_direct=yes # is this really true???
+	;;
+	siemens)
+	  ## LD is ld it makes a PLAMLIB
+	  ## CC just makes a GrossModule.
+	  archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+	  reload_cmds='$CC -r -o $output$reload_objs'
+	  hardcode_direct=no
+        ;;
+	motorola)
+	  archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  hardcode_direct=no #Motorola manual says yes, but my tests say they lie
+	;;
+      esac
+      runpath_var='LD_RUN_PATH'
+      hardcode_shlibpath_var=no
+      ;;
+
+    sysv4.3*)
+      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_shlibpath_var=no
+      export_dynamic_flag_spec='-Bexport'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	hardcode_shlibpath_var=no
+	runpath_var=LD_RUN_PATH
+	hardcode_runpath_var=yes
+	ld_shlibs=yes
+      fi
+      ;;
+
+    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*)
+      no_undefined_flag='${wl}-z,text'
+      archive_cmds_need_lc=no
+      hardcode_shlibpath_var=no
+      runpath_var='LD_RUN_PATH'
+
+      if test "$GCC" = yes; then
+	archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      fi
+      ;;
+
+    sysv5* | sco3.2v5* | sco5v6*)
+      # Note: We can NOT use -z defs as we might desire, because we do not
+      # link with -lc, and that would cause any symbols used from libc to
+      # always be unresolved, which means just about no library would
+      # ever link correctly.  If we're not using GNU ld we use -z text
+      # though, which does catch some bad symbols but isn't as heavy-handed
+      # as -z defs.
+      no_undefined_flag='${wl}-z,text'
+      allow_undefined_flag='${wl}-z,nodefs'
+      archive_cmds_need_lc=no
+      hardcode_shlibpath_var=no
+      hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
+      hardcode_libdir_separator=':'
+      link_all_deplibs=yes
+      export_dynamic_flag_spec='${wl}-Bexport'
+      runpath_var='LD_RUN_PATH'
+
+      if test "$GCC" = yes; then
+	archive_cmds='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+      fi
+      ;;
+
+    uts4*)
+      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_shlibpath_var=no
+      ;;
+
+    *)
+      ld_shlibs=no
+      ;;
+    esac
+  fi
+
+echo "$as_me:$LINENO: result: $ld_shlibs" >&5
+echo "${ECHO_T}$ld_shlibs" >&6
+test "$ld_shlibs" = no && can_build_shared=no
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc" in
+x|xyes)
+  # Assume -lc should be added
+  archive_cmds_need_lc=yes
+
+  if test "$enable_shared" = yes && test "$GCC" = yes; then
+    case $archive_cmds in
+    *'~'*)
+      # FIXME: we may have to deal with multi-command sequences.
+      ;;
+    '$CC '*)
+      # Test whether the compiler implicitly links with -lc since on some
+      # systems, -lgcc has to come before -lc. If gcc already passes -lc
+      # to ld, don't add -lc before -lgcc.
+      echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
+echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6
+      $rm conftest*
+      printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+      if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } 2>conftest.err; then
+        soname=conftest
+        lib=conftest
+        libobjs=conftest.$ac_objext
+        deplibs=
+        wl=$lt_prog_compiler_wl
+	pic_flag=$lt_prog_compiler_pic
+        compiler_flags=-v
+        linker_flags=-v
+        verstring=
+        output_objdir=.
+        libname=conftest
+        lt_save_allow_undefined_flag=$allow_undefined_flag
+        allow_undefined_flag=
+        if { (eval echo "$as_me:$LINENO: \"$archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5
+  (eval $archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+        then
+	  archive_cmds_need_lc=no
+        else
+	  archive_cmds_need_lc=yes
+        fi
+        allow_undefined_flag=$lt_save_allow_undefined_flag
+      else
+        cat conftest.err 1>&5
+      fi
+      $rm conftest*
+      echo "$as_me:$LINENO: result: $archive_cmds_need_lc" >&5
+echo "${ECHO_T}$archive_cmds_need_lc" >&6
+      ;;
+    esac
+  fi
+  ;;
+esac
+
+echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
+echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+if test "$GCC" = yes; then
+  sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+  if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
+    # if the path contains ";" then we assume it to be the separator
+    # otherwise default to the standard path separator (i.e. ":") - it is
+    # assumed that no part of a normal pathname contains ";" but that should
+    # okay in the real world where ";" in dirpaths is itself problematic.
+    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+  else
+    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
+  fi
+else
+  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+  shlibpath_var=LIBPATH
+
+  # AIX 3 has no versioning support, so we append a major version to the name.
+  soname_spec='${libname}${release}${shared_ext}$major'
+  ;;
+
+aix4* | aix5*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  hardcode_into_libs=yes
+  if test "$host_cpu" = ia64; then
+    # AIX 5 supports IA64
+    library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+    shlibpath_var=LD_LIBRARY_PATH
+  else
+    # With GCC up to 2.95.x, collect2 would create an import file
+    # for dependence libraries.  The import file would start with
+    # the line `#! .'.  This would cause the generated library to
+    # depend on `.', always an invalid library.  This was fixed in
+    # development snapshots of GCC prior to 3.0.
+    case $host_os in
+      aix4 | aix4.[01] | aix4.[01].*)
+      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+	   echo ' yes '
+	   echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
+	:
+      else
+	can_build_shared=no
+      fi
+      ;;
+    esac
+    # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+    # soname into executable. Probably we can add versioning support to
+    # collect2, so additional links can be useful in future.
+    if test "$aix_use_runtimelinking" = yes; then
+      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+      # instead of lib<name>.a to let people know that these are not
+      # typical AIX shared libraries.
+      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    else
+      # We preserve .a as extension for shared libraries through AIX4.2
+      # and later when we are not doing run time linking.
+      library_names_spec='${libname}${release}.a $libname.a'
+      soname_spec='${libname}${release}${shared_ext}$major'
+    fi
+    shlibpath_var=LIBPATH
+  fi
+  ;;
+
+amigaos*)
+  library_names_spec='$libname.ixlibrary $libname.a'
+  # Create ${libname}_ixlibrary.a entries in /sys/libs.
+  finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+  ;;
+
+beos*)
+  library_names_spec='${libname}${shared_ext}'
+  dynamic_linker="$host_os ld.so"
+  shlibpath_var=LIBRARY_PATH
+  ;;
+
+bsdi[45]*)
+  version_type=linux
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+  # the default ld.so.conf also contains /usr/contrib/lib and
+  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+  # libtool to hard-code these into programs
+  ;;
+
+cygwin* | mingw* | pw32*)
+  version_type=windows
+  shrext_cmds=".dll"
+  need_version=no
+  need_lib_prefix=no
+
+  case $GCC,$host_os in
+  yes,cygwin* | yes,mingw* | yes,pw32*)
+    library_names_spec='$libname.dll.a'
+    # DLL is installed to $(libdir)/../bin by postinstall_cmds
+    postinstall_cmds='base_file=`basename \${file}`~
+      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
+      dldir=$destdir/`dirname \$dlpath`~
+      test -d \$dldir || mkdir -p \$dldir~
+      $install_prog $dir/$dlname \$dldir/$dlname~
+      chmod a+x \$dldir/$dlname'
+    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+      dlpath=$dir/\$dldll~
+       $rm \$dlpath'
+    shlibpath_overrides_runpath=yes
+
+    case $host_os in
+    cygwin*)
+      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+      soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+      ;;
+    mingw*)
+      # MinGW DLLs use traditional 'lib' prefix
+      soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+      if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then
+        # It is most probably a Windows format PATH printed by
+        # mingw gcc, but we are running on Cygwin. Gcc prints its search
+        # path with ; separators, and with drive letters. We can handle the
+        # drive letters (cygwin fileutils understands them), so leave them,
+        # especially as we might pass files found there to a mingw objdump,
+        # which wouldn't understand a cygwinified path. Ahh.
+        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+      else
+        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
+      fi
+      ;;
+    pw32*)
+      # pw32 DLLs use 'pw' prefix rather than 'lib'
+      library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      ;;
+    esac
+    ;;
+
+  *)
+    library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+    ;;
+  esac
+  dynamic_linker='Win32 ld.exe'
+  # FIXME: first we should search . and the directory the executable is in
+  shlibpath_var=PATH
+  ;;
+
+darwin* | rhapsody*)
+  dynamic_linker="$host_os dyld"
+  version_type=darwin
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+  soname_spec='${libname}${release}${major}$shared_ext'
+  shlibpath_overrides_runpath=yes
+  shlibpath_var=DYLD_LIBRARY_PATH
+  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+  # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
+  if test "$GCC" = yes; then
+    sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
+  else
+    sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
+  fi
+  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+  ;;
+
+dgux*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+freebsd1*)
+  dynamic_linker=no
+  ;;
+
+kfreebsd*-gnu)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='GNU ld.so'
+  ;;
+
+freebsd* | dragonfly*)
+  # DragonFly does not have aout.  When/if they implement a new
+  # versioning mechanism, adjust this.
+  if test -x /usr/bin/objformat; then
+    objformat=`/usr/bin/objformat`
+  else
+    case $host_os in
+    freebsd[123]*) objformat=aout ;;
+    *) objformat=elf ;;
+    esac
+  fi
+  version_type=freebsd-$objformat
+  case $version_type in
+    freebsd-elf*)
+      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+      need_version=no
+      need_lib_prefix=no
+      ;;
+    freebsd-*)
+      library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+      need_version=yes
+      ;;
+  esac
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_os in
+  freebsd2*)
+    shlibpath_overrides_runpath=yes
+    ;;
+  freebsd3.[01]* | freebsdelf3.[01]*)
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+  freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+    shlibpath_overrides_runpath=no
+    hardcode_into_libs=yes
+    ;;
+  freebsd*) # from 4.6 on
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  esac
+  ;;
+
+gnu*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  hardcode_into_libs=yes
+  ;;
+
+hpux9* | hpux10* | hpux11*)
+  # Give a soname corresponding to the major version so that dld.sl refuses to
+  # link against other versions.
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  case $host_cpu in
+  ia64*)
+    shrext_cmds='.so'
+    hardcode_into_libs=yes
+    dynamic_linker="$host_os dld.so"
+    shlibpath_var=LD_LIBRARY_PATH
+    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    if test "X$HPUX_IA64_MODE" = X32; then
+      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+    else
+      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+    fi
+    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+    ;;
+   hppa*64*)
+     shrext_cmds='.sl'
+     hardcode_into_libs=yes
+     dynamic_linker="$host_os dld.sl"
+     shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+     shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+     library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+     soname_spec='${libname}${release}${shared_ext}$major'
+     sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+     sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+     ;;
+   *)
+    shrext_cmds='.sl'
+    dynamic_linker="$host_os dld.sl"
+    shlibpath_var=SHLIB_PATH
+    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    ;;
+  esac
+  # HP-UX runs *really* slowly unless shared libraries are mode 555.
+  postinstall_cmds='chmod 555 $lib'
+  ;;
+
+interix3*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
+irix5* | irix6* | nonstopux*)
+  case $host_os in
+    nonstopux*) version_type=nonstopux ;;
+    *)
+	if test "$lt_cv_prog_gnu_ld" = yes; then
+		version_type=linux
+	else
+		version_type=irix
+	fi ;;
+  esac
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='${libname}${release}${shared_ext}$major'
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+  case $host_os in
+  irix5* | nonstopux*)
+    libsuff= shlibsuff=
+    ;;
+  *)
+    case $LD in # libtool.m4 will add one of these switches to LD
+    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+      libsuff= shlibsuff= libmagic=32-bit;;
+    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+      libsuff=32 shlibsuff=N32 libmagic=N32;;
+    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+      libsuff=64 shlibsuff=64 libmagic=64-bit;;
+    *) libsuff= shlibsuff= libmagic=never-match;;
+    esac
+    ;;
+  esac
+  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+  shlibpath_overrides_runpath=no
+  sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+  hardcode_into_libs=yes
+  ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+  dynamic_linker=no
+  ;;
+
+# This must be Linux ELF.
+linux*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  # This implies no fast_install, which is unacceptable.
+  # Some rework will be needed to allow for fast_install
+  # before this can be enabled.
+  hardcode_into_libs=yes
+
+  # Append ld.so.conf contents to the search path
+  if test -f /etc/ld.so.conf; then
+    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+  fi
+
+  # We used to test for /lib/ld.so.1 and disable shared libraries on
+  # powerpc, because MkLinux only supported shared libraries with the
+  # GNU dynamic linker.  Since this was broken with cross compilers,
+  # most powerpc-linux boxes support dynamic linking these days and
+  # people can always --disable-shared, the test was removed, and we
+  # assume the GNU/Linux dynamic linker is in use.
+  dynamic_linker='GNU/Linux ld.so'
+  ;;
+
+knetbsd*-gnu)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='GNU ld.so'
+  ;;
+
+netbsd*)
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+    dynamic_linker='NetBSD (a.out) ld.so'
+  else
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    dynamic_linker='NetBSD ld.elf_so'
+  fi
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  ;;
+
+newsos6)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+nto-qnx*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+openbsd*)
+  version_type=sunos
+  sys_lib_dlsearch_path_spec="/usr/lib"
+  need_lib_prefix=no
+  # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+  case $host_os in
+    openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+    *)                         need_version=no  ;;
+  esac
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+    case $host_os in
+      openbsd2.[89] | openbsd2.[89].*)
+	shlibpath_overrides_runpath=no
+	;;
+      *)
+	shlibpath_overrides_runpath=yes
+	;;
+      esac
+  else
+    shlibpath_overrides_runpath=yes
+  fi
+  ;;
+
+os2*)
+  libname_spec='$name'
+  shrext_cmds=".dll"
+  need_lib_prefix=no
+  library_names_spec='$libname${shared_ext} $libname.a'
+  dynamic_linker='OS/2 ld.exe'
+  shlibpath_var=LIBPATH
+  ;;
+
+osf3* | osf4* | osf5*)
+  version_type=osf
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='${libname}${release}${shared_ext}$major'
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+  ;;
+
+solaris*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  # ldd complains unless libraries are executable
+  postinstall_cmds='chmod +x $lib'
+  ;;
+
+sunos4*)
+  version_type=sunos
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  if test "$with_gnu_ld" = yes; then
+    need_lib_prefix=no
+  fi
+  need_version=yes
+  ;;
+
+sysv4 | sysv4.3*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_vendor in
+    sni)
+      shlibpath_overrides_runpath=no
+      need_lib_prefix=no
+      export_dynamic_flag_spec='${wl}-Blargedynsym'
+      runpath_var=LD_RUN_PATH
+      ;;
+    siemens)
+      need_lib_prefix=no
+      ;;
+    motorola)
+      need_lib_prefix=no
+      need_version=no
+      shlibpath_overrides_runpath=no
+      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+      ;;
+  esac
+  ;;
+
+sysv4*MP*)
+  if test -d /usr/nec ;then
+    version_type=linux
+    library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+    soname_spec='$libname${shared_ext}.$major'
+    shlibpath_var=LD_LIBRARY_PATH
+  fi
+  ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+  version_type=freebsd-elf
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  hardcode_into_libs=yes
+  if test "$with_gnu_ld" = yes; then
+    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+    shlibpath_overrides_runpath=no
+  else
+    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+    shlibpath_overrides_runpath=yes
+    case $host_os in
+      sco3.2v5*)
+        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+	;;
+    esac
+  fi
+  sys_lib_dlsearch_path_spec='/usr/lib'
+  ;;
+
+uts4*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+*)
+  dynamic_linker=no
+  ;;
+esac
+echo "$as_me:$LINENO: result: $dynamic_linker" >&5
+echo "${ECHO_T}$dynamic_linker" >&6
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
+echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6
+hardcode_action=
+if test -n "$hardcode_libdir_flag_spec" || \
+   test -n "$runpath_var" || \
+   test "X$hardcode_automatic" = "Xyes" ; then
+
+  # We can hardcode non-existant directories.
+  if test "$hardcode_direct" != no &&
+     # If the only mechanism to avoid hardcoding is shlibpath_var, we
+     # have to relink, otherwise we might link with an installed library
+     # when we should be linking with a yet-to-be-installed one
+     ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, )" != no &&
+     test "$hardcode_minus_L" != no; then
+    # Linking always hardcodes the temporary library directory.
+    hardcode_action=relink
+  else
+    # We can link without hardcoding, and we can hardcode nonexisting dirs.
+    hardcode_action=immediate
+  fi
+else
+  # We cannot hardcode anything, or else we can only hardcode existing
+  # directories.
+  hardcode_action=unsupported
+fi
+echo "$as_me:$LINENO: result: $hardcode_action" >&5
+echo "${ECHO_T}$hardcode_action" >&6
+
+if test "$hardcode_action" = relink; then
+  # Fast installation is not supported
+  enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+     test "$enable_shared" = no; then
+  # Fast installation is not necessary
+  enable_fast_install=needless
+fi
+
+striplib=
+old_striplib=
+echo "$as_me:$LINENO: checking whether stripping libraries is possible" >&5
+echo $ECHO_N "checking whether stripping libraries is possible... $ECHO_C" >&6
+if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
+  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+  echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+  case $host_os in
+   darwin*)
+       if test -n "$STRIP" ; then
+         striplib="$STRIP -x"
+         echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+       else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+       ;;
+   *)
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+    ;;
+  esac
+fi
+
+if test "x$enable_dlopen" != xyes; then
+  enable_dlopen=unknown
+  enable_dlopen_self=unknown
+  enable_dlopen_self_static=unknown
+else
+  lt_cv_dlopen=no
+  lt_cv_dlopen_libs=
+
+  case $host_os in
+  beos*)
+    lt_cv_dlopen="load_add_on"
+    lt_cv_dlopen_libs=
+    lt_cv_dlopen_self=yes
+    ;;
+
+  mingw* | pw32*)
+    lt_cv_dlopen="LoadLibrary"
+    lt_cv_dlopen_libs=
+   ;;
+
+  cygwin*)
+    lt_cv_dlopen="dlopen"
+    lt_cv_dlopen_libs=
+   ;;
+
+  darwin*)
+  # if libdl is installed we need to link against it
+    echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
+echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char dlopen ();
+int
+main ()
+{
+dlopen ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_lib_dl_dlopen=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dl_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6
+if test $ac_cv_lib_dl_dlopen = yes; then
+  lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+
+    lt_cv_dlopen="dyld"
+    lt_cv_dlopen_libs=
+    lt_cv_dlopen_self=yes
+
+fi
+
+   ;;
+
+  *)
+    echo "$as_me:$LINENO: checking for shl_load" >&5
+echo $ECHO_N "checking for shl_load... $ECHO_C" >&6
+if test "${ac_cv_func_shl_load+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define shl_load to an innocuous variant, in case <limits.h> declares shl_load.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define shl_load innocuous_shl_load
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char shl_load (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef shl_load
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char shl_load ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_shl_load) || defined (__stub___shl_load)
+choke me
+#else
+char (*f) () = shl_load;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != shl_load;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_shl_load=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_shl_load=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_shl_load" >&5
+echo "${ECHO_T}$ac_cv_func_shl_load" >&6
+if test $ac_cv_func_shl_load = yes; then
+  lt_cv_dlopen="shl_load"
+else
+  echo "$as_me:$LINENO: checking for shl_load in -ldld" >&5
+echo $ECHO_N "checking for shl_load in -ldld... $ECHO_C" >&6
+if test "${ac_cv_lib_dld_shl_load+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char shl_load ();
+int
+main ()
+{
+shl_load ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_lib_dld_shl_load=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dld_shl_load=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dld_shl_load" >&5
+echo "${ECHO_T}$ac_cv_lib_dld_shl_load" >&6
+if test $ac_cv_lib_dld_shl_load = yes; then
+  lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld"
+else
+  echo "$as_me:$LINENO: checking for dlopen" >&5
+echo $ECHO_N "checking for dlopen... $ECHO_C" >&6
+if test "${ac_cv_func_dlopen+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define dlopen to an innocuous variant, in case <limits.h> declares dlopen.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define dlopen innocuous_dlopen
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char dlopen (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef dlopen
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char dlopen ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_dlopen) || defined (__stub___dlopen)
+choke me
+#else
+char (*f) () = dlopen;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != dlopen;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_dlopen=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_dlopen" >&5
+echo "${ECHO_T}$ac_cv_func_dlopen" >&6
+if test $ac_cv_func_dlopen = yes; then
+  lt_cv_dlopen="dlopen"
+else
+  echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
+echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char dlopen ();
+int
+main ()
+{
+dlopen ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_lib_dl_dlopen=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dl_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6
+if test $ac_cv_lib_dl_dlopen = yes; then
+  lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+  echo "$as_me:$LINENO: checking for dlopen in -lsvld" >&5
+echo $ECHO_N "checking for dlopen in -lsvld... $ECHO_C" >&6
+if test "${ac_cv_lib_svld_dlopen+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsvld  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char dlopen ();
+int
+main ()
+{
+dlopen ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_lib_svld_dlopen=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_svld_dlopen=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_svld_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_svld_dlopen" >&6
+if test $ac_cv_lib_svld_dlopen = yes; then
+  lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
+else
+  echo "$as_me:$LINENO: checking for dld_link in -ldld" >&5
+echo $ECHO_N "checking for dld_link in -ldld... $ECHO_C" >&6
+if test "${ac_cv_lib_dld_dld_link+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char dld_link ();
+int
+main ()
+{
+dld_link ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_lib_dld_dld_link=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_dld_dld_link=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_dld_dld_link" >&5
+echo "${ECHO_T}$ac_cv_lib_dld_dld_link" >&6
+if test $ac_cv_lib_dld_dld_link = yes; then
+  lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld"
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+    ;;
+  esac
+
+  if test "x$lt_cv_dlopen" != xno; then
+    enable_dlopen=yes
+  else
+    enable_dlopen=no
+  fi
+
+  case $lt_cv_dlopen in
+  dlopen)
+    save_CPPFLAGS="$CPPFLAGS"
+    test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+    save_LDFLAGS="$LDFLAGS"
+    wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+    save_LIBS="$LIBS"
+    LIBS="$lt_cv_dlopen_libs $LIBS"
+
+    echo "$as_me:$LINENO: checking whether a program can dlopen itself" >&5
+echo $ECHO_N "checking whether a program can dlopen itself... $ECHO_C" >&6
+if test "${lt_cv_dlopen_self+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  	  if test "$cross_compiling" = yes; then :
+  lt_cv_dlopen_self=cross
+else
+  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+  lt_status=$lt_dlunknown
+  cat > conftest.$ac_ext <<EOF
+#line 9213 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+#  define LT_DLGLOBAL		RTLD_GLOBAL
+#else
+#  ifdef DL_GLOBAL
+#    define LT_DLGLOBAL		DL_GLOBAL
+#  else
+#    define LT_DLGLOBAL		0
+#  endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+   find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+#  ifdef RTLD_LAZY
+#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
+#  else
+#    ifdef DL_LAZY
+#      define LT_DLLAZY_OR_NOW		DL_LAZY
+#    else
+#      ifdef RTLD_NOW
+#        define LT_DLLAZY_OR_NOW	RTLD_NOW
+#      else
+#        ifdef DL_NOW
+#          define LT_DLLAZY_OR_NOW	DL_NOW
+#        else
+#          define LT_DLLAZY_OR_NOW	0
+#        endif
+#      endif
+#    endif
+#  endif
+#endif
+
+#ifdef __cplusplus
+extern "C" void exit (int);
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+  int status = $lt_dlunknown;
+
+  if (self)
+    {
+      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
+      else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+      /* dlclose (self); */
+    }
+  else
+    puts (dlerror ());
+
+    exit (status);
+}
+EOF
+  if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
+    (./conftest; exit; ) >&5 2>/dev/null
+    lt_status=$?
+    case x$lt_status in
+      x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
+      x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
+      x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;;
+    esac
+  else :
+    # compilation failed
+    lt_cv_dlopen_self=no
+  fi
+fi
+rm -fr conftest*
+
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_dlopen_self" >&5
+echo "${ECHO_T}$lt_cv_dlopen_self" >&6
+
+    if test "x$lt_cv_dlopen_self" = xyes; then
+      wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
+      echo "$as_me:$LINENO: checking whether a statically linked program can dlopen itself" >&5
+echo $ECHO_N "checking whether a statically linked program can dlopen itself... $ECHO_C" >&6
+if test "${lt_cv_dlopen_self_static+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  	  if test "$cross_compiling" = yes; then :
+  lt_cv_dlopen_self_static=cross
+else
+  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+  lt_status=$lt_dlunknown
+  cat > conftest.$ac_ext <<EOF
+#line 9313 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+#  define LT_DLGLOBAL		RTLD_GLOBAL
+#else
+#  ifdef DL_GLOBAL
+#    define LT_DLGLOBAL		DL_GLOBAL
+#  else
+#    define LT_DLGLOBAL		0
+#  endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+   find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+#  ifdef RTLD_LAZY
+#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
+#  else
+#    ifdef DL_LAZY
+#      define LT_DLLAZY_OR_NOW		DL_LAZY
+#    else
+#      ifdef RTLD_NOW
+#        define LT_DLLAZY_OR_NOW	RTLD_NOW
+#      else
+#        ifdef DL_NOW
+#          define LT_DLLAZY_OR_NOW	DL_NOW
+#        else
+#          define LT_DLLAZY_OR_NOW	0
+#        endif
+#      endif
+#    endif
+#  endif
+#endif
+
+#ifdef __cplusplus
+extern "C" void exit (int);
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+  int status = $lt_dlunknown;
+
+  if (self)
+    {
+      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
+      else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+      /* dlclose (self); */
+    }
+  else
+    puts (dlerror ());
+
+    exit (status);
+}
+EOF
+  if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then
+    (./conftest; exit; ) >&5 2>/dev/null
+    lt_status=$?
+    case x$lt_status in
+      x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
+      x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
+      x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;;
+    esac
+  else :
+    # compilation failed
+    lt_cv_dlopen_self_static=no
+  fi
+fi
+rm -fr conftest*
+
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_dlopen_self_static" >&5
+echo "${ECHO_T}$lt_cv_dlopen_self_static" >&6
+    fi
+
+    CPPFLAGS="$save_CPPFLAGS"
+    LDFLAGS="$save_LDFLAGS"
+    LIBS="$save_LIBS"
+    ;;
+  esac
+
+  case $lt_cv_dlopen_self in
+  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+  *) enable_dlopen_self=unknown ;;
+  esac
+
+  case $lt_cv_dlopen_self_static in
+  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+  *) enable_dlopen_self_static=unknown ;;
+  esac
+fi
+
+
+# Report which library types will actually be built
+echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5
+echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6
+echo "$as_me:$LINENO: result: $can_build_shared" >&5
+echo "${ECHO_T}$can_build_shared" >&6
+
+echo "$as_me:$LINENO: checking whether to build shared libraries" >&5
+echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6
+test "$can_build_shared" = "no" && enable_shared=no
+
+# On AIX, shared libraries and static libraries use the same namespace, and
+# are all built from PIC.
+case $host_os in
+aix3*)
+  test "$enable_shared" = yes && enable_static=no
+  if test -n "$RANLIB"; then
+    archive_cmds="$archive_cmds~\$RANLIB \$lib"
+    postinstall_cmds='$RANLIB $lib'
+  fi
+  ;;
+
+aix4* | aix5*)
+  if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+    test "$enable_shared" = yes && enable_static=no
+  fi
+    ;;
+esac
+echo "$as_me:$LINENO: result: $enable_shared" >&5
+echo "${ECHO_T}$enable_shared" >&6
+
+echo "$as_me:$LINENO: checking whether to build static libraries" >&5
+echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6
+# Make sure either enable_shared or enable_static is yes.
+test "$enable_shared" = yes || enable_static=yes
+echo "$as_me:$LINENO: result: $enable_static" >&5
+echo "${ECHO_T}$enable_static" >&6
+
+# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+  # See if we are running on zsh, and set the options which allow our commands through
+  # without removal of \ escapes.
+  if test -n "${ZSH_VERSION+set}" ; then
+    setopt NO_GLOB_SUBST
+  fi
+  # Now quote all the things that may contain metacharacters while being
+  # careful not to overquote the AC_SUBSTed values.  We take copies of the
+  # variables and quote the copies for generation of the libtool script.
+  for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \
+    SED SHELL STRIP \
+    libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+    old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+    deplibs_check_method reload_flag reload_cmds need_locks \
+    lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+    lt_cv_sys_global_symbol_to_c_name_address \
+    sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+    old_postinstall_cmds old_postuninstall_cmds \
+    compiler \
+    CC \
+    LD \
+    lt_prog_compiler_wl \
+    lt_prog_compiler_pic \
+    lt_prog_compiler_static \
+    lt_prog_compiler_no_builtin_flag \
+    export_dynamic_flag_spec \
+    thread_safe_flag_spec \
+    whole_archive_flag_spec \
+    enable_shared_with_static_runtimes \
+    old_archive_cmds \
+    old_archive_from_new_cmds \
+    predep_objects \
+    postdep_objects \
+    predeps \
+    postdeps \
+    compiler_lib_search_path \
+    archive_cmds \
+    archive_expsym_cmds \
+    postinstall_cmds \
+    postuninstall_cmds \
+    old_archive_from_expsyms_cmds \
+    allow_undefined_flag \
+    no_undefined_flag \
+    export_symbols_cmds \
+    hardcode_libdir_flag_spec \
+    hardcode_libdir_flag_spec_ld \
+    hardcode_libdir_separator \
+    hardcode_automatic \
+    module_cmds \
+    module_expsym_cmds \
+    lt_cv_prog_compiler_c_o \
+    exclude_expsyms \
+    include_expsyms; do
+
+    case $var in
+    old_archive_cmds | \
+    old_archive_from_new_cmds | \
+    archive_cmds | \
+    archive_expsym_cmds | \
+    module_cmds | \
+    module_expsym_cmds | \
+    old_archive_from_expsyms_cmds | \
+    export_symbols_cmds | \
+    extract_expsyms_cmds | reload_cmds | finish_cmds | \
+    postinstall_cmds | postuninstall_cmds | \
+    old_postinstall_cmds | old_postuninstall_cmds | \
+    sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+      # Double-quote double-evaled strings.
+      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+      ;;
+    *)
+      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+      ;;
+    esac
+  done
+
+  case $lt_echo in
+  *'\$0 --fallback-echo"')
+    lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
+    ;;
+  esac
+
+cfgfile="${ofile}T"
+  trap "$rm \"$cfgfile\"; exit 1" 1 2 15
+  $rm -f "$cfgfile"
+  { echo "$as_me:$LINENO: creating $ofile" >&5
+echo "$as_me: creating $ofile" >&6;}
+
+  cat <<__EOF__ >> "$cfgfile"
+#! $SHELL
+
+# `$echo "$cfgfile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
+# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+#
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001
+# Free Software Foundation, Inc.
+#
+# This file is part of GNU Libtool:
+# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# A sed program that does not truncate output.
+SED=$lt_SED
+
+# Sed that helps us avoid accidentally triggering echo(1) options like -n.
+Xsed="$SED -e 1s/^X//"
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+# The names of the tagged configurations supported by this script.
+available_tags=
+
+# ### BEGIN LIBTOOL CONFIG
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_LTCFLAGS
+
+# A language-specific compiler.
+CC=$lt_compiler
+
+# Is the compiler the GNU C compiler?
+with_gcc=$GCC
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_LD
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_thread_safe_flag_spec
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names.  First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_old_archive_cmds
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_archive_cmds
+archive_expsym_cmds=$lt_archive_expsym_cmds
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_module_cmds
+module_expsym_cmds=$lt_module_expsym_cmds
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_predep_objects
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_postdep_objects
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_predeps
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_postdeps
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$hardcode_direct
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$hardcode_minus_L
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$hardcode_automatic
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$fix_srcfile_path"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$always_export_symbols
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms
+
+# ### END LIBTOOL CONFIG
+
+__EOF__
+
+
+  case $host_os in
+  aix3*)
+    cat <<\EOF >> "$cfgfile"
+
+# AIX sometimes has problems with the GCC collect2 program.  For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test "X${COLLECT_NAMES+set}" != Xset; then
+  COLLECT_NAMES=
+  export COLLECT_NAMES
+fi
+EOF
+    ;;
+  esac
+
+  # We use sed instead of cat because bash on DJGPP gets confused if
+  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
+  # text mode, it properly converts lines to CR/LF.  This bash problem
+  # is reportedly fixed, but why not run on old versions too?
+  sed '$q' "$ltmain" >> "$cfgfile" || (rm -f "$cfgfile"; exit 1)
+
+  mv -f "$cfgfile" "$ofile" || \
+    (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+  chmod +x "$ofile"
+
+else
+  # If there is no Makefile yet, we rely on a make rule to execute
+  # `config.status --recheck' to rerun these tests and create the
+  # libtool script then.
+  ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+  if test -f "$ltmain_in"; then
+    test -f Makefile && make "$ltmain"
+  fi
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+
+# Check whether --with-tags or --without-tags was given.
+if test "${with_tags+set}" = set; then
+  withval="$with_tags"
+  tagnames="$withval"
+fi;
+
+if test -f "$ltmain" && test -n "$tagnames"; then
+  if test ! -f "${ofile}"; then
+    { echo "$as_me:$LINENO: WARNING: output file \`$ofile' does not exist" >&5
+echo "$as_me: WARNING: output file \`$ofile' does not exist" >&2;}
+  fi
+
+  if test -z "$LTCC"; then
+    eval "`$SHELL ${ofile} --config | grep '^LTCC='`"
+    if test -z "$LTCC"; then
+      { echo "$as_me:$LINENO: WARNING: output file \`$ofile' does not look like a libtool script" >&5
+echo "$as_me: WARNING: output file \`$ofile' does not look like a libtool script" >&2;}
+    else
+      { echo "$as_me:$LINENO: WARNING: using \`LTCC=$LTCC', extracted from \`$ofile'" >&5
+echo "$as_me: WARNING: using \`LTCC=$LTCC', extracted from \`$ofile'" >&2;}
+    fi
+  fi
+  if test -z "$LTCFLAGS"; then
+    eval "`$SHELL ${ofile} --config | grep '^LTCFLAGS='`"
+  fi
+
+  # Extract list of available tagged configurations in $ofile.
+  # Note that this assumes the entire list is on one line.
+  available_tags=`grep "^available_tags=" "${ofile}" | $SED -e 's/available_tags=\(.*$\)/\1/' -e 's/\"//g'`
+
+  lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+  for tagname in $tagnames; do
+    IFS="$lt_save_ifs"
+    # Check whether tagname contains only valid characters
+    case `$echo "X$tagname" | $Xsed -e 's:[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]::g'` in
+    "") ;;
+    *)  { { echo "$as_me:$LINENO: error: invalid tag name: $tagname" >&5
+echo "$as_me: error: invalid tag name: $tagname" >&2;}
+   { (exit 1); exit 1; }; }
+	;;
+    esac
+
+    if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "${ofile}" > /dev/null
+    then
+      { { echo "$as_me:$LINENO: error: tag name \"$tagname\" already exists" >&5
+echo "$as_me: error: tag name \"$tagname\" already exists" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+
+    # Update the list of available tags.
+    if test -n "$tagname"; then
+      echo appending configuration tag \"$tagname\" to $ofile
+
+      case $tagname in
+      CXX)
+	if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+	    ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+	    (test "X$CXX" != "Xg++"))) ; then
+	  ac_ext=cc
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+
+
+
+archive_cmds_need_lc_CXX=no
+allow_undefined_flag_CXX=
+always_export_symbols_CXX=no
+archive_expsym_cmds_CXX=
+export_dynamic_flag_spec_CXX=
+hardcode_direct_CXX=no
+hardcode_libdir_flag_spec_CXX=
+hardcode_libdir_flag_spec_ld_CXX=
+hardcode_libdir_separator_CXX=
+hardcode_minus_L_CXX=no
+hardcode_shlibpath_var_CXX=unsupported
+hardcode_automatic_CXX=no
+module_cmds_CXX=
+module_expsym_cmds_CXX=
+link_all_deplibs_CXX=unknown
+old_archive_cmds_CXX=$old_archive_cmds
+no_undefined_flag_CXX=
+whole_archive_flag_spec_CXX=
+enable_shared_with_static_runtimes_CXX=no
+
+# Dependencies to place before and after the object being linked:
+predep_objects_CXX=
+postdep_objects_CXX=
+predeps_CXX=
+postdeps_CXX=
+compiler_lib_search_path_CXX=
+
+# Source file extension for C++ test sources.
+ac_ext=cpp
+
+# Object file extension for compiled C++ test sources.
+objext=o
+objext_CXX=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(int, char *[]) { return(0); }\n'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+
+
+# Allow CC to be a program name with arguments.
+lt_save_CC=$CC
+lt_save_LD=$LD
+lt_save_GCC=$GCC
+GCC=$GXX
+lt_save_with_gnu_ld=$with_gnu_ld
+lt_save_path_LD=$lt_cv_path_LD
+if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
+  lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
+else
+  $as_unset lt_cv_prog_gnu_ld
+fi
+if test -n "${lt_cv_path_LDCXX+set}"; then
+  lt_cv_path_LD=$lt_cv_path_LDCXX
+else
+  $as_unset lt_cv_path_LD
+fi
+test -z "${LDCXX+set}" || LD=$LDCXX
+CC=${CXX-"c++"}
+compiler=$CC
+compiler_CXX=$CC
+for cc_temp in $compiler""; do
+  case $cc_temp in
+    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+    \-*) ;;
+    *) break;;
+  esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+# We don't want -fno-exception wen compiling C++ code, so set the
+# no_builtin_flag separately
+if test "$GXX" = yes; then
+  lt_prog_compiler_no_builtin_flag_CXX=' -fno-builtin'
+else
+  lt_prog_compiler_no_builtin_flag_CXX=
+fi
+
+if test "$GXX" = yes; then
+  # Set up default GNU C++ configuration
+
+
+# Check whether --with-gnu-ld or --without-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then
+  withval="$with_gnu_ld"
+  test "$withval" = no || with_gnu_ld=yes
+else
+  with_gnu_ld=no
+fi;
+ac_prog=ld
+if test "$GCC" = yes; then
+  # Check if gcc -print-prog-name=ld gives a path.
+  echo "$as_me:$LINENO: checking for ld used by $CC" >&5
+echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6
+  case $host in
+  *-*-mingw*)
+    # gcc leaves a trailing carriage return which upsets mingw
+    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+  *)
+    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+  esac
+  case $ac_prog in
+    # Accept absolute paths.
+    [\\/]* | ?:[\\/]*)
+      re_direlt='/[^/][^/]*/\.\./'
+      # Canonicalize the pathname of ld
+      ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'`
+      while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
+	ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"`
+      done
+      test -z "$LD" && LD="$ac_prog"
+      ;;
+  "")
+    # If it fails, then pretend we aren't using GCC.
+    ac_prog=ld
+    ;;
+  *)
+    # If it is relative, then search for the first ld in PATH.
+    with_gnu_ld=unknown
+    ;;
+  esac
+elif test "$with_gnu_ld" = yes; then
+  echo "$as_me:$LINENO: checking for GNU ld" >&5
+echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6
+else
+  echo "$as_me:$LINENO: checking for non-GNU ld" >&5
+echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6
+fi
+if test "${lt_cv_path_LD+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -z "$LD"; then
+  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+  for ac_dir in $PATH; do
+    IFS="$lt_save_ifs"
+    test -z "$ac_dir" && ac_dir=.
+    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+      lt_cv_path_LD="$ac_dir/$ac_prog"
+      # Check to see if the program is GNU ld.  I'd rather use --version,
+      # but apparently some variants of GNU ld only accept -v.
+      # Break only if it was the GNU/non-GNU ld that we prefer.
+      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+      *GNU* | *'with BFD'*)
+	test "$with_gnu_ld" != no && break
+	;;
+      *)
+	test "$with_gnu_ld" != yes && break
+	;;
+      esac
+    fi
+  done
+  IFS="$lt_save_ifs"
+else
+  lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi
+fi
+
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+  echo "$as_me:$LINENO: result: $LD" >&5
+echo "${ECHO_T}$LD" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+test -z "$LD" && { { echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5
+echo "$as_me: error: no acceptable ld found in \$PATH" >&2;}
+   { (exit 1); exit 1; }; }
+echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5
+echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6
+if test "${lt_cv_prog_gnu_ld+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  # I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+  lt_cv_prog_gnu_ld=yes
+  ;;
+*)
+  lt_cv_prog_gnu_ld=no
+  ;;
+esac
+fi
+echo "$as_me:$LINENO: result: $lt_cv_prog_gnu_ld" >&5
+echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+
+
+  # Check if GNU C++ uses GNU ld as the underlying linker, since the
+  # archiving commands below assume that GNU ld is being used.
+  if test "$with_gnu_ld" = yes; then
+    archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+    archive_expsym_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+
+    hardcode_libdir_flag_spec_CXX='${wl}--rpath ${wl}$libdir'
+    export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+
+    # If archive_cmds runs LD, not CC, wlarc should be empty
+    # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
+    #     investigate it a little bit more. (MM)
+    wlarc='${wl}'
+
+    # ancient GNU ld didn't support --whole-archive et. al.
+    if eval "`$CC -print-prog-name=ld` --help 2>&1" | \
+	grep 'no-whole-archive' > /dev/null; then
+      whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+    else
+      whole_archive_flag_spec_CXX=
+    fi
+  else
+    with_gnu_ld=no
+    wlarc=
+
+    # A generic and very simple default shared library creation
+    # command for GNU C++ for the case where it uses the native
+    # linker, instead of GNU ld.  If possible, this setting should
+    # overridden to take advantage of the native linker features on
+    # the platform it is being used on.
+    archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+  fi
+
+  # Commands to make compiler produce verbose output that lists
+  # what "hidden" libraries, object files and flags are used when
+  # linking a shared library.
+  output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+else
+  GXX=no
+  with_gnu_ld=no
+  wlarc=
+fi
+
+# PORTME: fill in a description of your system's C++ link characteristics
+echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6
+ld_shlibs_CXX=yes
+case $host_os in
+  aix3*)
+    # FIXME: insert proper C++ library support
+    ld_shlibs_CXX=no
+    ;;
+  aix4* | aix5*)
+    if test "$host_cpu" = ia64; then
+      # On IA64, the linker does run time linking by default, so we don't
+      # have to do anything special.
+      aix_use_runtimelinking=no
+      exp_sym_flag='-Bexport'
+      no_entry_flag=""
+    else
+      aix_use_runtimelinking=no
+
+      # Test if we are trying to use run time linking or normal
+      # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+      # need to do runtime linking.
+      case $host_os in aix4.[23]|aix4.[23].*|aix5*)
+	for ld_flag in $LDFLAGS; do
+	  case $ld_flag in
+	  *-brtl*)
+	    aix_use_runtimelinking=yes
+	    break
+	    ;;
+	  esac
+	done
+	;;
+      esac
+
+      exp_sym_flag='-bexport'
+      no_entry_flag='-bnoentry'
+    fi
+
+    # When large executables or shared objects are built, AIX ld can
+    # have problems creating the table of contents.  If linking a library
+    # or program results in "error TOC overflow" add -mminimal-toc to
+    # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
+    # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+    archive_cmds_CXX=''
+    hardcode_direct_CXX=yes
+    hardcode_libdir_separator_CXX=':'
+    link_all_deplibs_CXX=yes
+
+    if test "$GXX" = yes; then
+      case $host_os in aix4.[012]|aix4.[012].*)
+      # We only want to do this on AIX 4.2 and lower, the check
+      # below for broken collect2 doesn't work under 4.3+
+	collect2name=`${CC} -print-prog-name=collect2`
+	if test -f "$collect2name" && \
+	   strings "$collect2name" | grep resolve_lib_name >/dev/null
+	then
+	  # We have reworked collect2
+	  hardcode_direct_CXX=yes
+	else
+	  # We have old collect2
+	  hardcode_direct_CXX=unsupported
+	  # It fails to find uninstalled libraries when the uninstalled
+	  # path is not listed in the libpath.  Setting hardcode_minus_L
+	  # to unsupported forces relinking
+	  hardcode_minus_L_CXX=yes
+	  hardcode_libdir_flag_spec_CXX='-L$libdir'
+	  hardcode_libdir_separator_CXX=
+	fi
+	;;
+      esac
+      shared_flag='-shared'
+      if test "$aix_use_runtimelinking" = yes; then
+	shared_flag="$shared_flag "'${wl}-G'
+      fi
+    else
+      # not using gcc
+      if test "$host_cpu" = ia64; then
+	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+	# chokes on -Wl,-G. The following line is correct:
+	shared_flag='-G'
+      else
+	if test "$aix_use_runtimelinking" = yes; then
+	  shared_flag='${wl}-G'
+	else
+	  shared_flag='${wl}-bM:SRE'
+	fi
+      fi
+    fi
+
+    # It seems that -bexpall does not export symbols beginning with
+    # underscore (_), so it is better to generate a list of symbols to export.
+    always_export_symbols_CXX=yes
+    if test "$aix_use_runtimelinking" = yes; then
+      # Warning - without using the other runtime loading flags (-brtl),
+      # -berok will link without error, but may produce a broken library.
+      allow_undefined_flag_CXX='-berok'
+      # Determine the default libpath from the value encoded in an empty executable.
+      cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_cxx_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`; fi
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+      hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath"
+
+      archive_expsym_cmds_CXX="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+     else
+      if test "$host_cpu" = ia64; then
+	hardcode_libdir_flag_spec_CXX='${wl}-R $libdir:/usr/lib:/lib'
+	allow_undefined_flag_CXX="-z nodefs"
+	archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+      else
+	# Determine the default libpath from the value encoded in an empty executable.
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_cxx_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`; fi
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+	hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath"
+	# Warning - without using the other run time loading flags,
+	# -berok will link without error, but may produce a broken library.
+	no_undefined_flag_CXX=' ${wl}-bernotok'
+	allow_undefined_flag_CXX=' ${wl}-berok'
+	# Exported symbols can be pulled into shared objects from archives
+	whole_archive_flag_spec_CXX='$convenience'
+	archive_cmds_need_lc_CXX=yes
+	# This is similar to how AIX traditionally builds its shared libraries.
+	archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+      fi
+    fi
+    ;;
+
+  beos*)
+    if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+      allow_undefined_flag_CXX=unsupported
+      # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+      # support --undefined.  This deserves some investigation.  FIXME
+      archive_cmds_CXX='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+    else
+      ld_shlibs_CXX=no
+    fi
+    ;;
+
+  chorus*)
+    case $cc_basename in
+      *)
+	# FIXME: insert proper C++ library support
+	ld_shlibs_CXX=no
+	;;
+    esac
+    ;;
+
+  cygwin* | mingw* | pw32*)
+    # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, CXX) is actually meaningless,
+    # as there is no search path for DLLs.
+    hardcode_libdir_flag_spec_CXX='-L$libdir'
+    allow_undefined_flag_CXX=unsupported
+    always_export_symbols_CXX=no
+    enable_shared_with_static_runtimes_CXX=yes
+
+    if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+      archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+      # If the export-symbols file already is a .def file (1st line
+      # is EXPORTS), use it as is; otherwise, prepend...
+      archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+	cp $export_symbols $output_objdir/$soname.def;
+      else
+	echo EXPORTS > $output_objdir/$soname.def;
+	cat $export_symbols >> $output_objdir/$soname.def;
+      fi~
+      $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+    else
+      ld_shlibs_CXX=no
+    fi
+  ;;
+      darwin* | rhapsody*)
+        case $host_os in
+        rhapsody* | darwin1.[012])
+         allow_undefined_flag_CXX='${wl}-undefined ${wl}suppress'
+         ;;
+       *) # Darwin 1.3 on
+         if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+           allow_undefined_flag_CXX='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+         else
+           case ${MACOSX_DEPLOYMENT_TARGET} in
+             10.[012])
+               allow_undefined_flag_CXX='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+               ;;
+             10.*)
+               allow_undefined_flag_CXX='${wl}-undefined ${wl}dynamic_lookup'
+               ;;
+           esac
+         fi
+         ;;
+        esac
+      archive_cmds_need_lc_CXX=no
+      hardcode_direct_CXX=no
+      hardcode_automatic_CXX=yes
+      hardcode_shlibpath_var_CXX=unsupported
+      whole_archive_flag_spec_CXX=''
+      link_all_deplibs_CXX=yes
+
+    if test "$GXX" = yes ; then
+      lt_int_apple_cc_single_mod=no
+      output_verbose_link_cmd='echo'
+      if $CC -dumpspecs 2>&1 | $EGREP 'single_module' >/dev/null ; then
+       lt_int_apple_cc_single_mod=yes
+      fi
+      if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
+       archive_cmds_CXX='$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+      else
+          archive_cmds_CXX='$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+        fi
+        module_cmds_CXX='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+        # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+          if test "X$lt_int_apple_cc_single_mod" = Xyes ; then
+            archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+          else
+            archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+          fi
+            module_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+      else
+      case $cc_basename in
+        xlc*)
+         output_verbose_link_cmd='echo'
+          archive_cmds_CXX='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+          module_cmds_CXX='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+          # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+          archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+          module_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+          ;;
+       *)
+         ld_shlibs_CXX=no
+          ;;
+      esac
+      fi
+        ;;
+
+  dgux*)
+    case $cc_basename in
+      ec++*)
+	# FIXME: insert proper C++ library support
+	ld_shlibs_CXX=no
+	;;
+      ghcx*)
+	# Green Hills C++ Compiler
+	# FIXME: insert proper C++ library support
+	ld_shlibs_CXX=no
+	;;
+      *)
+	# FIXME: insert proper C++ library support
+	ld_shlibs_CXX=no
+	;;
+    esac
+    ;;
+  freebsd[12]*)
+    # C++ shared libraries reported to be fairly broken before switch to ELF
+    ld_shlibs_CXX=no
+    ;;
+  freebsd-elf*)
+    archive_cmds_need_lc_CXX=no
+    ;;
+  freebsd* | kfreebsd*-gnu | dragonfly*)
+    # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
+    # conventions
+    ld_shlibs_CXX=yes
+    ;;
+  gnu*)
+    ;;
+  hpux9*)
+    hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir'
+    hardcode_libdir_separator_CXX=:
+    export_dynamic_flag_spec_CXX='${wl}-E'
+    hardcode_direct_CXX=yes
+    hardcode_minus_L_CXX=yes # Not in the search PATH,
+				# but as the default
+				# location of the library.
+
+    case $cc_basename in
+    CC*)
+      # FIXME: insert proper C++ library support
+      ld_shlibs_CXX=no
+      ;;
+    aCC*)
+      archive_cmds_CXX='$rm $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+      # Commands to make compiler produce verbose output that lists
+      # what "hidden" libraries, object files and flags are used when
+      # linking a shared library.
+      #
+      # There doesn't appear to be a way to prevent this compiler from
+      # explicitly linking system object files so we need to strip them
+      # from the output so that they don't get included in the library
+      # dependencies.
+      output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "[-]L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+      ;;
+    *)
+      if test "$GXX" = yes; then
+        archive_cmds_CXX='$rm $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+      else
+        # FIXME: insert proper C++ library support
+        ld_shlibs_CXX=no
+      fi
+      ;;
+    esac
+    ;;
+  hpux10*|hpux11*)
+    if test $with_gnu_ld = no; then
+      hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir'
+      hardcode_libdir_separator_CXX=:
+
+      case $host_cpu in
+      hppa*64*|ia64*)
+	hardcode_libdir_flag_spec_ld_CXX='+b $libdir'
+        ;;
+      *)
+	export_dynamic_flag_spec_CXX='${wl}-E'
+        ;;
+      esac
+    fi
+    case $host_cpu in
+    hppa*64*|ia64*)
+      hardcode_direct_CXX=no
+      hardcode_shlibpath_var_CXX=no
+      ;;
+    *)
+      hardcode_direct_CXX=yes
+      hardcode_minus_L_CXX=yes # Not in the search PATH,
+					      # but as the default
+					      # location of the library.
+      ;;
+    esac
+
+    case $cc_basename in
+      CC*)
+	# FIXME: insert proper C++ library support
+	ld_shlibs_CXX=no
+	;;
+      aCC*)
+	case $host_cpu in
+	hppa*64*)
+	  archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	  ;;
+	ia64*)
+	  archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	  ;;
+	*)
+	  archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	  ;;
+	esac
+	# Commands to make compiler produce verbose output that lists
+	# what "hidden" libraries, object files and flags are used when
+	# linking a shared library.
+	#
+	# There doesn't appear to be a way to prevent this compiler from
+	# explicitly linking system object files so we need to strip them
+	# from the output so that they don't get included in the library
+	# dependencies.
+	output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+	;;
+      *)
+	if test "$GXX" = yes; then
+	  if test $with_gnu_ld = no; then
+	    case $host_cpu in
+	    hppa*64*)
+	      archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	      ;;
+	    ia64*)
+	      archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	      ;;
+	    *)
+	      archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	      ;;
+	    esac
+	  fi
+	else
+	  # FIXME: insert proper C++ library support
+	  ld_shlibs_CXX=no
+	fi
+	;;
+    esac
+    ;;
+  interix3*)
+    hardcode_direct_CXX=no
+    hardcode_shlibpath_var_CXX=no
+    hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+    export_dynamic_flag_spec_CXX='${wl}-E'
+    # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+    # Instead, shared libraries are loaded at an image base (0x10000000 by
+    # default) and relocated if they conflict, which is a slow very memory
+    # consuming and fragmenting process.  To avoid this, we pick a random,
+    # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+    # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
+    archive_cmds_CXX='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+    archive_expsym_cmds_CXX='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+    ;;
+  irix5* | irix6*)
+    case $cc_basename in
+      CC*)
+	# SGI C++
+	archive_cmds_CXX='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+
+	# Archives containing C++ object files must be created using
+	# "CC -ar", where "CC" is the IRIX C++ compiler.  This is
+	# necessary to make sure instantiated templates are included
+	# in the archive.
+	old_archive_cmds_CXX='$CC -ar -WR,-u -o $oldlib $oldobjs'
+	;;
+      *)
+	if test "$GXX" = yes; then
+	  if test "$with_gnu_ld" = no; then
+	    archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+	  else
+	    archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` -o $lib'
+	  fi
+	fi
+	link_all_deplibs_CXX=yes
+	;;
+    esac
+    hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+    hardcode_libdir_separator_CXX=:
+    ;;
+  linux*)
+    case $cc_basename in
+      KCC*)
+	# Kuck and Associates, Inc. (KAI) C++ Compiler
+
+	# KCC will only create a shared library if the output file
+	# ends with ".so" (or ".sl" for HP-UX), so rename the library
+	# to its proper name (with version) after linking.
+	archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+	archive_expsym_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib'
+	# Commands to make compiler produce verbose output that lists
+	# what "hidden" libraries, object files and flags are used when
+	# linking a shared library.
+	#
+	# There doesn't appear to be a way to prevent this compiler from
+	# explicitly linking system object files so we need to strip them
+	# from the output so that they don't get included in the library
+	# dependencies.
+	output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | grep "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+
+	hardcode_libdir_flag_spec_CXX='${wl}--rpath,$libdir'
+	export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+
+	# Archives containing C++ object files must be created using
+	# "CC -Bstatic", where "CC" is the KAI C++ compiler.
+	old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs'
+	;;
+      icpc*)
+	# Intel C++
+	with_gnu_ld=yes
+	# version 8.0 and above of icpc choke on multiply defined symbols
+	# if we add $predep_objects and $postdep_objects, however 7.1 and
+	# earlier do not add the objects themselves.
+	case `$CC -V 2>&1` in
+	*"Version 7."*)
+  	  archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+  	  archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+	  ;;
+	*)  # Version 8.0 or newer
+	  tmp_idyn=
+	  case $host_cpu in
+	    ia64*) tmp_idyn=' -i_dynamic';;
+	  esac
+  	  archive_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	  archive_expsym_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+	  ;;
+	esac
+	archive_cmds_need_lc_CXX=no
+	hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+	export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+	whole_archive_flag_spec_CXX='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+	;;
+      pgCC*)
+        # Portland Group C++ compiler
+	archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+  	archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+
+	hardcode_libdir_flag_spec_CXX='${wl}--rpath ${wl}$libdir'
+	export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+	whole_archive_flag_spec_CXX='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+        ;;
+      cxx*)
+	# Compaq C++
+	archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname  -o $lib ${wl}-retain-symbols-file $wl$export_symbols'
+
+	runpath_var=LD_RUN_PATH
+	hardcode_libdir_flag_spec_CXX='-rpath $libdir'
+	hardcode_libdir_separator_CXX=:
+
+	# Commands to make compiler produce verbose output that lists
+	# what "hidden" libraries, object files and flags are used when
+	# linking a shared library.
+	#
+	# There doesn't appear to be a way to prevent this compiler from
+	# explicitly linking system object files so we need to strip them
+	# from the output so that they don't get included in the library
+	# dependencies.
+	output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+	;;
+    esac
+    ;;
+  lynxos*)
+    # FIXME: insert proper C++ library support
+    ld_shlibs_CXX=no
+    ;;
+  m88k*)
+    # FIXME: insert proper C++ library support
+    ld_shlibs_CXX=no
+    ;;
+  mvs*)
+    case $cc_basename in
+      cxx*)
+	# FIXME: insert proper C++ library support
+	ld_shlibs_CXX=no
+	;;
+      *)
+	# FIXME: insert proper C++ library support
+	ld_shlibs_CXX=no
+	;;
+    esac
+    ;;
+  netbsd*)
+    if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+      archive_cmds_CXX='$LD -Bshareable  -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
+      wlarc=
+      hardcode_libdir_flag_spec_CXX='-R$libdir'
+      hardcode_direct_CXX=yes
+      hardcode_shlibpath_var_CXX=no
+    fi
+    # Workaround some broken pre-1.5 toolchains
+    output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
+    ;;
+  openbsd2*)
+    # C++ shared libraries are fairly broken
+    ld_shlibs_CXX=no
+    ;;
+  openbsd*)
+    hardcode_direct_CXX=yes
+    hardcode_shlibpath_var_CXX=no
+    archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+    hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+    if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+      archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
+      export_dynamic_flag_spec_CXX='${wl}-E'
+      whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+    fi
+    output_verbose_link_cmd='echo'
+    ;;
+  osf3*)
+    case $cc_basename in
+      KCC*)
+	# Kuck and Associates, Inc. (KAI) C++ Compiler
+
+	# KCC will only create a shared library if the output file
+	# ends with ".so" (or ".sl" for HP-UX), so rename the library
+	# to its proper name (with version) after linking.
+	archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+	hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+	hardcode_libdir_separator_CXX=:
+
+	# Archives containing C++ object files must be created using
+	# "CC -Bstatic", where "CC" is the KAI C++ compiler.
+	old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs'
+
+	;;
+      RCC*)
+	# Rational C++ 2.4.1
+	# FIXME: insert proper C++ library support
+	ld_shlibs_CXX=no
+	;;
+      cxx*)
+	allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
+	archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && echo ${wl}-set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+
+	hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+	hardcode_libdir_separator_CXX=:
+
+	# Commands to make compiler produce verbose output that lists
+	# what "hidden" libraries, object files and flags are used when
+	# linking a shared library.
+	#
+	# There doesn't appear to be a way to prevent this compiler from
+	# explicitly linking system object files so we need to strip them
+	# from the output so that they don't get included in the library
+	# dependencies.
+	output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+	;;
+      *)
+	if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+	  allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
+	  archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+
+	  hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+	  hardcode_libdir_separator_CXX=:
+
+	  # Commands to make compiler produce verbose output that lists
+	  # what "hidden" libraries, object files and flags are used when
+	  # linking a shared library.
+	  output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+	else
+	  # FIXME: insert proper C++ library support
+	  ld_shlibs_CXX=no
+	fi
+	;;
+    esac
+    ;;
+  osf4* | osf5*)
+    case $cc_basename in
+      KCC*)
+	# Kuck and Associates, Inc. (KAI) C++ Compiler
+
+	# KCC will only create a shared library if the output file
+	# ends with ".so" (or ".sl" for HP-UX), so rename the library
+	# to its proper name (with version) after linking.
+	archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+	hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+	hardcode_libdir_separator_CXX=:
+
+	# Archives containing C++ object files must be created using
+	# the KAI C++ compiler.
+	old_archive_cmds_CXX='$CC -o $oldlib $oldobjs'
+	;;
+      RCC*)
+	# Rational C++ 2.4.1
+	# FIXME: insert proper C++ library support
+	ld_shlibs_CXX=no
+	;;
+      cxx*)
+	allow_undefined_flag_CXX=' -expect_unresolved \*'
+	archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+	archive_expsym_cmds_CXX='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
+	  echo "-hidden">> $lib.exp~
+	  $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname -Wl,-input -Wl,$lib.exp  `test -n "$verstring" && echo -set_version	$verstring` -update_registry ${output_objdir}/so_locations -o $lib~
+	  $rm $lib.exp'
+
+	hardcode_libdir_flag_spec_CXX='-rpath $libdir'
+	hardcode_libdir_separator_CXX=:
+
+	# Commands to make compiler produce verbose output that lists
+	# what "hidden" libraries, object files and flags are used when
+	# linking a shared library.
+	#
+	# There doesn't appear to be a way to prevent this compiler from
+	# explicitly linking system object files so we need to strip them
+	# from the output so that they don't get included in the library
+	# dependencies.
+	output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list'
+	;;
+      *)
+	if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+	  allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
+	 archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+
+	  hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+	  hardcode_libdir_separator_CXX=:
+
+	  # Commands to make compiler produce verbose output that lists
+	  # what "hidden" libraries, object files and flags are used when
+	  # linking a shared library.
+	  output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"'
+
+	else
+	  # FIXME: insert proper C++ library support
+	  ld_shlibs_CXX=no
+	fi
+	;;
+    esac
+    ;;
+  psos*)
+    # FIXME: insert proper C++ library support
+    ld_shlibs_CXX=no
+    ;;
+  sunos4*)
+    case $cc_basename in
+      CC*)
+	# Sun C++ 4.x
+	# FIXME: insert proper C++ library support
+	ld_shlibs_CXX=no
+	;;
+      lcc*)
+	# Lucid
+	# FIXME: insert proper C++ library support
+	ld_shlibs_CXX=no
+	;;
+      *)
+	# FIXME: insert proper C++ library support
+	ld_shlibs_CXX=no
+	;;
+    esac
+    ;;
+  solaris*)
+    case $cc_basename in
+      CC*)
+	# Sun C++ 4.2, 5.x and Centerline C++
+        archive_cmds_need_lc_CXX=yes
+	no_undefined_flag_CXX=' -zdefs'
+	archive_cmds_CXX='$CC -G${allow_undefined_flag}  -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+	$CC -G${allow_undefined_flag}  ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+	hardcode_libdir_flag_spec_CXX='-R$libdir'
+	hardcode_shlibpath_var_CXX=no
+	case $host_os in
+	  solaris2.[0-5] | solaris2.[0-5].*) ;;
+	  *)
+	    # The C++ compiler is used as linker so we must use $wl
+	    # flag to pass the commands to the underlying system
+	    # linker. We must also pass each convience library through
+	    # to the system linker between allextract/defaultextract.
+	    # The C++ compiler will combine linker options so we
+	    # cannot just pass the convience library names through
+	    # without $wl.
+	    # Supported since Solaris 2.6 (maybe 2.5.1?)
+	    whole_archive_flag_spec_CXX='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract'
+	    ;;
+	esac
+	link_all_deplibs_CXX=yes
+
+	output_verbose_link_cmd='echo'
+
+	# Archives containing C++ object files must be created using
+	# "CC -xar", where "CC" is the Sun C++ compiler.  This is
+	# necessary to make sure instantiated templates are included
+	# in the archive.
+	old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs'
+	;;
+      gcx*)
+	# Green Hills C++ Compiler
+	archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+
+	# The C++ compiler must be used to create the archive.
+	old_archive_cmds_CXX='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
+	;;
+      *)
+	# GNU C++ compiler with Solaris linker
+	if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+	  no_undefined_flag_CXX=' ${wl}-z ${wl}defs'
+	  if $CC --version | grep -v '^2\.7' > /dev/null; then
+	    archive_cmds_CXX='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+	    archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+		$CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    output_verbose_link_cmd="$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\""
+	  else
+	    # g++ 2.7 appears to require `-G' NOT `-shared' on this
+	    # platform.
+	    archive_cmds_CXX='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+	    archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+		$CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp'
+
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    output_verbose_link_cmd="$CC -G $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\""
+	  fi
+
+	  hardcode_libdir_flag_spec_CXX='${wl}-R $wl$libdir'
+	fi
+	;;
+    esac
+    ;;
+  sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
+    no_undefined_flag_CXX='${wl}-z,text'
+    archive_cmds_need_lc_CXX=no
+    hardcode_shlibpath_var_CXX=no
+    runpath_var='LD_RUN_PATH'
+
+    case $cc_basename in
+      CC*)
+	archive_cmds_CXX='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	;;
+      *)
+	archive_cmds_CXX='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	;;
+    esac
+    ;;
+  sysv5* | sco3.2v5* | sco5v6*)
+    # Note: We can NOT use -z defs as we might desire, because we do not
+    # link with -lc, and that would cause any symbols used from libc to
+    # always be unresolved, which means just about no library would
+    # ever link correctly.  If we're not using GNU ld we use -z text
+    # though, which does catch some bad symbols but isn't as heavy-handed
+    # as -z defs.
+    # For security reasons, it is highly recommended that you always
+    # use absolute paths for naming shared libraries, and exclude the
+    # DT_RUNPATH tag from executables and libraries.  But doing so
+    # requires that you compile everything twice, which is a pain.
+    # So that behaviour is only enabled if SCOABSPATH is set to a
+    # non-empty value in the environment.  Most likely only useful for
+    # creating official distributions of packages.
+    # This is a hack until libtool officially supports absolute path
+    # names for shared libraries.
+    no_undefined_flag_CXX='${wl}-z,text'
+    allow_undefined_flag_CXX='${wl}-z,nodefs'
+    archive_cmds_need_lc_CXX=no
+    hardcode_shlibpath_var_CXX=no
+    hardcode_libdir_flag_spec_CXX='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
+    hardcode_libdir_separator_CXX=':'
+    link_all_deplibs_CXX=yes
+    export_dynamic_flag_spec_CXX='${wl}-Bexport'
+    runpath_var='LD_RUN_PATH'
+
+    case $cc_basename in
+      CC*)
+	archive_cmds_CXX='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	;;
+      *)
+	archive_cmds_CXX='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	;;
+    esac
+    ;;
+  tandem*)
+    case $cc_basename in
+      NCC*)
+	# NonStop-UX NCC 3.20
+	# FIXME: insert proper C++ library support
+	ld_shlibs_CXX=no
+	;;
+      *)
+	# FIXME: insert proper C++ library support
+	ld_shlibs_CXX=no
+	;;
+    esac
+    ;;
+  vxworks*)
+    # FIXME: insert proper C++ library support
+    ld_shlibs_CXX=no
+    ;;
+  *)
+    # FIXME: insert proper C++ library support
+    ld_shlibs_CXX=no
+    ;;
+esac
+echo "$as_me:$LINENO: result: $ld_shlibs_CXX" >&5
+echo "${ECHO_T}$ld_shlibs_CXX" >&6
+test "$ld_shlibs_CXX" = no && can_build_shared=no
+
+GCC_CXX="$GXX"
+LD_CXX="$LD"
+
+
+cat > conftest.$ac_ext <<EOF
+class Foo
+{
+public:
+  Foo (void) { a = 0; }
+private:
+  int a;
+};
+EOF
+
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  # Parse the compiler output and extract the necessary
+  # objects, libraries and library flags.
+
+  # Sentinel used to keep track of whether or not we are before
+  # the conftest object file.
+  pre_test_object_deps_done=no
+
+  # The `*' in the case matches for architectures that use `case' in
+  # $output_verbose_cmd can trigger glob expansion during the loop
+  # eval without this substitution.
+  output_verbose_link_cmd=`$echo "X$output_verbose_link_cmd" | $Xsed -e "$no_glob_subst"`
+
+  for p in `eval $output_verbose_link_cmd`; do
+    case $p in
+
+    -L* | -R* | -l*)
+       # Some compilers place space between "-{L,R}" and the path.
+       # Remove the space.
+       if test $p = "-L" \
+	  || test $p = "-R"; then
+	 prev=$p
+	 continue
+       else
+	 prev=
+       fi
+
+       if test "$pre_test_object_deps_done" = no; then
+	 case $p in
+	 -L* | -R*)
+	   # Internal compiler library paths should come after those
+	   # provided the user.  The postdeps already come after the
+	   # user supplied libs so there is no need to process them.
+	   if test -z "$compiler_lib_search_path_CXX"; then
+	     compiler_lib_search_path_CXX="${prev}${p}"
+	   else
+	     compiler_lib_search_path_CXX="${compiler_lib_search_path_CXX} ${prev}${p}"
+	   fi
+	   ;;
+	 # The "-l" case would never come before the object being
+	 # linked, so don't bother handling this case.
+	 esac
+       else
+	 if test -z "$postdeps_CXX"; then
+	   postdeps_CXX="${prev}${p}"
+	 else
+	   postdeps_CXX="${postdeps_CXX} ${prev}${p}"
+	 fi
+       fi
+       ;;
+
+    *.$objext)
+       # This assumes that the test object file only shows up
+       # once in the compiler output.
+       if test "$p" = "conftest.$objext"; then
+	 pre_test_object_deps_done=yes
+	 continue
+       fi
+
+       if test "$pre_test_object_deps_done" = no; then
+	 if test -z "$predep_objects_CXX"; then
+	   predep_objects_CXX="$p"
+	 else
+	   predep_objects_CXX="$predep_objects_CXX $p"
+	 fi
+       else
+	 if test -z "$postdep_objects_CXX"; then
+	   postdep_objects_CXX="$p"
+	 else
+	   postdep_objects_CXX="$postdep_objects_CXX $p"
+	 fi
+       fi
+       ;;
+
+    *) ;; # Ignore the rest.
+
+    esac
+  done
+
+  # Clean up.
+  rm -f a.out a.exe
+else
+  echo "libtool.m4: error: problem compiling CXX test program"
+fi
+
+$rm -f confest.$objext
+
+# PORTME: override above test on systems where it is broken
+case $host_os in
+interix3*)
+  # Interix 3.5 installs completely hosed .la files for C++, so rather than
+  # hack all around it, let's just trust "g++" to DTRT.
+  predep_objects_CXX=
+  postdep_objects_CXX=
+  postdeps_CXX=
+  ;;
+
+solaris*)
+  case $cc_basename in
+  CC*)
+    # Adding this requires a known-good setup of shared libraries for
+    # Sun compiler versions before 5.6, else PIC objects from an old
+    # archive will be linked into the output, leading to subtle bugs.
+    postdeps_CXX='-lCstd -lCrun'
+    ;;
+  esac
+  ;;
+esac
+
+
+case " $postdeps_CXX " in
+*" -lc "*) archive_cmds_need_lc_CXX=no ;;
+esac
+
+lt_prog_compiler_wl_CXX=
+lt_prog_compiler_pic_CXX=
+lt_prog_compiler_static_CXX=
+
+echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
+echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6
+
+  # C++ specific cases for pic, static, wl, etc.
+  if test "$GXX" = yes; then
+    lt_prog_compiler_wl_CXX='-Wl,'
+    lt_prog_compiler_static_CXX='-static'
+
+    case $host_os in
+    aix*)
+      # All AIX code is PIC.
+      if test "$host_cpu" = ia64; then
+	# AIX 5 now supports IA64 processor
+	lt_prog_compiler_static_CXX='-Bstatic'
+      fi
+      ;;
+    amigaos*)
+      # FIXME: we need at least 68020 code to build shared libraries, but
+      # adding the `-m68020' flag to GCC prevents building anything better,
+      # like `-m68040'.
+      lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4'
+      ;;
+    beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+      # PIC is the default for these OSes.
+      ;;
+    mingw* | os2* | pw32*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      lt_prog_compiler_pic_CXX='-DDLL_EXPORT'
+      ;;
+    darwin* | rhapsody*)
+      # PIC is the default on this platform
+      # Common symbols not allowed in MH_DYLIB files
+      lt_prog_compiler_pic_CXX='-fno-common'
+      ;;
+    *djgpp*)
+      # DJGPP does not support shared libraries at all
+      lt_prog_compiler_pic_CXX=
+      ;;
+    interix3*)
+      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+      # Instead, we relocate shared libraries at runtime.
+      ;;
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	lt_prog_compiler_pic_CXX=-Kconform_pic
+      fi
+      ;;
+    hpux*)
+      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+      # not for PA HP-UX.
+      case $host_cpu in
+      hppa*64*|ia64*)
+	;;
+      *)
+	lt_prog_compiler_pic_CXX='-fPIC'
+	;;
+      esac
+      ;;
+    *)
+      lt_prog_compiler_pic_CXX='-fPIC'
+      ;;
+    esac
+  else
+    case $host_os in
+      aix4* | aix5*)
+	# All AIX code is PIC.
+	if test "$host_cpu" = ia64; then
+	  # AIX 5 now supports IA64 processor
+	  lt_prog_compiler_static_CXX='-Bstatic'
+	else
+	  lt_prog_compiler_static_CXX='-bnso -bI:/lib/syscalls.exp'
+	fi
+	;;
+      chorus*)
+	case $cc_basename in
+	cxch68*)
+	  # Green Hills C++ Compiler
+	  # _LT_AC_TAGVAR(lt_prog_compiler_static, CXX)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
+	  ;;
+	esac
+	;;
+       darwin*)
+         # PIC is the default on this platform
+         # Common symbols not allowed in MH_DYLIB files
+         case $cc_basename in
+           xlc*)
+           lt_prog_compiler_pic_CXX='-qnocommon'
+           lt_prog_compiler_wl_CXX='-Wl,'
+           ;;
+         esac
+       ;;
+      dgux*)
+	case $cc_basename in
+	  ec++*)
+	    lt_prog_compiler_pic_CXX='-KPIC'
+	    ;;
+	  ghcx*)
+	    # Green Hills C++ Compiler
+	    lt_prog_compiler_pic_CXX='-pic'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      freebsd* | kfreebsd*-gnu | dragonfly*)
+	# FreeBSD uses GNU C++
+	;;
+      hpux9* | hpux10* | hpux11*)
+	case $cc_basename in
+	  CC*)
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_static_CXX='${wl}-a ${wl}archive'
+	    if test "$host_cpu" != ia64; then
+	      lt_prog_compiler_pic_CXX='+Z'
+	    fi
+	    ;;
+	  aCC*)
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_static_CXX='${wl}-a ${wl}archive'
+	    case $host_cpu in
+	    hppa*64*|ia64*)
+	      # +Z the default
+	      ;;
+	    *)
+	      lt_prog_compiler_pic_CXX='+Z'
+	      ;;
+	    esac
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      interix*)
+	# This is c89, which is MS Visual C++ (no shared libs)
+	# Anyone wants to do a port?
+	;;
+      irix5* | irix6* | nonstopux*)
+	case $cc_basename in
+	  CC*)
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_static_CXX='-non_shared'
+	    # CC pic flag -KPIC is the default.
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      linux*)
+	case $cc_basename in
+	  KCC*)
+	    # KAI C++ Compiler
+	    lt_prog_compiler_wl_CXX='--backend -Wl,'
+	    lt_prog_compiler_pic_CXX='-fPIC'
+	    ;;
+	  icpc* | ecpc*)
+	    # Intel C++
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_pic_CXX='-KPIC'
+	    lt_prog_compiler_static_CXX='-static'
+	    ;;
+	  pgCC*)
+	    # Portland Group C++ compiler.
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_pic_CXX='-fpic'
+	    lt_prog_compiler_static_CXX='-Bstatic'
+	    ;;
+	  cxx*)
+	    # Compaq C++
+	    # Make sure the PIC flag is empty.  It appears that all Alpha
+	    # Linux and Compaq Tru64 Unix objects are PIC.
+	    lt_prog_compiler_pic_CXX=
+	    lt_prog_compiler_static_CXX='-non_shared'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      lynxos*)
+	;;
+      m88k*)
+	;;
+      mvs*)
+	case $cc_basename in
+	  cxx*)
+	    lt_prog_compiler_pic_CXX='-W c,exportall'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      netbsd*)
+	;;
+      osf3* | osf4* | osf5*)
+	case $cc_basename in
+	  KCC*)
+	    lt_prog_compiler_wl_CXX='--backend -Wl,'
+	    ;;
+	  RCC*)
+	    # Rational C++ 2.4.1
+	    lt_prog_compiler_pic_CXX='-pic'
+	    ;;
+	  cxx*)
+	    # Digital/Compaq C++
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    # Make sure the PIC flag is empty.  It appears that all Alpha
+	    # Linux and Compaq Tru64 Unix objects are PIC.
+	    lt_prog_compiler_pic_CXX=
+	    lt_prog_compiler_static_CXX='-non_shared'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      psos*)
+	;;
+      solaris*)
+	case $cc_basename in
+	  CC*)
+	    # Sun C++ 4.2, 5.x and Centerline C++
+	    lt_prog_compiler_pic_CXX='-KPIC'
+	    lt_prog_compiler_static_CXX='-Bstatic'
+	    lt_prog_compiler_wl_CXX='-Qoption ld '
+	    ;;
+	  gcx*)
+	    # Green Hills C++ Compiler
+	    lt_prog_compiler_pic_CXX='-PIC'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      sunos4*)
+	case $cc_basename in
+	  CC*)
+	    # Sun C++ 4.x
+	    lt_prog_compiler_pic_CXX='-pic'
+	    lt_prog_compiler_static_CXX='-Bstatic'
+	    ;;
+	  lcc*)
+	    # Lucid
+	    lt_prog_compiler_pic_CXX='-pic'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      tandem*)
+	case $cc_basename in
+	  NCC*)
+	    # NonStop-UX NCC 3.20
+	    lt_prog_compiler_pic_CXX='-KPIC'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+	case $cc_basename in
+	  CC*)
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_pic_CXX='-KPIC'
+	    lt_prog_compiler_static_CXX='-Bstatic'
+	    ;;
+	esac
+	;;
+      vxworks*)
+	;;
+      *)
+	lt_prog_compiler_can_build_shared_CXX=no
+	;;
+    esac
+  fi
+
+echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_CXX" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_CXX" >&6
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic_CXX"; then
+
+echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works" >&5
+echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works... $ECHO_C" >&6
+if test "${lt_prog_compiler_pic_works_CXX+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  lt_prog_compiler_pic_works_CXX=no
+  ac_outfile=conftest.$ac_objext
+   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+   lt_compiler_flag="$lt_prog_compiler_pic_CXX -DPIC"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   # The option is referenced via a variable to avoid confusing sed.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:11653: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>conftest.err)
+   ac_status=$?
+   cat conftest.err >&5
+   echo "$as_me:11657: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s "$ac_outfile"; then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings other than the usual output.
+     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+       lt_prog_compiler_pic_works_CXX=yes
+     fi
+   fi
+   $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works_CXX" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_works_CXX" >&6
+
+if test x"$lt_prog_compiler_pic_works_CXX" = xyes; then
+    case $lt_prog_compiler_pic_CXX in
+     "" | " "*) ;;
+     *) lt_prog_compiler_pic_CXX=" $lt_prog_compiler_pic_CXX" ;;
+     esac
+else
+    lt_prog_compiler_pic_CXX=
+     lt_prog_compiler_can_build_shared_CXX=no
+fi
+
+fi
+case $host_os in
+  # For platforms which do not support PIC, -DPIC is meaningless:
+  *djgpp*)
+    lt_prog_compiler_pic_CXX=
+    ;;
+  *)
+    lt_prog_compiler_pic_CXX="$lt_prog_compiler_pic_CXX -DPIC"
+    ;;
+esac
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl_CXX eval lt_tmp_static_flag=\"$lt_prog_compiler_static_CXX\"
+echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6
+if test "${lt_prog_compiler_static_works_CXX+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  lt_prog_compiler_static_works_CXX=no
+   save_LDFLAGS="$LDFLAGS"
+   LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+   printf "$lt_simple_link_test_code" > conftest.$ac_ext
+   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+     # The linker can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     if test -s conftest.err; then
+       # Append any errors to the config.log.
+       cat conftest.err 1>&5
+       $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+       if diff conftest.exp conftest.er2 >/dev/null; then
+         lt_prog_compiler_static_works_CXX=yes
+       fi
+     else
+       lt_prog_compiler_static_works_CXX=yes
+     fi
+   fi
+   $rm conftest*
+   LDFLAGS="$save_LDFLAGS"
+
+fi
+echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works_CXX" >&5
+echo "${ECHO_T}$lt_prog_compiler_static_works_CXX" >&6
+
+if test x"$lt_prog_compiler_static_works_CXX" = xyes; then
+    :
+else
+    lt_prog_compiler_static_CXX=
+fi
+
+
+echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
+echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6
+if test "${lt_cv_prog_compiler_c_o_CXX+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  lt_cv_prog_compiler_c_o_CXX=no
+   $rm -r conftest 2>/dev/null
+   mkdir conftest
+   cd conftest
+   mkdir out
+   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+   lt_compiler_flag="-o out/conftest2.$ac_objext"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:11757: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>out/conftest.err)
+   ac_status=$?
+   cat out/conftest.err >&5
+   echo "$as_me:11761: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s out/conftest2.$ac_objext
+   then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_c_o_CXX=yes
+     fi
+   fi
+   chmod u+w . 2>&5
+   $rm conftest*
+   # SGI C++ compiler will create directory out/ii_files/ for
+   # template instantiation
+   test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
+   $rm out/* && rmdir out
+   cd ..
+   rmdir conftest
+   $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_CXX" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_c_o_CXX" >&6
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o_CXX" = no && test "$need_locks" != no; then
+  # do not overwrite the value of need_locks provided by the user
+  echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
+echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6
+  hard_links=yes
+  $rm conftest*
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  touch conftest.a
+  ln conftest.a conftest.b 2>&5 || hard_links=no
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  echo "$as_me:$LINENO: result: $hard_links" >&5
+echo "${ECHO_T}$hard_links" >&6
+  if test "$hard_links" = no; then
+    { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+    need_locks=warn
+  fi
+else
+  need_locks=no
+fi
+
+echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6
+
+  export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+  case $host_os in
+  aix4* | aix5*)
+    # If we're using GNU nm, then we don't want the "-C" option.
+    # -C means demangle to AIX nm, but means don't demangle with GNU nm
+    if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+      export_symbols_cmds_CXX='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+    else
+      export_symbols_cmds_CXX='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+    fi
+    ;;
+  pw32*)
+    export_symbols_cmds_CXX="$ltdll_cmds"
+  ;;
+  cygwin* | mingw*)
+    export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/;/^.* __nm__/s/^.* __nm__\([^ ]*\) [^ ]*/\1 DATA/;/^I /d;/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
+  ;;
+  *)
+    export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+  ;;
+  esac
+
+echo "$as_me:$LINENO: result: $ld_shlibs_CXX" >&5
+echo "${ECHO_T}$ld_shlibs_CXX" >&6
+test "$ld_shlibs_CXX" = no && can_build_shared=no
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc_CXX" in
+x|xyes)
+  # Assume -lc should be added
+  archive_cmds_need_lc_CXX=yes
+
+  if test "$enable_shared" = yes && test "$GCC" = yes; then
+    case $archive_cmds_CXX in
+    *'~'*)
+      # FIXME: we may have to deal with multi-command sequences.
+      ;;
+    '$CC '*)
+      # Test whether the compiler implicitly links with -lc since on some
+      # systems, -lgcc has to come before -lc. If gcc already passes -lc
+      # to ld, don't add -lc before -lgcc.
+      echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
+echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6
+      $rm conftest*
+      printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+      if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } 2>conftest.err; then
+        soname=conftest
+        lib=conftest
+        libobjs=conftest.$ac_objext
+        deplibs=
+        wl=$lt_prog_compiler_wl_CXX
+	pic_flag=$lt_prog_compiler_pic_CXX
+        compiler_flags=-v
+        linker_flags=-v
+        verstring=
+        output_objdir=.
+        libname=conftest
+        lt_save_allow_undefined_flag=$allow_undefined_flag_CXX
+        allow_undefined_flag_CXX=
+        if { (eval echo "$as_me:$LINENO: \"$archive_cmds_CXX 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5
+  (eval $archive_cmds_CXX 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+        then
+	  archive_cmds_need_lc_CXX=no
+        else
+	  archive_cmds_need_lc_CXX=yes
+        fi
+        allow_undefined_flag_CXX=$lt_save_allow_undefined_flag
+      else
+        cat conftest.err 1>&5
+      fi
+      $rm conftest*
+      echo "$as_me:$LINENO: result: $archive_cmds_need_lc_CXX" >&5
+echo "${ECHO_T}$archive_cmds_need_lc_CXX" >&6
+      ;;
+    esac
+  fi
+  ;;
+esac
+
+echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
+echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+if test "$GCC" = yes; then
+  sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+  if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
+    # if the path contains ";" then we assume it to be the separator
+    # otherwise default to the standard path separator (i.e. ":") - it is
+    # assumed that no part of a normal pathname contains ";" but that should
+    # okay in the real world where ";" in dirpaths is itself problematic.
+    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+  else
+    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
+  fi
+else
+  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+  shlibpath_var=LIBPATH
+
+  # AIX 3 has no versioning support, so we append a major version to the name.
+  soname_spec='${libname}${release}${shared_ext}$major'
+  ;;
+
+aix4* | aix5*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  hardcode_into_libs=yes
+  if test "$host_cpu" = ia64; then
+    # AIX 5 supports IA64
+    library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+    shlibpath_var=LD_LIBRARY_PATH
+  else
+    # With GCC up to 2.95.x, collect2 would create an import file
+    # for dependence libraries.  The import file would start with
+    # the line `#! .'.  This would cause the generated library to
+    # depend on `.', always an invalid library.  This was fixed in
+    # development snapshots of GCC prior to 3.0.
+    case $host_os in
+      aix4 | aix4.[01] | aix4.[01].*)
+      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+	   echo ' yes '
+	   echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
+	:
+      else
+	can_build_shared=no
+      fi
+      ;;
+    esac
+    # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+    # soname into executable. Probably we can add versioning support to
+    # collect2, so additional links can be useful in future.
+    if test "$aix_use_runtimelinking" = yes; then
+      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+      # instead of lib<name>.a to let people know that these are not
+      # typical AIX shared libraries.
+      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    else
+      # We preserve .a as extension for shared libraries through AIX4.2
+      # and later when we are not doing run time linking.
+      library_names_spec='${libname}${release}.a $libname.a'
+      soname_spec='${libname}${release}${shared_ext}$major'
+    fi
+    shlibpath_var=LIBPATH
+  fi
+  ;;
+
+amigaos*)
+  library_names_spec='$libname.ixlibrary $libname.a'
+  # Create ${libname}_ixlibrary.a entries in /sys/libs.
+  finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+  ;;
+
+beos*)
+  library_names_spec='${libname}${shared_ext}'
+  dynamic_linker="$host_os ld.so"
+  shlibpath_var=LIBRARY_PATH
+  ;;
+
+bsdi[45]*)
+  version_type=linux
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+  # the default ld.so.conf also contains /usr/contrib/lib and
+  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+  # libtool to hard-code these into programs
+  ;;
+
+cygwin* | mingw* | pw32*)
+  version_type=windows
+  shrext_cmds=".dll"
+  need_version=no
+  need_lib_prefix=no
+
+  case $GCC,$host_os in
+  yes,cygwin* | yes,mingw* | yes,pw32*)
+    library_names_spec='$libname.dll.a'
+    # DLL is installed to $(libdir)/../bin by postinstall_cmds
+    postinstall_cmds='base_file=`basename \${file}`~
+      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
+      dldir=$destdir/`dirname \$dlpath`~
+      test -d \$dldir || mkdir -p \$dldir~
+      $install_prog $dir/$dlname \$dldir/$dlname~
+      chmod a+x \$dldir/$dlname'
+    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+      dlpath=$dir/\$dldll~
+       $rm \$dlpath'
+    shlibpath_overrides_runpath=yes
+
+    case $host_os in
+    cygwin*)
+      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+      soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+      ;;
+    mingw*)
+      # MinGW DLLs use traditional 'lib' prefix
+      soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+      if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then
+        # It is most probably a Windows format PATH printed by
+        # mingw gcc, but we are running on Cygwin. Gcc prints its search
+        # path with ; separators, and with drive letters. We can handle the
+        # drive letters (cygwin fileutils understands them), so leave them,
+        # especially as we might pass files found there to a mingw objdump,
+        # which wouldn't understand a cygwinified path. Ahh.
+        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+      else
+        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
+      fi
+      ;;
+    pw32*)
+      # pw32 DLLs use 'pw' prefix rather than 'lib'
+      library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      ;;
+    esac
+    ;;
+
+  *)
+    library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+    ;;
+  esac
+  dynamic_linker='Win32 ld.exe'
+  # FIXME: first we should search . and the directory the executable is in
+  shlibpath_var=PATH
+  ;;
+
+darwin* | rhapsody*)
+  dynamic_linker="$host_os dyld"
+  version_type=darwin
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+  soname_spec='${libname}${release}${major}$shared_ext'
+  shlibpath_overrides_runpath=yes
+  shlibpath_var=DYLD_LIBRARY_PATH
+  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+  # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
+  if test "$GCC" = yes; then
+    sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
+  else
+    sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
+  fi
+  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+  ;;
+
+dgux*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+freebsd1*)
+  dynamic_linker=no
+  ;;
+
+kfreebsd*-gnu)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='GNU ld.so'
+  ;;
+
+freebsd* | dragonfly*)
+  # DragonFly does not have aout.  When/if they implement a new
+  # versioning mechanism, adjust this.
+  if test -x /usr/bin/objformat; then
+    objformat=`/usr/bin/objformat`
+  else
+    case $host_os in
+    freebsd[123]*) objformat=aout ;;
+    *) objformat=elf ;;
+    esac
+  fi
+  version_type=freebsd-$objformat
+  case $version_type in
+    freebsd-elf*)
+      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+      need_version=no
+      need_lib_prefix=no
+      ;;
+    freebsd-*)
+      library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+      need_version=yes
+      ;;
+  esac
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_os in
+  freebsd2*)
+    shlibpath_overrides_runpath=yes
+    ;;
+  freebsd3.[01]* | freebsdelf3.[01]*)
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+  freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+    shlibpath_overrides_runpath=no
+    hardcode_into_libs=yes
+    ;;
+  freebsd*) # from 4.6 on
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  esac
+  ;;
+
+gnu*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  hardcode_into_libs=yes
+  ;;
+
+hpux9* | hpux10* | hpux11*)
+  # Give a soname corresponding to the major version so that dld.sl refuses to
+  # link against other versions.
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  case $host_cpu in
+  ia64*)
+    shrext_cmds='.so'
+    hardcode_into_libs=yes
+    dynamic_linker="$host_os dld.so"
+    shlibpath_var=LD_LIBRARY_PATH
+    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    if test "X$HPUX_IA64_MODE" = X32; then
+      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+    else
+      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+    fi
+    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+    ;;
+   hppa*64*)
+     shrext_cmds='.sl'
+     hardcode_into_libs=yes
+     dynamic_linker="$host_os dld.sl"
+     shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+     shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+     library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+     soname_spec='${libname}${release}${shared_ext}$major'
+     sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+     sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+     ;;
+   *)
+    shrext_cmds='.sl'
+    dynamic_linker="$host_os dld.sl"
+    shlibpath_var=SHLIB_PATH
+    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    ;;
+  esac
+  # HP-UX runs *really* slowly unless shared libraries are mode 555.
+  postinstall_cmds='chmod 555 $lib'
+  ;;
+
+interix3*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
+irix5* | irix6* | nonstopux*)
+  case $host_os in
+    nonstopux*) version_type=nonstopux ;;
+    *)
+	if test "$lt_cv_prog_gnu_ld" = yes; then
+		version_type=linux
+	else
+		version_type=irix
+	fi ;;
+  esac
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='${libname}${release}${shared_ext}$major'
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+  case $host_os in
+  irix5* | nonstopux*)
+    libsuff= shlibsuff=
+    ;;
+  *)
+    case $LD in # libtool.m4 will add one of these switches to LD
+    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+      libsuff= shlibsuff= libmagic=32-bit;;
+    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+      libsuff=32 shlibsuff=N32 libmagic=N32;;
+    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+      libsuff=64 shlibsuff=64 libmagic=64-bit;;
+    *) libsuff= shlibsuff= libmagic=never-match;;
+    esac
+    ;;
+  esac
+  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+  shlibpath_overrides_runpath=no
+  sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+  hardcode_into_libs=yes
+  ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+  dynamic_linker=no
+  ;;
+
+# This must be Linux ELF.
+linux*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  # This implies no fast_install, which is unacceptable.
+  # Some rework will be needed to allow for fast_install
+  # before this can be enabled.
+  hardcode_into_libs=yes
+
+  # Append ld.so.conf contents to the search path
+  if test -f /etc/ld.so.conf; then
+    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+  fi
+
+  # We used to test for /lib/ld.so.1 and disable shared libraries on
+  # powerpc, because MkLinux only supported shared libraries with the
+  # GNU dynamic linker.  Since this was broken with cross compilers,
+  # most powerpc-linux boxes support dynamic linking these days and
+  # people can always --disable-shared, the test was removed, and we
+  # assume the GNU/Linux dynamic linker is in use.
+  dynamic_linker='GNU/Linux ld.so'
+  ;;
+
+knetbsd*-gnu)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='GNU ld.so'
+  ;;
+
+netbsd*)
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+    dynamic_linker='NetBSD (a.out) ld.so'
+  else
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    dynamic_linker='NetBSD ld.elf_so'
+  fi
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  ;;
+
+newsos6)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+nto-qnx*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+openbsd*)
+  version_type=sunos
+  sys_lib_dlsearch_path_spec="/usr/lib"
+  need_lib_prefix=no
+  # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+  case $host_os in
+    openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+    *)                         need_version=no  ;;
+  esac
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+    case $host_os in
+      openbsd2.[89] | openbsd2.[89].*)
+	shlibpath_overrides_runpath=no
+	;;
+      *)
+	shlibpath_overrides_runpath=yes
+	;;
+      esac
+  else
+    shlibpath_overrides_runpath=yes
+  fi
+  ;;
+
+os2*)
+  libname_spec='$name'
+  shrext_cmds=".dll"
+  need_lib_prefix=no
+  library_names_spec='$libname${shared_ext} $libname.a'
+  dynamic_linker='OS/2 ld.exe'
+  shlibpath_var=LIBPATH
+  ;;
+
+osf3* | osf4* | osf5*)
+  version_type=osf
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='${libname}${release}${shared_ext}$major'
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+  ;;
+
+solaris*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  # ldd complains unless libraries are executable
+  postinstall_cmds='chmod +x $lib'
+  ;;
+
+sunos4*)
+  version_type=sunos
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  if test "$with_gnu_ld" = yes; then
+    need_lib_prefix=no
+  fi
+  need_version=yes
+  ;;
+
+sysv4 | sysv4.3*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_vendor in
+    sni)
+      shlibpath_overrides_runpath=no
+      need_lib_prefix=no
+      export_dynamic_flag_spec='${wl}-Blargedynsym'
+      runpath_var=LD_RUN_PATH
+      ;;
+    siemens)
+      need_lib_prefix=no
+      ;;
+    motorola)
+      need_lib_prefix=no
+      need_version=no
+      shlibpath_overrides_runpath=no
+      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+      ;;
+  esac
+  ;;
+
+sysv4*MP*)
+  if test -d /usr/nec ;then
+    version_type=linux
+    library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+    soname_spec='$libname${shared_ext}.$major'
+    shlibpath_var=LD_LIBRARY_PATH
+  fi
+  ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+  version_type=freebsd-elf
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  hardcode_into_libs=yes
+  if test "$with_gnu_ld" = yes; then
+    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+    shlibpath_overrides_runpath=no
+  else
+    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+    shlibpath_overrides_runpath=yes
+    case $host_os in
+      sco3.2v5*)
+        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+	;;
+    esac
+  fi
+  sys_lib_dlsearch_path_spec='/usr/lib'
+  ;;
+
+uts4*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+*)
+  dynamic_linker=no
+  ;;
+esac
+echo "$as_me:$LINENO: result: $dynamic_linker" >&5
+echo "${ECHO_T}$dynamic_linker" >&6
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
+echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6
+hardcode_action_CXX=
+if test -n "$hardcode_libdir_flag_spec_CXX" || \
+   test -n "$runpath_var_CXX" || \
+   test "X$hardcode_automatic_CXX" = "Xyes" ; then
+
+  # We can hardcode non-existant directories.
+  if test "$hardcode_direct_CXX" != no &&
+     # If the only mechanism to avoid hardcoding is shlibpath_var, we
+     # have to relink, otherwise we might link with an installed library
+     # when we should be linking with a yet-to-be-installed one
+     ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, CXX)" != no &&
+     test "$hardcode_minus_L_CXX" != no; then
+    # Linking always hardcodes the temporary library directory.
+    hardcode_action_CXX=relink
+  else
+    # We can link without hardcoding, and we can hardcode nonexisting dirs.
+    hardcode_action_CXX=immediate
+  fi
+else
+  # We cannot hardcode anything, or else we can only hardcode existing
+  # directories.
+  hardcode_action_CXX=unsupported
+fi
+echo "$as_me:$LINENO: result: $hardcode_action_CXX" >&5
+echo "${ECHO_T}$hardcode_action_CXX" >&6
+
+if test "$hardcode_action_CXX" = relink; then
+  # Fast installation is not supported
+  enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+     test "$enable_shared" = no; then
+  # Fast installation is not necessary
+  enable_fast_install=needless
+fi
+
+
+# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+  # See if we are running on zsh, and set the options which allow our commands through
+  # without removal of \ escapes.
+  if test -n "${ZSH_VERSION+set}" ; then
+    setopt NO_GLOB_SUBST
+  fi
+  # Now quote all the things that may contain metacharacters while being
+  # careful not to overquote the AC_SUBSTed values.  We take copies of the
+  # variables and quote the copies for generation of the libtool script.
+  for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \
+    SED SHELL STRIP \
+    libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+    old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+    deplibs_check_method reload_flag reload_cmds need_locks \
+    lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+    lt_cv_sys_global_symbol_to_c_name_address \
+    sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+    old_postinstall_cmds old_postuninstall_cmds \
+    compiler_CXX \
+    CC_CXX \
+    LD_CXX \
+    lt_prog_compiler_wl_CXX \
+    lt_prog_compiler_pic_CXX \
+    lt_prog_compiler_static_CXX \
+    lt_prog_compiler_no_builtin_flag_CXX \
+    export_dynamic_flag_spec_CXX \
+    thread_safe_flag_spec_CXX \
+    whole_archive_flag_spec_CXX \
+    enable_shared_with_static_runtimes_CXX \
+    old_archive_cmds_CXX \
+    old_archive_from_new_cmds_CXX \
+    predep_objects_CXX \
+    postdep_objects_CXX \
+    predeps_CXX \
+    postdeps_CXX \
+    compiler_lib_search_path_CXX \
+    archive_cmds_CXX \
+    archive_expsym_cmds_CXX \
+    postinstall_cmds_CXX \
+    postuninstall_cmds_CXX \
+    old_archive_from_expsyms_cmds_CXX \
+    allow_undefined_flag_CXX \
+    no_undefined_flag_CXX \
+    export_symbols_cmds_CXX \
+    hardcode_libdir_flag_spec_CXX \
+    hardcode_libdir_flag_spec_ld_CXX \
+    hardcode_libdir_separator_CXX \
+    hardcode_automatic_CXX \
+    module_cmds_CXX \
+    module_expsym_cmds_CXX \
+    lt_cv_prog_compiler_c_o_CXX \
+    exclude_expsyms_CXX \
+    include_expsyms_CXX; do
+
+    case $var in
+    old_archive_cmds_CXX | \
+    old_archive_from_new_cmds_CXX | \
+    archive_cmds_CXX | \
+    archive_expsym_cmds_CXX | \
+    module_cmds_CXX | \
+    module_expsym_cmds_CXX | \
+    old_archive_from_expsyms_cmds_CXX | \
+    export_symbols_cmds_CXX | \
+    extract_expsyms_cmds | reload_cmds | finish_cmds | \
+    postinstall_cmds | postuninstall_cmds | \
+    old_postinstall_cmds | old_postuninstall_cmds | \
+    sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+      # Double-quote double-evaled strings.
+      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+      ;;
+    *)
+      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+      ;;
+    esac
+  done
+
+  case $lt_echo in
+  *'\$0 --fallback-echo"')
+    lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
+    ;;
+  esac
+
+cfgfile="$ofile"
+
+  cat <<__EOF__ >> "$cfgfile"
+# ### BEGIN LIBTOOL TAG CONFIG: $tagname
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc_CXX
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_CXX
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_LTCFLAGS
+
+# A language-specific compiler.
+CC=$lt_compiler_CXX
+
+# Is the compiler the GNU C compiler?
+with_gcc=$GCC_CXX
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_LD_CXX
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl_CXX
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic_CXX
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o_CXX
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static_CXX
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_CXX
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_CXX
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec_CXX
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_thread_safe_flag_spec_CXX
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names.  First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_old_archive_cmds_CXX
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_CXX
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_CXX
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_archive_cmds_CXX
+archive_expsym_cmds=$lt_archive_expsym_cmds_CXX
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_module_cmds_CXX
+module_expsym_cmds=$lt_module_expsym_cmds_CXX
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_predep_objects_CXX
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_postdep_objects_CXX
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_predeps_CXX
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_postdeps_CXX
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path_CXX
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag_CXX
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag_CXX
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action_CXX
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_CXX
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_CXX
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator_CXX
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$hardcode_direct_CXX
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$hardcode_minus_L_CXX
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var_CXX
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$hardcode_automatic_CXX
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs_CXX
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$fix_srcfile_path_CXX"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$always_export_symbols_CXX
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds_CXX
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms_CXX
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms_CXX
+
+# ### END LIBTOOL TAG CONFIG: $tagname
+
+__EOF__
+
+
+else
+  # If there is no Makefile yet, we rely on a make rule to execute
+  # `config.status --recheck' to rerun these tests and create the
+  # libtool script then.
+  ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+  if test -f "$ltmain_in"; then
+    test -f Makefile && make "$ltmain"
+  fi
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC=$lt_save_CC
+LDCXX=$LD
+LD=$lt_save_LD
+GCC=$lt_save_GCC
+with_gnu_ldcxx=$with_gnu_ld
+with_gnu_ld=$lt_save_with_gnu_ld
+lt_cv_path_LDCXX=$lt_cv_path_LD
+lt_cv_path_LD=$lt_save_path_LD
+lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
+lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
+
+	else
+	  tagname=""
+	fi
+	;;
+
+      F77)
+	if test -n "$F77" && test "X$F77" != "Xno"; then
+
+ac_ext=f
+ac_compile='$F77 -c $FFLAGS conftest.$ac_ext >&5'
+ac_link='$F77 -o conftest$ac_exeext $FFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_f77_compiler_gnu
+
+
+archive_cmds_need_lc_F77=no
+allow_undefined_flag_F77=
+always_export_symbols_F77=no
+archive_expsym_cmds_F77=
+export_dynamic_flag_spec_F77=
+hardcode_direct_F77=no
+hardcode_libdir_flag_spec_F77=
+hardcode_libdir_flag_spec_ld_F77=
+hardcode_libdir_separator_F77=
+hardcode_minus_L_F77=no
+hardcode_automatic_F77=no
+module_cmds_F77=
+module_expsym_cmds_F77=
+link_all_deplibs_F77=unknown
+old_archive_cmds_F77=$old_archive_cmds
+no_undefined_flag_F77=
+whole_archive_flag_spec_F77=
+enable_shared_with_static_runtimes_F77=no
+
+# Source file extension for f77 test sources.
+ac_ext=f
+
+# Object file extension for compiled f77 test sources.
+objext=o
+objext_F77=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="      subroutine t\n      return\n      end\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code="      program t\n      end\n"
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${F77-"f77"}
+compiler=$CC
+compiler_F77=$CC
+for cc_temp in $compiler""; do
+  case $cc_temp in
+    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+    \-*) ;;
+    *) break;;
+  esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5
+echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6
+echo "$as_me:$LINENO: result: $can_build_shared" >&5
+echo "${ECHO_T}$can_build_shared" >&6
+
+echo "$as_me:$LINENO: checking whether to build shared libraries" >&5
+echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6
+test "$can_build_shared" = "no" && enable_shared=no
+
+# On AIX, shared libraries and static libraries use the same namespace, and
+# are all built from PIC.
+case $host_os in
+aix3*)
+  test "$enable_shared" = yes && enable_static=no
+  if test -n "$RANLIB"; then
+    archive_cmds="$archive_cmds~\$RANLIB \$lib"
+    postinstall_cmds='$RANLIB $lib'
+  fi
+  ;;
+aix4* | aix5*)
+  if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+    test "$enable_shared" = yes && enable_static=no
+  fi
+  ;;
+esac
+echo "$as_me:$LINENO: result: $enable_shared" >&5
+echo "${ECHO_T}$enable_shared" >&6
+
+echo "$as_me:$LINENO: checking whether to build static libraries" >&5
+echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6
+# Make sure either enable_shared or enable_static is yes.
+test "$enable_shared" = yes || enable_static=yes
+echo "$as_me:$LINENO: result: $enable_static" >&5
+echo "${ECHO_T}$enable_static" >&6
+
+GCC_F77="$G77"
+LD_F77="$LD"
+
+lt_prog_compiler_wl_F77=
+lt_prog_compiler_pic_F77=
+lt_prog_compiler_static_F77=
+
+echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
+echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6
+
+  if test "$GCC" = yes; then
+    lt_prog_compiler_wl_F77='-Wl,'
+    lt_prog_compiler_static_F77='-static'
+
+    case $host_os in
+      aix*)
+      # All AIX code is PIC.
+      if test "$host_cpu" = ia64; then
+	# AIX 5 now supports IA64 processor
+	lt_prog_compiler_static_F77='-Bstatic'
+      fi
+      ;;
+
+    amigaos*)
+      # FIXME: we need at least 68020 code to build shared libraries, but
+      # adding the `-m68020' flag to GCC prevents building anything better,
+      # like `-m68040'.
+      lt_prog_compiler_pic_F77='-m68020 -resident32 -malways-restore-a4'
+      ;;
+
+    beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+      # PIC is the default for these OSes.
+      ;;
+
+    mingw* | pw32* | os2*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      lt_prog_compiler_pic_F77='-DDLL_EXPORT'
+      ;;
+
+    darwin* | rhapsody*)
+      # PIC is the default on this platform
+      # Common symbols not allowed in MH_DYLIB files
+      lt_prog_compiler_pic_F77='-fno-common'
+      ;;
+
+    interix3*)
+      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+      # Instead, we relocate shared libraries at runtime.
+      ;;
+
+    msdosdjgpp*)
+      # Just because we use GCC doesn't mean we suddenly get shared libraries
+      # on systems that don't support them.
+      lt_prog_compiler_can_build_shared_F77=no
+      enable_shared=no
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	lt_prog_compiler_pic_F77=-Kconform_pic
+      fi
+      ;;
+
+    hpux*)
+      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+      # not for PA HP-UX.
+      case $host_cpu in
+      hppa*64*|ia64*)
+	# +Z the default
+	;;
+      *)
+	lt_prog_compiler_pic_F77='-fPIC'
+	;;
+      esac
+      ;;
+
+    *)
+      lt_prog_compiler_pic_F77='-fPIC'
+      ;;
+    esac
+  else
+    # PORTME Check for flag to pass linker flags through the system compiler.
+    case $host_os in
+    aix*)
+      lt_prog_compiler_wl_F77='-Wl,'
+      if test "$host_cpu" = ia64; then
+	# AIX 5 now supports IA64 processor
+	lt_prog_compiler_static_F77='-Bstatic'
+      else
+	lt_prog_compiler_static_F77='-bnso -bI:/lib/syscalls.exp'
+      fi
+      ;;
+      darwin*)
+        # PIC is the default on this platform
+        # Common symbols not allowed in MH_DYLIB files
+       case $cc_basename in
+         xlc*)
+         lt_prog_compiler_pic_F77='-qnocommon'
+         lt_prog_compiler_wl_F77='-Wl,'
+         ;;
+       esac
+       ;;
+
+    mingw* | pw32* | os2*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      lt_prog_compiler_pic_F77='-DDLL_EXPORT'
+      ;;
+
+    hpux9* | hpux10* | hpux11*)
+      lt_prog_compiler_wl_F77='-Wl,'
+      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+      # not for PA HP-UX.
+      case $host_cpu in
+      hppa*64*|ia64*)
+	# +Z the default
+	;;
+      *)
+	lt_prog_compiler_pic_F77='+Z'
+	;;
+      esac
+      # Is there a better lt_prog_compiler_static that works with the bundled CC?
+      lt_prog_compiler_static_F77='${wl}-a ${wl}archive'
+      ;;
+
+    irix5* | irix6* | nonstopux*)
+      lt_prog_compiler_wl_F77='-Wl,'
+      # PIC (with -KPIC) is the default.
+      lt_prog_compiler_static_F77='-non_shared'
+      ;;
+
+    newsos6)
+      lt_prog_compiler_pic_F77='-KPIC'
+      lt_prog_compiler_static_F77='-Bstatic'
+      ;;
+
+    linux*)
+      case $cc_basename in
+      icc* | ecc*)
+	lt_prog_compiler_wl_F77='-Wl,'
+	lt_prog_compiler_pic_F77='-KPIC'
+	lt_prog_compiler_static_F77='-static'
+        ;;
+      pgcc* | pgf77* | pgf90* | pgf95*)
+        # Portland Group compilers (*not* the Pentium gcc compiler,
+	# which looks to be a dead project)
+	lt_prog_compiler_wl_F77='-Wl,'
+	lt_prog_compiler_pic_F77='-fpic'
+	lt_prog_compiler_static_F77='-Bstatic'
+        ;;
+      ccc*)
+        lt_prog_compiler_wl_F77='-Wl,'
+        # All Alpha code is PIC.
+        lt_prog_compiler_static_F77='-non_shared'
+        ;;
+      esac
+      ;;
+
+    osf3* | osf4* | osf5*)
+      lt_prog_compiler_wl_F77='-Wl,'
+      # All OSF/1 code is PIC.
+      lt_prog_compiler_static_F77='-non_shared'
+      ;;
+
+    solaris*)
+      lt_prog_compiler_pic_F77='-KPIC'
+      lt_prog_compiler_static_F77='-Bstatic'
+      case $cc_basename in
+      f77* | f90* | f95*)
+	lt_prog_compiler_wl_F77='-Qoption ld ';;
+      *)
+	lt_prog_compiler_wl_F77='-Wl,';;
+      esac
+      ;;
+
+    sunos4*)
+      lt_prog_compiler_wl_F77='-Qoption ld '
+      lt_prog_compiler_pic_F77='-PIC'
+      lt_prog_compiler_static_F77='-Bstatic'
+      ;;
+
+    sysv4 | sysv4.2uw2* | sysv4.3*)
+      lt_prog_compiler_wl_F77='-Wl,'
+      lt_prog_compiler_pic_F77='-KPIC'
+      lt_prog_compiler_static_F77='-Bstatic'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec ;then
+	lt_prog_compiler_pic_F77='-Kconform_pic'
+	lt_prog_compiler_static_F77='-Bstatic'
+      fi
+      ;;
+
+    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+      lt_prog_compiler_wl_F77='-Wl,'
+      lt_prog_compiler_pic_F77='-KPIC'
+      lt_prog_compiler_static_F77='-Bstatic'
+      ;;
+
+    unicos*)
+      lt_prog_compiler_wl_F77='-Wl,'
+      lt_prog_compiler_can_build_shared_F77=no
+      ;;
+
+    uts4*)
+      lt_prog_compiler_pic_F77='-pic'
+      lt_prog_compiler_static_F77='-Bstatic'
+      ;;
+
+    *)
+      lt_prog_compiler_can_build_shared_F77=no
+      ;;
+    esac
+  fi
+
+echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_F77" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_F77" >&6
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic_F77"; then
+
+echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_F77 works" >&5
+echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_F77 works... $ECHO_C" >&6
+if test "${lt_prog_compiler_pic_works_F77+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  lt_prog_compiler_pic_works_F77=no
+  ac_outfile=conftest.$ac_objext
+   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+   lt_compiler_flag="$lt_prog_compiler_pic_F77"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   # The option is referenced via a variable to avoid confusing sed.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:13327: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>conftest.err)
+   ac_status=$?
+   cat conftest.err >&5
+   echo "$as_me:13331: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s "$ac_outfile"; then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings other than the usual output.
+     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+       lt_prog_compiler_pic_works_F77=yes
+     fi
+   fi
+   $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works_F77" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_works_F77" >&6
+
+if test x"$lt_prog_compiler_pic_works_F77" = xyes; then
+    case $lt_prog_compiler_pic_F77 in
+     "" | " "*) ;;
+     *) lt_prog_compiler_pic_F77=" $lt_prog_compiler_pic_F77" ;;
+     esac
+else
+    lt_prog_compiler_pic_F77=
+     lt_prog_compiler_can_build_shared_F77=no
+fi
+
+fi
+case $host_os in
+  # For platforms which do not support PIC, -DPIC is meaningless:
+  *djgpp*)
+    lt_prog_compiler_pic_F77=
+    ;;
+  *)
+    lt_prog_compiler_pic_F77="$lt_prog_compiler_pic_F77"
+    ;;
+esac
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl_F77 eval lt_tmp_static_flag=\"$lt_prog_compiler_static_F77\"
+echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6
+if test "${lt_prog_compiler_static_works_F77+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  lt_prog_compiler_static_works_F77=no
+   save_LDFLAGS="$LDFLAGS"
+   LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+   printf "$lt_simple_link_test_code" > conftest.$ac_ext
+   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+     # The linker can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     if test -s conftest.err; then
+       # Append any errors to the config.log.
+       cat conftest.err 1>&5
+       $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+       if diff conftest.exp conftest.er2 >/dev/null; then
+         lt_prog_compiler_static_works_F77=yes
+       fi
+     else
+       lt_prog_compiler_static_works_F77=yes
+     fi
+   fi
+   $rm conftest*
+   LDFLAGS="$save_LDFLAGS"
+
+fi
+echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works_F77" >&5
+echo "${ECHO_T}$lt_prog_compiler_static_works_F77" >&6
+
+if test x"$lt_prog_compiler_static_works_F77" = xyes; then
+    :
+else
+    lt_prog_compiler_static_F77=
+fi
+
+
+echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
+echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6
+if test "${lt_cv_prog_compiler_c_o_F77+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  lt_cv_prog_compiler_c_o_F77=no
+   $rm -r conftest 2>/dev/null
+   mkdir conftest
+   cd conftest
+   mkdir out
+   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+   lt_compiler_flag="-o out/conftest2.$ac_objext"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:13431: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>out/conftest.err)
+   ac_status=$?
+   cat out/conftest.err >&5
+   echo "$as_me:13435: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s out/conftest2.$ac_objext
+   then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_c_o_F77=yes
+     fi
+   fi
+   chmod u+w . 2>&5
+   $rm conftest*
+   # SGI C++ compiler will create directory out/ii_files/ for
+   # template instantiation
+   test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
+   $rm out/* && rmdir out
+   cd ..
+   rmdir conftest
+   $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_F77" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_c_o_F77" >&6
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o_F77" = no && test "$need_locks" != no; then
+  # do not overwrite the value of need_locks provided by the user
+  echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
+echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6
+  hard_links=yes
+  $rm conftest*
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  touch conftest.a
+  ln conftest.a conftest.b 2>&5 || hard_links=no
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  echo "$as_me:$LINENO: result: $hard_links" >&5
+echo "${ECHO_T}$hard_links" >&6
+  if test "$hard_links" = no; then
+    { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+    need_locks=warn
+  fi
+else
+  need_locks=no
+fi
+
+echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6
+
+  runpath_var=
+  allow_undefined_flag_F77=
+  enable_shared_with_static_runtimes_F77=no
+  archive_cmds_F77=
+  archive_expsym_cmds_F77=
+  old_archive_From_new_cmds_F77=
+  old_archive_from_expsyms_cmds_F77=
+  export_dynamic_flag_spec_F77=
+  whole_archive_flag_spec_F77=
+  thread_safe_flag_spec_F77=
+  hardcode_libdir_flag_spec_F77=
+  hardcode_libdir_flag_spec_ld_F77=
+  hardcode_libdir_separator_F77=
+  hardcode_direct_F77=no
+  hardcode_minus_L_F77=no
+  hardcode_shlibpath_var_F77=unsupported
+  link_all_deplibs_F77=unknown
+  hardcode_automatic_F77=no
+  module_cmds_F77=
+  module_expsym_cmds_F77=
+  always_export_symbols_F77=no
+  export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+  # include_expsyms should be a list of space-separated symbols to be *always*
+  # included in the symbol list
+  include_expsyms_F77=
+  # exclude_expsyms can be an extended regexp of symbols to exclude
+  # it will be wrapped by ` (' and `)$', so one must not match beginning or
+  # end of line.  Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+  # as well as any symbol that contains `d'.
+  exclude_expsyms_F77="_GLOBAL_OFFSET_TABLE_"
+  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+  # platforms (ab)use it in PIC code, but their linkers get confused if
+  # the symbol is explicitly referenced.  Since portable code cannot
+  # rely on this symbol name, it's probably fine to never include it in
+  # preloaded symbol tables.
+  extract_expsyms_cmds=
+  # Just being paranoid about ensuring that cc_basename is set.
+  for cc_temp in $compiler""; do
+  case $cc_temp in
+    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+    \-*) ;;
+    *) break;;
+  esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+  case $host_os in
+  cygwin* | mingw* | pw32*)
+    # FIXME: the MSVC++ port hasn't been tested in a loooong time
+    # When not using gcc, we currently assume that we are using
+    # Microsoft Visual C++.
+    if test "$GCC" != yes; then
+      with_gnu_ld=no
+    fi
+    ;;
+  interix*)
+    # we just hope/assume this is gcc and not c89 (= MSVC++)
+    with_gnu_ld=yes
+    ;;
+  openbsd*)
+    with_gnu_ld=no
+    ;;
+  esac
+
+  ld_shlibs_F77=yes
+  if test "$with_gnu_ld" = yes; then
+    # If archive_cmds runs LD, not CC, wlarc should be empty
+    wlarc='${wl}'
+
+    # Set some defaults for GNU ld with shared library support. These
+    # are reset later if shared libraries are not supported. Putting them
+    # here allows them to be overridden if necessary.
+    runpath_var=LD_RUN_PATH
+    hardcode_libdir_flag_spec_F77='${wl}--rpath ${wl}$libdir'
+    export_dynamic_flag_spec_F77='${wl}--export-dynamic'
+    # ancient GNU ld didn't support --whole-archive et. al.
+    if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then
+	whole_archive_flag_spec_F77="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+      else
+  	whole_archive_flag_spec_F77=
+    fi
+    supports_anon_versioning=no
+    case `$LD -v 2>/dev/null` in
+      *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
+      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+      *\ 2.11.*) ;; # other 2.11 versions
+      *) supports_anon_versioning=yes ;;
+    esac
+
+    # See if GNU ld supports shared libraries.
+    case $host_os in
+    aix3* | aix4* | aix5*)
+      # On AIX/PPC, the GNU linker is very broken
+      if test "$host_cpu" != ia64; then
+	ld_shlibs_F77=no
+	cat <<EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support.  If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+EOF
+      fi
+      ;;
+
+    amigaos*)
+      archive_cmds_F77='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+      hardcode_libdir_flag_spec_F77='-L$libdir'
+      hardcode_minus_L_F77=yes
+
+      # Samuel A. Falvo II <kc5tja@dolphin.openprojects.net> reports
+      # that the semantics of dynamic libraries on AmigaOS, at least up
+      # to version 4, is to share data among multiple programs linked
+      # with the same dynamic library.  Since this doesn't match the
+      # behavior of shared libraries on other platforms, we can't use
+      # them.
+      ld_shlibs_F77=no
+      ;;
+
+    beos*)
+      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	allow_undefined_flag_F77=unsupported
+	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+	# support --undefined.  This deserves some investigation.  FIXME
+	archive_cmds_F77='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+      else
+	ld_shlibs_F77=no
+      fi
+      ;;
+
+    cygwin* | mingw* | pw32*)
+      # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, F77) is actually meaningless,
+      # as there is no search path for DLLs.
+      hardcode_libdir_flag_spec_F77='-L$libdir'
+      allow_undefined_flag_F77=unsupported
+      always_export_symbols_F77=no
+      enable_shared_with_static_runtimes_F77=yes
+      export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
+
+      if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+        archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+	# If the export-symbols file already is a .def file (1st line
+	# is EXPORTS), use it as is; otherwise, prepend...
+	archive_expsym_cmds_F77='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+	  cp $export_symbols $output_objdir/$soname.def;
+	else
+	  echo EXPORTS > $output_objdir/$soname.def;
+	  cat $export_symbols >> $output_objdir/$soname.def;
+	fi~
+	$CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+      else
+	ld_shlibs_F77=no
+      fi
+      ;;
+
+    interix3*)
+      hardcode_direct_F77=no
+      hardcode_shlibpath_var_F77=no
+      hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir'
+      export_dynamic_flag_spec_F77='${wl}-E'
+      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+      # Instead, shared libraries are loaded at an image base (0x10000000 by
+      # default) and relocated if they conflict, which is a slow very memory
+      # consuming and fragmenting process.  To avoid this, we pick a random,
+      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
+      archive_cmds_F77='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      archive_expsym_cmds_F77='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      ;;
+
+    linux*)
+      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	tmp_addflag=
+	case $cc_basename,$host_cpu in
+	pgcc*)				# Portland Group C compiler
+	  whole_archive_flag_spec_F77='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+	  tmp_addflag=' $pic_flag'
+	  ;;
+	pgf77* | pgf90* | pgf95*)	# Portland Group f77 and f90 compilers
+	  whole_archive_flag_spec_F77='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+	  tmp_addflag=' $pic_flag -Mnomain' ;;
+	ecc*,ia64* | icc*,ia64*)		# Intel C compiler on ia64
+	  tmp_addflag=' -i_dynamic' ;;
+	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
+	  tmp_addflag=' -i_dynamic -nofor_main' ;;
+	ifc* | ifort*)			# Intel Fortran compiler
+	  tmp_addflag=' -nofor_main' ;;
+	esac
+	archive_cmds_F77='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+	if test $supports_anon_versioning = yes; then
+	  archive_expsym_cmds_F77='$echo "{ global:" > $output_objdir/$libname.ver~
+  cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+  $echo "local: *; };" >> $output_objdir/$libname.ver~
+	  $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+	fi
+      else
+	ld_shlibs_F77=no
+      fi
+      ;;
+
+    netbsd*)
+      if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+	archive_cmds_F77='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+	wlarc=
+      else
+	archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      fi
+      ;;
+
+    solaris*)
+      if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
+	ld_shlibs_F77=no
+	cat <<EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems.  Therefore, libtool
+*** is disabling shared libraries support.  We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer.  Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+EOF
+      elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      else
+	ld_shlibs_F77=no
+      fi
+      ;;
+
+    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+      case `$LD -v 2>&1` in
+        *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
+	ld_shlibs_F77=no
+	cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** reliably create shared libraries on SCO systems.  Therefore, libtool
+*** is disabling shared libraries support.  We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+	;;
+	*)
+	  if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	    hardcode_libdir_flag_spec_F77='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
+	    archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib'
+	    archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib'
+	  else
+	    ld_shlibs_F77=no
+	  fi
+	;;
+      esac
+      ;;
+
+    sunos4*)
+      archive_cmds_F77='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+      wlarc=
+      hardcode_direct_F77=yes
+      hardcode_shlibpath_var_F77=no
+      ;;
+
+    *)
+      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      else
+	ld_shlibs_F77=no
+      fi
+      ;;
+    esac
+
+    if test "$ld_shlibs_F77" = no; then
+      runpath_var=
+      hardcode_libdir_flag_spec_F77=
+      export_dynamic_flag_spec_F77=
+      whole_archive_flag_spec_F77=
+    fi
+  else
+    # PORTME fill in a description of your system's linker (not GNU ld)
+    case $host_os in
+    aix3*)
+      allow_undefined_flag_F77=unsupported
+      always_export_symbols_F77=yes
+      archive_expsym_cmds_F77='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+      # Note: this linker hardcodes the directories in LIBPATH if there
+      # are no directories specified by -L.
+      hardcode_minus_L_F77=yes
+      if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+	# Neither direct hardcoding nor static linking is supported with a
+	# broken collect2.
+	hardcode_direct_F77=unsupported
+      fi
+      ;;
+
+    aix4* | aix5*)
+      if test "$host_cpu" = ia64; then
+	# On IA64, the linker does run time linking by default, so we don't
+	# have to do anything special.
+	aix_use_runtimelinking=no
+	exp_sym_flag='-Bexport'
+	no_entry_flag=""
+      else
+	# If we're using GNU nm, then we don't want the "-C" option.
+	# -C means demangle to AIX nm, but means don't demangle with GNU nm
+	if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+	  export_symbols_cmds_F77='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+	else
+	  export_symbols_cmds_F77='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+	fi
+	aix_use_runtimelinking=no
+
+	# Test if we are trying to use run time linking or normal
+	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
+	# need to do runtime linking.
+	case $host_os in aix4.[23]|aix4.[23].*|aix5*)
+	  for ld_flag in $LDFLAGS; do
+  	  if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+  	    aix_use_runtimelinking=yes
+  	    break
+  	  fi
+	  done
+	  ;;
+	esac
+
+	exp_sym_flag='-bexport'
+	no_entry_flag='-bnoentry'
+      fi
+
+      # When large executables or shared objects are built, AIX ld can
+      # have problems creating the table of contents.  If linking a library
+      # or program results in "error TOC overflow" add -mminimal-toc to
+      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
+      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+      archive_cmds_F77=''
+      hardcode_direct_F77=yes
+      hardcode_libdir_separator_F77=':'
+      link_all_deplibs_F77=yes
+
+      if test "$GCC" = yes; then
+	case $host_os in aix4.[012]|aix4.[012].*)
+	# We only want to do this on AIX 4.2 and lower, the check
+	# below for broken collect2 doesn't work under 4.3+
+	  collect2name=`${CC} -print-prog-name=collect2`
+	  if test -f "$collect2name" && \
+  	   strings "$collect2name" | grep resolve_lib_name >/dev/null
+	  then
+  	  # We have reworked collect2
+  	  hardcode_direct_F77=yes
+	  else
+  	  # We have old collect2
+  	  hardcode_direct_F77=unsupported
+  	  # It fails to find uninstalled libraries when the uninstalled
+  	  # path is not listed in the libpath.  Setting hardcode_minus_L
+  	  # to unsupported forces relinking
+  	  hardcode_minus_L_F77=yes
+  	  hardcode_libdir_flag_spec_F77='-L$libdir'
+  	  hardcode_libdir_separator_F77=
+	  fi
+	  ;;
+	esac
+	shared_flag='-shared'
+	if test "$aix_use_runtimelinking" = yes; then
+	  shared_flag="$shared_flag "'${wl}-G'
+	fi
+      else
+	# not using gcc
+	if test "$host_cpu" = ia64; then
+  	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+  	# chokes on -Wl,-G. The following line is correct:
+	  shared_flag='-G'
+	else
+	  if test "$aix_use_runtimelinking" = yes; then
+	    shared_flag='${wl}-G'
+	  else
+	    shared_flag='${wl}-bM:SRE'
+	  fi
+	fi
+      fi
+
+      # It seems that -bexpall does not export symbols beginning with
+      # underscore (_), so it is better to generate a list of symbols to export.
+      always_export_symbols_F77=yes
+      if test "$aix_use_runtimelinking" = yes; then
+	# Warning - without using the other runtime loading flags (-brtl),
+	# -berok will link without error, but may produce a broken library.
+	allow_undefined_flag_F77='-berok'
+       # Determine the default libpath from the value encoded in an empty executable.
+       cat >conftest.$ac_ext <<_ACEOF
+      program main
+
+      end
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_f77_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`; fi
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+       hardcode_libdir_flag_spec_F77='${wl}-blibpath:$libdir:'"$aix_libpath"
+	archive_expsym_cmds_F77="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+       else
+	if test "$host_cpu" = ia64; then
+	  hardcode_libdir_flag_spec_F77='${wl}-R $libdir:/usr/lib:/lib'
+	  allow_undefined_flag_F77="-z nodefs"
+	  archive_expsym_cmds_F77="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+	else
+	 # Determine the default libpath from the value encoded in an empty executable.
+	 cat >conftest.$ac_ext <<_ACEOF
+      program main
+
+      end
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_f77_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`; fi
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+	 hardcode_libdir_flag_spec_F77='${wl}-blibpath:$libdir:'"$aix_libpath"
+	  # Warning - without using the other run time loading flags,
+	  # -berok will link without error, but may produce a broken library.
+	  no_undefined_flag_F77=' ${wl}-bernotok'
+	  allow_undefined_flag_F77=' ${wl}-berok'
+	  # Exported symbols can be pulled into shared objects from archives
+	  whole_archive_flag_spec_F77='$convenience'
+	  archive_cmds_need_lc_F77=yes
+	  # This is similar to how AIX traditionally builds its shared libraries.
+	  archive_expsym_cmds_F77="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+	fi
+      fi
+      ;;
+
+    amigaos*)
+      archive_cmds_F77='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+      hardcode_libdir_flag_spec_F77='-L$libdir'
+      hardcode_minus_L_F77=yes
+      # see comment about different semantics on the GNU ld section
+      ld_shlibs_F77=no
+      ;;
+
+    bsdi[45]*)
+      export_dynamic_flag_spec_F77=-rdynamic
+      ;;
+
+    cygwin* | mingw* | pw32*)
+      # When not using gcc, we currently assume that we are using
+      # Microsoft Visual C++.
+      # hardcode_libdir_flag_spec is actually meaningless, as there is
+      # no search path for DLLs.
+      hardcode_libdir_flag_spec_F77=' '
+      allow_undefined_flag_F77=unsupported
+      # Tell ltmain to make .lib files, not .a files.
+      libext=lib
+      # Tell ltmain to make .dll files, not .so files.
+      shrext_cmds=".dll"
+      # FIXME: Setting linknames here is a bad hack.
+      archive_cmds_F77='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames='
+      # The linker will automatically build a .lib file if we build a DLL.
+      old_archive_From_new_cmds_F77='true'
+      # FIXME: Should let the user specify the lib program.
+      old_archive_cmds_F77='lib /OUT:$oldlib$oldobjs$old_deplibs'
+      fix_srcfile_path_F77='`cygpath -w "$srcfile"`'
+      enable_shared_with_static_runtimes_F77=yes
+      ;;
+
+    darwin* | rhapsody*)
+      case $host_os in
+        rhapsody* | darwin1.[012])
+         allow_undefined_flag_F77='${wl}-undefined ${wl}suppress'
+         ;;
+       *) # Darwin 1.3 on
+         if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+           allow_undefined_flag_F77='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+         else
+           case ${MACOSX_DEPLOYMENT_TARGET} in
+             10.[012])
+               allow_undefined_flag_F77='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+               ;;
+             10.*)
+               allow_undefined_flag_F77='${wl}-undefined ${wl}dynamic_lookup'
+               ;;
+           esac
+         fi
+         ;;
+      esac
+      archive_cmds_need_lc_F77=no
+      hardcode_direct_F77=no
+      hardcode_automatic_F77=yes
+      hardcode_shlibpath_var_F77=unsupported
+      whole_archive_flag_spec_F77=''
+      link_all_deplibs_F77=yes
+    if test "$GCC" = yes ; then
+    	output_verbose_link_cmd='echo'
+        archive_cmds_F77='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+      module_cmds_F77='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+      # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+      archive_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+      module_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+    else
+      case $cc_basename in
+        xlc*)
+         output_verbose_link_cmd='echo'
+         archive_cmds_F77='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+         module_cmds_F77='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+          # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+         archive_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+          module_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+          ;;
+       *)
+         ld_shlibs_F77=no
+          ;;
+      esac
+    fi
+      ;;
+
+    dgux*)
+      archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_libdir_flag_spec_F77='-L$libdir'
+      hardcode_shlibpath_var_F77=no
+      ;;
+
+    freebsd1*)
+      ld_shlibs_F77=no
+      ;;
+
+    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+    # support.  Future versions do this automatically, but an explicit c++rt0.o
+    # does not break anything, and helps significantly (at the cost of a little
+    # extra space).
+    freebsd2.2*)
+      archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+      hardcode_libdir_flag_spec_F77='-R$libdir'
+      hardcode_direct_F77=yes
+      hardcode_shlibpath_var_F77=no
+      ;;
+
+    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+    freebsd2*)
+      archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_direct_F77=yes
+      hardcode_minus_L_F77=yes
+      hardcode_shlibpath_var_F77=no
+      ;;
+
+    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+    freebsd* | kfreebsd*-gnu | dragonfly*)
+      archive_cmds_F77='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+      hardcode_libdir_flag_spec_F77='-R$libdir'
+      hardcode_direct_F77=yes
+      hardcode_shlibpath_var_F77=no
+      ;;
+
+    hpux9*)
+      if test "$GCC" = yes; then
+	archive_cmds_F77='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+      else
+	archive_cmds_F77='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+      fi
+      hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir'
+      hardcode_libdir_separator_F77=:
+      hardcode_direct_F77=yes
+
+      # hardcode_minus_L: Not really in the search PATH,
+      # but as the default location of the library.
+      hardcode_minus_L_F77=yes
+      export_dynamic_flag_spec_F77='${wl}-E'
+      ;;
+
+    hpux10*)
+      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+	archive_cmds_F77='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds_F77='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+      fi
+      if test "$with_gnu_ld" = no; then
+	hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir'
+	hardcode_libdir_separator_F77=:
+
+	hardcode_direct_F77=yes
+	export_dynamic_flag_spec_F77='${wl}-E'
+
+	# hardcode_minus_L: Not really in the search PATH,
+	# but as the default location of the library.
+	hardcode_minus_L_F77=yes
+      fi
+      ;;
+
+    hpux11*)
+      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+	case $host_cpu in
+	hppa*64*)
+	  archive_cmds_F77='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	ia64*)
+	  archive_cmds_F77='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  archive_cmds_F77='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	esac
+      else
+	case $host_cpu in
+	hppa*64*)
+	  archive_cmds_F77='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	ia64*)
+	  archive_cmds_F77='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  archive_cmds_F77='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	esac
+      fi
+      if test "$with_gnu_ld" = no; then
+	hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir'
+	hardcode_libdir_separator_F77=:
+
+	case $host_cpu in
+	hppa*64*|ia64*)
+	  hardcode_libdir_flag_spec_ld_F77='+b $libdir'
+	  hardcode_direct_F77=no
+	  hardcode_shlibpath_var_F77=no
+	  ;;
+	*)
+	  hardcode_direct_F77=yes
+	  export_dynamic_flag_spec_F77='${wl}-E'
+
+	  # hardcode_minus_L: Not really in the search PATH,
+	  # but as the default location of the library.
+	  hardcode_minus_L_F77=yes
+	  ;;
+	esac
+      fi
+      ;;
+
+    irix5* | irix6* | nonstopux*)
+      if test "$GCC" = yes; then
+	archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+      else
+	archive_cmds_F77='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+	hardcode_libdir_flag_spec_ld_F77='-rpath $libdir'
+      fi
+      hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir'
+      hardcode_libdir_separator_F77=:
+      link_all_deplibs_F77=yes
+      ;;
+
+    netbsd*)
+      if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+	archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
+      else
+	archive_cmds_F77='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
+      fi
+      hardcode_libdir_flag_spec_F77='-R$libdir'
+      hardcode_direct_F77=yes
+      hardcode_shlibpath_var_F77=no
+      ;;
+
+    newsos6)
+      archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_direct_F77=yes
+      hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir'
+      hardcode_libdir_separator_F77=:
+      hardcode_shlibpath_var_F77=no
+      ;;
+
+    openbsd*)
+      hardcode_direct_F77=yes
+      hardcode_shlibpath_var_F77=no
+      if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+	archive_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+	hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir'
+	export_dynamic_flag_spec_F77='${wl}-E'
+      else
+       case $host_os in
+	 openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+	   archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+	   hardcode_libdir_flag_spec_F77='-R$libdir'
+	   ;;
+	 *)
+	   archive_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	   hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir'
+	   ;;
+       esac
+      fi
+      ;;
+
+    os2*)
+      hardcode_libdir_flag_spec_F77='-L$libdir'
+      hardcode_minus_L_F77=yes
+      allow_undefined_flag_F77=unsupported
+      archive_cmds_F77='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+      old_archive_From_new_cmds_F77='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+      ;;
+
+    osf3*)
+      if test "$GCC" = yes; then
+	allow_undefined_flag_F77=' ${wl}-expect_unresolved ${wl}\*'
+	archive_cmds_F77='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+      else
+	allow_undefined_flag_F77=' -expect_unresolved \*'
+	archive_cmds_F77='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+      fi
+      hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir'
+      hardcode_libdir_separator_F77=:
+      ;;
+
+    osf4* | osf5*)	# as osf3* with the addition of -msym flag
+      if test "$GCC" = yes; then
+	allow_undefined_flag_F77=' ${wl}-expect_unresolved ${wl}\*'
+	archive_cmds_F77='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+	hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir'
+      else
+	allow_undefined_flag_F77=' -expect_unresolved \*'
+	archive_cmds_F77='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+	archive_expsym_cmds_F77='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
+	$LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp'
+
+	# Both c and cxx compiler support -rpath directly
+	hardcode_libdir_flag_spec_F77='-rpath $libdir'
+      fi
+      hardcode_libdir_separator_F77=:
+      ;;
+
+    solaris*)
+      no_undefined_flag_F77=' -z text'
+      if test "$GCC" = yes; then
+	wlarc='${wl}'
+	archive_cmds_F77='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds_F77='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+	  $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp'
+      else
+	wlarc=''
+	archive_cmds_F77='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	archive_expsym_cmds_F77='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+  	$LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+      fi
+      hardcode_libdir_flag_spec_F77='-R$libdir'
+      hardcode_shlibpath_var_F77=no
+      case $host_os in
+      solaris2.[0-5] | solaris2.[0-5].*) ;;
+      *)
+ 	# The compiler driver will combine linker options so we
+ 	# cannot just pass the convience library names through
+ 	# without $wl, iff we do not link with $LD.
+ 	# Luckily, gcc supports the same syntax we need for Sun Studio.
+ 	# Supported since Solaris 2.6 (maybe 2.5.1?)
+ 	case $wlarc in
+ 	'')
+ 	  whole_archive_flag_spec_F77='-z allextract$convenience -z defaultextract' ;;
+ 	*)
+ 	  whole_archive_flag_spec_F77='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;;
+ 	esac ;;
+      esac
+      link_all_deplibs_F77=yes
+      ;;
+
+    sunos4*)
+      if test "x$host_vendor" = xsequent; then
+	# Use $CC to link under sequent, because it throws in some extra .o
+	# files that make .init and .fini sections work.
+	archive_cmds_F77='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds_F77='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+      fi
+      hardcode_libdir_flag_spec_F77='-L$libdir'
+      hardcode_direct_F77=yes
+      hardcode_minus_L_F77=yes
+      hardcode_shlibpath_var_F77=no
+      ;;
+
+    sysv4)
+      case $host_vendor in
+	sni)
+	  archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  hardcode_direct_F77=yes # is this really true???
+	;;
+	siemens)
+	  ## LD is ld it makes a PLAMLIB
+	  ## CC just makes a GrossModule.
+	  archive_cmds_F77='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+	  reload_cmds_F77='$CC -r -o $output$reload_objs'
+	  hardcode_direct_F77=no
+        ;;
+	motorola)
+	  archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  hardcode_direct_F77=no #Motorola manual says yes, but my tests say they lie
+	;;
+      esac
+      runpath_var='LD_RUN_PATH'
+      hardcode_shlibpath_var_F77=no
+      ;;
+
+    sysv4.3*)
+      archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_shlibpath_var_F77=no
+      export_dynamic_flag_spec_F77='-Bexport'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	hardcode_shlibpath_var_F77=no
+	runpath_var=LD_RUN_PATH
+	hardcode_runpath_var=yes
+	ld_shlibs_F77=yes
+      fi
+      ;;
+
+    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*)
+      no_undefined_flag_F77='${wl}-z,text'
+      archive_cmds_need_lc_F77=no
+      hardcode_shlibpath_var_F77=no
+      runpath_var='LD_RUN_PATH'
+
+      if test "$GCC" = yes; then
+	archive_cmds_F77='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds_F77='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds_F77='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds_F77='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      fi
+      ;;
+
+    sysv5* | sco3.2v5* | sco5v6*)
+      # Note: We can NOT use -z defs as we might desire, because we do not
+      # link with -lc, and that would cause any symbols used from libc to
+      # always be unresolved, which means just about no library would
+      # ever link correctly.  If we're not using GNU ld we use -z text
+      # though, which does catch some bad symbols but isn't as heavy-handed
+      # as -z defs.
+      no_undefined_flag_F77='${wl}-z,text'
+      allow_undefined_flag_F77='${wl}-z,nodefs'
+      archive_cmds_need_lc_F77=no
+      hardcode_shlibpath_var_F77=no
+      hardcode_libdir_flag_spec_F77='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
+      hardcode_libdir_separator_F77=':'
+      link_all_deplibs_F77=yes
+      export_dynamic_flag_spec_F77='${wl}-Bexport'
+      runpath_var='LD_RUN_PATH'
+
+      if test "$GCC" = yes; then
+	archive_cmds_F77='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds_F77='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds_F77='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds_F77='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+      fi
+      ;;
+
+    uts4*)
+      archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_libdir_flag_spec_F77='-L$libdir'
+      hardcode_shlibpath_var_F77=no
+      ;;
+
+    *)
+      ld_shlibs_F77=no
+      ;;
+    esac
+  fi
+
+echo "$as_me:$LINENO: result: $ld_shlibs_F77" >&5
+echo "${ECHO_T}$ld_shlibs_F77" >&6
+test "$ld_shlibs_F77" = no && can_build_shared=no
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc_F77" in
+x|xyes)
+  # Assume -lc should be added
+  archive_cmds_need_lc_F77=yes
+
+  if test "$enable_shared" = yes && test "$GCC" = yes; then
+    case $archive_cmds_F77 in
+    *'~'*)
+      # FIXME: we may have to deal with multi-command sequences.
+      ;;
+    '$CC '*)
+      # Test whether the compiler implicitly links with -lc since on some
+      # systems, -lgcc has to come before -lc. If gcc already passes -lc
+      # to ld, don't add -lc before -lgcc.
+      echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
+echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6
+      $rm conftest*
+      printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+      if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } 2>conftest.err; then
+        soname=conftest
+        lib=conftest
+        libobjs=conftest.$ac_objext
+        deplibs=
+        wl=$lt_prog_compiler_wl_F77
+	pic_flag=$lt_prog_compiler_pic_F77
+        compiler_flags=-v
+        linker_flags=-v
+        verstring=
+        output_objdir=.
+        libname=conftest
+        lt_save_allow_undefined_flag=$allow_undefined_flag_F77
+        allow_undefined_flag_F77=
+        if { (eval echo "$as_me:$LINENO: \"$archive_cmds_F77 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5
+  (eval $archive_cmds_F77 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+        then
+	  archive_cmds_need_lc_F77=no
+        else
+	  archive_cmds_need_lc_F77=yes
+        fi
+        allow_undefined_flag_F77=$lt_save_allow_undefined_flag
+      else
+        cat conftest.err 1>&5
+      fi
+      $rm conftest*
+      echo "$as_me:$LINENO: result: $archive_cmds_need_lc_F77" >&5
+echo "${ECHO_T}$archive_cmds_need_lc_F77" >&6
+      ;;
+    esac
+  fi
+  ;;
+esac
+
+echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
+echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+if test "$GCC" = yes; then
+  sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+  if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
+    # if the path contains ";" then we assume it to be the separator
+    # otherwise default to the standard path separator (i.e. ":") - it is
+    # assumed that no part of a normal pathname contains ";" but that should
+    # okay in the real world where ";" in dirpaths is itself problematic.
+    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+  else
+    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
+  fi
+else
+  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+  shlibpath_var=LIBPATH
+
+  # AIX 3 has no versioning support, so we append a major version to the name.
+  soname_spec='${libname}${release}${shared_ext}$major'
+  ;;
+
+aix4* | aix5*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  hardcode_into_libs=yes
+  if test "$host_cpu" = ia64; then
+    # AIX 5 supports IA64
+    library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+    shlibpath_var=LD_LIBRARY_PATH
+  else
+    # With GCC up to 2.95.x, collect2 would create an import file
+    # for dependence libraries.  The import file would start with
+    # the line `#! .'.  This would cause the generated library to
+    # depend on `.', always an invalid library.  This was fixed in
+    # development snapshots of GCC prior to 3.0.
+    case $host_os in
+      aix4 | aix4.[01] | aix4.[01].*)
+      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+	   echo ' yes '
+	   echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
+	:
+      else
+	can_build_shared=no
+      fi
+      ;;
+    esac
+    # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+    # soname into executable. Probably we can add versioning support to
+    # collect2, so additional links can be useful in future.
+    if test "$aix_use_runtimelinking" = yes; then
+      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+      # instead of lib<name>.a to let people know that these are not
+      # typical AIX shared libraries.
+      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    else
+      # We preserve .a as extension for shared libraries through AIX4.2
+      # and later when we are not doing run time linking.
+      library_names_spec='${libname}${release}.a $libname.a'
+      soname_spec='${libname}${release}${shared_ext}$major'
+    fi
+    shlibpath_var=LIBPATH
+  fi
+  ;;
+
+amigaos*)
+  library_names_spec='$libname.ixlibrary $libname.a'
+  # Create ${libname}_ixlibrary.a entries in /sys/libs.
+  finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+  ;;
+
+beos*)
+  library_names_spec='${libname}${shared_ext}'
+  dynamic_linker="$host_os ld.so"
+  shlibpath_var=LIBRARY_PATH
+  ;;
+
+bsdi[45]*)
+  version_type=linux
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+  # the default ld.so.conf also contains /usr/contrib/lib and
+  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+  # libtool to hard-code these into programs
+  ;;
+
+cygwin* | mingw* | pw32*)
+  version_type=windows
+  shrext_cmds=".dll"
+  need_version=no
+  need_lib_prefix=no
+
+  case $GCC,$host_os in
+  yes,cygwin* | yes,mingw* | yes,pw32*)
+    library_names_spec='$libname.dll.a'
+    # DLL is installed to $(libdir)/../bin by postinstall_cmds
+    postinstall_cmds='base_file=`basename \${file}`~
+      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
+      dldir=$destdir/`dirname \$dlpath`~
+      test -d \$dldir || mkdir -p \$dldir~
+      $install_prog $dir/$dlname \$dldir/$dlname~
+      chmod a+x \$dldir/$dlname'
+    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+      dlpath=$dir/\$dldll~
+       $rm \$dlpath'
+    shlibpath_overrides_runpath=yes
+
+    case $host_os in
+    cygwin*)
+      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+      soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+      ;;
+    mingw*)
+      # MinGW DLLs use traditional 'lib' prefix
+      soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+      if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then
+        # It is most probably a Windows format PATH printed by
+        # mingw gcc, but we are running on Cygwin. Gcc prints its search
+        # path with ; separators, and with drive letters. We can handle the
+        # drive letters (cygwin fileutils understands them), so leave them,
+        # especially as we might pass files found there to a mingw objdump,
+        # which wouldn't understand a cygwinified path. Ahh.
+        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+      else
+        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
+      fi
+      ;;
+    pw32*)
+      # pw32 DLLs use 'pw' prefix rather than 'lib'
+      library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      ;;
+    esac
+    ;;
+
+  *)
+    library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+    ;;
+  esac
+  dynamic_linker='Win32 ld.exe'
+  # FIXME: first we should search . and the directory the executable is in
+  shlibpath_var=PATH
+  ;;
+
+darwin* | rhapsody*)
+  dynamic_linker="$host_os dyld"
+  version_type=darwin
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+  soname_spec='${libname}${release}${major}$shared_ext'
+  shlibpath_overrides_runpath=yes
+  shlibpath_var=DYLD_LIBRARY_PATH
+  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+  # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
+  if test "$GCC" = yes; then
+    sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
+  else
+    sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
+  fi
+  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+  ;;
+
+dgux*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+freebsd1*)
+  dynamic_linker=no
+  ;;
+
+kfreebsd*-gnu)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='GNU ld.so'
+  ;;
+
+freebsd* | dragonfly*)
+  # DragonFly does not have aout.  When/if they implement a new
+  # versioning mechanism, adjust this.
+  if test -x /usr/bin/objformat; then
+    objformat=`/usr/bin/objformat`
+  else
+    case $host_os in
+    freebsd[123]*) objformat=aout ;;
+    *) objformat=elf ;;
+    esac
+  fi
+  version_type=freebsd-$objformat
+  case $version_type in
+    freebsd-elf*)
+      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+      need_version=no
+      need_lib_prefix=no
+      ;;
+    freebsd-*)
+      library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+      need_version=yes
+      ;;
+  esac
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_os in
+  freebsd2*)
+    shlibpath_overrides_runpath=yes
+    ;;
+  freebsd3.[01]* | freebsdelf3.[01]*)
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+  freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+    shlibpath_overrides_runpath=no
+    hardcode_into_libs=yes
+    ;;
+  freebsd*) # from 4.6 on
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  esac
+  ;;
+
+gnu*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  hardcode_into_libs=yes
+  ;;
+
+hpux9* | hpux10* | hpux11*)
+  # Give a soname corresponding to the major version so that dld.sl refuses to
+  # link against other versions.
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  case $host_cpu in
+  ia64*)
+    shrext_cmds='.so'
+    hardcode_into_libs=yes
+    dynamic_linker="$host_os dld.so"
+    shlibpath_var=LD_LIBRARY_PATH
+    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    if test "X$HPUX_IA64_MODE" = X32; then
+      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+    else
+      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+    fi
+    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+    ;;
+   hppa*64*)
+     shrext_cmds='.sl'
+     hardcode_into_libs=yes
+     dynamic_linker="$host_os dld.sl"
+     shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+     shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+     library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+     soname_spec='${libname}${release}${shared_ext}$major'
+     sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+     sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+     ;;
+   *)
+    shrext_cmds='.sl'
+    dynamic_linker="$host_os dld.sl"
+    shlibpath_var=SHLIB_PATH
+    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    ;;
+  esac
+  # HP-UX runs *really* slowly unless shared libraries are mode 555.
+  postinstall_cmds='chmod 555 $lib'
+  ;;
+
+interix3*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
+irix5* | irix6* | nonstopux*)
+  case $host_os in
+    nonstopux*) version_type=nonstopux ;;
+    *)
+	if test "$lt_cv_prog_gnu_ld" = yes; then
+		version_type=linux
+	else
+		version_type=irix
+	fi ;;
+  esac
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='${libname}${release}${shared_ext}$major'
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+  case $host_os in
+  irix5* | nonstopux*)
+    libsuff= shlibsuff=
+    ;;
+  *)
+    case $LD in # libtool.m4 will add one of these switches to LD
+    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+      libsuff= shlibsuff= libmagic=32-bit;;
+    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+      libsuff=32 shlibsuff=N32 libmagic=N32;;
+    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+      libsuff=64 shlibsuff=64 libmagic=64-bit;;
+    *) libsuff= shlibsuff= libmagic=never-match;;
+    esac
+    ;;
+  esac
+  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+  shlibpath_overrides_runpath=no
+  sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+  hardcode_into_libs=yes
+  ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+  dynamic_linker=no
+  ;;
+
+# This must be Linux ELF.
+linux*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  # This implies no fast_install, which is unacceptable.
+  # Some rework will be needed to allow for fast_install
+  # before this can be enabled.
+  hardcode_into_libs=yes
+
+  # Append ld.so.conf contents to the search path
+  if test -f /etc/ld.so.conf; then
+    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+  fi
+
+  # We used to test for /lib/ld.so.1 and disable shared libraries on
+  # powerpc, because MkLinux only supported shared libraries with the
+  # GNU dynamic linker.  Since this was broken with cross compilers,
+  # most powerpc-linux boxes support dynamic linking these days and
+  # people can always --disable-shared, the test was removed, and we
+  # assume the GNU/Linux dynamic linker is in use.
+  dynamic_linker='GNU/Linux ld.so'
+  ;;
+
+knetbsd*-gnu)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='GNU ld.so'
+  ;;
+
+netbsd*)
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+    dynamic_linker='NetBSD (a.out) ld.so'
+  else
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    dynamic_linker='NetBSD ld.elf_so'
+  fi
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  ;;
+
+newsos6)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+nto-qnx*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+openbsd*)
+  version_type=sunos
+  sys_lib_dlsearch_path_spec="/usr/lib"
+  need_lib_prefix=no
+  # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+  case $host_os in
+    openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+    *)                         need_version=no  ;;
+  esac
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+    case $host_os in
+      openbsd2.[89] | openbsd2.[89].*)
+	shlibpath_overrides_runpath=no
+	;;
+      *)
+	shlibpath_overrides_runpath=yes
+	;;
+      esac
+  else
+    shlibpath_overrides_runpath=yes
+  fi
+  ;;
+
+os2*)
+  libname_spec='$name'
+  shrext_cmds=".dll"
+  need_lib_prefix=no
+  library_names_spec='$libname${shared_ext} $libname.a'
+  dynamic_linker='OS/2 ld.exe'
+  shlibpath_var=LIBPATH
+  ;;
+
+osf3* | osf4* | osf5*)
+  version_type=osf
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='${libname}${release}${shared_ext}$major'
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+  ;;
+
+solaris*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  # ldd complains unless libraries are executable
+  postinstall_cmds='chmod +x $lib'
+  ;;
+
+sunos4*)
+  version_type=sunos
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  if test "$with_gnu_ld" = yes; then
+    need_lib_prefix=no
+  fi
+  need_version=yes
+  ;;
+
+sysv4 | sysv4.3*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_vendor in
+    sni)
+      shlibpath_overrides_runpath=no
+      need_lib_prefix=no
+      export_dynamic_flag_spec='${wl}-Blargedynsym'
+      runpath_var=LD_RUN_PATH
+      ;;
+    siemens)
+      need_lib_prefix=no
+      ;;
+    motorola)
+      need_lib_prefix=no
+      need_version=no
+      shlibpath_overrides_runpath=no
+      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+      ;;
+  esac
+  ;;
+
+sysv4*MP*)
+  if test -d /usr/nec ;then
+    version_type=linux
+    library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+    soname_spec='$libname${shared_ext}.$major'
+    shlibpath_var=LD_LIBRARY_PATH
+  fi
+  ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+  version_type=freebsd-elf
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  hardcode_into_libs=yes
+  if test "$with_gnu_ld" = yes; then
+    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+    shlibpath_overrides_runpath=no
+  else
+    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+    shlibpath_overrides_runpath=yes
+    case $host_os in
+      sco3.2v5*)
+        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+	;;
+    esac
+  fi
+  sys_lib_dlsearch_path_spec='/usr/lib'
+  ;;
+
+uts4*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+*)
+  dynamic_linker=no
+  ;;
+esac
+echo "$as_me:$LINENO: result: $dynamic_linker" >&5
+echo "${ECHO_T}$dynamic_linker" >&6
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
+echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6
+hardcode_action_F77=
+if test -n "$hardcode_libdir_flag_spec_F77" || \
+   test -n "$runpath_var_F77" || \
+   test "X$hardcode_automatic_F77" = "Xyes" ; then
+
+  # We can hardcode non-existant directories.
+  if test "$hardcode_direct_F77" != no &&
+     # If the only mechanism to avoid hardcoding is shlibpath_var, we
+     # have to relink, otherwise we might link with an installed library
+     # when we should be linking with a yet-to-be-installed one
+     ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, F77)" != no &&
+     test "$hardcode_minus_L_F77" != no; then
+    # Linking always hardcodes the temporary library directory.
+    hardcode_action_F77=relink
+  else
+    # We can link without hardcoding, and we can hardcode nonexisting dirs.
+    hardcode_action_F77=immediate
+  fi
+else
+  # We cannot hardcode anything, or else we can only hardcode existing
+  # directories.
+  hardcode_action_F77=unsupported
+fi
+echo "$as_me:$LINENO: result: $hardcode_action_F77" >&5
+echo "${ECHO_T}$hardcode_action_F77" >&6
+
+if test "$hardcode_action_F77" = relink; then
+  # Fast installation is not supported
+  enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+     test "$enable_shared" = no; then
+  # Fast installation is not necessary
+  enable_fast_install=needless
+fi
+
+
+# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+  # See if we are running on zsh, and set the options which allow our commands through
+  # without removal of \ escapes.
+  if test -n "${ZSH_VERSION+set}" ; then
+    setopt NO_GLOB_SUBST
+  fi
+  # Now quote all the things that may contain metacharacters while being
+  # careful not to overquote the AC_SUBSTed values.  We take copies of the
+  # variables and quote the copies for generation of the libtool script.
+  for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \
+    SED SHELL STRIP \
+    libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+    old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+    deplibs_check_method reload_flag reload_cmds need_locks \
+    lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+    lt_cv_sys_global_symbol_to_c_name_address \
+    sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+    old_postinstall_cmds old_postuninstall_cmds \
+    compiler_F77 \
+    CC_F77 \
+    LD_F77 \
+    lt_prog_compiler_wl_F77 \
+    lt_prog_compiler_pic_F77 \
+    lt_prog_compiler_static_F77 \
+    lt_prog_compiler_no_builtin_flag_F77 \
+    export_dynamic_flag_spec_F77 \
+    thread_safe_flag_spec_F77 \
+    whole_archive_flag_spec_F77 \
+    enable_shared_with_static_runtimes_F77 \
+    old_archive_cmds_F77 \
+    old_archive_from_new_cmds_F77 \
+    predep_objects_F77 \
+    postdep_objects_F77 \
+    predeps_F77 \
+    postdeps_F77 \
+    compiler_lib_search_path_F77 \
+    archive_cmds_F77 \
+    archive_expsym_cmds_F77 \
+    postinstall_cmds_F77 \
+    postuninstall_cmds_F77 \
+    old_archive_from_expsyms_cmds_F77 \
+    allow_undefined_flag_F77 \
+    no_undefined_flag_F77 \
+    export_symbols_cmds_F77 \
+    hardcode_libdir_flag_spec_F77 \
+    hardcode_libdir_flag_spec_ld_F77 \
+    hardcode_libdir_separator_F77 \
+    hardcode_automatic_F77 \
+    module_cmds_F77 \
+    module_expsym_cmds_F77 \
+    lt_cv_prog_compiler_c_o_F77 \
+    exclude_expsyms_F77 \
+    include_expsyms_F77; do
+
+    case $var in
+    old_archive_cmds_F77 | \
+    old_archive_from_new_cmds_F77 | \
+    archive_cmds_F77 | \
+    archive_expsym_cmds_F77 | \
+    module_cmds_F77 | \
+    module_expsym_cmds_F77 | \
+    old_archive_from_expsyms_cmds_F77 | \
+    export_symbols_cmds_F77 | \
+    extract_expsyms_cmds | reload_cmds | finish_cmds | \
+    postinstall_cmds | postuninstall_cmds | \
+    old_postinstall_cmds | old_postuninstall_cmds | \
+    sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+      # Double-quote double-evaled strings.
+      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+      ;;
+    *)
+      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+      ;;
+    esac
+  done
+
+  case $lt_echo in
+  *'\$0 --fallback-echo"')
+    lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
+    ;;
+  esac
+
+cfgfile="$ofile"
+
+  cat <<__EOF__ >> "$cfgfile"
+# ### BEGIN LIBTOOL TAG CONFIG: $tagname
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc_F77
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_F77
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_LTCFLAGS
+
+# A language-specific compiler.
+CC=$lt_compiler_F77
+
+# Is the compiler the GNU C compiler?
+with_gcc=$GCC_F77
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_LD_F77
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl_F77
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic_F77
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o_F77
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static_F77
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_F77
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_F77
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec_F77
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_thread_safe_flag_spec_F77
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names.  First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_old_archive_cmds_F77
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_F77
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_F77
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_archive_cmds_F77
+archive_expsym_cmds=$lt_archive_expsym_cmds_F77
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_module_cmds_F77
+module_expsym_cmds=$lt_module_expsym_cmds_F77
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_predep_objects_F77
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_postdep_objects_F77
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_predeps_F77
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_postdeps_F77
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path_F77
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag_F77
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag_F77
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action_F77
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_F77
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_F77
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator_F77
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$hardcode_direct_F77
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$hardcode_minus_L_F77
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var_F77
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$hardcode_automatic_F77
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs_F77
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$fix_srcfile_path_F77"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$always_export_symbols_F77
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds_F77
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms_F77
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms_F77
+
+# ### END LIBTOOL TAG CONFIG: $tagname
+
+__EOF__
+
+
+else
+  # If there is no Makefile yet, we rely on a make rule to execute
+  # `config.status --recheck' to rerun these tests and create the
+  # libtool script then.
+  ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+  if test -f "$ltmain_in"; then
+    test -f Makefile && make "$ltmain"
+  fi
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+	else
+	  tagname=""
+	fi
+	;;
+
+      GCJ)
+	if test -n "$GCJ" && test "X$GCJ" != "Xno"; then
+
+
+
+# Source file extension for Java test sources.
+ac_ext=java
+
+# Object file extension for compiled Java test sources.
+objext=o
+objext_GCJ=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="class foo {}\n"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='public class conftest { public static void main(String[] argv) {}; }\n'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${GCJ-"gcj"}
+compiler=$CC
+compiler_GCJ=$CC
+for cc_temp in $compiler""; do
+  case $cc_temp in
+    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+    \-*) ;;
+    *) break;;
+  esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+# GCJ did not exist at the time GCC didn't implicitly link libc in.
+archive_cmds_need_lc_GCJ=no
+
+old_archive_cmds_GCJ=$old_archive_cmds
+
+
+lt_prog_compiler_no_builtin_flag_GCJ=
+
+if test "$GCC" = yes; then
+  lt_prog_compiler_no_builtin_flag_GCJ=' -fno-builtin'
+
+
+echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6
+if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  lt_cv_prog_compiler_rtti_exceptions=no
+  ac_outfile=conftest.$ac_objext
+   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+   lt_compiler_flag="-fno-rtti -fno-exceptions"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   # The option is referenced via a variable to avoid confusing sed.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:15634: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>conftest.err)
+   ac_status=$?
+   cat conftest.err >&5
+   echo "$as_me:15638: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s "$ac_outfile"; then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings other than the usual output.
+     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_rtti_exceptions=yes
+     fi
+   fi
+   $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_rtti_exceptions" >&6
+
+if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then
+    lt_prog_compiler_no_builtin_flag_GCJ="$lt_prog_compiler_no_builtin_flag_GCJ -fno-rtti -fno-exceptions"
+else
+    :
+fi
+
+fi
+
+lt_prog_compiler_wl_GCJ=
+lt_prog_compiler_pic_GCJ=
+lt_prog_compiler_static_GCJ=
+
+echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
+echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6
+
+  if test "$GCC" = yes; then
+    lt_prog_compiler_wl_GCJ='-Wl,'
+    lt_prog_compiler_static_GCJ='-static'
+
+    case $host_os in
+      aix*)
+      # All AIX code is PIC.
+      if test "$host_cpu" = ia64; then
+	# AIX 5 now supports IA64 processor
+	lt_prog_compiler_static_GCJ='-Bstatic'
+      fi
+      ;;
+
+    amigaos*)
+      # FIXME: we need at least 68020 code to build shared libraries, but
+      # adding the `-m68020' flag to GCC prevents building anything better,
+      # like `-m68040'.
+      lt_prog_compiler_pic_GCJ='-m68020 -resident32 -malways-restore-a4'
+      ;;
+
+    beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+      # PIC is the default for these OSes.
+      ;;
+
+    mingw* | pw32* | os2*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      lt_prog_compiler_pic_GCJ='-DDLL_EXPORT'
+      ;;
+
+    darwin* | rhapsody*)
+      # PIC is the default on this platform
+      # Common symbols not allowed in MH_DYLIB files
+      lt_prog_compiler_pic_GCJ='-fno-common'
+      ;;
+
+    interix3*)
+      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+      # Instead, we relocate shared libraries at runtime.
+      ;;
+
+    msdosdjgpp*)
+      # Just because we use GCC doesn't mean we suddenly get shared libraries
+      # on systems that don't support them.
+      lt_prog_compiler_can_build_shared_GCJ=no
+      enable_shared=no
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	lt_prog_compiler_pic_GCJ=-Kconform_pic
+      fi
+      ;;
+
+    hpux*)
+      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+      # not for PA HP-UX.
+      case $host_cpu in
+      hppa*64*|ia64*)
+	# +Z the default
+	;;
+      *)
+	lt_prog_compiler_pic_GCJ='-fPIC'
+	;;
+      esac
+      ;;
+
+    *)
+      lt_prog_compiler_pic_GCJ='-fPIC'
+      ;;
+    esac
+  else
+    # PORTME Check for flag to pass linker flags through the system compiler.
+    case $host_os in
+    aix*)
+      lt_prog_compiler_wl_GCJ='-Wl,'
+      if test "$host_cpu" = ia64; then
+	# AIX 5 now supports IA64 processor
+	lt_prog_compiler_static_GCJ='-Bstatic'
+      else
+	lt_prog_compiler_static_GCJ='-bnso -bI:/lib/syscalls.exp'
+      fi
+      ;;
+      darwin*)
+        # PIC is the default on this platform
+        # Common symbols not allowed in MH_DYLIB files
+       case $cc_basename in
+         xlc*)
+         lt_prog_compiler_pic_GCJ='-qnocommon'
+         lt_prog_compiler_wl_GCJ='-Wl,'
+         ;;
+       esac
+       ;;
+
+    mingw* | pw32* | os2*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      lt_prog_compiler_pic_GCJ='-DDLL_EXPORT'
+      ;;
+
+    hpux9* | hpux10* | hpux11*)
+      lt_prog_compiler_wl_GCJ='-Wl,'
+      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+      # not for PA HP-UX.
+      case $host_cpu in
+      hppa*64*|ia64*)
+	# +Z the default
+	;;
+      *)
+	lt_prog_compiler_pic_GCJ='+Z'
+	;;
+      esac
+      # Is there a better lt_prog_compiler_static that works with the bundled CC?
+      lt_prog_compiler_static_GCJ='${wl}-a ${wl}archive'
+      ;;
+
+    irix5* | irix6* | nonstopux*)
+      lt_prog_compiler_wl_GCJ='-Wl,'
+      # PIC (with -KPIC) is the default.
+      lt_prog_compiler_static_GCJ='-non_shared'
+      ;;
+
+    newsos6)
+      lt_prog_compiler_pic_GCJ='-KPIC'
+      lt_prog_compiler_static_GCJ='-Bstatic'
+      ;;
+
+    linux*)
+      case $cc_basename in
+      icc* | ecc*)
+	lt_prog_compiler_wl_GCJ='-Wl,'
+	lt_prog_compiler_pic_GCJ='-KPIC'
+	lt_prog_compiler_static_GCJ='-static'
+        ;;
+      pgcc* | pgf77* | pgf90* | pgf95*)
+        # Portland Group compilers (*not* the Pentium gcc compiler,
+	# which looks to be a dead project)
+	lt_prog_compiler_wl_GCJ='-Wl,'
+	lt_prog_compiler_pic_GCJ='-fpic'
+	lt_prog_compiler_static_GCJ='-Bstatic'
+        ;;
+      ccc*)
+        lt_prog_compiler_wl_GCJ='-Wl,'
+        # All Alpha code is PIC.
+        lt_prog_compiler_static_GCJ='-non_shared'
+        ;;
+      esac
+      ;;
+
+    osf3* | osf4* | osf5*)
+      lt_prog_compiler_wl_GCJ='-Wl,'
+      # All OSF/1 code is PIC.
+      lt_prog_compiler_static_GCJ='-non_shared'
+      ;;
+
+    solaris*)
+      lt_prog_compiler_pic_GCJ='-KPIC'
+      lt_prog_compiler_static_GCJ='-Bstatic'
+      case $cc_basename in
+      f77* | f90* | f95*)
+	lt_prog_compiler_wl_GCJ='-Qoption ld ';;
+      *)
+	lt_prog_compiler_wl_GCJ='-Wl,';;
+      esac
+      ;;
+
+    sunos4*)
+      lt_prog_compiler_wl_GCJ='-Qoption ld '
+      lt_prog_compiler_pic_GCJ='-PIC'
+      lt_prog_compiler_static_GCJ='-Bstatic'
+      ;;
+
+    sysv4 | sysv4.2uw2* | sysv4.3*)
+      lt_prog_compiler_wl_GCJ='-Wl,'
+      lt_prog_compiler_pic_GCJ='-KPIC'
+      lt_prog_compiler_static_GCJ='-Bstatic'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec ;then
+	lt_prog_compiler_pic_GCJ='-Kconform_pic'
+	lt_prog_compiler_static_GCJ='-Bstatic'
+      fi
+      ;;
+
+    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+      lt_prog_compiler_wl_GCJ='-Wl,'
+      lt_prog_compiler_pic_GCJ='-KPIC'
+      lt_prog_compiler_static_GCJ='-Bstatic'
+      ;;
+
+    unicos*)
+      lt_prog_compiler_wl_GCJ='-Wl,'
+      lt_prog_compiler_can_build_shared_GCJ=no
+      ;;
+
+    uts4*)
+      lt_prog_compiler_pic_GCJ='-pic'
+      lt_prog_compiler_static_GCJ='-Bstatic'
+      ;;
+
+    *)
+      lt_prog_compiler_can_build_shared_GCJ=no
+      ;;
+    esac
+  fi
+
+echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_GCJ" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_GCJ" >&6
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic_GCJ"; then
+
+echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_GCJ works" >&5
+echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_GCJ works... $ECHO_C" >&6
+if test "${lt_prog_compiler_pic_works_GCJ+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  lt_prog_compiler_pic_works_GCJ=no
+  ac_outfile=conftest.$ac_objext
+   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+   lt_compiler_flag="$lt_prog_compiler_pic_GCJ"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   # The option is referenced via a variable to avoid confusing sed.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:15902: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>conftest.err)
+   ac_status=$?
+   cat conftest.err >&5
+   echo "$as_me:15906: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s "$ac_outfile"; then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings other than the usual output.
+     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+       lt_prog_compiler_pic_works_GCJ=yes
+     fi
+   fi
+   $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works_GCJ" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_works_GCJ" >&6
+
+if test x"$lt_prog_compiler_pic_works_GCJ" = xyes; then
+    case $lt_prog_compiler_pic_GCJ in
+     "" | " "*) ;;
+     *) lt_prog_compiler_pic_GCJ=" $lt_prog_compiler_pic_GCJ" ;;
+     esac
+else
+    lt_prog_compiler_pic_GCJ=
+     lt_prog_compiler_can_build_shared_GCJ=no
+fi
+
+fi
+case $host_os in
+  # For platforms which do not support PIC, -DPIC is meaningless:
+  *djgpp*)
+    lt_prog_compiler_pic_GCJ=
+    ;;
+  *)
+    lt_prog_compiler_pic_GCJ="$lt_prog_compiler_pic_GCJ"
+    ;;
+esac
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl_GCJ eval lt_tmp_static_flag=\"$lt_prog_compiler_static_GCJ\"
+echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6
+if test "${lt_prog_compiler_static_works_GCJ+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  lt_prog_compiler_static_works_GCJ=no
+   save_LDFLAGS="$LDFLAGS"
+   LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+   printf "$lt_simple_link_test_code" > conftest.$ac_ext
+   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+     # The linker can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     if test -s conftest.err; then
+       # Append any errors to the config.log.
+       cat conftest.err 1>&5
+       $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+       if diff conftest.exp conftest.er2 >/dev/null; then
+         lt_prog_compiler_static_works_GCJ=yes
+       fi
+     else
+       lt_prog_compiler_static_works_GCJ=yes
+     fi
+   fi
+   $rm conftest*
+   LDFLAGS="$save_LDFLAGS"
+
+fi
+echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works_GCJ" >&5
+echo "${ECHO_T}$lt_prog_compiler_static_works_GCJ" >&6
+
+if test x"$lt_prog_compiler_static_works_GCJ" = xyes; then
+    :
+else
+    lt_prog_compiler_static_GCJ=
+fi
+
+
+echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
+echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6
+if test "${lt_cv_prog_compiler_c_o_GCJ+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  lt_cv_prog_compiler_c_o_GCJ=no
+   $rm -r conftest 2>/dev/null
+   mkdir conftest
+   cd conftest
+   mkdir out
+   printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+   lt_compiler_flag="-o out/conftest2.$ac_objext"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:16006: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>out/conftest.err)
+   ac_status=$?
+   cat out/conftest.err >&5
+   echo "$as_me:16010: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s out/conftest2.$ac_objext
+   then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_c_o_GCJ=yes
+     fi
+   fi
+   chmod u+w . 2>&5
+   $rm conftest*
+   # SGI C++ compiler will create directory out/ii_files/ for
+   # template instantiation
+   test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files
+   $rm out/* && rmdir out
+   cd ..
+   rmdir conftest
+   $rm conftest*
+
+fi
+echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_GCJ" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_c_o_GCJ" >&6
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o_GCJ" = no && test "$need_locks" != no; then
+  # do not overwrite the value of need_locks provided by the user
+  echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
+echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6
+  hard_links=yes
+  $rm conftest*
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  touch conftest.a
+  ln conftest.a conftest.b 2>&5 || hard_links=no
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  echo "$as_me:$LINENO: result: $hard_links" >&5
+echo "${ECHO_T}$hard_links" >&6
+  if test "$hard_links" = no; then
+    { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+    need_locks=warn
+  fi
+else
+  need_locks=no
+fi
+
+echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6
+
+  runpath_var=
+  allow_undefined_flag_GCJ=
+  enable_shared_with_static_runtimes_GCJ=no
+  archive_cmds_GCJ=
+  archive_expsym_cmds_GCJ=
+  old_archive_From_new_cmds_GCJ=
+  old_archive_from_expsyms_cmds_GCJ=
+  export_dynamic_flag_spec_GCJ=
+  whole_archive_flag_spec_GCJ=
+  thread_safe_flag_spec_GCJ=
+  hardcode_libdir_flag_spec_GCJ=
+  hardcode_libdir_flag_spec_ld_GCJ=
+  hardcode_libdir_separator_GCJ=
+  hardcode_direct_GCJ=no
+  hardcode_minus_L_GCJ=no
+  hardcode_shlibpath_var_GCJ=unsupported
+  link_all_deplibs_GCJ=unknown
+  hardcode_automatic_GCJ=no
+  module_cmds_GCJ=
+  module_expsym_cmds_GCJ=
+  always_export_symbols_GCJ=no
+  export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+  # include_expsyms should be a list of space-separated symbols to be *always*
+  # included in the symbol list
+  include_expsyms_GCJ=
+  # exclude_expsyms can be an extended regexp of symbols to exclude
+  # it will be wrapped by ` (' and `)$', so one must not match beginning or
+  # end of line.  Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+  # as well as any symbol that contains `d'.
+  exclude_expsyms_GCJ="_GLOBAL_OFFSET_TABLE_"
+  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+  # platforms (ab)use it in PIC code, but their linkers get confused if
+  # the symbol is explicitly referenced.  Since portable code cannot
+  # rely on this symbol name, it's probably fine to never include it in
+  # preloaded symbol tables.
+  extract_expsyms_cmds=
+  # Just being paranoid about ensuring that cc_basename is set.
+  for cc_temp in $compiler""; do
+  case $cc_temp in
+    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+    \-*) ;;
+    *) break;;
+  esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+  case $host_os in
+  cygwin* | mingw* | pw32*)
+    # FIXME: the MSVC++ port hasn't been tested in a loooong time
+    # When not using gcc, we currently assume that we are using
+    # Microsoft Visual C++.
+    if test "$GCC" != yes; then
+      with_gnu_ld=no
+    fi
+    ;;
+  interix*)
+    # we just hope/assume this is gcc and not c89 (= MSVC++)
+    with_gnu_ld=yes
+    ;;
+  openbsd*)
+    with_gnu_ld=no
+    ;;
+  esac
+
+  ld_shlibs_GCJ=yes
+  if test "$with_gnu_ld" = yes; then
+    # If archive_cmds runs LD, not CC, wlarc should be empty
+    wlarc='${wl}'
+
+    # Set some defaults for GNU ld with shared library support. These
+    # are reset later if shared libraries are not supported. Putting them
+    # here allows them to be overridden if necessary.
+    runpath_var=LD_RUN_PATH
+    hardcode_libdir_flag_spec_GCJ='${wl}--rpath ${wl}$libdir'
+    export_dynamic_flag_spec_GCJ='${wl}--export-dynamic'
+    # ancient GNU ld didn't support --whole-archive et. al.
+    if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then
+	whole_archive_flag_spec_GCJ="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+      else
+  	whole_archive_flag_spec_GCJ=
+    fi
+    supports_anon_versioning=no
+    case `$LD -v 2>/dev/null` in
+      *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
+      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+      *\ 2.11.*) ;; # other 2.11 versions
+      *) supports_anon_versioning=yes ;;
+    esac
+
+    # See if GNU ld supports shared libraries.
+    case $host_os in
+    aix3* | aix4* | aix5*)
+      # On AIX/PPC, the GNU linker is very broken
+      if test "$host_cpu" != ia64; then
+	ld_shlibs_GCJ=no
+	cat <<EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support.  If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+EOF
+      fi
+      ;;
+
+    amigaos*)
+      archive_cmds_GCJ='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+      hardcode_libdir_flag_spec_GCJ='-L$libdir'
+      hardcode_minus_L_GCJ=yes
+
+      # Samuel A. Falvo II <kc5tja@dolphin.openprojects.net> reports
+      # that the semantics of dynamic libraries on AmigaOS, at least up
+      # to version 4, is to share data among multiple programs linked
+      # with the same dynamic library.  Since this doesn't match the
+      # behavior of shared libraries on other platforms, we can't use
+      # them.
+      ld_shlibs_GCJ=no
+      ;;
+
+    beos*)
+      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	allow_undefined_flag_GCJ=unsupported
+	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+	# support --undefined.  This deserves some investigation.  FIXME
+	archive_cmds_GCJ='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+      else
+	ld_shlibs_GCJ=no
+      fi
+      ;;
+
+    cygwin* | mingw* | pw32*)
+      # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, GCJ) is actually meaningless,
+      # as there is no search path for DLLs.
+      hardcode_libdir_flag_spec_GCJ='-L$libdir'
+      allow_undefined_flag_GCJ=unsupported
+      always_export_symbols_GCJ=no
+      enable_shared_with_static_runtimes_GCJ=yes
+      export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols'
+
+      if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+        archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+	# If the export-symbols file already is a .def file (1st line
+	# is EXPORTS), use it as is; otherwise, prepend...
+	archive_expsym_cmds_GCJ='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+	  cp $export_symbols $output_objdir/$soname.def;
+	else
+	  echo EXPORTS > $output_objdir/$soname.def;
+	  cat $export_symbols >> $output_objdir/$soname.def;
+	fi~
+	$CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+      else
+	ld_shlibs_GCJ=no
+      fi
+      ;;
+
+    interix3*)
+      hardcode_direct_GCJ=no
+      hardcode_shlibpath_var_GCJ=no
+      hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir'
+      export_dynamic_flag_spec_GCJ='${wl}-E'
+      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+      # Instead, shared libraries are loaded at an image base (0x10000000 by
+      # default) and relocated if they conflict, which is a slow very memory
+      # consuming and fragmenting process.  To avoid this, we pick a random,
+      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
+      archive_cmds_GCJ='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      archive_expsym_cmds_GCJ='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      ;;
+
+    linux*)
+      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	tmp_addflag=
+	case $cc_basename,$host_cpu in
+	pgcc*)				# Portland Group C compiler
+	  whole_archive_flag_spec_GCJ='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+	  tmp_addflag=' $pic_flag'
+	  ;;
+	pgf77* | pgf90* | pgf95*)	# Portland Group f77 and f90 compilers
+	  whole_archive_flag_spec_GCJ='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive'
+	  tmp_addflag=' $pic_flag -Mnomain' ;;
+	ecc*,ia64* | icc*,ia64*)		# Intel C compiler on ia64
+	  tmp_addflag=' -i_dynamic' ;;
+	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
+	  tmp_addflag=' -i_dynamic -nofor_main' ;;
+	ifc* | ifort*)			# Intel Fortran compiler
+	  tmp_addflag=' -nofor_main' ;;
+	esac
+	archive_cmds_GCJ='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+	if test $supports_anon_versioning = yes; then
+	  archive_expsym_cmds_GCJ='$echo "{ global:" > $output_objdir/$libname.ver~
+  cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+  $echo "local: *; };" >> $output_objdir/$libname.ver~
+	  $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+	fi
+      else
+	ld_shlibs_GCJ=no
+      fi
+      ;;
+
+    netbsd*)
+      if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+	archive_cmds_GCJ='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+	wlarc=
+      else
+	archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      fi
+      ;;
+
+    solaris*)
+      if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
+	ld_shlibs_GCJ=no
+	cat <<EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems.  Therefore, libtool
+*** is disabling shared libraries support.  We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer.  Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+EOF
+      elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      else
+	ld_shlibs_GCJ=no
+      fi
+      ;;
+
+    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+      case `$LD -v 2>&1` in
+        *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
+	ld_shlibs_GCJ=no
+	cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** reliably create shared libraries on SCO systems.  Therefore, libtool
+*** is disabling shared libraries support.  We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+	;;
+	*)
+	  if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	    hardcode_libdir_flag_spec_GCJ='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
+	    archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib'
+	    archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib'
+	  else
+	    ld_shlibs_GCJ=no
+	  fi
+	;;
+      esac
+      ;;
+
+    sunos4*)
+      archive_cmds_GCJ='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+      wlarc=
+      hardcode_direct_GCJ=yes
+      hardcode_shlibpath_var_GCJ=no
+      ;;
+
+    *)
+      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+	archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      else
+	ld_shlibs_GCJ=no
+      fi
+      ;;
+    esac
+
+    if test "$ld_shlibs_GCJ" = no; then
+      runpath_var=
+      hardcode_libdir_flag_spec_GCJ=
+      export_dynamic_flag_spec_GCJ=
+      whole_archive_flag_spec_GCJ=
+    fi
+  else
+    # PORTME fill in a description of your system's linker (not GNU ld)
+    case $host_os in
+    aix3*)
+      allow_undefined_flag_GCJ=unsupported
+      always_export_symbols_GCJ=yes
+      archive_expsym_cmds_GCJ='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+      # Note: this linker hardcodes the directories in LIBPATH if there
+      # are no directories specified by -L.
+      hardcode_minus_L_GCJ=yes
+      if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+	# Neither direct hardcoding nor static linking is supported with a
+	# broken collect2.
+	hardcode_direct_GCJ=unsupported
+      fi
+      ;;
+
+    aix4* | aix5*)
+      if test "$host_cpu" = ia64; then
+	# On IA64, the linker does run time linking by default, so we don't
+	# have to do anything special.
+	aix_use_runtimelinking=no
+	exp_sym_flag='-Bexport'
+	no_entry_flag=""
+      else
+	# If we're using GNU nm, then we don't want the "-C" option.
+	# -C means demangle to AIX nm, but means don't demangle with GNU nm
+	if $NM -V 2>&1 | grep 'GNU' > /dev/null; then
+	  export_symbols_cmds_GCJ='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+	else
+	  export_symbols_cmds_GCJ='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
+	fi
+	aix_use_runtimelinking=no
+
+	# Test if we are trying to use run time linking or normal
+	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
+	# need to do runtime linking.
+	case $host_os in aix4.[23]|aix4.[23].*|aix5*)
+	  for ld_flag in $LDFLAGS; do
+  	  if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+  	    aix_use_runtimelinking=yes
+  	    break
+  	  fi
+	  done
+	  ;;
+	esac
+
+	exp_sym_flag='-bexport'
+	no_entry_flag='-bnoentry'
+      fi
+
+      # When large executables or shared objects are built, AIX ld can
+      # have problems creating the table of contents.  If linking a library
+      # or program results in "error TOC overflow" add -mminimal-toc to
+      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
+      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+      archive_cmds_GCJ=''
+      hardcode_direct_GCJ=yes
+      hardcode_libdir_separator_GCJ=':'
+      link_all_deplibs_GCJ=yes
+
+      if test "$GCC" = yes; then
+	case $host_os in aix4.[012]|aix4.[012].*)
+	# We only want to do this on AIX 4.2 and lower, the check
+	# below for broken collect2 doesn't work under 4.3+
+	  collect2name=`${CC} -print-prog-name=collect2`
+	  if test -f "$collect2name" && \
+  	   strings "$collect2name" | grep resolve_lib_name >/dev/null
+	  then
+  	  # We have reworked collect2
+  	  hardcode_direct_GCJ=yes
+	  else
+  	  # We have old collect2
+  	  hardcode_direct_GCJ=unsupported
+  	  # It fails to find uninstalled libraries when the uninstalled
+  	  # path is not listed in the libpath.  Setting hardcode_minus_L
+  	  # to unsupported forces relinking
+  	  hardcode_minus_L_GCJ=yes
+  	  hardcode_libdir_flag_spec_GCJ='-L$libdir'
+  	  hardcode_libdir_separator_GCJ=
+	  fi
+	  ;;
+	esac
+	shared_flag='-shared'
+	if test "$aix_use_runtimelinking" = yes; then
+	  shared_flag="$shared_flag "'${wl}-G'
+	fi
+      else
+	# not using gcc
+	if test "$host_cpu" = ia64; then
+  	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+  	# chokes on -Wl,-G. The following line is correct:
+	  shared_flag='-G'
+	else
+	  if test "$aix_use_runtimelinking" = yes; then
+	    shared_flag='${wl}-G'
+	  else
+	    shared_flag='${wl}-bM:SRE'
+	  fi
+	fi
+      fi
+
+      # It seems that -bexpall does not export symbols beginning with
+      # underscore (_), so it is better to generate a list of symbols to export.
+      always_export_symbols_GCJ=yes
+      if test "$aix_use_runtimelinking" = yes; then
+	# Warning - without using the other runtime loading flags (-brtl),
+	# -berok will link without error, but may produce a broken library.
+	allow_undefined_flag_GCJ='-berok'
+       # Determine the default libpath from the value encoded in an empty executable.
+       cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`; fi
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+       hardcode_libdir_flag_spec_GCJ='${wl}-blibpath:$libdir:'"$aix_libpath"
+	archive_expsym_cmds_GCJ="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+       else
+	if test "$host_cpu" = ia64; then
+	  hardcode_libdir_flag_spec_GCJ='${wl}-R $libdir:/usr/lib:/lib'
+	  allow_undefined_flag_GCJ="-z nodefs"
+	  archive_expsym_cmds_GCJ="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+	else
+	 # Determine the default libpath from the value encoded in an empty executable.
+	 cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
+}'`; fi
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+	 hardcode_libdir_flag_spec_GCJ='${wl}-blibpath:$libdir:'"$aix_libpath"
+	  # Warning - without using the other run time loading flags,
+	  # -berok will link without error, but may produce a broken library.
+	  no_undefined_flag_GCJ=' ${wl}-bernotok'
+	  allow_undefined_flag_GCJ=' ${wl}-berok'
+	  # Exported symbols can be pulled into shared objects from archives
+	  whole_archive_flag_spec_GCJ='$convenience'
+	  archive_cmds_need_lc_GCJ=yes
+	  # This is similar to how AIX traditionally builds its shared libraries.
+	  archive_expsym_cmds_GCJ="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+	fi
+      fi
+      ;;
+
+    amigaos*)
+      archive_cmds_GCJ='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+      hardcode_libdir_flag_spec_GCJ='-L$libdir'
+      hardcode_minus_L_GCJ=yes
+      # see comment about different semantics on the GNU ld section
+      ld_shlibs_GCJ=no
+      ;;
+
+    bsdi[45]*)
+      export_dynamic_flag_spec_GCJ=-rdynamic
+      ;;
+
+    cygwin* | mingw* | pw32*)
+      # When not using gcc, we currently assume that we are using
+      # Microsoft Visual C++.
+      # hardcode_libdir_flag_spec is actually meaningless, as there is
+      # no search path for DLLs.
+      hardcode_libdir_flag_spec_GCJ=' '
+      allow_undefined_flag_GCJ=unsupported
+      # Tell ltmain to make .lib files, not .a files.
+      libext=lib
+      # Tell ltmain to make .dll files, not .so files.
+      shrext_cmds=".dll"
+      # FIXME: Setting linknames here is a bad hack.
+      archive_cmds_GCJ='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames='
+      # The linker will automatically build a .lib file if we build a DLL.
+      old_archive_From_new_cmds_GCJ='true'
+      # FIXME: Should let the user specify the lib program.
+      old_archive_cmds_GCJ='lib /OUT:$oldlib$oldobjs$old_deplibs'
+      fix_srcfile_path_GCJ='`cygpath -w "$srcfile"`'
+      enable_shared_with_static_runtimes_GCJ=yes
+      ;;
+
+    darwin* | rhapsody*)
+      case $host_os in
+        rhapsody* | darwin1.[012])
+         allow_undefined_flag_GCJ='${wl}-undefined ${wl}suppress'
+         ;;
+       *) # Darwin 1.3 on
+         if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then
+           allow_undefined_flag_GCJ='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+         else
+           case ${MACOSX_DEPLOYMENT_TARGET} in
+             10.[012])
+               allow_undefined_flag_GCJ='${wl}-flat_namespace ${wl}-undefined ${wl}suppress'
+               ;;
+             10.*)
+               allow_undefined_flag_GCJ='${wl}-undefined ${wl}dynamic_lookup'
+               ;;
+           esac
+         fi
+         ;;
+      esac
+      archive_cmds_need_lc_GCJ=no
+      hardcode_direct_GCJ=no
+      hardcode_automatic_GCJ=yes
+      hardcode_shlibpath_var_GCJ=unsupported
+      whole_archive_flag_spec_GCJ=''
+      link_all_deplibs_GCJ=yes
+    if test "$GCC" = yes ; then
+    	output_verbose_link_cmd='echo'
+        archive_cmds_GCJ='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring'
+      module_cmds_GCJ='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+      # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+      archive_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+      module_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+    else
+      case $cc_basename in
+        xlc*)
+         output_verbose_link_cmd='echo'
+         archive_cmds_GCJ='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring'
+         module_cmds_GCJ='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags'
+          # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds
+         archive_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+          module_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[    ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag  -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}'
+          ;;
+       *)
+         ld_shlibs_GCJ=no
+          ;;
+      esac
+    fi
+      ;;
+
+    dgux*)
+      archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_libdir_flag_spec_GCJ='-L$libdir'
+      hardcode_shlibpath_var_GCJ=no
+      ;;
+
+    freebsd1*)
+      ld_shlibs_GCJ=no
+      ;;
+
+    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+    # support.  Future versions do this automatically, but an explicit c++rt0.o
+    # does not break anything, and helps significantly (at the cost of a little
+    # extra space).
+    freebsd2.2*)
+      archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+      hardcode_libdir_flag_spec_GCJ='-R$libdir'
+      hardcode_direct_GCJ=yes
+      hardcode_shlibpath_var_GCJ=no
+      ;;
+
+    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+    freebsd2*)
+      archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_direct_GCJ=yes
+      hardcode_minus_L_GCJ=yes
+      hardcode_shlibpath_var_GCJ=no
+      ;;
+
+    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+    freebsd* | kfreebsd*-gnu | dragonfly*)
+      archive_cmds_GCJ='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+      hardcode_libdir_flag_spec_GCJ='-R$libdir'
+      hardcode_direct_GCJ=yes
+      hardcode_shlibpath_var_GCJ=no
+      ;;
+
+    hpux9*)
+      if test "$GCC" = yes; then
+	archive_cmds_GCJ='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+      else
+	archive_cmds_GCJ='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+      fi
+      hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir'
+      hardcode_libdir_separator_GCJ=:
+      hardcode_direct_GCJ=yes
+
+      # hardcode_minus_L: Not really in the search PATH,
+      # but as the default location of the library.
+      hardcode_minus_L_GCJ=yes
+      export_dynamic_flag_spec_GCJ='${wl}-E'
+      ;;
+
+    hpux10*)
+      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+	archive_cmds_GCJ='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds_GCJ='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+      fi
+      if test "$with_gnu_ld" = no; then
+	hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir'
+	hardcode_libdir_separator_GCJ=:
+
+	hardcode_direct_GCJ=yes
+	export_dynamic_flag_spec_GCJ='${wl}-E'
+
+	# hardcode_minus_L: Not really in the search PATH,
+	# but as the default location of the library.
+	hardcode_minus_L_GCJ=yes
+      fi
+      ;;
+
+    hpux11*)
+      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+	case $host_cpu in
+	hppa*64*)
+	  archive_cmds_GCJ='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	ia64*)
+	  archive_cmds_GCJ='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  archive_cmds_GCJ='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	esac
+      else
+	case $host_cpu in
+	hppa*64*)
+	  archive_cmds_GCJ='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	ia64*)
+	  archive_cmds_GCJ='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  archive_cmds_GCJ='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	esac
+      fi
+      if test "$with_gnu_ld" = no; then
+	hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir'
+	hardcode_libdir_separator_GCJ=:
+
+	case $host_cpu in
+	hppa*64*|ia64*)
+	  hardcode_libdir_flag_spec_ld_GCJ='+b $libdir'
+	  hardcode_direct_GCJ=no
+	  hardcode_shlibpath_var_GCJ=no
+	  ;;
+	*)
+	  hardcode_direct_GCJ=yes
+	  export_dynamic_flag_spec_GCJ='${wl}-E'
+
+	  # hardcode_minus_L: Not really in the search PATH,
+	  # but as the default location of the library.
+	  hardcode_minus_L_GCJ=yes
+	  ;;
+	esac
+      fi
+      ;;
+
+    irix5* | irix6* | nonstopux*)
+      if test "$GCC" = yes; then
+	archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+      else
+	archive_cmds_GCJ='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+	hardcode_libdir_flag_spec_ld_GCJ='-rpath $libdir'
+      fi
+      hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir'
+      hardcode_libdir_separator_GCJ=:
+      link_all_deplibs_GCJ=yes
+      ;;
+
+    netbsd*)
+      if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+	archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
+      else
+	archive_cmds_GCJ='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
+      fi
+      hardcode_libdir_flag_spec_GCJ='-R$libdir'
+      hardcode_direct_GCJ=yes
+      hardcode_shlibpath_var_GCJ=no
+      ;;
+
+    newsos6)
+      archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_direct_GCJ=yes
+      hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir'
+      hardcode_libdir_separator_GCJ=:
+      hardcode_shlibpath_var_GCJ=no
+      ;;
+
+    openbsd*)
+      hardcode_direct_GCJ=yes
+      hardcode_shlibpath_var_GCJ=no
+      if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+	archive_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+	hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir'
+	export_dynamic_flag_spec_GCJ='${wl}-E'
+      else
+       case $host_os in
+	 openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+	   archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+	   hardcode_libdir_flag_spec_GCJ='-R$libdir'
+	   ;;
+	 *)
+	   archive_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	   hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir'
+	   ;;
+       esac
+      fi
+      ;;
+
+    os2*)
+      hardcode_libdir_flag_spec_GCJ='-L$libdir'
+      hardcode_minus_L_GCJ=yes
+      allow_undefined_flag_GCJ=unsupported
+      archive_cmds_GCJ='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+      old_archive_From_new_cmds_GCJ='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+      ;;
+
+    osf3*)
+      if test "$GCC" = yes; then
+	allow_undefined_flag_GCJ=' ${wl}-expect_unresolved ${wl}\*'
+	archive_cmds_GCJ='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+      else
+	allow_undefined_flag_GCJ=' -expect_unresolved \*'
+	archive_cmds_GCJ='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+      fi
+      hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir'
+      hardcode_libdir_separator_GCJ=:
+      ;;
+
+    osf4* | osf5*)	# as osf3* with the addition of -msym flag
+      if test "$GCC" = yes; then
+	allow_undefined_flag_GCJ=' ${wl}-expect_unresolved ${wl}\*'
+	archive_cmds_GCJ='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+	hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir'
+      else
+	allow_undefined_flag_GCJ=' -expect_unresolved \*'
+	archive_cmds_GCJ='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib'
+	archive_expsym_cmds_GCJ='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~
+	$LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp'
+
+	# Both c and cxx compiler support -rpath directly
+	hardcode_libdir_flag_spec_GCJ='-rpath $libdir'
+      fi
+      hardcode_libdir_separator_GCJ=:
+      ;;
+
+    solaris*)
+      no_undefined_flag_GCJ=' -z text'
+      if test "$GCC" = yes; then
+	wlarc='${wl}'
+	archive_cmds_GCJ='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds_GCJ='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+	  $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp'
+      else
+	wlarc=''
+	archive_cmds_GCJ='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	archive_expsym_cmds_GCJ='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~
+  	$LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp'
+      fi
+      hardcode_libdir_flag_spec_GCJ='-R$libdir'
+      hardcode_shlibpath_var_GCJ=no
+      case $host_os in
+      solaris2.[0-5] | solaris2.[0-5].*) ;;
+      *)
+ 	# The compiler driver will combine linker options so we
+ 	# cannot just pass the convience library names through
+ 	# without $wl, iff we do not link with $LD.
+ 	# Luckily, gcc supports the same syntax we need for Sun Studio.
+ 	# Supported since Solaris 2.6 (maybe 2.5.1?)
+ 	case $wlarc in
+ 	'')
+ 	  whole_archive_flag_spec_GCJ='-z allextract$convenience -z defaultextract' ;;
+ 	*)
+ 	  whole_archive_flag_spec_GCJ='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;;
+ 	esac ;;
+      esac
+      link_all_deplibs_GCJ=yes
+      ;;
+
+    sunos4*)
+      if test "x$host_vendor" = xsequent; then
+	# Use $CC to link under sequent, because it throws in some extra .o
+	# files that make .init and .fini sections work.
+	archive_cmds_GCJ='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds_GCJ='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+      fi
+      hardcode_libdir_flag_spec_GCJ='-L$libdir'
+      hardcode_direct_GCJ=yes
+      hardcode_minus_L_GCJ=yes
+      hardcode_shlibpath_var_GCJ=no
+      ;;
+
+    sysv4)
+      case $host_vendor in
+	sni)
+	  archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  hardcode_direct_GCJ=yes # is this really true???
+	;;
+	siemens)
+	  ## LD is ld it makes a PLAMLIB
+	  ## CC just makes a GrossModule.
+	  archive_cmds_GCJ='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+	  reload_cmds_GCJ='$CC -r -o $output$reload_objs'
+	  hardcode_direct_GCJ=no
+        ;;
+	motorola)
+	  archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  hardcode_direct_GCJ=no #Motorola manual says yes, but my tests say they lie
+	;;
+      esac
+      runpath_var='LD_RUN_PATH'
+      hardcode_shlibpath_var_GCJ=no
+      ;;
+
+    sysv4.3*)
+      archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_shlibpath_var_GCJ=no
+      export_dynamic_flag_spec_GCJ='-Bexport'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	hardcode_shlibpath_var_GCJ=no
+	runpath_var=LD_RUN_PATH
+	hardcode_runpath_var=yes
+	ld_shlibs_GCJ=yes
+      fi
+      ;;
+
+    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*)
+      no_undefined_flag_GCJ='${wl}-z,text'
+      archive_cmds_need_lc_GCJ=no
+      hardcode_shlibpath_var_GCJ=no
+      runpath_var='LD_RUN_PATH'
+
+      if test "$GCC" = yes; then
+	archive_cmds_GCJ='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds_GCJ='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds_GCJ='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds_GCJ='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      fi
+      ;;
+
+    sysv5* | sco3.2v5* | sco5v6*)
+      # Note: We can NOT use -z defs as we might desire, because we do not
+      # link with -lc, and that would cause any symbols used from libc to
+      # always be unresolved, which means just about no library would
+      # ever link correctly.  If we're not using GNU ld we use -z text
+      # though, which does catch some bad symbols but isn't as heavy-handed
+      # as -z defs.
+      no_undefined_flag_GCJ='${wl}-z,text'
+      allow_undefined_flag_GCJ='${wl}-z,nodefs'
+      archive_cmds_need_lc_GCJ=no
+      hardcode_shlibpath_var_GCJ=no
+      hardcode_libdir_flag_spec_GCJ='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
+      hardcode_libdir_separator_GCJ=':'
+      link_all_deplibs_GCJ=yes
+      export_dynamic_flag_spec_GCJ='${wl}-Bexport'
+      runpath_var='LD_RUN_PATH'
+
+      if test "$GCC" = yes; then
+	archive_cmds_GCJ='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds_GCJ='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds_GCJ='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds_GCJ='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags'
+      fi
+      ;;
+
+    uts4*)
+      archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_libdir_flag_spec_GCJ='-L$libdir'
+      hardcode_shlibpath_var_GCJ=no
+      ;;
+
+    *)
+      ld_shlibs_GCJ=no
+      ;;
+    esac
+  fi
+
+echo "$as_me:$LINENO: result: $ld_shlibs_GCJ" >&5
+echo "${ECHO_T}$ld_shlibs_GCJ" >&6
+test "$ld_shlibs_GCJ" = no && can_build_shared=no
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc_GCJ" in
+x|xyes)
+  # Assume -lc should be added
+  archive_cmds_need_lc_GCJ=yes
+
+  if test "$enable_shared" = yes && test "$GCC" = yes; then
+    case $archive_cmds_GCJ in
+    *'~'*)
+      # FIXME: we may have to deal with multi-command sequences.
+      ;;
+    '$CC '*)
+      # Test whether the compiler implicitly links with -lc since on some
+      # systems, -lgcc has to come before -lc. If gcc already passes -lc
+      # to ld, don't add -lc before -lgcc.
+      echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
+echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6
+      $rm conftest*
+      printf "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+      if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } 2>conftest.err; then
+        soname=conftest
+        lib=conftest
+        libobjs=conftest.$ac_objext
+        deplibs=
+        wl=$lt_prog_compiler_wl_GCJ
+	pic_flag=$lt_prog_compiler_pic_GCJ
+        compiler_flags=-v
+        linker_flags=-v
+        verstring=
+        output_objdir=.
+        libname=conftest
+        lt_save_allow_undefined_flag=$allow_undefined_flag_GCJ
+        allow_undefined_flag_GCJ=
+        if { (eval echo "$as_me:$LINENO: \"$archive_cmds_GCJ 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5
+  (eval $archive_cmds_GCJ 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+        then
+	  archive_cmds_need_lc_GCJ=no
+        else
+	  archive_cmds_need_lc_GCJ=yes
+        fi
+        allow_undefined_flag_GCJ=$lt_save_allow_undefined_flag
+      else
+        cat conftest.err 1>&5
+      fi
+      $rm conftest*
+      echo "$as_me:$LINENO: result: $archive_cmds_need_lc_GCJ" >&5
+echo "${ECHO_T}$archive_cmds_need_lc_GCJ" >&6
+      ;;
+    esac
+  fi
+  ;;
+esac
+
+echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
+echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+if test "$GCC" = yes; then
+  sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+  if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then
+    # if the path contains ";" then we assume it to be the separator
+    # otherwise default to the standard path separator (i.e. ":") - it is
+    # assumed that no part of a normal pathname contains ";" but that should
+    # okay in the real world where ";" in dirpaths is itself problematic.
+    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+  else
+    sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
+  fi
+else
+  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+  shlibpath_var=LIBPATH
+
+  # AIX 3 has no versioning support, so we append a major version to the name.
+  soname_spec='${libname}${release}${shared_ext}$major'
+  ;;
+
+aix4* | aix5*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  hardcode_into_libs=yes
+  if test "$host_cpu" = ia64; then
+    # AIX 5 supports IA64
+    library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+    shlibpath_var=LD_LIBRARY_PATH
+  else
+    # With GCC up to 2.95.x, collect2 would create an import file
+    # for dependence libraries.  The import file would start with
+    # the line `#! .'.  This would cause the generated library to
+    # depend on `.', always an invalid library.  This was fixed in
+    # development snapshots of GCC prior to 3.0.
+    case $host_os in
+      aix4 | aix4.[01] | aix4.[01].*)
+      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+	   echo ' yes '
+	   echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
+	:
+      else
+	can_build_shared=no
+      fi
+      ;;
+    esac
+    # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+    # soname into executable. Probably we can add versioning support to
+    # collect2, so additional links can be useful in future.
+    if test "$aix_use_runtimelinking" = yes; then
+      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+      # instead of lib<name>.a to let people know that these are not
+      # typical AIX shared libraries.
+      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    else
+      # We preserve .a as extension for shared libraries through AIX4.2
+      # and later when we are not doing run time linking.
+      library_names_spec='${libname}${release}.a $libname.a'
+      soname_spec='${libname}${release}${shared_ext}$major'
+    fi
+    shlibpath_var=LIBPATH
+  fi
+  ;;
+
+amigaos*)
+  library_names_spec='$libname.ixlibrary $libname.a'
+  # Create ${libname}_ixlibrary.a entries in /sys/libs.
+  finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+  ;;
+
+beos*)
+  library_names_spec='${libname}${shared_ext}'
+  dynamic_linker="$host_os ld.so"
+  shlibpath_var=LIBRARY_PATH
+  ;;
+
+bsdi[45]*)
+  version_type=linux
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+  # the default ld.so.conf also contains /usr/contrib/lib and
+  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+  # libtool to hard-code these into programs
+  ;;
+
+cygwin* | mingw* | pw32*)
+  version_type=windows
+  shrext_cmds=".dll"
+  need_version=no
+  need_lib_prefix=no
+
+  case $GCC,$host_os in
+  yes,cygwin* | yes,mingw* | yes,pw32*)
+    library_names_spec='$libname.dll.a'
+    # DLL is installed to $(libdir)/../bin by postinstall_cmds
+    postinstall_cmds='base_file=`basename \${file}`~
+      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~
+      dldir=$destdir/`dirname \$dlpath`~
+      test -d \$dldir || mkdir -p \$dldir~
+      $install_prog $dir/$dlname \$dldir/$dlname~
+      chmod a+x \$dldir/$dlname'
+    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+      dlpath=$dir/\$dldll~
+       $rm \$dlpath'
+    shlibpath_overrides_runpath=yes
+
+    case $host_os in
+    cygwin*)
+      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+      soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+      ;;
+    mingw*)
+      # MinGW DLLs use traditional 'lib' prefix
+      soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+      if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then
+        # It is most probably a Windows format PATH printed by
+        # mingw gcc, but we are running on Cygwin. Gcc prints its search
+        # path with ; separators, and with drive letters. We can handle the
+        # drive letters (cygwin fileutils understands them), so leave them,
+        # especially as we might pass files found there to a mingw objdump,
+        # which wouldn't understand a cygwinified path. Ahh.
+        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+      else
+        sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
+      fi
+      ;;
+    pw32*)
+      # pw32 DLLs use 'pw' prefix rather than 'lib'
+      library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      ;;
+    esac
+    ;;
+
+  *)
+    library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+    ;;
+  esac
+  dynamic_linker='Win32 ld.exe'
+  # FIXME: first we should search . and the directory the executable is in
+  shlibpath_var=PATH
+  ;;
+
+darwin* | rhapsody*)
+  dynamic_linker="$host_os dyld"
+  version_type=darwin
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+  soname_spec='${libname}${release}${major}$shared_ext'
+  shlibpath_overrides_runpath=yes
+  shlibpath_var=DYLD_LIBRARY_PATH
+  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+  # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same.
+  if test "$GCC" = yes; then
+    sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"`
+  else
+    sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib'
+  fi
+  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+  ;;
+
+dgux*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+freebsd1*)
+  dynamic_linker=no
+  ;;
+
+kfreebsd*-gnu)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='GNU ld.so'
+  ;;
+
+freebsd* | dragonfly*)
+  # DragonFly does not have aout.  When/if they implement a new
+  # versioning mechanism, adjust this.
+  if test -x /usr/bin/objformat; then
+    objformat=`/usr/bin/objformat`
+  else
+    case $host_os in
+    freebsd[123]*) objformat=aout ;;
+    *) objformat=elf ;;
+    esac
+  fi
+  version_type=freebsd-$objformat
+  case $version_type in
+    freebsd-elf*)
+      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+      need_version=no
+      need_lib_prefix=no
+      ;;
+    freebsd-*)
+      library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+      need_version=yes
+      ;;
+  esac
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_os in
+  freebsd2*)
+    shlibpath_overrides_runpath=yes
+    ;;
+  freebsd3.[01]* | freebsdelf3.[01]*)
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+  freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+    shlibpath_overrides_runpath=no
+    hardcode_into_libs=yes
+    ;;
+  freebsd*) # from 4.6 on
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  esac
+  ;;
+
+gnu*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  hardcode_into_libs=yes
+  ;;
+
+hpux9* | hpux10* | hpux11*)
+  # Give a soname corresponding to the major version so that dld.sl refuses to
+  # link against other versions.
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  case $host_cpu in
+  ia64*)
+    shrext_cmds='.so'
+    hardcode_into_libs=yes
+    dynamic_linker="$host_os dld.so"
+    shlibpath_var=LD_LIBRARY_PATH
+    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    if test "X$HPUX_IA64_MODE" = X32; then
+      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+    else
+      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+    fi
+    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+    ;;
+   hppa*64*)
+     shrext_cmds='.sl'
+     hardcode_into_libs=yes
+     dynamic_linker="$host_os dld.sl"
+     shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+     shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+     library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+     soname_spec='${libname}${release}${shared_ext}$major'
+     sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+     sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+     ;;
+   *)
+    shrext_cmds='.sl'
+    dynamic_linker="$host_os dld.sl"
+    shlibpath_var=SHLIB_PATH
+    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    ;;
+  esac
+  # HP-UX runs *really* slowly unless shared libraries are mode 555.
+  postinstall_cmds='chmod 555 $lib'
+  ;;
+
+interix3*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
+irix5* | irix6* | nonstopux*)
+  case $host_os in
+    nonstopux*) version_type=nonstopux ;;
+    *)
+	if test "$lt_cv_prog_gnu_ld" = yes; then
+		version_type=linux
+	else
+		version_type=irix
+	fi ;;
+  esac
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='${libname}${release}${shared_ext}$major'
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+  case $host_os in
+  irix5* | nonstopux*)
+    libsuff= shlibsuff=
+    ;;
+  *)
+    case $LD in # libtool.m4 will add one of these switches to LD
+    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+      libsuff= shlibsuff= libmagic=32-bit;;
+    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+      libsuff=32 shlibsuff=N32 libmagic=N32;;
+    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+      libsuff=64 shlibsuff=64 libmagic=64-bit;;
+    *) libsuff= shlibsuff= libmagic=never-match;;
+    esac
+    ;;
+  esac
+  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+  shlibpath_overrides_runpath=no
+  sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+  hardcode_into_libs=yes
+  ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+  dynamic_linker=no
+  ;;
+
+# This must be Linux ELF.
+linux*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  # This implies no fast_install, which is unacceptable.
+  # Some rework will be needed to allow for fast_install
+  # before this can be enabled.
+  hardcode_into_libs=yes
+
+  # Append ld.so.conf contents to the search path
+  if test -f /etc/ld.so.conf; then
+    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+  fi
+
+  # We used to test for /lib/ld.so.1 and disable shared libraries on
+  # powerpc, because MkLinux only supported shared libraries with the
+  # GNU dynamic linker.  Since this was broken with cross compilers,
+  # most powerpc-linux boxes support dynamic linking these days and
+  # people can always --disable-shared, the test was removed, and we
+  # assume the GNU/Linux dynamic linker is in use.
+  dynamic_linker='GNU/Linux ld.so'
+  ;;
+
+knetbsd*-gnu)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='GNU ld.so'
+  ;;
+
+netbsd*)
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+    dynamic_linker='NetBSD (a.out) ld.so'
+  else
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    dynamic_linker='NetBSD ld.elf_so'
+  fi
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  ;;
+
+newsos6)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+nto-qnx*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+openbsd*)
+  version_type=sunos
+  sys_lib_dlsearch_path_spec="/usr/lib"
+  need_lib_prefix=no
+  # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+  case $host_os in
+    openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+    *)                         need_version=no  ;;
+  esac
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+    case $host_os in
+      openbsd2.[89] | openbsd2.[89].*)
+	shlibpath_overrides_runpath=no
+	;;
+      *)
+	shlibpath_overrides_runpath=yes
+	;;
+      esac
+  else
+    shlibpath_overrides_runpath=yes
+  fi
+  ;;
+
+os2*)
+  libname_spec='$name'
+  shrext_cmds=".dll"
+  need_lib_prefix=no
+  library_names_spec='$libname${shared_ext} $libname.a'
+  dynamic_linker='OS/2 ld.exe'
+  shlibpath_var=LIBPATH
+  ;;
+
+osf3* | osf4* | osf5*)
+  version_type=osf
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='${libname}${release}${shared_ext}$major'
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+  ;;
+
+solaris*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  # ldd complains unless libraries are executable
+  postinstall_cmds='chmod +x $lib'
+  ;;
+
+sunos4*)
+  version_type=sunos
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  if test "$with_gnu_ld" = yes; then
+    need_lib_prefix=no
+  fi
+  need_version=yes
+  ;;
+
+sysv4 | sysv4.3*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_vendor in
+    sni)
+      shlibpath_overrides_runpath=no
+      need_lib_prefix=no
+      export_dynamic_flag_spec='${wl}-Blargedynsym'
+      runpath_var=LD_RUN_PATH
+      ;;
+    siemens)
+      need_lib_prefix=no
+      ;;
+    motorola)
+      need_lib_prefix=no
+      need_version=no
+      shlibpath_overrides_runpath=no
+      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+      ;;
+  esac
+  ;;
+
+sysv4*MP*)
+  if test -d /usr/nec ;then
+    version_type=linux
+    library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+    soname_spec='$libname${shared_ext}.$major'
+    shlibpath_var=LD_LIBRARY_PATH
+  fi
+  ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+  version_type=freebsd-elf
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  hardcode_into_libs=yes
+  if test "$with_gnu_ld" = yes; then
+    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+    shlibpath_overrides_runpath=no
+  else
+    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+    shlibpath_overrides_runpath=yes
+    case $host_os in
+      sco3.2v5*)
+        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+	;;
+    esac
+  fi
+  sys_lib_dlsearch_path_spec='/usr/lib'
+  ;;
+
+uts4*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+*)
+  dynamic_linker=no
+  ;;
+esac
+echo "$as_me:$LINENO: result: $dynamic_linker" >&5
+echo "${ECHO_T}$dynamic_linker" >&6
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
+echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6
+hardcode_action_GCJ=
+if test -n "$hardcode_libdir_flag_spec_GCJ" || \
+   test -n "$runpath_var_GCJ" || \
+   test "X$hardcode_automatic_GCJ" = "Xyes" ; then
+
+  # We can hardcode non-existant directories.
+  if test "$hardcode_direct_GCJ" != no &&
+     # If the only mechanism to avoid hardcoding is shlibpath_var, we
+     # have to relink, otherwise we might link with an installed library
+     # when we should be linking with a yet-to-be-installed one
+     ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, GCJ)" != no &&
+     test "$hardcode_minus_L_GCJ" != no; then
+    # Linking always hardcodes the temporary library directory.
+    hardcode_action_GCJ=relink
+  else
+    # We can link without hardcoding, and we can hardcode nonexisting dirs.
+    hardcode_action_GCJ=immediate
+  fi
+else
+  # We cannot hardcode anything, or else we can only hardcode existing
+  # directories.
+  hardcode_action_GCJ=unsupported
+fi
+echo "$as_me:$LINENO: result: $hardcode_action_GCJ" >&5
+echo "${ECHO_T}$hardcode_action_GCJ" >&6
+
+if test "$hardcode_action_GCJ" = relink; then
+  # Fast installation is not supported
+  enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+     test "$enable_shared" = no; then
+  # Fast installation is not necessary
+  enable_fast_install=needless
+fi
+
+
+# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+  # See if we are running on zsh, and set the options which allow our commands through
+  # without removal of \ escapes.
+  if test -n "${ZSH_VERSION+set}" ; then
+    setopt NO_GLOB_SUBST
+  fi
+  # Now quote all the things that may contain metacharacters while being
+  # careful not to overquote the AC_SUBSTed values.  We take copies of the
+  # variables and quote the copies for generation of the libtool script.
+  for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \
+    SED SHELL STRIP \
+    libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+    old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+    deplibs_check_method reload_flag reload_cmds need_locks \
+    lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+    lt_cv_sys_global_symbol_to_c_name_address \
+    sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+    old_postinstall_cmds old_postuninstall_cmds \
+    compiler_GCJ \
+    CC_GCJ \
+    LD_GCJ \
+    lt_prog_compiler_wl_GCJ \
+    lt_prog_compiler_pic_GCJ \
+    lt_prog_compiler_static_GCJ \
+    lt_prog_compiler_no_builtin_flag_GCJ \
+    export_dynamic_flag_spec_GCJ \
+    thread_safe_flag_spec_GCJ \
+    whole_archive_flag_spec_GCJ \
+    enable_shared_with_static_runtimes_GCJ \
+    old_archive_cmds_GCJ \
+    old_archive_from_new_cmds_GCJ \
+    predep_objects_GCJ \
+    postdep_objects_GCJ \
+    predeps_GCJ \
+    postdeps_GCJ \
+    compiler_lib_search_path_GCJ \
+    archive_cmds_GCJ \
+    archive_expsym_cmds_GCJ \
+    postinstall_cmds_GCJ \
+    postuninstall_cmds_GCJ \
+    old_archive_from_expsyms_cmds_GCJ \
+    allow_undefined_flag_GCJ \
+    no_undefined_flag_GCJ \
+    export_symbols_cmds_GCJ \
+    hardcode_libdir_flag_spec_GCJ \
+    hardcode_libdir_flag_spec_ld_GCJ \
+    hardcode_libdir_separator_GCJ \
+    hardcode_automatic_GCJ \
+    module_cmds_GCJ \
+    module_expsym_cmds_GCJ \
+    lt_cv_prog_compiler_c_o_GCJ \
+    exclude_expsyms_GCJ \
+    include_expsyms_GCJ; do
+
+    case $var in
+    old_archive_cmds_GCJ | \
+    old_archive_from_new_cmds_GCJ | \
+    archive_cmds_GCJ | \
+    archive_expsym_cmds_GCJ | \
+    module_cmds_GCJ | \
+    module_expsym_cmds_GCJ | \
+    old_archive_from_expsyms_cmds_GCJ | \
+    export_symbols_cmds_GCJ | \
+    extract_expsyms_cmds | reload_cmds | finish_cmds | \
+    postinstall_cmds | postuninstall_cmds | \
+    old_postinstall_cmds | old_postuninstall_cmds | \
+    sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+      # Double-quote double-evaled strings.
+      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+      ;;
+    *)
+      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+      ;;
+    esac
+  done
+
+  case $lt_echo in
+  *'\$0 --fallback-echo"')
+    lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
+    ;;
+  esac
+
+cfgfile="$ofile"
+
+  cat <<__EOF__ >> "$cfgfile"
+# ### BEGIN LIBTOOL TAG CONFIG: $tagname
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc_GCJ
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_GCJ
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_LTCFLAGS
+
+# A language-specific compiler.
+CC=$lt_compiler_GCJ
+
+# Is the compiler the GNU C compiler?
+with_gcc=$GCC_GCJ
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_LD_GCJ
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl_GCJ
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic_GCJ
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o_GCJ
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static_GCJ
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_GCJ
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_GCJ
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec_GCJ
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_thread_safe_flag_spec_GCJ
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names.  First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_old_archive_cmds_GCJ
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_GCJ
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_GCJ
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_archive_cmds_GCJ
+archive_expsym_cmds=$lt_archive_expsym_cmds_GCJ
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_module_cmds_GCJ
+module_expsym_cmds=$lt_module_expsym_cmds_GCJ
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_predep_objects_GCJ
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_postdep_objects_GCJ
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_predeps_GCJ
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_postdeps_GCJ
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path_GCJ
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag_GCJ
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag_GCJ
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action_GCJ
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_GCJ
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_GCJ
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator_GCJ
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$hardcode_direct_GCJ
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$hardcode_minus_L_GCJ
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var_GCJ
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$hardcode_automatic_GCJ
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs_GCJ
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$fix_srcfile_path_GCJ"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$always_export_symbols_GCJ
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds_GCJ
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms_GCJ
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms_GCJ
+
+# ### END LIBTOOL TAG CONFIG: $tagname
+
+__EOF__
+
+
+else
+  # If there is no Makefile yet, we rely on a make rule to execute
+  # `config.status --recheck' to rerun these tests and create the
+  # libtool script then.
+  ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+  if test -f "$ltmain_in"; then
+    test -f Makefile && make "$ltmain"
+  fi
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+	else
+	  tagname=""
+	fi
+	;;
+
+      RC)
+
+
+
+# Source file extension for RC test sources.
+ac_ext=rc
+
+# Object file extension for compiled RC test sources.
+objext=o
+objext_RC=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }\n'
+
+# Code to be used in simple link tests
+lt_simple_link_test_code="$lt_simple_compile_test_code"
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$rm conftest*
+
+ac_outfile=conftest.$ac_objext
+printf "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$rm conftest*
+
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+CC=${RC-"windres"}
+compiler=$CC
+compiler_RC=$CC
+for cc_temp in $compiler""; do
+  case $cc_temp in
+    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+    \-*) ;;
+    *) break;;
+  esac
+done
+cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+lt_cv_prog_compiler_c_o_RC=yes
+
+# The else clause should only fire when bootstrapping the
+# libtool distribution, otherwise you forgot to ship ltmain.sh
+# with your package, and you will get complaints that there are
+# no rules to generate ltmain.sh.
+if test -f "$ltmain"; then
+  # See if we are running on zsh, and set the options which allow our commands through
+  # without removal of \ escapes.
+  if test -n "${ZSH_VERSION+set}" ; then
+    setopt NO_GLOB_SUBST
+  fi
+  # Now quote all the things that may contain metacharacters while being
+  # careful not to overquote the AC_SUBSTed values.  We take copies of the
+  # variables and quote the copies for generation of the libtool script.
+  for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \
+    SED SHELL STRIP \
+    libname_spec library_names_spec soname_spec extract_expsyms_cmds \
+    old_striplib striplib file_magic_cmd finish_cmds finish_eval \
+    deplibs_check_method reload_flag reload_cmds need_locks \
+    lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \
+    lt_cv_sys_global_symbol_to_c_name_address \
+    sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
+    old_postinstall_cmds old_postuninstall_cmds \
+    compiler_RC \
+    CC_RC \
+    LD_RC \
+    lt_prog_compiler_wl_RC \
+    lt_prog_compiler_pic_RC \
+    lt_prog_compiler_static_RC \
+    lt_prog_compiler_no_builtin_flag_RC \
+    export_dynamic_flag_spec_RC \
+    thread_safe_flag_spec_RC \
+    whole_archive_flag_spec_RC \
+    enable_shared_with_static_runtimes_RC \
+    old_archive_cmds_RC \
+    old_archive_from_new_cmds_RC \
+    predep_objects_RC \
+    postdep_objects_RC \
+    predeps_RC \
+    postdeps_RC \
+    compiler_lib_search_path_RC \
+    archive_cmds_RC \
+    archive_expsym_cmds_RC \
+    postinstall_cmds_RC \
+    postuninstall_cmds_RC \
+    old_archive_from_expsyms_cmds_RC \
+    allow_undefined_flag_RC \
+    no_undefined_flag_RC \
+    export_symbols_cmds_RC \
+    hardcode_libdir_flag_spec_RC \
+    hardcode_libdir_flag_spec_ld_RC \
+    hardcode_libdir_separator_RC \
+    hardcode_automatic_RC \
+    module_cmds_RC \
+    module_expsym_cmds_RC \
+    lt_cv_prog_compiler_c_o_RC \
+    exclude_expsyms_RC \
+    include_expsyms_RC; do
+
+    case $var in
+    old_archive_cmds_RC | \
+    old_archive_from_new_cmds_RC | \
+    archive_cmds_RC | \
+    archive_expsym_cmds_RC | \
+    module_cmds_RC | \
+    module_expsym_cmds_RC | \
+    old_archive_from_expsyms_cmds_RC | \
+    export_symbols_cmds_RC | \
+    extract_expsyms_cmds | reload_cmds | finish_cmds | \
+    postinstall_cmds | postuninstall_cmds | \
+    old_postinstall_cmds | old_postuninstall_cmds | \
+    sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
+      # Double-quote double-evaled strings.
+      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\""
+      ;;
+    *)
+      eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\""
+      ;;
+    esac
+  done
+
+  case $lt_echo in
+  *'\$0 --fallback-echo"')
+    lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
+    ;;
+  esac
+
+cfgfile="$ofile"
+
+  cat <<__EOF__ >> "$cfgfile"
+# ### BEGIN LIBTOOL TAG CONFIG: $tagname
+
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc_RC
+
+# Whether or not to disallow shared libs when runtime libs are static
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_RC
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# An echo program that does not interpret backslashes.
+echo=$lt_echo
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A C compiler.
+LTCC=$lt_LTCC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_LTCFLAGS
+
+# A language-specific compiler.
+CC=$lt_compiler_RC
+
+# Is the compiler the GNU C compiler?
+with_gcc=$GCC_RC
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# The linker used to build libraries.
+LD=$lt_LD_RC
+
+# Whether we need hard or soft links.
+LN_S=$lt_LN_S
+
+# A BSD-compatible nm program.
+NM=$lt_NM
+
+# A symbol stripping program
+STRIP=$lt_STRIP
+
+# Used to examine libraries when file_magic_cmd begins "file"
+MAGIC_CMD=$MAGIC_CMD
+
+# Used on cygwin: DLL creation program.
+DLLTOOL="$DLLTOOL"
+
+# Used on cygwin: object dumper.
+OBJDUMP="$OBJDUMP"
+
+# Used on cygwin: assembler.
+AS="$AS"
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl_RC
+
+# Object file suffix (normally "o").
+objext="$ac_objext"
+
+# Old archive suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally ".so").
+shrext_cmds='$shrext_cmds'
+
+# Executable file suffix (normally "").
+exeext="$exeext"
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic_RC
+pic_mode=$pic_mode
+
+# What is the maximum length of a command?
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o_RC
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Do we need the lib prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static_RC
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_RC
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_RC
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec_RC
+
+# Compiler flag to generate thread-safe objects.
+thread_safe_flag_spec=$lt_thread_safe_flag_spec_RC
+
+# Library versioning type.
+version_type=$version_type
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names.  First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME.
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Commands used to build and install an old-style archive.
+RANLIB=$lt_RANLIB
+old_archive_cmds=$lt_old_archive_cmds_RC
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_RC
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_RC
+
+# Commands used to build and install a shared archive.
+archive_cmds=$lt_archive_cmds_RC
+archive_expsym_cmds=$lt_archive_expsym_cmds_RC
+postinstall_cmds=$lt_postinstall_cmds
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to build a loadable module (assumed same as above if empty)
+module_cmds=$lt_module_cmds_RC
+module_expsym_cmds=$lt_module_expsym_cmds_RC
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predep_objects=$lt_predep_objects_RC
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdep_objects=$lt_postdep_objects_RC
+
+# Dependencies to place before the objects being linked to create a
+# shared library.
+predeps=$lt_predeps_RC
+
+# Dependencies to place after the objects being linked to create a
+# shared library.
+postdeps=$lt_postdeps_RC
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path_RC
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == file_magic.
+file_magic_cmd=$lt_file_magic_cmd
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag_RC
+
+# Flag that forces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag_RC
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# Same as above, but a single script fragment to be evaled but not shown.
+finish_eval=$lt_finish_eval
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# This is the shared library runtime path variable.
+runpath_var=$runpath_var
+
+# This is the shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action_RC
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_RC
+
+# If ld is used when linking, flag to hardcode \$libdir into
+# a binary during linking. This must work even if \$libdir does
+# not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_RC
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator_RC
+
+# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct=$hardcode_direct_RC
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L=$hardcode_minus_L_RC
+
+# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
+# the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var_RC
+
+# Set to yes if building a shared library automatically hardcodes DIR into the library
+# and all subsequent libraries and executables linked against it.
+hardcode_automatic=$hardcode_automatic_RC
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at relink time.
+variables_saved_for_relink="$variables_saved_for_relink"
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs_RC
+
+# Compile-time system search path for libraries
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path="$fix_srcfile_path_RC"
+
+# Set to yes if exported symbols are required.
+always_export_symbols=$always_export_symbols_RC
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds_RC
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms_RC
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms_RC
+
+# ### END LIBTOOL TAG CONFIG: $tagname
+
+__EOF__
+
+
+else
+  # If there is no Makefile yet, we rely on a make rule to execute
+  # `config.status --recheck' to rerun these tests and create the
+  # libtool script then.
+  ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'`
+  if test -f "$ltmain_in"; then
+    test -f Makefile && make "$ltmain"
+  fi
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+	;;
+
+      *)
+	{ { echo "$as_me:$LINENO: error: Unsupported tag name: $tagname" >&5
+echo "$as_me: error: Unsupported tag name: $tagname" >&2;}
+   { (exit 1); exit 1; }; }
+	;;
+      esac
+
+      # Append the new tag name to the list of available tags.
+      if test -n "$tagname" ; then
+      available_tags="$available_tags $tagname"
+    fi
+    fi
+  done
+  IFS="$lt_save_ifs"
+
+  # Now substitute the updated list of available tags.
+  if eval "sed -e 's/^available_tags=.*\$/available_tags=\"$available_tags\"/' \"$ofile\" > \"${ofile}T\""; then
+    mv "${ofile}T" "$ofile"
+    chmod +x "$ofile"
+  else
+    rm -f "${ofile}T"
+    { { echo "$as_me:$LINENO: error: unable to update list of available tagged configurations." >&5
+echo "$as_me: error: unable to update list of available tagged configurations." >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+fi
+
+
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ac_aux_dir/ltmain.sh"
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+
+# Prevent multiple expansion
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Checks for header files.
+
+
+
+
+
+ac_header_dirent=no
+for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do
+  as_ac_Header=`echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_hdr that defines DIR" >&5
+echo $ECHO_N "checking for $ac_hdr that defines DIR... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <$ac_hdr>
+
+int
+main ()
+{
+if ((DIR *) 0)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_Header=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_Header=no"
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_hdr" | $as_tr_cpp` 1
+_ACEOF
+
+ac_header_dirent=$ac_hdr; break
+fi
+
+done
+# Two versions of opendir et al. are in -ldir and -lx on SCO Xenix.
+if test $ac_header_dirent = dirent.h; then
+  echo "$as_me:$LINENO: checking for library containing opendir" >&5
+echo $ECHO_N "checking for library containing opendir... $ECHO_C" >&6
+if test "${ac_cv_search_opendir+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+ac_cv_search_opendir=no
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char opendir ();
+int
+main ()
+{
+opendir ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_search_opendir="none required"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+if test "$ac_cv_search_opendir" = no; then
+  for ac_lib in dir; do
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+    cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char opendir ();
+int
+main ()
+{
+opendir ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_search_opendir="-l$ac_lib"
+break
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+  done
+fi
+LIBS=$ac_func_search_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_search_opendir" >&5
+echo "${ECHO_T}$ac_cv_search_opendir" >&6
+if test "$ac_cv_search_opendir" != no; then
+  test "$ac_cv_search_opendir" = "none required" || LIBS="$ac_cv_search_opendir $LIBS"
+
+fi
+
+else
+  echo "$as_me:$LINENO: checking for library containing opendir" >&5
+echo $ECHO_N "checking for library containing opendir... $ECHO_C" >&6
+if test "${ac_cv_search_opendir+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+ac_cv_search_opendir=no
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char opendir ();
+int
+main ()
+{
+opendir ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_search_opendir="none required"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+if test "$ac_cv_search_opendir" = no; then
+  for ac_lib in x; do
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+    cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char opendir ();
+int
+main ()
+{
+opendir ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_search_opendir="-l$ac_lib"
+break
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+  done
+fi
+LIBS=$ac_func_search_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_search_opendir" >&5
+echo "${ECHO_T}$ac_cv_search_opendir" >&6
+if test "$ac_cv_search_opendir" != no; then
+  test "$ac_cv_search_opendir" = "none required" || LIBS="$ac_cv_search_opendir $LIBS"
+
+fi
+
+fi
+
+echo "$as_me:$LINENO: checking for ANSI C header files" >&5
+echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
+if test "${ac_cv_header_stdc+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_header_stdc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_header_stdc=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "memchr" >/dev/null 2>&1; then
+  :
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "free" >/dev/null 2>&1; then
+  :
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+  if test "$cross_compiling" = yes; then
+  :
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <ctype.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+		   (('a' <= (c) && (c) <= 'i') \
+		     || ('j' <= (c) && (c) <= 'r') \
+		     || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+  int i;
+  for (i = 0; i < 256; i++)
+    if (XOR (islower (i), ISLOWER (i))
+	|| toupper (i) != TOUPPER (i))
+      exit(2);
+  exit (0);
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  :
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_header_stdc=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
+echo "${ECHO_T}$ac_cv_header_stdc" >&6
+if test $ac_cv_header_stdc = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define STDC_HEADERS 1
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for sys/wait.h that is POSIX.1 compatible" >&5
+echo $ECHO_N "checking for sys/wait.h that is POSIX.1 compatible... $ECHO_C" >&6
+if test "${ac_cv_header_sys_wait_h+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <sys/wait.h>
+#ifndef WEXITSTATUS
+# define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
+#endif
+#ifndef WIFEXITED
+# define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
+#endif
+
+int
+main ()
+{
+  int s;
+  wait (&s);
+  s = WIFEXITED (s) ? WEXITSTATUS (s) : 1;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_header_sys_wait_h=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_header_sys_wait_h=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_sys_wait_h" >&5
+echo "${ECHO_T}$ac_cv_header_sys_wait_h" >&6
+if test $ac_cv_header_sys_wait_h = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_SYS_WAIT_H 1
+_ACEOF
+
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+for ac_header in arpa/inet.h fcntl.h malloc.h netdb.h netinet/in.h stdlib.h string.h strings.h sys/file.h sys/socket.h sys/time.h unistd.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+  # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_header_compiler=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  ac_header_preproc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So?  What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+  yes:no: )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+    ac_header_preproc=yes
+    ;;
+  no:yes:* )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+    (
+      cat <<\_ASBOX
+## ------------------------------------------ ##
+## Report this to http://bugzilla.redhat.com/ ##
+## ------------------------------------------ ##
+_ASBOX
+    ) |
+      sed "s/^/$as_me: WARNING:     /" >&2
+    ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+# Checks for typedefs, structures, and compiler characteristics.
+echo "$as_me:$LINENO: checking whether stat file-mode macros are broken" >&5
+echo $ECHO_N "checking whether stat file-mode macros are broken... $ECHO_C" >&6
+if test "${ac_cv_header_stat_broken+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#if defined(S_ISBLK) && defined(S_IFDIR)
+# if S_ISBLK (S_IFDIR)
+You lose.
+# endif
+#endif
+
+#if defined(S_ISBLK) && defined(S_IFCHR)
+# if S_ISBLK (S_IFCHR)
+You lose.
+# endif
+#endif
+
+#if defined(S_ISLNK) && defined(S_IFREG)
+# if S_ISLNK (S_IFREG)
+You lose.
+# endif
+#endif
+
+#if defined(S_ISSOCK) && defined(S_IFREG)
+# if S_ISSOCK (S_IFREG)
+You lose.
+# endif
+#endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "You lose" >/dev/null 2>&1; then
+  ac_cv_header_stat_broken=yes
+else
+  ac_cv_header_stat_broken=no
+fi
+rm -f conftest*
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_stat_broken" >&5
+echo "${ECHO_T}$ac_cv_header_stat_broken" >&6
+if test $ac_cv_header_stat_broken = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define STAT_MACROS_BROKEN 1
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5
+echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6
+if test "${ac_cv_c_const+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+/* FIXME: Include the comments suggested by Paul. */
+#ifndef __cplusplus
+  /* Ultrix mips cc rejects this.  */
+  typedef int charset[2];
+  const charset x;
+  /* SunOS 4.1.1 cc rejects this.  */
+  char const *const *ccp;
+  char **p;
+  /* NEC SVR4.0.2 mips cc rejects this.  */
+  struct point {int x, y;};
+  static struct point const zero = {0,0};
+  /* AIX XL C 1.02.0.0 rejects this.
+     It does not let you subtract one const X* pointer from another in
+     an arm of an if-expression whose if-part is not a constant
+     expression */
+  const char *g = "string";
+  ccp = &g + (g ? g-g : 0);
+  /* HPUX 7.0 cc rejects these. */
+  ++ccp;
+  p = (char**) ccp;
+  ccp = (char const *const *) p;
+  { /* SCO 3.2v4 cc rejects this.  */
+    char *t;
+    char const *s = 0 ? (char *) 0 : (char const *) 0;
+
+    *t++ = 0;
+  }
+  { /* Someone thinks the Sun supposedly-ANSI compiler will reject this.  */
+    int x[] = {25, 17};
+    const int *foo = &x[0];
+    ++foo;
+  }
+  { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
+    typedef const int *iptr;
+    iptr p = 0;
+    ++p;
+  }
+  { /* AIX XL C 1.02.0.0 rejects this saying
+       "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
+    struct s { int j; const int *ap[3]; };
+    struct s *b; b->j = 5;
+  }
+  { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
+    const int foo = 10;
+  }
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_c_const=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_c_const=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5
+echo "${ECHO_T}$ac_cv_c_const" >&6
+if test $ac_cv_c_const = no; then
+
+cat >>confdefs.h <<\_ACEOF
+#define const
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for stdbool.h that conforms to C99" >&5
+echo $ECHO_N "checking for stdbool.h that conforms to C99... $ECHO_C" >&6
+if test "${ac_cv_header_stdbool_h+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <stdbool.h>
+#ifndef bool
+# error bool is not defined
+#endif
+#ifndef false
+# error false is not defined
+#endif
+#if false
+# error false is not 0
+#endif
+#ifndef true
+# error true is not defined
+#endif
+#if true != 1
+# error true is not 1
+#endif
+#ifndef __bool_true_false_are_defined
+# error __bool_true_false_are_defined is not defined
+#endif
+
+	struct s { _Bool s: 1; _Bool t; } s;
+
+	char a[true == 1 ? 1 : -1];
+	char b[false == 0 ? 1 : -1];
+	char c[__bool_true_false_are_defined == 1 ? 1 : -1];
+	char d[(bool) -0.5 == true ? 1 : -1];
+	bool e = &s;
+	char f[(_Bool) -0.0 == false ? 1 : -1];
+	char g[true];
+	char h[sizeof (_Bool)];
+	char i[sizeof s.t];
+
+int
+main ()
+{
+ return !a + !b + !c + !d + !e + !f + !g + !h + !i;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_header_stdbool_h=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_header_stdbool_h=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_stdbool_h" >&5
+echo "${ECHO_T}$ac_cv_header_stdbool_h" >&6
+echo "$as_me:$LINENO: checking for _Bool" >&5
+echo $ECHO_N "checking for _Bool... $ECHO_C" >&6
+if test "${ac_cv_type__Bool+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+if ((_Bool *) 0)
+  return 0;
+if (sizeof (_Bool))
+  return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_type__Bool=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type__Bool=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type__Bool" >&5
+echo "${ECHO_T}$ac_cv_type__Bool" >&6
+if test $ac_cv_type__Bool = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE__BOOL 1
+_ACEOF
+
+
+fi
+
+if test $ac_cv_header_stdbool_h = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_STDBOOL_H 1
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for uid_t in sys/types.h" >&5
+echo $ECHO_N "checking for uid_t in sys/types.h... $ECHO_C" >&6
+if test "${ac_cv_type_uid_t+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <sys/types.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "uid_t" >/dev/null 2>&1; then
+  ac_cv_type_uid_t=yes
+else
+  ac_cv_type_uid_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_uid_t" >&5
+echo "${ECHO_T}$ac_cv_type_uid_t" >&6
+if test $ac_cv_type_uid_t = no; then
+
+cat >>confdefs.h <<\_ACEOF
+#define uid_t int
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define gid_t int
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for pid_t" >&5
+echo $ECHO_N "checking for pid_t... $ECHO_C" >&6
+if test "${ac_cv_type_pid_t+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+if ((pid_t *) 0)
+  return 0;
+if (sizeof (pid_t))
+  return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_type_pid_t=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_pid_t=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_pid_t" >&5
+echo "${ECHO_T}$ac_cv_type_pid_t" >&6
+if test $ac_cv_type_pid_t = yes; then
+  :
+else
+
+cat >>confdefs.h <<_ACEOF
+#define pid_t int
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for size_t" >&5
+echo $ECHO_N "checking for size_t... $ECHO_C" >&6
+if test "${ac_cv_type_size_t+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+if ((size_t *) 0)
+  return 0;
+if (sizeof (size_t))
+  return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_type_size_t=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_size_t=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_size_t" >&5
+echo "${ECHO_T}$ac_cv_type_size_t" >&6
+if test $ac_cv_type_size_t = yes; then
+  :
+else
+
+cat >>confdefs.h <<_ACEOF
+#define size_t unsigned
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5
+echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6
+if test "${ac_cv_header_time+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <sys/time.h>
+#include <time.h>
+
+int
+main ()
+{
+if ((struct tm *) 0)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_header_time=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_header_time=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_time" >&5
+echo "${ECHO_T}$ac_cv_header_time" >&6
+if test $ac_cv_header_time = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define TIME_WITH_SYS_TIME 1
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking whether struct tm is in sys/time.h or time.h" >&5
+echo $ECHO_N "checking whether struct tm is in sys/time.h or time.h... $ECHO_C" >&6
+if test "${ac_cv_struct_tm+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <time.h>
+
+int
+main ()
+{
+struct tm *tp; tp->tm_sec;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_struct_tm=time.h
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_struct_tm=sys/time.h
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_struct_tm" >&5
+echo "${ECHO_T}$ac_cv_struct_tm" >&6
+if test $ac_cv_struct_tm = sys/time.h; then
+
+cat >>confdefs.h <<\_ACEOF
+#define TM_IN_SYS_TIME 1
+_ACEOF
+
+fi
+
+
+# Checks for library functions.
+
+for ac_header in unistd.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+  # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_header_compiler=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  ac_header_preproc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So?  What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+  yes:no: )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+    ac_header_preproc=yes
+    ;;
+  no:yes:* )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+    (
+      cat <<\_ASBOX
+## ------------------------------------------ ##
+## Report this to http://bugzilla.redhat.com/ ##
+## ------------------------------------------ ##
+_ASBOX
+    ) |
+      sed "s/^/$as_me: WARNING:     /" >&2
+    ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+echo "$as_me:$LINENO: checking for working chown" >&5
+echo $ECHO_N "checking for working chown... $ECHO_C" >&6
+if test "${ac_cv_func_chown_works+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_func_chown_works=no
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+#include <fcntl.h>
+
+int
+main ()
+{
+  char *f = "conftest.chown";
+  struct stat before, after;
+
+  if (creat (f, 0600) < 0)
+    exit (1);
+  if (stat (f, &before) < 0)
+    exit (1);
+  if (chown (f, (uid_t) -1, (gid_t) -1) == -1)
+    exit (1);
+  if (stat (f, &after) < 0)
+    exit (1);
+  exit ((before.st_uid == after.st_uid
+	 && before.st_gid == after.st_gid) ? 0 : 1);
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_chown_works=yes
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_chown_works=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f conftest.chown
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_chown_works" >&5
+echo "${ECHO_T}$ac_cv_func_chown_works" >&6
+if test $ac_cv_func_chown_works = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_CHOWN 1
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking whether closedir returns void" >&5
+echo $ECHO_N "checking whether closedir returns void... $ECHO_C" >&6
+if test "${ac_cv_func_closedir_void+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_func_closedir_void=yes
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+#include <$ac_header_dirent>
+#ifndef __cplusplus
+int closedir ();
+#endif
+
+int
+main ()
+{
+exit (closedir (opendir (".")) != 0);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_closedir_void=no
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_closedir_void=yes
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_closedir_void" >&5
+echo "${ECHO_T}$ac_cv_func_closedir_void" >&6
+if test $ac_cv_func_closedir_void = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define CLOSEDIR_VOID 1
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for error_at_line" >&5
+echo $ECHO_N "checking for error_at_line... $ECHO_C" >&6
+if test "${ac_cv_lib_error_at_line+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+error_at_line (0, 0, "", 0, "");
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_lib_error_at_line=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_error_at_line=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_error_at_line" >&5
+echo "${ECHO_T}$ac_cv_lib_error_at_line" >&6
+if test $ac_cv_lib_error_at_line = no; then
+  case $LIBOBJS in
+    "error.$ac_objext"   | \
+  *" error.$ac_objext"   | \
+    "error.$ac_objext "* | \
+  *" error.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS error.$ac_objext" ;;
+esac
+
+fi
+
+
+
+for ac_header in unistd.h vfork.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+  # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_header_compiler=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  ac_header_preproc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So?  What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+  yes:no: )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+    ac_header_preproc=yes
+    ;;
+  no:yes:* )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+    (
+      cat <<\_ASBOX
+## ------------------------------------------ ##
+## Report this to http://bugzilla.redhat.com/ ##
+## ------------------------------------------ ##
+_ASBOX
+    ) |
+      sed "s/^/$as_me: WARNING:     /" >&2
+    ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+for ac_func in fork vfork
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+if test "x$ac_cv_func_fork" = xyes; then
+  echo "$as_me:$LINENO: checking for working fork" >&5
+echo $ECHO_N "checking for working fork... $ECHO_C" >&6
+if test "${ac_cv_func_fork_works+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_func_fork_works=cross
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* By Ruediger Kuhlmann. */
+      #include <sys/types.h>
+      #if HAVE_UNISTD_H
+      # include <unistd.h>
+      #endif
+      /* Some systems only have a dummy stub for fork() */
+      int main ()
+      {
+	if (fork() < 0)
+	  exit (1);
+	exit (0);
+      }
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_fork_works=yes
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_fork_works=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_fork_works" >&5
+echo "${ECHO_T}$ac_cv_func_fork_works" >&6
+
+else
+  ac_cv_func_fork_works=$ac_cv_func_fork
+fi
+if test "x$ac_cv_func_fork_works" = xcross; then
+  case $host in
+    *-*-amigaos* | *-*-msdosdjgpp*)
+      # Override, as these systems have only a dummy fork() stub
+      ac_cv_func_fork_works=no
+      ;;
+    *)
+      ac_cv_func_fork_works=yes
+      ;;
+  esac
+  { echo "$as_me:$LINENO: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&5
+echo "$as_me: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&2;}
+fi
+ac_cv_func_vfork_works=$ac_cv_func_vfork
+if test "x$ac_cv_func_vfork" = xyes; then
+  echo "$as_me:$LINENO: checking for working vfork" >&5
+echo $ECHO_N "checking for working vfork... $ECHO_C" >&6
+if test "${ac_cv_func_vfork_works+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_func_vfork_works=cross
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Thanks to Paul Eggert for this test.  */
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+#if HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+#if HAVE_VFORK_H
+# include <vfork.h>
+#endif
+/* On some sparc systems, changes by the child to local and incoming
+   argument registers are propagated back to the parent.  The compiler
+   is told about this with #include <vfork.h>, but some compilers
+   (e.g. gcc -O) don't grok <vfork.h>.  Test for this by using a
+   static variable whose address is put into a register that is
+   clobbered by the vfork.  */
+static void
+#ifdef __cplusplus
+sparc_address_test (int arg)
+# else
+sparc_address_test (arg) int arg;
+#endif
+{
+  static pid_t child;
+  if (!child) {
+    child = vfork ();
+    if (child < 0) {
+      perror ("vfork");
+      _exit(2);
+    }
+    if (!child) {
+      arg = getpid();
+      write(-1, "", 0);
+      _exit (arg);
+    }
+  }
+}
+
+int
+main ()
+{
+  pid_t parent = getpid ();
+  pid_t child;
+
+  sparc_address_test (0);
+
+  child = vfork ();
+
+  if (child == 0) {
+    /* Here is another test for sparc vfork register problems.  This
+       test uses lots of local variables, at least as many local
+       variables as main has allocated so far including compiler
+       temporaries.  4 locals are enough for gcc 1.40.3 on a Solaris
+       4.1.3 sparc, but we use 8 to be safe.  A buggy compiler should
+       reuse the register of parent for one of the local variables,
+       since it will think that parent can't possibly be used any more
+       in this routine.  Assigning to the local variable will thus
+       munge parent in the parent process.  */
+    pid_t
+      p = getpid(), p1 = getpid(), p2 = getpid(), p3 = getpid(),
+      p4 = getpid(), p5 = getpid(), p6 = getpid(), p7 = getpid();
+    /* Convince the compiler that p..p7 are live; otherwise, it might
+       use the same hardware register for all 8 local variables.  */
+    if (p != p1 || p != p2 || p != p3 || p != p4
+	|| p != p5 || p != p6 || p != p7)
+      _exit(1);
+
+    /* On some systems (e.g. IRIX 3.3), vfork doesn't separate parent
+       from child file descriptors.  If the child closes a descriptor
+       before it execs or exits, this munges the parent's descriptor
+       as well.  Test for this by closing stdout in the child.  */
+    _exit(close(fileno(stdout)) != 0);
+  } else {
+    int status;
+    struct stat st;
+
+    while (wait(&status) != child)
+      ;
+    exit(
+	 /* Was there some problem with vforking?  */
+	 child < 0
+
+	 /* Did the child fail?  (This shouldn't happen.)  */
+	 || status
+
+	 /* Did the vfork/compiler bug occur?  */
+	 || parent != getpid()
+
+	 /* Did the file descriptor bug occur?  */
+	 || fstat(fileno(stdout), &st) != 0
+	 );
+  }
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_vfork_works=yes
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_vfork_works=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_vfork_works" >&5
+echo "${ECHO_T}$ac_cv_func_vfork_works" >&6
+
+fi;
+if test "x$ac_cv_func_fork_works" = xcross; then
+  ac_cv_func_vfork_works=$ac_cv_func_vfork
+  { echo "$as_me:$LINENO: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&5
+echo "$as_me: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&2;}
+fi
+
+if test "x$ac_cv_func_vfork_works" = xyes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_WORKING_VFORK 1
+_ACEOF
+
+else
+
+cat >>confdefs.h <<\_ACEOF
+#define vfork fork
+_ACEOF
+
+fi
+if test "x$ac_cv_func_fork_works" = xyes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_WORKING_FORK 1
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking whether lstat dereferences a symlink specified with a trailing slash" >&5
+echo $ECHO_N "checking whether lstat dereferences a symlink specified with a trailing slash... $ECHO_C" >&6
+if test "${ac_cv_func_lstat_dereferences_slashed_symlink+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  rm -f conftest.sym conftest.file
+echo >conftest.file
+if test "$as_ln_s" = "ln -s" && ln -s conftest.file conftest.sym; then
+  if test "$cross_compiling" = yes; then
+  ac_cv_func_lstat_dereferences_slashed_symlink=no
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+struct stat sbuf;
+     /* Linux will dereference the symlink and fail.
+	That is better in the sense that it means we will not
+	have to compile and use the lstat wrapper.  */
+     exit (lstat ("conftest.sym/", &sbuf) ? 0 : 1);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_lstat_dereferences_slashed_symlink=yes
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_lstat_dereferences_slashed_symlink=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+else
+  # If the `ln -s' command failed, then we probably don't even
+  # have an lstat function.
+  ac_cv_func_lstat_dereferences_slashed_symlink=no
+fi
+rm -f conftest.sym conftest.file
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_lstat_dereferences_slashed_symlink" >&5
+echo "${ECHO_T}$ac_cv_func_lstat_dereferences_slashed_symlink" >&6
+
+test $ac_cv_func_lstat_dereferences_slashed_symlink = yes &&
+
+cat >>confdefs.h <<_ACEOF
+#define LSTAT_FOLLOWS_SLASHED_SYMLINK 1
+_ACEOF
+
+
+if test $ac_cv_func_lstat_dereferences_slashed_symlink = no; then
+  case $LIBOBJS in
+    "lstat.$ac_objext"   | \
+  *" lstat.$ac_objext"   | \
+    "lstat.$ac_objext "* | \
+  *" lstat.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS lstat.$ac_objext" ;;
+esac
+
+fi
+
+echo "$as_me:$LINENO: checking whether lstat accepts an empty string" >&5
+echo $ECHO_N "checking whether lstat accepts an empty string... $ECHO_C" >&6
+if test "${ac_cv_func_lstat_empty_string_bug+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_func_lstat_empty_string_bug=yes
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+struct stat sbuf;
+  exit (lstat ("", &sbuf) ? 1 : 0);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_lstat_empty_string_bug=yes
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_lstat_empty_string_bug=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_lstat_empty_string_bug" >&5
+echo "${ECHO_T}$ac_cv_func_lstat_empty_string_bug" >&6
+if test $ac_cv_func_lstat_empty_string_bug = yes; then
+  case $LIBOBJS in
+    "lstat.$ac_objext"   | \
+  *" lstat.$ac_objext"   | \
+    "lstat.$ac_objext "* | \
+  *" lstat.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS lstat.$ac_objext" ;;
+esac
+
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_LSTAT_EMPTY_STRING_BUG 1
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking whether lstat dereferences a symlink specified with a trailing slash" >&5
+echo $ECHO_N "checking whether lstat dereferences a symlink specified with a trailing slash... $ECHO_C" >&6
+if test "${ac_cv_func_lstat_dereferences_slashed_symlink+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  rm -f conftest.sym conftest.file
+echo >conftest.file
+if test "$as_ln_s" = "ln -s" && ln -s conftest.file conftest.sym; then
+  if test "$cross_compiling" = yes; then
+  ac_cv_func_lstat_dereferences_slashed_symlink=no
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+struct stat sbuf;
+     /* Linux will dereference the symlink and fail.
+	That is better in the sense that it means we will not
+	have to compile and use the lstat wrapper.  */
+     exit (lstat ("conftest.sym/", &sbuf) ? 0 : 1);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_lstat_dereferences_slashed_symlink=yes
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_lstat_dereferences_slashed_symlink=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+else
+  # If the `ln -s' command failed, then we probably don't even
+  # have an lstat function.
+  ac_cv_func_lstat_dereferences_slashed_symlink=no
+fi
+rm -f conftest.sym conftest.file
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_lstat_dereferences_slashed_symlink" >&5
+echo "${ECHO_T}$ac_cv_func_lstat_dereferences_slashed_symlink" >&6
+
+test $ac_cv_func_lstat_dereferences_slashed_symlink = yes &&
+
+cat >>confdefs.h <<_ACEOF
+#define LSTAT_FOLLOWS_SLASHED_SYMLINK 1
+_ACEOF
+
+
+if test $ac_cv_func_lstat_dereferences_slashed_symlink = no; then
+  case $LIBOBJS in
+    "lstat.$ac_objext"   | \
+  *" lstat.$ac_objext"   | \
+    "lstat.$ac_objext "* | \
+  *" lstat.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS lstat.$ac_objext" ;;
+esac
+
+fi
+
+
+for ac_header in stdlib.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+  # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_header_compiler=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  ac_header_preproc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So?  What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+  yes:no: )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+    ac_header_preproc=yes
+    ;;
+  no:yes:* )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+    (
+      cat <<\_ASBOX
+## ------------------------------------------ ##
+## Report this to http://bugzilla.redhat.com/ ##
+## ------------------------------------------ ##
+_ASBOX
+    ) |
+      sed "s/^/$as_me: WARNING:     /" >&2
+    ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+echo "$as_me:$LINENO: checking for GNU libc compatible malloc" >&5
+echo $ECHO_N "checking for GNU libc compatible malloc... $ECHO_C" >&6
+if test "${ac_cv_func_malloc_0_nonnull+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_func_malloc_0_nonnull=no
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#if STDC_HEADERS || HAVE_STDLIB_H
+# include <stdlib.h>
+#else
+char *malloc ();
+#endif
+
+int
+main ()
+{
+exit (malloc (0) ? 0 : 1);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_malloc_0_nonnull=yes
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_malloc_0_nonnull=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_malloc_0_nonnull" >&5
+echo "${ECHO_T}$ac_cv_func_malloc_0_nonnull" >&6
+if test $ac_cv_func_malloc_0_nonnull = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_MALLOC 1
+_ACEOF
+
+else
+  cat >>confdefs.h <<\_ACEOF
+#define HAVE_MALLOC 0
+_ACEOF
+
+   case $LIBOBJS in
+    "malloc.$ac_objext"   | \
+  *" malloc.$ac_objext"   | \
+    "malloc.$ac_objext "* | \
+  *" malloc.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS malloc.$ac_objext" ;;
+esac
+
+
+cat >>confdefs.h <<\_ACEOF
+#define malloc rpl_malloc
+_ACEOF
+
+fi
+
+
+
+echo "$as_me:$LINENO: checking for working memcmp" >&5
+echo $ECHO_N "checking for working memcmp... $ECHO_C" >&6
+if test "${ac_cv_func_memcmp_working+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_func_memcmp_working=no
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+
+  /* Some versions of memcmp are not 8-bit clean.  */
+  char c0 = 0x40, c1 = 0x80, c2 = 0x81;
+  if (memcmp(&c0, &c2, 1) >= 0 || memcmp(&c1, &c2, 1) >= 0)
+    exit (1);
+
+  /* The Next x86 OpenStep bug shows up only when comparing 16 bytes
+     or more and with at least one buffer not starting on a 4-byte boundary.
+     William Lewis provided this test program.   */
+  {
+    char foo[21];
+    char bar[21];
+    int i;
+    for (i = 0; i < 4; i++)
+      {
+	char *a = foo + i;
+	char *b = bar + i;
+	strcpy (a, "--------01111111");
+	strcpy (b, "--------10000000");
+	if (memcmp (a, b, 16) >= 0)
+	  exit (1);
+      }
+    exit (0);
+  }
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_memcmp_working=yes
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_memcmp_working=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_memcmp_working" >&5
+echo "${ECHO_T}$ac_cv_func_memcmp_working" >&6
+test $ac_cv_func_memcmp_working = no && case $LIBOBJS in
+    "memcmp.$ac_objext"   | \
+  *" memcmp.$ac_objext"   | \
+    "memcmp.$ac_objext "* | \
+  *" memcmp.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS memcmp.$ac_objext" ;;
+esac
+
+
+
+
+for ac_header in stdlib.h unistd.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+  # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_header_compiler=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  ac_header_preproc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So?  What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+  yes:no: )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+    ac_header_preproc=yes
+    ;;
+  no:yes:* )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+    (
+      cat <<\_ASBOX
+## ------------------------------------------ ##
+## Report this to http://bugzilla.redhat.com/ ##
+## ------------------------------------------ ##
+_ASBOX
+    ) |
+      sed "s/^/$as_me: WARNING:     /" >&2
+    ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+for ac_func in getpagesize
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+echo "$as_me:$LINENO: checking for working mmap" >&5
+echo $ECHO_N "checking for working mmap... $ECHO_C" >&6
+if test "${ac_cv_func_mmap_fixed_mapped+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_func_mmap_fixed_mapped=no
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+/* malloc might have been renamed as rpl_malloc. */
+#undef malloc
+
+/* Thanks to Mike Haertel and Jim Avera for this test.
+   Here is a matrix of mmap possibilities:
+	mmap private not fixed
+	mmap private fixed at somewhere currently unmapped
+	mmap private fixed at somewhere already mapped
+	mmap shared not fixed
+	mmap shared fixed at somewhere currently unmapped
+	mmap shared fixed at somewhere already mapped
+   For private mappings, we should verify that changes cannot be read()
+   back from the file, nor mmap's back from the file at a different
+   address.  (There have been systems where private was not correctly
+   implemented like the infamous i386 svr4.0, and systems where the
+   VM page cache was not coherent with the file system buffer cache
+   like early versions of FreeBSD and possibly contemporary NetBSD.)
+   For shared mappings, we should conversely verify that changes get
+   propagated back to all the places they're supposed to be.
+
+   Grep wants private fixed already mapped.
+   The main things grep needs to know about mmap are:
+   * does it exist and is it safe to write into the mmap'd area
+   * how to use it (BSD variants)  */
+
+#include <fcntl.h>
+#include <sys/mman.h>
+
+#if !STDC_HEADERS && !HAVE_STDLIB_H
+char *malloc ();
+#endif
+
+/* This mess was copied from the GNU getpagesize.h.  */
+#if !HAVE_GETPAGESIZE
+/* Assume that all systems that can run configure have sys/param.h.  */
+# if !HAVE_SYS_PARAM_H
+#  define HAVE_SYS_PARAM_H 1
+# endif
+
+# ifdef _SC_PAGESIZE
+#  define getpagesize() sysconf(_SC_PAGESIZE)
+# else /* no _SC_PAGESIZE */
+#  if HAVE_SYS_PARAM_H
+#   include <sys/param.h>
+#   ifdef EXEC_PAGESIZE
+#    define getpagesize() EXEC_PAGESIZE
+#   else /* no EXEC_PAGESIZE */
+#    ifdef NBPG
+#     define getpagesize() NBPG * CLSIZE
+#     ifndef CLSIZE
+#      define CLSIZE 1
+#     endif /* no CLSIZE */
+#    else /* no NBPG */
+#     ifdef NBPC
+#      define getpagesize() NBPC
+#     else /* no NBPC */
+#      ifdef PAGESIZE
+#       define getpagesize() PAGESIZE
+#      endif /* PAGESIZE */
+#     endif /* no NBPC */
+#    endif /* no NBPG */
+#   endif /* no EXEC_PAGESIZE */
+#  else /* no HAVE_SYS_PARAM_H */
+#   define getpagesize() 8192	/* punt totally */
+#  endif /* no HAVE_SYS_PARAM_H */
+# endif /* no _SC_PAGESIZE */
+
+#endif /* no HAVE_GETPAGESIZE */
+
+int
+main ()
+{
+  char *data, *data2, *data3;
+  int i, pagesize;
+  int fd;
+
+  pagesize = getpagesize ();
+
+  /* First, make a file with some known garbage in it. */
+  data = (char *) malloc (pagesize);
+  if (!data)
+    exit (1);
+  for (i = 0; i < pagesize; ++i)
+    *(data + i) = rand ();
+  umask (0);
+  fd = creat ("conftest.mmap", 0600);
+  if (fd < 0)
+    exit (1);
+  if (write (fd, data, pagesize) != pagesize)
+    exit (1);
+  close (fd);
+
+  /* Next, try to mmap the file at a fixed address which already has
+     something else allocated at it.  If we can, also make sure that
+     we see the same garbage.  */
+  fd = open ("conftest.mmap", O_RDWR);
+  if (fd < 0)
+    exit (1);
+  data2 = (char *) malloc (2 * pagesize);
+  if (!data2)
+    exit (1);
+  data2 += (pagesize - ((long) data2 & (pagesize - 1))) & (pagesize - 1);
+  if (data2 != mmap (data2, pagesize, PROT_READ | PROT_WRITE,
+		     MAP_PRIVATE | MAP_FIXED, fd, 0L))
+    exit (1);
+  for (i = 0; i < pagesize; ++i)
+    if (*(data + i) != *(data2 + i))
+      exit (1);
+
+  /* Finally, make sure that changes to the mapped area do not
+     percolate back to the file as seen by read().  (This is a bug on
+     some variants of i386 svr4.0.)  */
+  for (i = 0; i < pagesize; ++i)
+    *(data2 + i) = *(data2 + i) + 1;
+  data3 = (char *) malloc (pagesize);
+  if (!data3)
+    exit (1);
+  if (read (fd, data3, pagesize) != pagesize)
+    exit (1);
+  for (i = 0; i < pagesize; ++i)
+    if (*(data + i) != *(data3 + i))
+      exit (1);
+  close (fd);
+  exit (0);
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_mmap_fixed_mapped=yes
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_mmap_fixed_mapped=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_mmap_fixed_mapped" >&5
+echo "${ECHO_T}$ac_cv_func_mmap_fixed_mapped" >&6
+if test $ac_cv_func_mmap_fixed_mapped = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_MMAP 1
+_ACEOF
+
+fi
+rm -f conftest.mmap
+
+echo "$as_me:$LINENO: checking return type of signal handlers" >&5
+echo $ECHO_N "checking return type of signal handlers... $ECHO_C" >&6
+if test "${ac_cv_type_signal+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <signal.h>
+#ifdef signal
+# undef signal
+#endif
+#ifdef __cplusplus
+extern "C" void (*signal (int, void (*)(int)))(int);
+#else
+void (*signal ()) ();
+#endif
+
+int
+main ()
+{
+int i;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_type_signal=void
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_signal=int
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_signal" >&5
+echo "${ECHO_T}$ac_cv_type_signal" >&6
+
+cat >>confdefs.h <<_ACEOF
+#define RETSIGTYPE $ac_cv_type_signal
+_ACEOF
+
+
+echo "$as_me:$LINENO: checking whether stat accepts an empty string" >&5
+echo $ECHO_N "checking whether stat accepts an empty string... $ECHO_C" >&6
+if test "${ac_cv_func_stat_empty_string_bug+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_func_stat_empty_string_bug=yes
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+struct stat sbuf;
+  exit (stat ("", &sbuf) ? 1 : 0);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_stat_empty_string_bug=yes
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_stat_empty_string_bug=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_stat_empty_string_bug" >&5
+echo "${ECHO_T}$ac_cv_func_stat_empty_string_bug" >&6
+if test $ac_cv_func_stat_empty_string_bug = yes; then
+  case $LIBOBJS in
+    "stat.$ac_objext"   | \
+  *" stat.$ac_objext"   | \
+    "stat.$ac_objext "* | \
+  *" stat.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS stat.$ac_objext" ;;
+esac
+
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STAT_EMPTY_STRING_BUG 1
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking whether strerror_r is declared" >&5
+echo $ECHO_N "checking whether strerror_r is declared... $ECHO_C" >&6
+if test "${ac_cv_have_decl_strerror_r+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+#ifndef strerror_r
+  char *p = (char *) strerror_r;
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_have_decl_strerror_r=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_have_decl_strerror_r=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_have_decl_strerror_r" >&5
+echo "${ECHO_T}$ac_cv_have_decl_strerror_r" >&6
+if test $ac_cv_have_decl_strerror_r = yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_STRERROR_R 1
+_ACEOF
+
+
+else
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_STRERROR_R 0
+_ACEOF
+
+
+fi
+
+
+
+for ac_func in strerror_r
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+echo "$as_me:$LINENO: checking whether strerror_r returns char *" >&5
+echo $ECHO_N "checking whether strerror_r returns char *... $ECHO_C" >&6
+if test "${ac_cv_func_strerror_r_char_p+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+
+    ac_cv_func_strerror_r_char_p=no
+    if test $ac_cv_have_decl_strerror_r = yes; then
+      cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+
+	  char buf[100];
+	  char x = *strerror_r (0, buf, sizeof buf);
+	  char *p = strerror_r (0, buf, sizeof buf);
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_strerror_r_char_p=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+    else
+      # strerror_r is not declared.  Choose between
+      # systems that have relatively inaccessible declarations for the
+      # function.  BeOS and DEC UNIX 4.0 fall in this category, but the
+      # former has a strerror_r that returns char*, while the latter
+      # has a strerror_r that returns `int'.
+      # This test should segfault on the DEC system.
+      if test "$cross_compiling" = yes; then
+  :
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+	extern char *strerror_r ();
+int
+main ()
+{
+char buf[100];
+	  char x = *strerror_r (0, buf, sizeof buf);
+	  exit (!isalpha (x));
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_strerror_r_char_p=yes
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+    fi
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_strerror_r_char_p" >&5
+echo "${ECHO_T}$ac_cv_func_strerror_r_char_p" >&6
+if test $ac_cv_func_strerror_r_char_p = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define STRERROR_R_CHAR_P 1
+_ACEOF
+
+fi
+
+
+for ac_func in strftime
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+else
+  # strftime is in -lintl on SCO UNIX.
+echo "$as_me:$LINENO: checking for strftime in -lintl" >&5
+echo $ECHO_N "checking for strftime in -lintl... $ECHO_C" >&6
+if test "${ac_cv_lib_intl_strftime+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lintl  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char strftime ();
+int
+main ()
+{
+strftime ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_lib_intl_strftime=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_intl_strftime=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_intl_strftime" >&5
+echo "${ECHO_T}$ac_cv_lib_intl_strftime" >&6
+if test $ac_cv_lib_intl_strftime = yes; then
+  cat >>confdefs.h <<\_ACEOF
+#define HAVE_STRFTIME 1
+_ACEOF
+
+LIBS="-lintl $LIBS"
+fi
+
+fi
+done
+
+
+for ac_func in vprintf
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+echo "$as_me:$LINENO: checking for _doprnt" >&5
+echo $ECHO_N "checking for _doprnt... $ECHO_C" >&6
+if test "${ac_cv_func__doprnt+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define _doprnt to an innocuous variant, in case <limits.h> declares _doprnt.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define _doprnt innocuous__doprnt
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char _doprnt (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef _doprnt
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char _doprnt ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub__doprnt) || defined (__stub____doprnt)
+choke me
+#else
+char (*f) () = _doprnt;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != _doprnt;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func__doprnt=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func__doprnt=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func__doprnt" >&5
+echo "${ECHO_T}$ac_cv_func__doprnt" >&6
+if test $ac_cv_func__doprnt = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_DOPRNT 1
+_ACEOF
+
+fi
+
+fi
+done
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+for ac_func in setrlimit endpwent ftruncate getcwd gethostbyname inet_ntoa localtime_r memmove memset mkdir munmap putenv rmdir socket strcasecmp strchr strcspn strdup strerror strncasecmp strpbrk strrchr strstr strtol tzset
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+# Establish an optional "--enable-64bit" flag
+echo "$as_me:$LINENO: checking for --enable-64bit" >&5
+echo $ECHO_N "checking for --enable-64bit... $ECHO_C" >&6
+# Check whether --enable-64bit or --disable-64bit was given.
+if test "${enable_64bit+set}" = set; then
+  enableval="$enable_64bit"
+
+  echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+  USE_64=1
+
+else
+
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+  USE_64=
+
+fi;
+
+# For historical reasons, establish various "--enable-debug" flags
+# for both DeBuG (yes) and OPTimized (no) builds
+echo "$as_me:$LINENO: checking for --enable-debug" >&5
+echo $ECHO_N "checking for --enable-debug... $ECHO_C" >&6
+# Check whether --enable-debug or --disable-debug was given.
+if test "${enable_debug+set}" = set; then
+  enableval="$enable_debug"
+
+  echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+  debug_defs="-DDEBUG -UNDEBUG -DTRACING"
+
+else
+
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+  debug_defs="-UDEBUG -DNDEBUG -DTRIMMED"
+
+fi;
+
+
+
+
+# installation paths - by default, configure will just
+# use /usr as the prefix for everything, which means
+# /usr/etc, /usr/opt, and /usr/var.  FHS sez to use
+# /etc, /opt, and /var.
+ac_default_prefix=/opt/tps
+prefix=$ac_default_prefix
+exec_prefix=$prefix
+#sysconfdir='/etc'
+#localstatedir='/var'
+
+# relative to prefix
+aliasdir=/alias
+apache_modulesdir=/apache/modules
+appletsdir=/applets
+cgibin_demodir=/cgi-bin/demo
+cgibin_homedir=/cgi-bin/home
+cgibin_sodir=/cgi-bin/so
+cgibin_sowdir=/cgi-bin/sow
+confdir=/conf
+docrootdir=/docroot
+docroot_demodir=/docroot/demo
+docroot_homedir=/docroot/home
+docroot_sodir=/docroot/so
+docroot_sowdir=/docroot/sow
+docroot_sow_cssdir=/docroot/sow/css
+docroot_sow_imagesdir=/docroot/sow/images
+docroot_sow_jsdir=/docroot/sow/js
+docroot_tokendbdir=/docroot/tokendb
+docroot_tps_configdir=/docroot/tps/admin/console/config
+docroot_tps_cssdir=/docroot/tps/admin/console/css
+docroot_tps_imgdir=/docroot/tps/admin/console/img
+docroot_tps_jsdir=/docroot/tps/admin/console/js
+# relative to sysconfdir
+initddir=/init.d
+# relative to prefix
+licensedir=/doc
+logsdir=/logs
+perl_modulesdir=/perl/modules
+perl_templatesdir=/perl/templates
+samplesdir=/samples
+scriptsdir=/scripts
+setupdir=/setup
+templatesdir=/templates
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# WINNT should be true if building on Windows system not using
+# cygnus, mingw, or the like and using cmd.exe as the shell
+
+
+if false; then
+  WINNT_TRUE=
+  WINNT_FALSE='#'
+else
+  WINNT_TRUE='#'
+  WINNT_FALSE=
+fi
+
+
+# Deal with platform dependent defines
+case $host in
+  *-*-linux*)
+
+cat >>confdefs.h <<\_ACEOF
+#define XP_UNIX
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define linux 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define Linux
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define LINUX
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define LINUX2_0
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define LINUX2_2
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define LINUX2_4
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define LINUX2_6
+_ACEOF
+
+    # For historical reasons, establish various "DEFINES" for TPS . . .
+
+cat >>confdefs.h <<\_ACEOF
+#define _BSD_SOURCE 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define _POSIX_SOURCE 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define _POSIX_C_SOURCE 199506L
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define _PR_NEED_FAKE_POLL
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define _REENTRANT
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define _SVID_SOURCE 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_SIGNED_CHAR
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_SYS_BITYPES_H
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_ENDIAN_H
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_GETOPT_H
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_IOCTL_H
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_SYS_TIME_H
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define NEED_UINT_T
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define NET_SSL
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define NO_INT64_T
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define SW_THREADS
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define USE_NODL_TABS
+_ACEOF
+
+    platform="linux"
+    ;;
+  ia64-hp-hpux*)
+
+cat >>confdefs.h <<\_ACEOF
+#define XP_UNIX
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define hpux 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HPUX
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HPUX11 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HPUX11_23 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define CPU_ia64
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define OS_hpux 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define _POSIX_C_SOURCE 199506L
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define _HPUX_SOURCE
+_ACEOF
+
+    platform="hpux"
+    ;;
+  hppa*-hp-hpux*)
+
+cat >>confdefs.h <<\_ACEOF
+#define XP_UNIX
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define hpux 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HPUX
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HPUX11 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HPUX11_11 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define hppa
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define CPU_hppa
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define OS_hpux 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define _POSIX_C_SOURCE 199506L
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define _HPUX_SOURCE
+_ACEOF
+
+    # For historical reasons, establish various "DEFINES" for TPS . . .
+
+cat >>confdefs.h <<\_ACEOF
+#define HPUX_SOURCE
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_STRERROR
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define NET_SSL
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define SW_THREADS
+_ACEOF
+
+    platform="hpux"
+    ;;
+  sparc-sun-solaris*)
+
+cat >>confdefs.h <<\_ACEOF
+#define XP_UNIX
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define SVR4
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define __svr4
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define __svr4__
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define _SVID_GETTOD
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define SOLARIS
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define CPU_sparc
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define OS_solaris 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define sunos5 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define OSVERSION 509
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define _REENTRANT
+_ACEOF
+
+    LIBSOCKET=-lsocket
+    LIBSOCKET=$LIBSOCKET
+
+    LIBNSL=-lnsl
+    LIBNSL=$LIBNSL
+
+    LIBDL=-ldl
+    LIBDL=$LIBDL
+
+    LIBCSTD=-lCstd
+    LIBCSTD=$LIBCSTD
+
+    LIBCRUN=-lCrun
+    LIBCRUN=$LIBCRUN
+
+    # For historical reasons, establish various "DEFINES" for TPS . . .
+
+cat >>confdefs.h <<\_ACEOF
+#define _PR_NTHREAD
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_WEAK_IO_SYMBOLS
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define NET_SSL
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define NS_USE_NATIVE
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define NSPR
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define NSPR20
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define SOLARIS_55_OR_GREATER
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define SYSV
+_ACEOF
+
+    platform="solaris"
+    ;;
+  *)
+    platform=""
+    ;;
+esac
+
+
+
+if test "$platform" = "linux"; then
+  LINUX_TRUE=
+  LINUX_FALSE='#'
+else
+  LINUX_TRUE='#'
+  LINUX_FALSE=
+fi
+
+
+
+if test "$platform" = "hpux"; then
+  HPUX_TRUE=
+  HPUX_FALSE='#'
+else
+  HPUX_TRUE='#'
+  HPUX_FALSE=
+fi
+
+
+
+if test "$platform" = "solaris"; then
+  SOLARIS_TRUE=
+  SOLARIS_FALSE='#'
+else
+  SOLARIS_TRUE='#'
+  SOLARIS_FALSE=
+fi
+
+
+# Check for library dependencies
+
+{ echo "$as_me:$LINENO: checking for NSPR..." >&5
+echo "$as_me: checking for NSPR..." >&6;}
+
+# check for --with-nspr
+echo "$as_me:$LINENO: checking for --with-nspr" >&5
+echo $ECHO_N "checking for --with-nspr... $ECHO_C" >&6
+
+# Check whether --with-nspr or --without-nspr was given.
+if test "${with_nspr+set}" = set; then
+  withval="$with_nspr"
+
+  if test -e "$withval"/include/nspr.h -a -d "$withval"/lib
+  then
+    echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+    NSPRDIR=$withval
+    nspr_inc="-I$NSPRDIR/include"
+    nspr_lib="-L$NSPRDIR/lib"
+    nspr_libdir="$NSPRDIR/lib"
+  else
+    echo
+    { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# check for --with-nspr-inc
+echo "$as_me:$LINENO: checking for --with-nspr-inc" >&5
+echo $ECHO_N "checking for --with-nspr-inc... $ECHO_C" >&6
+
+# Check whether --with-nspr-inc or --without-nspr-inc was given.
+if test "${with_nspr_inc+set}" = set; then
+  withval="$with_nspr_inc"
+
+  if test -e "$withval"/nspr.h
+  then
+    echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+    nspr_inc="-I$withval"
+  else
+    echo
+    { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# check for --with-nspr-lib
+echo "$as_me:$LINENO: checking for --with-nspr-lib" >&5
+echo $ECHO_N "checking for --with-nspr-lib... $ECHO_C" >&6
+
+# Check whether --with-nspr-lib or --without-nspr-lib was given.
+if test "${with_nspr_lib+set}" = set; then
+  withval="$with_nspr_lib"
+
+  if test -d "$withval"
+  then
+    echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+    nspr_lib="-L$withval"
+    nspr_libdir="$withval"
+  else
+    echo
+    { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# if NSPR is not found yet, try pkg-config
+
+# last resort
+if test -z "$nspr_inc" -o -z "$nspr_lib" -o -z "$nspr_libdir"; then
+  # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_path_PKG_CONFIG+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  case $PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+  ;;
+esac
+fi
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+
+if test -n "$PKG_CONFIG"; then
+  echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5
+echo "${ECHO_T}$PKG_CONFIG" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+  echo "$as_me:$LINENO: checking for nspr with pkg-config" >&5
+echo $ECHO_N "checking for nspr with pkg-config... $ECHO_C" >&6
+  if test -n "$PKG_CONFIG"; then
+    if $PKG_CONFIG --exists nspr; then
+      nspr_inc=`$PKG_CONFIG --cflags-only-I nspr`
+      nspr_lib=`$PKG_CONFIG --libs-only-L nspr`
+      nspr_libdir=`$PKG_CONFIG --libs-only-L nspr | sed -e s/-L// | sed -e s/\ *$//`
+      echo "$as_me:$LINENO: result: using system NSPR" >&5
+echo "${ECHO_T}using system NSPR" >&6
+    elif $PKG_CONFIG --exists dirsec-nspr; then
+      nspr_inc=`$PKG_CONFIG --cflags-only-I dirsec-nspr`
+      nspr_lib=`$PKG_CONFIG --libs-only-L dirsec-nspr`
+      nspr_libdir=`$PKG_CONFIG --libs-only-L dirsec-nspr | sed -e s/-L// | sed -e s/\ *$//`
+      echo "$as_me:$LINENO: result: using system dirsec NSPR" >&5
+echo "${ECHO_T}using system dirsec NSPR" >&6
+    else
+      { { echo "$as_me:$LINENO: error: NSPR not found, specify with --with-nspr." >&5
+echo "$as_me: error: NSPR not found, specify with --with-nspr." >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+  fi
+fi
+
+
+{ echo "$as_me:$LINENO: checking for NSS..." >&5
+echo "$as_me: checking for NSS..." >&6;}
+
+# check for --with-nss
+echo "$as_me:$LINENO: checking for --with-nss" >&5
+echo $ECHO_N "checking for --with-nss... $ECHO_C" >&6
+
+# Check whether --with-nss or --without-nss was given.
+if test "${with_nss+set}" = set; then
+  withval="$with_nss"
+
+  if test -e "$withval"/include/nss.h -a -d "$withval"/lib
+  then
+    echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+    NSSDIR=$withval
+    nss_inc="-I$NSSDIR/include"
+    nss_lib="-L$NSSDIR/lib"
+    nss_libdir="$NSSDIR/lib"
+  else
+    echo
+    { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# check for --with-nss-inc
+echo "$as_me:$LINENO: checking for --with-nss-inc" >&5
+echo $ECHO_N "checking for --with-nss-inc... $ECHO_C" >&6
+
+# Check whether --with-nss-inc or --without-nss-inc was given.
+if test "${with_nss_inc+set}" = set; then
+  withval="$with_nss_inc"
+
+  if test -e "$withval"/nss.h
+  then
+    echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+    nss_inc="-I$withval"
+  else
+    echo
+    { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# check for --with-nss-lib
+echo "$as_me:$LINENO: checking for --with-nss-lib" >&5
+echo $ECHO_N "checking for --with-nss-lib... $ECHO_C" >&6
+
+# Check whether --with-nss-lib or --without-nss-lib was given.
+if test "${with_nss_lib+set}" = set; then
+  withval="$with_nss_lib"
+
+  if test -d "$withval"
+  then
+    echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+    nss_lib="-L$withval"
+    nss_libdir="$withval"
+  else
+    echo
+    { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# if NSS is not found yet, try pkg-config
+
+# last resort
+if test -z "$nss_inc" -o -z "$nss_lib" -o -z "$nss_libdir"; then
+  # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_path_PKG_CONFIG+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  case $PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+  ;;
+esac
+fi
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+
+if test -n "$PKG_CONFIG"; then
+  echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5
+echo "${ECHO_T}$PKG_CONFIG" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+  echo "$as_me:$LINENO: checking for nss with pkg-config" >&5
+echo $ECHO_N "checking for nss with pkg-config... $ECHO_C" >&6
+  if test -n "$PKG_CONFIG"; then
+    if $PKG_CONFIG --exists nss; then
+      nss_inc=`$PKG_CONFIG --cflags-only-I nss`
+      nss_lib=`$PKG_CONFIG --libs-only-L nss`
+      nss_libdir=`$PKG_CONFIG --libs-only-L nss | sed -e s/-L// | sed -e s/\ *$//`
+      echo "$as_me:$LINENO: result: using system NSS" >&5
+echo "${ECHO_T}using system NSS" >&6
+    elif $PKG_CONFIG --exists dirsec-nss; then
+      nss_inc=`$PKG_CONFIG --cflags-only-I dirsec-nss`
+      nss_lib=`$PKG_CONFIG --libs-only-L dirsec-nss`
+      nss_libdir=`$PKG_CONFIG --libs-only-L dirsec-nss | sed -e s/-L// | sed -e s/\ *$//`
+      echo "$as_me:$LINENO: result: using system dirsec NSS" >&5
+echo "${ECHO_T}using system dirsec NSS" >&6
+    else
+      { { echo "$as_me:$LINENO: error: NSS not found, specify with --with-nss." >&5
+echo "$as_me: error: NSS not found, specify with --with-nss." >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+  fi
+fi
+
+
+{ echo "$as_me:$LINENO: checking for LDAPSDK..." >&5
+echo "$as_me: checking for LDAPSDK..." >&6;}
+
+# check for --with-ldapsdk
+echo "$as_me:$LINENO: checking for --with-ldapsdk" >&5
+echo $ECHO_N "checking for --with-ldapsdk... $ECHO_C" >&6
+
+# Check whether --with-ldapsdk or --without-ldapsdk was given.
+if test "${with_ldapsdk+set}" = set; then
+  withval="$with_ldapsdk"
+
+  if test -e "$withval"/include/ldap.h -a -d "$withval"/lib
+  then
+    echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+    LDAPSDKDIR=$withval
+    ldapsdk_inc="-I$LDAPSDKDIR/include"
+    ldapsdk_lib="-L$LDAPSDKDIR/lib"
+    ldapsdk_libdir="$LDAPSDKDIR/lib"
+    ldapsdk_bindir="$LDAPSDKDIR/bin"
+  else
+    echo
+    { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# check for --with-ldapsdk-inc
+echo "$as_me:$LINENO: checking for --with-ldapsdk-inc" >&5
+echo $ECHO_N "checking for --with-ldapsdk-inc... $ECHO_C" >&6
+
+# Check whether --with-ldapsdk-inc or --without-ldapsdk-inc was given.
+if test "${with_ldapsdk_inc+set}" = set; then
+  withval="$with_ldapsdk_inc"
+
+  if test -e "$withval"/ldap.h
+  then
+    echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+    ldapsdk_inc="-I$withval"
+  else
+    echo
+    { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# check for --with-ldapsdk-lib
+echo "$as_me:$LINENO: checking for --with-ldapsdk-lib" >&5
+echo $ECHO_N "checking for --with-ldapsdk-lib... $ECHO_C" >&6
+
+# Check whether --with-ldapsdk-lib or --without-ldapsdk-lib was given.
+if test "${with_ldapsdk_lib+set}" = set; then
+  withval="$with_ldapsdk_lib"
+
+  if test -d "$withval"
+  then
+    echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+    ldapsdk_lib="-L$withval"
+    ldapsdk_libdir="$withval"
+  else
+    echo
+    { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# if LDAPSDK is not found yet, try pkg-config
+
+# last resort
+if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib" -o -z "$ldapsdk_libdir" -o -z "$ldapsdk_bindir"; then
+  # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_path_PKG_CONFIG+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  case $PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+  ;;
+esac
+fi
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+
+if test -n "$PKG_CONFIG"; then
+  echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5
+echo "${ECHO_T}$PKG_CONFIG" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+  echo "$as_me:$LINENO: checking for mozldap with pkg-config" >&5
+echo $ECHO_N "checking for mozldap with pkg-config... $ECHO_C" >&6
+  if test -n "$PKG_CONFIG"; then
+    if $PKG_CONFIG --exists mozldap6; then
+	mozldappkg=mozldap6
+    elif $PKG_CONFIG --exists mozldap; then
+	mozldappkg=mozldap
+    else
+      { { echo "$as_me:$LINENO: error: LDAPSDK not found, specify with --with-ldapsdk-inc|-lib." >&5
+echo "$as_me: error: LDAPSDK not found, specify with --with-ldapsdk-inc|-lib." >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+    ldapsdk_inc=`$PKG_CONFIG --cflags-only-I $mozldappkg`
+    ldapsdk_lib=`$PKG_CONFIG --libs-only-L $mozldappkg`
+    ldapsdk_libdir=`$PKG_CONFIG --libs-only-L $mozldappkg | sed -e s/-L// | sed -e s/\ *$//`
+    ldapsdk_bindir=`$PKG_CONFIG --variable=bindir $mozldappkg`
+    echo "$as_me:$LINENO: result: using system $mozldappkg" >&5
+echo "${ECHO_T}using system $mozldappkg" >&6
+  fi
+fi
+if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib"; then
+  { { echo "$as_me:$LINENO: error: LDAPSDK not found, specify with --with-ldapsdk-inc|-lib." >&5
+echo "$as_me: error: LDAPSDK not found, specify with --with-ldapsdk-inc|-lib." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+if test -z "$ldapsdk_bindir" ; then
+  if  -d $libdir/mozldap6  ; then
+    ldapsdk_bindir=$libdir/mozldap6
+  else
+    ldapsdk_bindir=$libdir/mozldap
+  fi
+fi
+
+save_cppflags="$CPPFLAGS"
+CPPFLAGS="$ldapsdk_inc $nss_inc $nspr_inc"
+echo "$as_me:$LINENO: checking for ldap.h" >&5
+echo $ECHO_N "checking for ldap.h... $ECHO_C" >&6
+if test "${ac_cv_header_ldap_h+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <ldap-standard.h>
+#if LDAP_VENDOR_VERSION < 600
+#error The LDAP C SDK version is not supported
+#endif
+
+
+#include <ldap.h>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_header_ldap_h=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_header_ldap_h=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_ldap_h" >&5
+echo "${ECHO_T}$ac_cv_header_ldap_h" >&6
+if test $ac_cv_header_ldap_h = yes; then
+  isversion6=1
+else
+  isversion6=
+fi
+
+
+CPPFLAGS="$save_cppflags"
+
+if test -z "$isversion6" ; then
+  { { echo "$as_me:$LINENO: error: The LDAPSDK version in $ldapsdk_inc/ldap-standard.h is not supported" >&5
+echo "$as_me: error: The LDAPSDK version in $ldapsdk_inc/ldap-standard.h is not supported" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+
+# Configure paths for SASL
+
+{ echo "$as_me:$LINENO: checking for sasl..." >&5
+echo "$as_me: checking for sasl..." >&6;}
+
+echo "$as_me:$LINENO: checking for --with-sasl" >&5
+echo $ECHO_N "checking for --with-sasl... $ECHO_C" >&6
+
+# Check whether --with-sasl or --without-sasl was given.
+if test "${with_sasl+set}" = set; then
+  withval="$with_sasl"
+
+      if test "$withval" = "yes"; then
+        echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+
+                if test -f /usr/include/sasl/sasl.h; then
+          sasl_inc="-I/usr/include/sasl"
+        elif test -f /usr/include/sasl.h; then
+          sasl_inc="-I/usr/include"
+        else
+          { { echo "$as_me:$LINENO: error: sasl.h not found" >&5
+echo "$as_me: error: sasl.h not found" >&2;}
+   { (exit 1); exit 1; }; }
+        fi
+
+            elif test -d "$withval" -a -d "$withval/lib" -a -d "$withval/include" ; then
+        echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+
+        if test -f "$withval/include/sasl/sasl.h"; then
+          sasl_inc="-I$withval/include/sasl"
+        elif test -f "$withval/include/sasl.h"; then
+          sasl_inc="-I$withval/include"
+        else
+          { { echo "$as_me:$LINENO: error: sasl.h not found" >&5
+echo "$as_me: error: sasl.h not found" >&2;}
+   { (exit 1); exit 1; }; }
+        fi
+
+        sasl_lib="-L$withval/lib"
+        sasl_libdir="$withval/lib"
+      else
+          echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+          { { echo "$as_me:$LINENO: error: sasl not found in $withval" >&5
+echo "$as_me: error: sasl not found in $withval" >&2;}
+   { (exit 1); exit 1; }; }
+      fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+echo "$as_me:$LINENO: checking for --with-sasl-inc" >&5
+echo $ECHO_N "checking for --with-sasl-inc... $ECHO_C" >&6
+
+# Check whether --with-sasl-inc or --without-sasl-inc was given.
+if test "${with_sasl_inc+set}" = set; then
+  withval="$with_sasl_inc"
+
+      if test -f "$withval"/sasl.h; then
+        echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+        sasl_inc="-I$withval"
+      else
+        echo
+        { { echo "$as_me:$LINENO: error: $withval/sasl.h not found" >&5
+echo "$as_me: error: $withval/sasl.h not found" >&2;}
+   { (exit 1); exit 1; }; }
+      fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+echo "$as_me:$LINENO: checking for --with-sasl-lib" >&5
+echo $ECHO_N "checking for --with-sasl-lib... $ECHO_C" >&6
+
+# Check whether --with-sasl-lib or --without-sasl-lib was given.
+if test "${with_sasl_lib+set}" = set; then
+  withval="$with_sasl_lib"
+
+      if test -d "$withval"; then
+        echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+        sasl_lib="-L$withval"
+        sasl_libdir="$withval"
+      else
+        echo
+        { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+      fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+if test -z "$sasl_inc"; then
+  echo "$as_me:$LINENO: checking for sasl.h" >&5
+echo $ECHO_N "checking for sasl.h... $ECHO_C" >&6
+    if test -f /usr/include/sasl/sasl.h; then
+    echo "$as_me:$LINENO: result: using /usr/include/sasl/sasl.h" >&5
+echo "${ECHO_T}using /usr/include/sasl/sasl.h" >&6
+    sasl_inc="-I/usr/include/sasl"
+  elif test -f /usr/include/sasl.h; then
+    echo "$as_me:$LINENO: result: using /usr/include/sasl.h" >&5
+echo "${ECHO_T}using /usr/include/sasl.h" >&6
+    sasl_inc="-I/usr/include"
+  else
+    echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+    { { echo "$as_me:$LINENO: error: sasl not found, specify with --with-sasl." >&5
+echo "$as_me: error: sasl not found, specify with --with-sasl." >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+fi
+
+
+# Configure paths for SVRCORE
+{ echo "$as_me:$LINENO: checking for svrcore..." >&5
+echo "$as_me: checking for svrcore..." >&6;}
+
+echo "$as_me:$LINENO: checking for --with-svrcore" >&5
+echo $ECHO_N "checking for --with-svrcore... $ECHO_C" >&6
+
+# Check whether --with-svrcore or --without-svrcore was given.
+if test "${with_svrcore+set}" = set; then
+  withval="$with_svrcore"
+
+      if test "$withval" = "yes"; then
+        echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+
+                if test -f /usr/include/svrcore.h; then
+          svrcore_inc="-I/usr/include"
+        else
+          { { echo "$as_me:$LINENO: error: svrcore.h not found" >&5
+echo "$as_me: error: svrcore.h not found" >&2;}
+   { (exit 1); exit 1; }; }
+        fi
+
+            elif test -d "$withval" -a -d "$withval/lib" -a -d "$withval/include" ; then
+        echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+
+        if test -f "$withval/include/svrcore.h"; then
+          svrcore_inc="-I$withval/include"
+        else
+          { { echo "$as_me:$LINENO: error: svrcore.h not found" >&5
+echo "$as_me: error: svrcore.h not found" >&2;}
+   { (exit 1); exit 1; }; }
+        fi
+
+        svrcore_lib="-L$withval/lib"
+      else
+        echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+        { { echo "$as_me:$LINENO: error: svrcore not found in $withval" >&5
+echo "$as_me: error: svrcore not found in $withval" >&2;}
+   { (exit 1); exit 1; }; }
+      fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+echo "$as_me:$LINENO: checking for --with-svrcore-inc" >&5
+echo $ECHO_N "checking for --with-svrcore-inc... $ECHO_C" >&6
+
+# Check whether --with-svrcore-inc or --without-svrcore-inc was given.
+if test "${with_svrcore_inc+set}" = set; then
+  withval="$with_svrcore_inc"
+
+      if test -f "$withval"/svrcore.h; then
+        echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+        svrcore_inc="-I$withval"
+      else
+        echo
+        { { echo "$as_me:$LINENO: error: $withval/svrcore.h not found" >&5
+echo "$as_me: error: $withval/svrcore.h not found" >&2;}
+   { (exit 1); exit 1; }; }
+      fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+echo "$as_me:$LINENO: checking for --with-svrcore-lib" >&5
+echo $ECHO_N "checking for --with-svrcore-lib... $ECHO_C" >&6
+
+# Check whether --with-svrcore-lib or --without-svrcore-lib was given.
+if test "${with_svrcore_lib+set}" = set; then
+  withval="$with_svrcore_lib"
+
+      if test -d "$withval"; then
+        echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+        svrcore_lib="-L$withval"
+      else
+        echo
+        { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+      fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+if test -z "$svrcore_inc" -o -z "$svrcore_lib"; then
+  # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_path_PKG_CONFIG+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  case $PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+  ;;
+esac
+fi
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+
+if test -n "$PKG_CONFIG"; then
+  echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5
+echo "${ECHO_T}$PKG_CONFIG" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+  echo "$as_me:$LINENO: checking for svrcore with pkg-config" >&5
+echo $ECHO_N "checking for svrcore with pkg-config... $ECHO_C" >&6
+  if test -n "$PKG_CONFIG"; then
+    if $PKG_CONFIG --exists svrcore; then
+      svrcore_inc=`$PKG_CONFIG --cflags-only-I svrcore`
+      svrcore_lib=`$PKG_CONFIG --libs-only-L svrcore`
+      echo "$as_me:$LINENO: result: using system svrcore" >&5
+echo "${ECHO_T}using system svrcore" >&6
+    fi
+  fi
+fi
+
+if test -z "$svrcore_inc" -o -z "$svrcore_lib"; then
+  echo "$as_me:$LINENO: checking for SVRCORE_GetRegisteredPinObj in -lsvrcore" >&5
+echo $ECHO_N "checking for SVRCORE_GetRegisteredPinObj in -lsvrcore... $ECHO_C" >&6
+if test "${ac_cv_lib_svrcore_SVRCORE_GetRegisteredPinObj+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsvrcore $nss_inc $nspr_inc $nss_lib -lnss3 -lsoftokn3 $nspr_lib -lplds4 -lplc4 -lnspr4 $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char SVRCORE_GetRegisteredPinObj ();
+int
+main ()
+{
+SVRCORE_GetRegisteredPinObj ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_lib_svrcore_SVRCORE_GetRegisteredPinObj=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_svrcore_SVRCORE_GetRegisteredPinObj=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_svrcore_SVRCORE_GetRegisteredPinObj" >&5
+echo "${ECHO_T}$ac_cv_lib_svrcore_SVRCORE_GetRegisteredPinObj" >&6
+if test $ac_cv_lib_svrcore_SVRCORE_GetRegisteredPinObj = yes; then
+  havesvrcore=1
+fi
+
+  if test -n "$havesvrcore" ; then
+    save_cppflags="$CPPFLAGS"
+    CPPFLAGS="$nss_inc $nspr_inc"
+    if test "${ac_cv_header_svrcore_h+set}" = set; then
+  echo "$as_me:$LINENO: checking for svrcore.h" >&5
+echo $ECHO_N "checking for svrcore.h... $ECHO_C" >&6
+if test "${ac_cv_header_svrcore_h+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_svrcore_h" >&5
+echo "${ECHO_T}$ac_cv_header_svrcore_h" >&6
+else
+  # Is the header compilable?
+echo "$as_me:$LINENO: checking svrcore.h usability" >&5
+echo $ECHO_N "checking svrcore.h usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+#include <svrcore.h>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_header_compiler=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking svrcore.h presence" >&5
+echo $ECHO_N "checking svrcore.h presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <svrcore.h>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  ac_header_preproc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So?  What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+  yes:no: )
+    { echo "$as_me:$LINENO: WARNING: svrcore.h: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: svrcore.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
+    { echo "$as_me:$LINENO: WARNING: svrcore.h: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: svrcore.h: proceeding with the compiler's result" >&2;}
+    ac_header_preproc=yes
+    ;;
+  no:yes:* )
+    { echo "$as_me:$LINENO: WARNING: svrcore.h: present but cannot be compiled" >&5
+echo "$as_me: WARNING: svrcore.h: present but cannot be compiled" >&2;}
+    { echo "$as_me:$LINENO: WARNING: svrcore.h:     check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: svrcore.h:     check for missing prerequisite headers?" >&2;}
+    { echo "$as_me:$LINENO: WARNING: svrcore.h: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: svrcore.h: see the Autoconf documentation" >&2;}
+    { echo "$as_me:$LINENO: WARNING: svrcore.h:     section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: svrcore.h:     section \"Present But Cannot Be Compiled\"" >&2;}
+    { echo "$as_me:$LINENO: WARNING: svrcore.h: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: svrcore.h: proceeding with the preprocessor's result" >&2;}
+    { echo "$as_me:$LINENO: WARNING: svrcore.h: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: svrcore.h: in the future, the compiler will take precedence" >&2;}
+    (
+      cat <<\_ASBOX
+## ------------------------------------------ ##
+## Report this to http://bugzilla.redhat.com/ ##
+## ------------------------------------------ ##
+_ASBOX
+    ) |
+      sed "s/^/$as_me: WARNING:     /" >&2
+    ;;
+esac
+echo "$as_me:$LINENO: checking for svrcore.h" >&5
+echo $ECHO_N "checking for svrcore.h... $ECHO_C" >&6
+if test "${ac_cv_header_svrcore_h+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_cv_header_svrcore_h=$ac_header_preproc
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_svrcore_h" >&5
+echo "${ECHO_T}$ac_cv_header_svrcore_h" >&6
+
+fi
+if test $ac_cv_header_svrcore_h = yes; then
+  havesvrcore=1
+else
+  havesvrcore=
+fi
+
+
+    CPPFLAGS="$save_cppflags"
+  fi
+  if test -z "$havesvrcore" ; then
+    { { echo "$as_me:$LINENO: error: svrcore not found, specify with --with-svrcore." >&5
+echo "$as_me: error: svrcore not found, specify with --with-svrcore." >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+fi
+
+
+{ echo "$as_me:$LINENO: checking for Apr..." >&5
+echo "$as_me: checking for Apr..." >&6;}
+
+# check for --with-apr
+echo "$as_me:$LINENO: checking for --with-apr" >&5
+echo $ECHO_N "checking for --with-apr... $ECHO_C" >&6
+
+# Check whether --with-apr or --without-apr was given.
+if test "${with_apr+set}" = set; then
+  withval="$with_apr"
+
+  if test -e "$withval"/include/apr-0/apr.h -a -d "$withval"/lib -a -d "$withval"/bin
+  then
+    echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+    APRDIR=$withval
+    apr_inc="-DAPRDIR -I$APRDIR/include -I$APRDIR/include/apr-0"
+    apr_lib_version="apr-0"
+    case $host in
+      *-*-linux*)
+        if test -n "$USE_64"
+        then
+          apr_lib="-L$APRDIR/lib64"
+          apr_libdir="$APRDIR/lib64"
+        else
+          apr_lib="-L$APRDIR/lib"
+          apr_libdir="$APRDIR/lib"
+        fi
+        apr_bindir="$APRDIR/bin"
+        ;;
+      sparc-sun-solaris*)
+        if test -n "$USE_64"
+        then
+          apr_lib="-L$APRDIR/lib/sparcv9"
+          apr_libdir="$APRDIR/lib/sparcv9"
+          apr_bindir="$APRDIR/bin/sparcv9"
+        else
+          apr_lib="-L$APRDIR/lib"
+          apr_libdir="$APRDIR/lib"
+          apr_bindir="$APRDIR/bin"
+        fi
+        ;;
+      *)
+        { { echo "$as_me:$LINENO: error: unconfigured platform $host" >&5
+echo "$as_me: error: unconfigured platform $host" >&2;}
+   { (exit 1); exit 1; }; }
+        ;;
+    esac
+  elif test -e "$withval"/include/apr-1/apr.h -a -d "$withval"/lib -a -d "$withval"/bin
+  then
+    echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+    APRDIR=$withval
+    apr_inc="-DAPRDIR -I$APRDIR/include -I$APRDIR/include/apr-1"
+    apr_lib_version="apr-1"
+    case $host in
+      *-*-linux*)
+        if test -n "$USE_64"
+        then
+          apr_lib="-L$APRDIR/lib64"
+          apr_libdir="$APRDIR/lib64"
+        else
+          apr_lib="-L$APRDIR/lib"
+          apr_libdir="$APRDIR/lib"
+        fi
+        apr_bindir="$APRDIR/bin"
+        ;;
+      sparc-sun-solaris*)
+        if test -n "$USE_64"
+        then
+          apr_lib="-L$APRDIR/lib/sparcv9"
+          apr_libdir="$APRDIR/lib/sparcv9"
+          apr_bindir="$APRDIR/bin/sparcv9"
+        else
+          apr_lib="-L$APRDIR/lib"
+          apr_libdir="$APRDIR/lib"
+          apr_bindir="$APRDIR/bin"
+        fi
+        ;;
+      *)
+        { { echo "$as_me:$LINENO: error: unconfigured platform $host" >&5
+echo "$as_me: error: unconfigured platform $host" >&2;}
+   { (exit 1); exit 1; }; }
+        ;;
+    esac
+  else
+    echo
+    { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# check for --with-apr-inc
+echo "$as_me:$LINENO: checking for --with-apr-inc" >&5
+echo $ECHO_N "checking for --with-apr-inc... $ECHO_C" >&6
+
+# Check whether --with-apr-inc or --without-apr-inc was given.
+if test "${with_apr_inc+set}" = set; then
+  withval="$with_apr_inc"
+
+  if test -e "$withval"/apr.h
+  then
+    echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+    APRDIR=$withval/..
+    apr_inc="-DAPRDIR -I$withval/.. -I$withval"
+  else
+    echo
+    { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# check for --with-apr-lib
+echo "$as_me:$LINENO: checking for --with-apr-lib" >&5
+echo $ECHO_N "checking for --with-apr-lib... $ECHO_C" >&6
+
+# Check whether --with-apr-lib or --without-apr-lib was given.
+if test "${with_apr_lib+set}" = set; then
+  withval="$with_apr_lib"
+
+  if test -d "$withval"
+  then
+    echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+    apr_lib="-L$withval"
+    apr_libdir="$withval"
+  else
+    echo
+    { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+  if test -e "$withval/libapr-0.so"
+  then
+    apr_lib_version="apr-0"
+  elif test -e "$withval/libapr-1.so"
+  then
+    apr_lib_version="apr-1"
+  else
+    { { echo "$as_me:$LINENO: error: libapr in $withval not found" >&5
+echo "$as_me: error: libapr in $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# check for --with-apr-bin
+echo "$as_me:$LINENO: checking for --with-apr-bin" >&5
+echo $ECHO_N "checking for --with-apr-bin... $ECHO_C" >&6
+
+# Check whether --with-apr-bin or --without-apr-bin was given.
+if test "${with_apr_bin+set}" = set; then
+  withval="$with_apr_bin"
+
+  if test -d "$withval"
+  then
+    echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+    apr_bindir="$withval"
+  else
+    echo
+    { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# check for Apr in well-known locations
+# e. g. - on certain platforms, check for the presence
+#         of a "Fortitude"-enabled web-server first
+echo "$as_me:$LINENO: checking for APR in well-known locations" >&5
+echo $ECHO_N "checking for APR in well-known locations... $ECHO_C" >&6
+case $host in
+  *-*-linux*)
+    if test -f /usr/include/apr-0/apr.h
+    then
+      apr_inc="-DAPRDIR -I/usr/include -I/usr/include/apr-0"
+    elif test -f /usr/include/apr-1/apr.h
+    then
+      apr_inc="-DAPRDIR -I/usr/include -I/usr/include/apr-1"
+    else
+      { { echo "$as_me:$LINENO: error: apr.h not found" >&5
+echo "$as_me: error: apr.h not found" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+    if test -n "$USE_64"
+    then
+      if test -e /usr/lib64/libapr-0.so
+      then
+        apr_lib="-L/usr/lib64"
+        apr_libdir="/usr/lib64"
+        apr_lib_version="apr-0"
+      elif test -e /usr/lib64/libapr-1.so
+      then
+        apr_lib="-L/usr/lib64"
+        apr_libdir="/usr/lib64"
+        apr_lib_version="apr-1"
+      else
+        { { echo "$as_me:$LINENO: error: libapr not found" >&5
+echo "$as_me: error: libapr not found" >&2;}
+   { (exit 1); exit 1; }; }
+      fi
+    else
+      if test -e /usr/lib/libapr-0.so
+      then
+        apr_lib="-L/usr/lib"
+        apr_libdir="/usr/lib"
+        apr_lib_version="apr-0"
+      elif test -e /usr/lib/libapr-1.so
+      then
+        apr_lib="-L/usr/lib"
+        apr_libdir="/usr/lib"
+        apr_lib_version="apr-1"
+      else
+        { { echo "$as_me:$LINENO: error: libapr not found" >&5
+echo "$as_me: error: libapr not found" >&2;}
+   { (exit 1); exit 1; }; }
+      fi
+    fi
+    if test -x /usr/bin/apr-config
+    then
+      apr_bindir="/usr/bin"
+    elif test -x /usr/bin/apr-1-config
+    then
+      apr_bindir="/usr/bin"
+    else
+      { { echo "$as_me:$LINENO: error: apr-config or apr-1-config not found" >&5
+echo "$as_me: error: apr-config or apr-1-config not found" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+    echo "$as_me:$LINENO: result: using system Apr in /usr" >&5
+echo "${ECHO_T}using system Apr in /usr" >&6
+    ;;
+  sparc-sun-solaris*)
+    if test -d /opt/fortitude
+    then
+      if test -f /opt/fortitude/include/apr-0/apr.h
+      then
+        apr_inc="-DAPRDIR -I/opt/fortitude/include -I/opt/fortitude/include/apr-0"
+      else
+        { { echo "$as_me:$LINENO: error: /opt/fortitude/include/apr-0/apr.h not found" >&5
+echo "$as_me: error: /opt/fortitude/include/apr-0/apr.h not found" >&2;}
+   { (exit 1); exit 1; }; }
+      fi
+      if test -n "$USE_64"
+      then
+        #############################################################
+        ###  NOTE:  The 64-bit Fortitude "sparcv9" libraries and  ###
+        ###         programs are now under "/opt/fortitude/lib"   ###
+        ###         and "/opt/fortitude/bin" rather than          ###
+        ###         "/opt/fortitude/lib/sparcv9" and              ###
+        ###         "/opt/fortitude/bin/sparcv9"!!!               ###
+        ###                                                       ###
+        ###         To help guard against any future movement     ###
+        ###         of any of these libraries and/or programs,    ###
+        ###         this m4 file will first check under the       ###
+        ###         "sparcv9" directory, and then the directory   ###
+        ###         immediately above the "sparcv9" directory.    ###
+        #############################################################
+        if test -e /opt/fortitude/lib/sparcv9/libapr-0.so
+        then
+          apr_lib="-L/opt/fortitude/lib/sparcv9"
+          apr_libdir="/opt/fortitude/lib/sparcv9"
+          apr_lib_version="apr-0"
+        else
+          if test -e /opt/fortitude/lib/libapr-0.so
+          then
+            apr_lib="-L/opt/fortitude/lib"
+            apr_libdir="/opt/fortitude/lib"
+            apr_lib_version="apr-0"
+          else
+            { { echo "$as_me:$LINENO: error: Fortitude-enabled libapr-0.so not found" >&5
+echo "$as_me: error: Fortitude-enabled libapr-0.so not found" >&2;}
+   { (exit 1); exit 1; }; }
+          fi
+        fi
+        if test -x /opt/fortitude/bin/sparcv9/apr-config
+        then
+          apr_bindir="/opt/fortitude/bin/sparcv9"
+        else
+          if test -x /opt/fortitude/bin/apr-config
+          then
+            apr_bindir="/opt/fortitude/bin"
+          else
+            { { echo "$as_me:$LINENO: error: Fortitude-enabled apr-config not found" >&5
+echo "$as_me: error: Fortitude-enabled apr-config not found" >&2;}
+   { (exit 1); exit 1; }; }
+          fi
+        fi
+      else
+        if test -e /opt/fortitude/lib/libapr-0.so
+        then
+          apr_lib="-L/opt/fortitude/lib"
+          apr_libdir="/opt/fortitude/lib"
+          apr_lib_version="apr-0"
+        else
+          { { echo "$as_me:$LINENO: error: /opt/fortitude/lib/libapr-0.so not found" >&5
+echo "$as_me: error: /opt/fortitude/lib/libapr-0.so not found" >&2;}
+   { (exit 1); exit 1; }; }
+        fi
+        if test -x /opt/fortitude/bin/apr-config
+        then
+          apr_bindir="/opt/fortitude/bin"
+        else
+          { { echo "$as_me:$LINENO: error: /opt/fortitude/bin/apr-config not found" >&5
+echo "$as_me: error: /opt/fortitude/bin/apr-config not found" >&2;}
+   { (exit 1); exit 1; }; }
+        fi
+      fi
+      echo "$as_me:$LINENO: result: using Fortitude-enabled Apr in /opt/fortitude" >&5
+echo "${ECHO_T}using Fortitude-enabled Apr in /opt/fortitude" >&6
+    else
+      if test -f /usr/local/include/apr-0/apr.h
+      then
+        apr_inc="-DAPRDIR -I/usr/local/include -I/usr/local/include/apr-0"
+      else
+        { { echo "$as_me:$LINENO: error: /usr/local/include/apr-0/apr.h not found" >&5
+echo "$as_me: error: /usr/local/include/apr-0/apr.h not found" >&2;}
+   { (exit 1); exit 1; }; }
+      fi
+      if test -n "$USE_64"
+      then
+        if test -e /usr/local/lib/sparcv9/libapr-0.so
+        then
+          apr_lib="-L/usr/local/lib/sparcv9"
+          apr_libdir="/usr/local/lib/sparcv9"
+          apr_lib_version="apr-0"
+        else
+          { { echo "$as_me:$LINENO: error: /usr/local/lib/sparcv9/libapr-0.so not found" >&5
+echo "$as_me: error: /usr/local/lib/sparcv9/libapr-0.so not found" >&2;}
+   { (exit 1); exit 1; }; }
+        fi
+        if test -x /usr/local/bin/sparcv9/apr-config
+        then
+          apr_bindir="/usr/local/bin/sparcv9"
+        else
+          { { echo "$as_me:$LINENO: error: /usr/local/bin/sparcv9/apr-config not found" >&5
+echo "$as_me: error: /usr/local/bin/sparcv9/apr-config not found" >&2;}
+   { (exit 1); exit 1; }; }
+        fi
+      else
+        if test -e /usr/local/lib/libapr-0.so
+        then
+          apr_lib="-L/usr/local/lib"
+          apr_libdir="/usr/local/lib"
+          apr_lib_version="apr-0"
+        else
+          { { echo "$as_me:$LINENO: error: /usr/local/lib/libapr-0.so not found" >&5
+echo "$as_me: error: /usr/local/lib/libapr-0.so not found" >&2;}
+   { (exit 1); exit 1; }; }
+        fi
+        if test -x /usr/local/bin/apr-config
+        then
+          apr_bindir="/usr/local/bin"
+        else
+          { { echo "$as_me:$LINENO: error: /usr/local/bin/apr-config not found" >&5
+echo "$as_me: error: /usr/local/bin/apr-config not found" >&2;}
+   { (exit 1); exit 1; }; }
+        fi
+      fi
+    fi
+    echo "$as_me:$LINENO: result: using system Apr in /usr/local" >&5
+echo "${ECHO_T}using system Apr in /usr/local" >&6
+    ;;
+  *)
+    { { echo "$as_me:$LINENO: error: unconfigured platform $host" >&5
+echo "$as_me: error: unconfigured platform $host" >&2;}
+   { (exit 1); exit 1; }; }
+    ;;
+esac
+
+# if Apr has not been found, print an error and exit
+if test -z "$apr_inc"
+then
+  { { echo "$as_me:$LINENO: error: Apr include file directory not found, specify with --with-apr." >&5
+echo "$as_me: error: Apr include file directory not found, specify with --with-apr." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+if test -z "$apr_lib" -o -z "$apr_libdir"
+then
+  { { echo "$as_me:$LINENO: error: Apr library directory not found, specify with --with-apr." >&5
+echo "$as_me: error: Apr library directory not found, specify with --with-apr." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+if test -z "$apr_bindir"
+then
+  { { echo "$as_me:$LINENO: error: Apr executables directory not found, specify with --with-apr." >&5
+echo "$as_me: error: Apr executables directory not found, specify with --with-apr." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+if test -z "$apr_lib_version"
+then
+  { { echo "$as_me:$LINENO: error: Apr library version not found, specify with --with-apr." >&5
+echo "$as_me: error: Apr library version not found, specify with --with-apr." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+
+
+{ echo "$as_me:$LINENO: checking for Apache..." >&5
+echo "$as_me: checking for Apache..." >&6;}
+
+# check for --with-apache
+echo "$as_me:$LINENO: checking for --with-apache" >&5
+echo $ECHO_N "checking for --with-apache... $ECHO_C" >&6
+
+# Check whether --with-apache or --without-apache was given.
+if test "${with_apache+set}" = set; then
+  withval="$with_apache"
+
+  if test -e "$withval"/include/httpd/httpd.h -a -d "$withval"/lib -a -d "$withval"/sbin
+  then
+    echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+    APACHEDIR=$withval
+    apache_inc="-I$APACHEDIR/include -I$APACHEDIR/include/httpd"
+    case $host in
+      *-*-linux*)
+        if test -n "$USE_64"
+        then
+          apache_lib="-L$APACHEDIR/lib64"
+          apache_libdir="$APACHEDIR/lib64"
+          db_lib="-L$APACHEDIR/lib64"
+          db_libdir="$APACHEDIR/lib64"
+        else
+          apache_lib="-L$APACHEDIR/lib"
+          apache_libdir="$APACHEDIR/lib"
+          db_lib="-L$APACHEDIR/lib"
+          db_libdir="$APACHEDIR/lib"
+        fi
+        apache_bindir="$APACHEDIR/sbin"
+        ;;
+      sparc-sun-solaris*)
+        if test -n "$USE_64"
+        then
+          apache_lib="-L$APACHEDIR/lib/sparcv9"
+          apache_libdir="$APACHEDIR/lib/sparcv9"
+          db_lib="-L$APACHEDIR/lib/sparcv9"
+          db_libdir="$APACHEDIR/lib/sparcv9"
+          apache_bindir="$APACHEDIR/sbin/sparcv9"
+        else
+          apache_lib="-L$APACHEDIR/lib"
+          apache_libdir="$APACHEDIR/lib"
+          db_lib="-L$APACHEDIR/lib"
+          db_libdir="$APACHEDIR/lib"
+          apache_bindir="$APACHEDIR/sbin"
+        fi
+        ;;
+      *)
+        { { echo "$as_me:$LINENO: error: unconfigured platform $host" >&5
+echo "$as_me: error: unconfigured platform $host" >&2;}
+   { (exit 1); exit 1; }; }
+        ;;
+    esac
+  else
+    echo
+    { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# check for --with-apache-inc
+echo "$as_me:$LINENO: checking for --with-apache-inc" >&5
+echo $ECHO_N "checking for --with-apache-inc... $ECHO_C" >&6
+
+# Check whether --with-apache-inc or --without-apache-inc was given.
+if test "${with_apache_inc+set}" = set; then
+  withval="$with_apache_inc"
+
+  if test -e "$withval"/httpd.h
+  then
+    echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+    apache_inc="-I$withval/.. -I$withval"
+  else
+    echo
+    { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# check for --with-apache-lib
+echo "$as_me:$LINENO: checking for --with-apache-lib" >&5
+echo $ECHO_N "checking for --with-apache-lib... $ECHO_C" >&6
+
+# Check whether --with-apache-lib or --without-apache-lib was given.
+if test "${with_apache_lib+set}" = set; then
+  withval="$with_apache_lib"
+
+  if test -d "$withval"
+  then
+    echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+    apache_lib="-L$withval"
+    apache_libdir="$withval"
+    db_lib="-L$withval"
+    db_libdir="$withval"
+  else
+    echo
+    { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# check for --with-apache-bin
+echo "$as_me:$LINENO: checking for --with-apache-bin" >&5
+echo $ECHO_N "checking for --with-apache-bin... $ECHO_C" >&6
+
+# Check whether --with-apache-bin or --without-apache-bin was given.
+if test "${with_apache_bin+set}" = set; then
+  withval="$with_apache_bin"
+
+  if test -d "$withval"
+  then
+    echo "$as_me:$LINENO: result: using $withval" >&5
+echo "${ECHO_T}using $withval" >&6
+    apache_bindir="$withval"
+  else
+    echo
+    { { echo "$as_me:$LINENO: error: $withval not found" >&5
+echo "$as_me: error: $withval not found" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi;
+
+# check for Apache in well-known locations
+# e. g. - on certain platforms, check for the presence
+#         of a "Fortitude"-enabled web-server first
+echo "$as_me:$LINENO: checking for Apache in well-known locations" >&5
+echo $ECHO_N "checking for Apache in well-known locations... $ECHO_C" >&6
+case $host in
+  *-*-linux*)
+    if test -f /usr/include/httpd/httpd.h
+    then
+      apache_inc="-I/usr/include -I/usr/include/httpd"
+    else
+      { { echo "$as_me:$LINENO: error: /usr/include/httpd/httpd.h not found" >&5
+echo "$as_me: error: /usr/include/httpd/httpd.h not found" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+    if test -n "$USE_64"
+    then
+      if test -e /usr/lib64/libaprutil-0.so
+      then
+        apache_lib="-L/usr/lib64"
+        apache_libdir="/usr/lib64"
+        db_lib="-L/usr/lib64"
+        db_libdir="/usr/lib64"
+        apr_libutil_version="aprutil-0"
+      elif test -e /usr/lib64/libaprutil-1.so
+      then
+        apache_lib="-L/usr/lib64"
+        apache_libdir="/usr/lib64"
+        db_lib="-L/usr/lib64"
+        db_libdir="/usr/lib64"
+        apr_libutil_version="aprutil-1"
+      else
+        { { echo "$as_me:$LINENO: error: libaprutil not found" >&5
+echo "$as_me: error: libaprutil not found" >&2;}
+   { (exit 1); exit 1; }; }
+      fi
+    else
+      if test -e /usr/lib/libaprutil-0.so
+      then
+        apache_lib="-L/usr/lib"
+        apache_libdir="/usr/lib"
+        db_lib="-L/usr/lib"
+        db_libdir="/usr/lib"
+        apr_libutil_version="aprutil-0"
+      elif test -e /usr/lib/libaprutil-1.so
+      then
+        apache_lib="-L/usr/lib"
+        apache_libdir="/usr/lib"
+        db_lib="-L/usr/lib"
+        db_libdir="/usr/lib"
+        apr_libutil_version="aprutil-1"
+      else
+        { { echo "$as_me:$LINENO: error: libaprutil not found" >&5
+echo "$as_me: error: libaprutil not found" >&2;}
+   { (exit 1); exit 1; }; }
+      fi
+    fi
+    if test -x /usr/sbin/httpd
+    then
+      apache_bindir="/usr/sbin"
+    else
+      { { echo "$as_me:$LINENO: error: /usr/sbin/httpd not found" >&5
+echo "$as_me: error: /usr/sbin/httpd not found" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+    echo "$as_me:$LINENO: result: using system Apache in /usr" >&5
+echo "${ECHO_T}using system Apache in /usr" >&6
+    ;;
+  sparc-sun-solaris*)
+    if test -d /opt/fortitude
+    then
+      if test -f /opt/fortitude/include/httpd/httpd.h
+      then
+        apache_inc="-I/opt/fortitude/include -I/opt/fortitude/include/httpd"
+      else
+        { { echo "$as_me:$LINENO: error: /opt/fortitude/include/httpd/httpd.h not found" >&5
+echo "$as_me: error: /opt/fortitude/include/httpd/httpd.h not found" >&2;}
+   { (exit 1); exit 1; }; }
+      fi
+      if test -n "$USE_64"
+      then
+        #############################################################
+        ###  NOTE:  The 64-bit Fortitude "sparcv9" libraries and  ###
+        ###         programs are now under "/opt/fortitude/lib"   ###
+        ###         and "/opt/fortitude/sbin" rather than         ###
+        ###         "/opt/fortitude/lib/sparcv9" and              ###
+        ###         "/opt/fortitude/sbin/sparcv9"!!!              ###
+        ###                                                       ###
+        ###         The exception to this are the -ldb and the    ###
+        ###         -ldb_cxx libraries which are still located    ###
+        ###         under the "/opt/fortitude/lib/sparcv9"        ###
+        ###         directory.                                    ###
+        ###                                                       ###
+        ###         To help guard against any future movement     ###
+        ###         of any of these libraries and/or programs,    ###
+        ###         this m4 file will first check under the       ###
+        ###         "sparcv9" directory, and then the directory   ###
+        ###         immediately above the "sparcv9" directory.    ###
+        #############################################################
+        if test -e /opt/fortitude/lib/sparcv9/libaprutil-0.so
+        then
+          apache_lib="-L/opt/fortitude/lib/sparcv9"
+          apache_libdir="/opt/fortitude/lib/sparcv9"
+          apr_libutil_version="aprutil-0"
+        else
+          if test -e /opt/fortitude/lib/libaprutil-0.so
+          then
+            apache_lib="-L/opt/fortitude/lib"
+            apache_libdir="/opt/fortitude/lib"
+            apr_libutil_version="aprutil-0"
+          else
+            { { echo "$as_me:$LINENO: error: Fortitude-enabled libaprutil-0.so not found" >&5
+echo "$as_me: error: Fortitude-enabled libaprutil-0.so not found" >&2;}
+   { (exit 1); exit 1; }; }
+          fi
+        fi
+        if test -e /opt/fortitude/lib/sparcv9/libdb-4.2.so
+        then
+          db_lib="-L/opt/fortitude/lib/sparcv9"
+          db_libdir="/opt/fortitude/lib/sparcv9"
+        else
+          if test -e /opt/fortitude/lib/libdb-4.2.so
+          then
+            db_lib="-L/opt/fortitude/lib"
+            db_libdir="/opt/fortitude/lib"
+          else
+            { { echo "$as_me:$LINENO: error: Fortitude-enabled libdb-4.2.so not found" >&5
+echo "$as_me: error: Fortitude-enabled libdb-4.2.so not found" >&2;}
+   { (exit 1); exit 1; }; }
+          fi
+        fi
+        if test -x /opt/fortitude/sbin/sparcv9/httpd
+        then
+          apache_bindir="/opt/fortitude/sbin/sparcv9"
+        else
+          if test -x /opt/fortitude/sbin/httpd
+          then
+            apache_bindir="/opt/fortitude/sbin"
+          else
+            { { echo "$as_me:$LINENO: error: Fortitude-enabled httpd not found" >&5
+echo "$as_me: error: Fortitude-enabled httpd not found" >&2;}
+   { (exit 1); exit 1; }; }
+          fi
+        fi
+      else
+        if test -e /opt/fortitude/lib/libaprutil-0.so
+        then
+          apache_lib="-L/opt/fortitude/lib"
+          apache_libdir="/opt/fortitude/lib"
+          apr_libutil_version="aprutil-0"
+        else
+          { { echo "$as_me:$LINENO: error: /opt/fortitude/lib/libaprutil-0.so not found" >&5
+echo "$as_me: error: /opt/fortitude/lib/libaprutil-0.so not found" >&2;}
+   { (exit 1); exit 1; }; }
+        fi
+        if test -e /opt/fortitude/lib/libdb-4.2.so
+        then
+          db_lib="-L/opt/fortitude/lib"
+          db_libdir="/opt/fortitude/lib"
+        else
+          { { echo "$as_me:$LINENO: error: /opt/fortitude/lib/libdb-4.2.so not found" >&5
+echo "$as_me: error: /opt/fortitude/lib/libdb-4.2.so not found" >&2;}
+   { (exit 1); exit 1; }; }
+        fi
+        if test -x /opt/fortitude/sbin/httpd
+        then
+          apache_bindir="/opt/fortitude/sbin"
+        else
+          { { echo "$as_me:$LINENO: error: /opt/fortitude/sbin/httpd not found" >&5
+echo "$as_me: error: /opt/fortitude/sbin/httpd not found" >&2;}
+   { (exit 1); exit 1; }; }
+        fi
+      fi
+      echo "$as_me:$LINENO: result: using Fortitude-enabled Apache in /opt/fortitude" >&5
+echo "${ECHO_T}using Fortitude-enabled Apache in /opt/fortitude" >&6
+    else
+      if test -f /usr/local/include/httpd/httpd.h
+      then
+        apache_inc="-I/usr/local/include -I/usr/local/include/httpd"
+      else
+        { { echo "$as_me:$LINENO: error: /usr/local/include/httpd/httpd.h not found" >&5
+echo "$as_me: error: /usr/local/include/httpd/httpd.h not found" >&2;}
+   { (exit 1); exit 1; }; }
+      fi
+      if test -n "$USE_64"
+      then
+        if test -e /usr/local/lib/sparcv9/libaprutil-0.so
+        then
+          apache_lib="-L/usr/local/lib/sparcv9"
+          apache_libdir="/usr/local/lib/sparcv9"
+          db_lib="-L/usr/local/lib/sparcv9"
+          db_libdir="/usr/local/lib/sparcv9"
+          apr_libutil_version="aprutil-0"
+        else
+          { { echo "$as_me:$LINENO: error: /usr/local/lib/sparcv9/libaprutil-0.so not found" >&5
+echo "$as_me: error: /usr/local/lib/sparcv9/libaprutil-0.so not found" >&2;}
+   { (exit 1); exit 1; }; }
+        fi
+        if test -x /usr/local/sbin/sparcv9/httpd
+        then
+          apache_bindir="/usr/local/sbin/sparcv9"
+        else
+          { { echo "$as_me:$LINENO: error: /usr/local/sbin/sparcv9/httpd not found" >&5
+echo "$as_me: error: /usr/local/sbin/sparcv9/httpd not found" >&2;}
+   { (exit 1); exit 1; }; }
+        fi
+      else
+        if test -e /usr/local/lib/libaprutil-0.so
+        then
+          apache_lib="-L/usr/local/lib"
+          apache_libdir="/usr/local/lib"
+          db_lib="-L/usr/local/lib"
+          db_libdir="/usr/local/lib"
+          apr_libutil_version="aprutil-0"
+        else
+          { { echo "$as_me:$LINENO: error: /usr/local/lib/libaprutil-0.so not found" >&5
+echo "$as_me: error: /usr/local/lib/libaprutil-0.so not found" >&2;}
+   { (exit 1); exit 1; }; }
+        fi
+        if test -x /usr/local/sbin/httpd
+        then
+          apache_bindir="/usr/local/sbin"
+        else
+          { { echo "$as_me:$LINENO: error: /usr/local/sbin/httpd not found" >&5
+echo "$as_me: error: /usr/local/sbin/httpd not found" >&2;}
+   { (exit 1); exit 1; }; }
+        fi
+      fi
+    fi
+    echo "$as_me:$LINENO: result: using system Apache in /usr/local" >&5
+echo "${ECHO_T}using system Apache in /usr/local" >&6
+    ;;
+  *)
+    { { echo "$as_me:$LINENO: error: unconfigured platform $host" >&5
+echo "$as_me: error: unconfigured platform $host" >&2;}
+   { (exit 1); exit 1; }; }
+    ;;
+esac
+
+# if Apache has not been found, print an error and exit
+if test -z "$apache_inc"
+then
+  { { echo "$as_me:$LINENO: error: Apache include file directory not found, specify with --with-apache." >&5
+echo "$as_me: error: Apache include file directory not found, specify with --with-apache." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+if test -z "$apache_lib" -o -z "$apache_libdir" -o -z "$db_lib" -o -z "db_libdir" -o -z "$apr_libutil_version"
+then
+  { { echo "$as_me:$LINENO: error: Apache library directory not found, specify with --with-apache." >&5
+echo "$as_me: error: Apache library directory not found, specify with --with-apache." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+if test -z "$apache_bindir"
+then
+  { { echo "$as_me:$LINENO: error: Apache executables directory not found, specify with --with-apache." >&5
+echo "$as_me: error: Apache executables directory not found, specify with --with-apache." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+
+# write out paths for binary components
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# libtool on fedora/rhel contains some gcc-isms which cause problems
+# if not using gcc (e.g. Forte on Solaris, aCC on HP-UX)
+# we remove them here
+if test "$GCC" != yes ; then
+   { echo "$as_me:$LINENO: Not using gcc - fixing libtool to remove gcc-isms . . ." >&5
+echo "$as_me: Not using gcc - fixing libtool to remove gcc-isms . . ." >&6;}
+   cp -p libtool libtool.orig
+   cp -p libtool libtool.tmp
+   # dnl note the special chars [ and ] - since m4 treats [ and ] specially,
+   # we have to use the quadrigraph [ for [ and ] for ] - and you thought
+   # perl produced write-only code . . .
+   sed -e '/^gcc_dir/ d' \
+       -e '/^gcc_ver/ d' \
+       -e 's/^predep_objects=.*echo \("[^"]*"\).*$/predep_objects=\1/' \
+       -e 's/^postdep_objects=.*echo \("[^"]*"\).*$/postdep_objects=\1/' \
+       -e 's/^compiler_lib_search_path=.*echo \("[^"]*"\).*$/compiler_lib_search_path=\1/' \
+       -e 's/^sys_lib_search_path_spec=.*echo \("[^"]*"\).*$/sys_lib_search_path_spec=\1/' \
+       libtool > libtool.tmp
+   cp -p libtool.tmp libtool
+   rm -f libtool.tmp
+fi
+
+          ac_config_files="$ac_config_files Makefile"
+
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems.  If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, don't put newlines in cache variables' values.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+{
+  (set) 2>&1 |
+    case `(ac_space=' '; set | grep ac_space) 2>&1` in
+    *ac_space=\ *)
+      # `set' does not quote correctly, so add quotes (double-quote
+      # substitution turns \\\\ into \\, and sed turns \\ into \).
+      sed -n \
+	"s/'/'\\\\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+      ;;
+    *)
+      # `set' quotes correctly as required by POSIX, so do not add quotes.
+      sed -n \
+	"s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
+      ;;
+    esac;
+} |
+  sed '
+     t clear
+     : clear
+     s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+     t end
+     /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+     : end' >>confcache
+if diff $cache_file confcache >/dev/null 2>&1; then :; else
+  if test -w $cache_file; then
+    test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file"
+    cat confcache >$cache_file
+  else
+    echo "not updating unwritable cache $cache_file"
+  fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+# VPATH may cause trouble with some makes, so we remove $(srcdir),
+# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[	 ]*VPATH[	 ]*=/{
+s/:*\$(srcdir):*/:/;
+s/:*\${srcdir}:*/:/;
+s/:*@srcdir@:*/:/;
+s/^\([^=]*=[	 ]*\):*/\1/;
+s/:*$//;
+s/^[^=]*=[	 ]*$//;
+}'
+fi
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+  # 1. Remove the extension, and $U if already installed.
+  ac_i=`echo "$ac_i" |
+	 sed 's/\$U\././;s/\.o$//;s/\.obj$//'`
+  # 2. Add them.
+  ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext"
+  ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then
+  { { echo "$as_me:$LINENO: error: conditional \"MAINTAINER_MODE\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"MAINTAINER_MODE\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
+  { { echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then
+  { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCXX\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"am__fastdepCXX\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
+  { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+if test -z "${WINNT_TRUE}" && test -z "${WINNT_FALSE}"; then
+  { { echo "$as_me:$LINENO: error: conditional \"WINNT\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"WINNT\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+if test -z "${LINUX_TRUE}" && test -z "${LINUX_FALSE}"; then
+  { { echo "$as_me:$LINENO: error: conditional \"LINUX\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"LINUX\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+if test -z "${HPUX_TRUE}" && test -z "${HPUX_FALSE}"; then
+  { { echo "$as_me:$LINENO: error: conditional \"HPUX\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"HPUX\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+if test -z "${SOLARIS_TRUE}" && test -z "${SOLARIS_FALSE}"; then
+  { { echo "$as_me:$LINENO: error: conditional \"SOLARIS\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"SOLARIS\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+: ${CONFIG_STATUS=./config.status}
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
+echo "$as_me: creating $CONFIG_STATUS" >&6;}
+cat >$CONFIG_STATUS <<_ACEOF
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+SHELL=\${CONFIG_SHELL-$SHELL}
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be Bourne compatible
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
+  set -o posix
+fi
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# Work around bugs in pre-3.0 UWIN ksh.
+$as_unset ENV MAIL MAILPATH
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+for as_var in \
+  LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
+  LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
+  LC_TELEPHONE LC_TIME
+do
+  if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
+    eval $as_var=C; export $as_var
+  else
+    $as_unset $as_var
+  fi
+done
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)$' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
+  	  /^X\/\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\/\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`
+
+
+# PATH needs CR, and LINENO needs CR and PATH.
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  echo "#! /bin/sh" >conf$$.sh
+  echo  "exit 0"   >>conf$$.sh
+  chmod +x conf$$.sh
+  if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+    PATH_SEPARATOR=';'
+  else
+    PATH_SEPARATOR=:
+  fi
+  rm -f conf$$.sh
+fi
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x$as_lineno_3"  = "x$as_lineno_2"  || {
+  # Find who we are.  Look in the path if we contain no path at all
+  # relative or not.
+  case $0 in
+    *[\\/]* ) as_myself=$0 ;;
+    *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+
+       ;;
+  esac
+  # We did not find ourselves, most probably we were run as `sh COMMAND'
+  # in which case we are not to be found in the path.
+  if test "x$as_myself" = x; then
+    as_myself=$0
+  fi
+  if test ! -f "$as_myself"; then
+    { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5
+echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+  case $CONFIG_SHELL in
+  '')
+    as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for as_base in sh bash ksh sh5; do
+	 case $as_dir in
+	 /*)
+	   if ("$as_dir/$as_base" -c '
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x$as_lineno_3"  = "x$as_lineno_2" ') 2>/dev/null; then
+	     $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; }
+	     $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; }
+	     CONFIG_SHELL=$as_dir/$as_base
+	     export CONFIG_SHELL
+	     exec "$CONFIG_SHELL" "$0" ${1+"$@"}
+	   fi;;
+	 esac
+       done
+done
+;;
+  esac
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line before each line; the second 'sed' does the real
+  # work.  The second script uses 'N' to pair each line-number line
+  # with the numbered line, and appends trailing '-' during
+  # substitution so that $LINENO is not a special case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # second 'sed' script.  Blame Lee E. McMahon for sed's syntax.  :-)
+  sed '=' <$as_myself |
+    sed '
+      N
+      s,$,-,
+      : loop
+      s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
+      t loop
+      s,-$,,
+      s,^['$as_cr_digits']*\n,,
+    ' >$as_me.lineno &&
+  chmod +x $as_me.lineno ||
+    { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5
+echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;}
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensible to this).
+  . ./$as_me.lineno
+  # Exit status is that of the last command.
+  exit
+}
+
+
+case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
+  *c*,-n*) ECHO_N= ECHO_C='
+' ECHO_T='	' ;;
+  *c*,*  ) ECHO_N=-n ECHO_C= ECHO_T= ;;
+  *)       ECHO_N= ECHO_C='\c' ECHO_T= ;;
+esac
+
+if expr a : '\(a\)' >/dev/null 2>&1; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+echo >conf$$.file
+if ln -s conf$$.file conf$$ 2>/dev/null; then
+  # We could just check for DJGPP; but this test a) works b) is more generic
+  # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
+  if test -f conf$$.exe; then
+    # Don't use ln at all; we don't have any links
+    as_ln_s='cp -p'
+  else
+    as_ln_s='ln -s'
+  fi
+elif ln conf$$.file conf$$ 2>/dev/null; then
+  as_ln_s=ln
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.file
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+as_executable_p="test -f"
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.
+as_nl='
+'
+IFS=" 	$as_nl"
+
+# CDPATH.
+$as_unset CDPATH
+
+exec 6>&1
+
+# Open the log real soon, to keep \$[0] and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.  Logging --version etc. is OK.
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+} >&5
+cat >&5 <<_CSEOF
+
+This file was extended by pki-tps $as_me 8.0.0, which was
+generated by GNU Autoconf 2.59.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+_CSEOF
+echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5
+echo >&5
+_ACEOF
+
+# Files that config.status was made for.
+if test -n "$ac_config_files"; then
+  echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS
+fi
+
+if test -n "$ac_config_headers"; then
+  echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS
+fi
+
+if test -n "$ac_config_links"; then
+  echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS
+fi
+
+if test -n "$ac_config_commands"; then
+  echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+
+ac_cs_usage="\
+\`$as_me' instantiates files from templates according to the
+current configuration.
+
+Usage: $0 [OPTIONS] [FILE]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number, then exit
+  -q, --quiet      do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+  --file=FILE[:TEMPLATE]
+		   instantiate the configuration file FILE
+  --header=FILE[:TEMPLATE]
+		   instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration commands:
+$config_commands
+
+Report bugs to <bug-autoconf@gnu.org>."
+_ACEOF
+
+cat >>$CONFIG_STATUS <<_ACEOF
+ac_cs_version="\\
+pki-tps config.status 8.0.0
+configured by $0, generated by GNU Autoconf 2.59,
+  with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
+
+Copyright (C) 2003 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+srcdir=$srcdir
+INSTALL="$INSTALL"
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+# If no file are specified by the user, then we need to provide default
+# value.  By we need to know if files were specified by the user.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=*)
+    ac_option=`expr "x$1" : 'x\([^=]*\)='`
+    ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  -*)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  *) # This is not an option, so the user has probably given explicit
+     # arguments.
+     ac_option=$1
+     ac_need_defaults=false;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --vers* | -V )
+    echo "$ac_cs_version"; exit 0 ;;
+  --he | --h)
+    # Conflict between --help and --header
+    { { echo "$as_me:$LINENO: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&5
+echo "$as_me: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&2;}
+   { (exit 1); exit 1; }; };;
+  --help | --hel | -h )
+    echo "$ac_cs_usage"; exit 0 ;;
+  --debug | --d* | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    CONFIG_FILES="$CONFIG_FILES $ac_optarg"
+    ac_need_defaults=false;;
+  --header | --heade | --head | --hea )
+    $ac_shift
+    CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg"
+    ac_need_defaults=false;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&5
+echo "$as_me: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&2;}
+   { (exit 1); exit 1; }; } ;;
+
+  *) ac_config_targets="$ac_config_targets $1" ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF
+if \$ac_cs_recheck; then
+  echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6
+  exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+fi
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<_ACEOF
+#
+# INIT-COMMANDS section.
+#
+
+AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
+
+_ACEOF
+
+
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+for ac_config_target in $ac_config_targets
+do
+  case "$ac_config_target" in
+  # Handling of arguments.
+  "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+  "depfiles" ) CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+  "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+  *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
+echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
+   { (exit 1); exit 1; }; };;
+  esac
+done
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason to put it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Create a temporary directory, and hook for its removal unless debugging.
+$debug ||
+{
+  trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0
+  trap '{ (exit 1); exit 1; }' 1 2 13 15
+}
+
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` &&
+  test -n "$tmp" && test -d "$tmp"
+}  ||
+{
+  tmp=./confstat$$-$RANDOM
+  (umask 077 && mkdir $tmp)
+} ||
+{
+   echo "$me: cannot create a temporary directory in ." >&2
+   { (exit 1); exit 1; }
+}
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<_ACEOF
+
+#
+# CONFIG_FILES section.
+#
+
+# No need to generate the scripts if there are no CONFIG_FILES.
+# This happens for instance when ./config.status config.h
+if test -n "\$CONFIG_FILES"; then
+  # Protect against being on the right side of a sed subst in config.status.
+  sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g;
+   s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF
+s,@SHELL@,$SHELL,;t t
+s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t
+s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t
+s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t
+s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t
+s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t
+s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t
+s,@exec_prefix@,$exec_prefix,;t t
+s,@prefix@,$prefix,;t t
+s,@program_transform_name@,$program_transform_name,;t t
+s,@bindir@,$bindir,;t t
+s,@sbindir@,$sbindir,;t t
+s,@libexecdir@,$libexecdir,;t t
+s,@datadir@,$datadir,;t t
+s,@sysconfdir@,$sysconfdir,;t t
+s,@sharedstatedir@,$sharedstatedir,;t t
+s,@localstatedir@,$localstatedir,;t t
+s,@libdir@,$libdir,;t t
+s,@includedir@,$includedir,;t t
+s,@oldincludedir@,$oldincludedir,;t t
+s,@infodir@,$infodir,;t t
+s,@mandir@,$mandir,;t t
+s,@build_alias@,$build_alias,;t t
+s,@host_alias@,$host_alias,;t t
+s,@target_alias@,$target_alias,;t t
+s,@DEFS@,$DEFS,;t t
+s,@ECHO_C@,$ECHO_C,;t t
+s,@ECHO_N@,$ECHO_N,;t t
+s,@ECHO_T@,$ECHO_T,;t t
+s,@LIBS@,$LIBS,;t t
+s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t
+s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t
+s,@INSTALL_DATA@,$INSTALL_DATA,;t t
+s,@CYGPATH_W@,$CYGPATH_W,;t t
+s,@PACKAGE@,$PACKAGE,;t t
+s,@VERSION@,$VERSION,;t t
+s,@ACLOCAL@,$ACLOCAL,;t t
+s,@AUTOCONF@,$AUTOCONF,;t t
+s,@AUTOMAKE@,$AUTOMAKE,;t t
+s,@AUTOHEADER@,$AUTOHEADER,;t t
+s,@MAKEINFO@,$MAKEINFO,;t t
+s,@install_sh@,$install_sh,;t t
+s,@STRIP@,$STRIP,;t t
+s,@ac_ct_STRIP@,$ac_ct_STRIP,;t t
+s,@INSTALL_STRIP_PROGRAM@,$INSTALL_STRIP_PROGRAM,;t t
+s,@mkdir_p@,$mkdir_p,;t t
+s,@AWK@,$AWK,;t t
+s,@SET_MAKE@,$SET_MAKE,;t t
+s,@am__leading_dot@,$am__leading_dot,;t t
+s,@AMTAR@,$AMTAR,;t t
+s,@am__tar@,$am__tar,;t t
+s,@am__untar@,$am__untar,;t t
+s,@MAINTAINER_MODE_TRUE@,$MAINTAINER_MODE_TRUE,;t t
+s,@MAINTAINER_MODE_FALSE@,$MAINTAINER_MODE_FALSE,;t t
+s,@MAINT@,$MAINT,;t t
+s,@build@,$build,;t t
+s,@build_cpu@,$build_cpu,;t t
+s,@build_vendor@,$build_vendor,;t t
+s,@build_os@,$build_os,;t t
+s,@host@,$host,;t t
+s,@host_cpu@,$host_cpu,;t t
+s,@host_vendor@,$host_vendor,;t t
+s,@host_os@,$host_os,;t t
+s,@CXX@,$CXX,;t t
+s,@CXXFLAGS@,$CXXFLAGS,;t t
+s,@LDFLAGS@,$LDFLAGS,;t t
+s,@CPPFLAGS@,$CPPFLAGS,;t t
+s,@ac_ct_CXX@,$ac_ct_CXX,;t t
+s,@EXEEXT@,$EXEEXT,;t t
+s,@OBJEXT@,$OBJEXT,;t t
+s,@DEPDIR@,$DEPDIR,;t t
+s,@am__include@,$am__include,;t t
+s,@am__quote@,$am__quote,;t t
+s,@AMDEP_TRUE@,$AMDEP_TRUE,;t t
+s,@AMDEP_FALSE@,$AMDEP_FALSE,;t t
+s,@AMDEPBACKSLASH@,$AMDEPBACKSLASH,;t t
+s,@CXXDEPMODE@,$CXXDEPMODE,;t t
+s,@am__fastdepCXX_TRUE@,$am__fastdepCXX_TRUE,;t t
+s,@am__fastdepCXX_FALSE@,$am__fastdepCXX_FALSE,;t t
+s,@CC@,$CC,;t t
+s,@CFLAGS@,$CFLAGS,;t t
+s,@ac_ct_CC@,$ac_ct_CC,;t t
+s,@CCDEPMODE@,$CCDEPMODE,;t t
+s,@am__fastdepCC_TRUE@,$am__fastdepCC_TRUE,;t t
+s,@am__fastdepCC_FALSE@,$am__fastdepCC_FALSE,;t t
+s,@EGREP@,$EGREP,;t t
+s,@LN_S@,$LN_S,;t t
+s,@ECHO@,$ECHO,;t t
+s,@AR@,$AR,;t t
+s,@ac_ct_AR@,$ac_ct_AR,;t t
+s,@RANLIB@,$RANLIB,;t t
+s,@ac_ct_RANLIB@,$ac_ct_RANLIB,;t t
+s,@CPP@,$CPP,;t t
+s,@CXXCPP@,$CXXCPP,;t t
+s,@F77@,$F77,;t t
+s,@FFLAGS@,$FFLAGS,;t t
+s,@ac_ct_F77@,$ac_ct_F77,;t t
+s,@LIBTOOL@,$LIBTOOL,;t t
+s,@LIBOBJS@,$LIBOBJS,;t t
+s,@debug_defs@,$debug_defs,;t t
+s,@aliasdir@,$aliasdir,;t t
+s,@apache_modulesdir@,$apache_modulesdir,;t t
+s,@appletsdir@,$appletsdir,;t t
+s,@cgibin_demodir@,$cgibin_demodir,;t t
+s,@cgibin_homedir@,$cgibin_homedir,;t t
+s,@cgibin_sodir@,$cgibin_sodir,;t t
+s,@cgibin_sowdir@,$cgibin_sowdir,;t t
+s,@confdir@,$confdir,;t t
+s,@docrootdir@,$docrootdir,;t t
+s,@docroot_demodir@,$docroot_demodir,;t t
+s,@docroot_homedir@,$docroot_homedir,;t t
+s,@docroot_sodir@,$docroot_sodir,;t t
+s,@docroot_sowdir@,$docroot_sowdir,;t t
+s,@docroot_sow_cssdir@,$docroot_sow_cssdir,;t t
+s,@docroot_sow_imagesdir@,$docroot_sow_imagesdir,;t t
+s,@docroot_sow_jsdir@,$docroot_sow_jsdir,;t t
+s,@docroot_tokendbdir@,$docroot_tokendbdir,;t t
+s,@docroot_tps_configdir@,$docroot_tps_configdir,;t t
+s,@docroot_tps_cssdir@,$docroot_tps_cssdir,;t t
+s,@docroot_tps_imgdir@,$docroot_tps_imgdir,;t t
+s,@docroot_tps_jsdir@,$docroot_tps_jsdir,;t t
+s,@initddir@,$initddir,;t t
+s,@licensedir@,$licensedir,;t t
+s,@logsdir@,$logsdir,;t t
+s,@perl_modulesdir@,$perl_modulesdir,;t t
+s,@perl_templatesdir@,$perl_templatesdir,;t t
+s,@samplesdir@,$samplesdir,;t t
+s,@scriptsdir@,$scriptsdir,;t t
+s,@setupdir@,$setupdir,;t t
+s,@templatesdir@,$templatesdir,;t t
+s,@WINNT_TRUE@,$WINNT_TRUE,;t t
+s,@WINNT_FALSE@,$WINNT_FALSE,;t t
+s,@LIBSOCKET@,$LIBSOCKET,;t t
+s,@LIBNSL@,$LIBNSL,;t t
+s,@LIBDL@,$LIBDL,;t t
+s,@LIBCSTD@,$LIBCSTD,;t t
+s,@LIBCRUN@,$LIBCRUN,;t t
+s,@LINUX_TRUE@,$LINUX_TRUE,;t t
+s,@LINUX_FALSE@,$LINUX_FALSE,;t t
+s,@HPUX_TRUE@,$HPUX_TRUE,;t t
+s,@HPUX_FALSE@,$HPUX_FALSE,;t t
+s,@SOLARIS_TRUE@,$SOLARIS_TRUE,;t t
+s,@SOLARIS_FALSE@,$SOLARIS_FALSE,;t t
+s,@PKG_CONFIG@,$PKG_CONFIG,;t t
+s,@nspr_inc@,$nspr_inc,;t t
+s,@nspr_lib@,$nspr_lib,;t t
+s,@nspr_libdir@,$nspr_libdir,;t t
+s,@nss_inc@,$nss_inc,;t t
+s,@nss_lib@,$nss_lib,;t t
+s,@nss_libdir@,$nss_libdir,;t t
+s,@ldapsdk_inc@,$ldapsdk_inc,;t t
+s,@ldapsdk_lib@,$ldapsdk_lib,;t t
+s,@ldapsdk_libdir@,$ldapsdk_libdir,;t t
+s,@ldapsdk_bindir@,$ldapsdk_bindir,;t t
+s,@sasl_inc@,$sasl_inc,;t t
+s,@sasl_lib@,$sasl_lib,;t t
+s,@sasl_libdir@,$sasl_libdir,;t t
+s,@svrcore_inc@,$svrcore_inc,;t t
+s,@svrcore_lib@,$svrcore_lib,;t t
+s,@APRDIR@,$APRDIR,;t t
+s,@apr_inc@,$apr_inc,;t t
+s,@apr_lib@,$apr_lib,;t t
+s,@apr_lib_version@,$apr_lib_version,;t t
+s,@apr_libutil_version@,$apr_libutil_version,;t t
+s,@apr_libdir@,$apr_libdir,;t t
+s,@apr_bindir@,$apr_bindir,;t t
+s,@apache_inc@,$apache_inc,;t t
+s,@apache_lib@,$apache_lib,;t t
+s,@apache_libdir@,$apache_libdir,;t t
+s,@db_lib@,$db_lib,;t t
+s,@db_libdir@,$db_libdir,;t t
+s,@apache_bindir@,$apache_bindir,;t t
+s,@LTLIBOBJS@,$LTLIBOBJS,;t t
+CEOF
+
+_ACEOF
+
+  cat >>$CONFIG_STATUS <<\_ACEOF
+  # Split the substitutions into bite-sized pieces for seds with
+  # small command number limits, like on Digital OSF/1 and HP-UX.
+  ac_max_sed_lines=48
+  ac_sed_frag=1 # Number of current file.
+  ac_beg=1 # First line for current file.
+  ac_end=$ac_max_sed_lines # Line after last line for current file.
+  ac_more_lines=:
+  ac_sed_cmds=
+  while $ac_more_lines; do
+    if test $ac_beg -gt 1; then
+      sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
+    else
+      sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
+    fi
+    if test ! -s $tmp/subs.frag; then
+      ac_more_lines=false
+    else
+      # The purpose of the label and of the branching condition is to
+      # speed up the sed processing (if there are no `@' at all, there
+      # is no need to browse any of the substitutions).
+      # These are the two extra sed commands mentioned above.
+      (echo ':t
+  /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed
+      if test -z "$ac_sed_cmds"; then
+	ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed"
+      else
+	ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed"
+      fi
+      ac_sed_frag=`expr $ac_sed_frag + 1`
+      ac_beg=$ac_end
+      ac_end=`expr $ac_end + $ac_max_sed_lines`
+    fi
+  done
+  if test -z "$ac_sed_cmds"; then
+    ac_sed_cmds=cat
+  fi
+fi # test -n "$CONFIG_FILES"
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue
+  # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
+  case $ac_file in
+  - | *:- | *:-:* ) # input from stdin
+	cat >$tmp/stdin
+	ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
+	ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
+  *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
+	ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
+  * )   ac_file_in=$ac_file.in ;;
+  esac
+
+  # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories.
+  ac_dir=`(dirname "$ac_file") 2>/dev/null ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+  	  /^X\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`
+  { if $as_mkdir_p; then
+    mkdir -p "$ac_dir"
+  else
+    as_dir="$ac_dir"
+    as_dirs=
+    while test ! -d "$as_dir"; do
+      as_dirs="$as_dir $as_dirs"
+      as_dir=`(dirname "$as_dir") 2>/dev/null ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+  	  /^X\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`
+    done
+    test ! -n "$as_dirs" || mkdir $as_dirs
+  fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
+echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
+   { (exit 1); exit 1; }; }; }
+
+  ac_builddir=.
+
+if test "$ac_dir" != .; then
+  ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
+  # A "../" for each directory in $ac_dir_suffix.
+  ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
+else
+  ac_dir_suffix= ac_top_builddir=
+fi
+
+case $srcdir in
+  .)  # No --srcdir option.  We are building in place.
+    ac_srcdir=.
+    if test -z "$ac_top_builddir"; then
+       ac_top_srcdir=.
+    else
+       ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
+    fi ;;
+  [\\/]* | ?:[\\/]* )  # Absolute path.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir ;;
+  *) # Relative path.
+    ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_builddir$srcdir ;;
+esac
+
+# Do not use `cd foo && pwd` to compute absolute paths, because
+# the directories may not exist.
+case `pwd` in
+.) ac_abs_builddir="$ac_dir";;
+*)
+  case "$ac_dir" in
+  .) ac_abs_builddir=`pwd`;;
+  [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
+  *) ac_abs_builddir=`pwd`/"$ac_dir";;
+  esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_builddir=${ac_top_builddir}.;;
+*)
+  case ${ac_top_builddir}. in
+  .) ac_abs_top_builddir=$ac_abs_builddir;;
+  [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
+  *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
+  esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_srcdir=$ac_srcdir;;
+*)
+  case $ac_srcdir in
+  .) ac_abs_srcdir=$ac_abs_builddir;;
+  [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
+  *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
+  esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_srcdir=$ac_top_srcdir;;
+*)
+  case $ac_top_srcdir in
+  .) ac_abs_top_srcdir=$ac_abs_builddir;;
+  [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
+  *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
+  esac;;
+esac
+
+
+  case $INSTALL in
+  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+  *) ac_INSTALL=$ac_top_builddir$INSTALL ;;
+  esac
+
+  if test x"$ac_file" != x-; then
+    { echo "$as_me:$LINENO: creating $ac_file" >&5
+echo "$as_me: creating $ac_file" >&6;}
+    rm -f "$ac_file"
+  fi
+  # Let's still pretend it is `configure' which instantiates (i.e., don't
+  # use $as_me), people would be surprised to read:
+  #    /* config.h.  Generated by config.status.  */
+  if test x"$ac_file" = x-; then
+    configure_input=
+  else
+    configure_input="$ac_file.  "
+  fi
+  configure_input=$configure_input"Generated from `echo $ac_file_in |
+				     sed 's,.*/,,'` by configure."
+
+  # First look for the input files in the build tree, otherwise in the
+  # src tree.
+  ac_file_inputs=`IFS=:
+    for f in $ac_file_in; do
+      case $f in
+      -) echo $tmp/stdin ;;
+      [\\/$]*)
+	 # Absolute (can't be DOS-style, as IFS=:)
+	 test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
+echo "$as_me: error: cannot find input file: $f" >&2;}
+   { (exit 1); exit 1; }; }
+	 echo "$f";;
+      *) # Relative
+	 if test -f "$f"; then
+	   # Build tree
+	   echo "$f"
+	 elif test -f "$srcdir/$f"; then
+	   # Source tree
+	   echo "$srcdir/$f"
+	 else
+	   # /dev/null tree
+	   { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
+echo "$as_me: error: cannot find input file: $f" >&2;}
+   { (exit 1); exit 1; }; }
+	 fi;;
+      esac
+    done` || { (exit 1); exit 1; }
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF
+  sed "$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s,@configure_input@,$configure_input,;t t
+s,@srcdir@,$ac_srcdir,;t t
+s,@abs_srcdir@,$ac_abs_srcdir,;t t
+s,@top_srcdir@,$ac_top_srcdir,;t t
+s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t
+s,@builddir@,$ac_builddir,;t t
+s,@abs_builddir@,$ac_abs_builddir,;t t
+s,@top_builddir@,$ac_top_builddir,;t t
+s,@abs_top_builddir@,$ac_abs_top_builddir,;t t
+s,@INSTALL@,$ac_INSTALL,;t t
+" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out
+  rm -f $tmp/stdin
+  if test x"$ac_file" != x-; then
+    mv $tmp/out $ac_file
+  else
+    cat $tmp/out
+    rm -f $tmp/out
+  fi
+
+done
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+
+#
+# CONFIG_HEADER section.
+#
+
+# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where
+# NAME is the cpp macro being defined and VALUE is the value it is being given.
+#
+# ac_d sets the value in "#define NAME VALUE" lines.
+ac_dA='s,^\([	 ]*\)#\([	 ]*define[	 ][	 ]*\)'
+ac_dB='[	 ].*$,\1#\2'
+ac_dC=' '
+ac_dD=',;t'
+# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE".
+ac_uA='s,^\([	 ]*\)#\([	 ]*\)undef\([	 ][	 ]*\)'
+ac_uB='$,\1#\2define\3'
+ac_uC=' '
+ac_uD=',;t'
+
+for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue
+  # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
+  case $ac_file in
+  - | *:- | *:-:* ) # input from stdin
+	cat >$tmp/stdin
+	ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
+	ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
+  *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
+	ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
+  * )   ac_file_in=$ac_file.in ;;
+  esac
+
+  test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5
+echo "$as_me: creating $ac_file" >&6;}
+
+  # First look for the input files in the build tree, otherwise in the
+  # src tree.
+  ac_file_inputs=`IFS=:
+    for f in $ac_file_in; do
+      case $f in
+      -) echo $tmp/stdin ;;
+      [\\/$]*)
+	 # Absolute (can't be DOS-style, as IFS=:)
+	 test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
+echo "$as_me: error: cannot find input file: $f" >&2;}
+   { (exit 1); exit 1; }; }
+	 # Do quote $f, to prevent DOS paths from being IFS'd.
+	 echo "$f";;
+      *) # Relative
+	 if test -f "$f"; then
+	   # Build tree
+	   echo "$f"
+	 elif test -f "$srcdir/$f"; then
+	   # Source tree
+	   echo "$srcdir/$f"
+	 else
+	   # /dev/null tree
+	   { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
+echo "$as_me: error: cannot find input file: $f" >&2;}
+   { (exit 1); exit 1; }; }
+	 fi;;
+      esac
+    done` || { (exit 1); exit 1; }
+  # Remove the trailing spaces.
+  sed 's/[	 ]*$//' $ac_file_inputs >$tmp/in
+
+_ACEOF
+
+# Transform confdefs.h into two sed scripts, `conftest.defines' and
+# `conftest.undefs', that substitutes the proper values into
+# config.h.in to produce config.h.  The first handles `#define'
+# templates, and the second `#undef' templates.
+# And first: Protect against being on the right side of a sed subst in
+# config.status.  Protect against being in an unquoted here document
+# in config.status.
+rm -f conftest.defines conftest.undefs
+# Using a here document instead of a string reduces the quoting nightmare.
+# Putting comments in sed scripts is not portable.
+#
+# `end' is used to avoid that the second main sed command (meant for
+# 0-ary CPP macros) applies to n-ary macro definitions.
+# See the Autoconf documentation for `clear'.
+cat >confdef2sed.sed <<\_ACEOF
+s/[\\&,]/\\&/g
+s,[\\$`],\\&,g
+t clear
+: clear
+s,^[	 ]*#[	 ]*define[	 ][	 ]*\([^	 (][^	 (]*\)\(([^)]*)\)[	 ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp
+t end
+s,^[	 ]*#[	 ]*define[	 ][	 ]*\([^	 ][^	 ]*\)[	 ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp
+: end
+_ACEOF
+# If some macros were called several times there might be several times
+# the same #defines, which is useless.  Nevertheless, we may not want to
+# sort them, since we want the *last* AC-DEFINE to be honored.
+uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines
+sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs
+rm -f confdef2sed.sed
+
+# This sed command replaces #undef with comments.  This is necessary, for
+# example, in the case of _POSIX_SOURCE, which is predefined and required
+# on some systems where configure will not decide to define it.
+cat >>conftest.undefs <<\_ACEOF
+s,^[	 ]*#[	 ]*undef[	 ][	 ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */,
+_ACEOF
+
+# Break up conftest.defines because some shells have a limit on the size
+# of here documents, and old seds have small limits too (100 cmds).
+echo '  # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS
+echo '  if grep "^[	 ]*#[	 ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS
+echo '  # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS
+echo '  :' >>$CONFIG_STATUS
+rm -f conftest.tail
+while grep . conftest.defines >/dev/null
+do
+  # Write a limited-size here document to $tmp/defines.sed.
+  echo '  cat >$tmp/defines.sed <<CEOF' >>$CONFIG_STATUS
+  # Speed up: don't consider the non `#define' lines.
+  echo '/^[	 ]*#[	 ]*define/!b' >>$CONFIG_STATUS
+  # Work around the forget-to-reset-the-flag bug.
+  echo 't clr' >>$CONFIG_STATUS
+  echo ': clr' >>$CONFIG_STATUS
+  sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS
+  echo 'CEOF
+  sed -f $tmp/defines.sed $tmp/in >$tmp/out
+  rm -f $tmp/in
+  mv $tmp/out $tmp/in
+' >>$CONFIG_STATUS
+  sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail
+  rm -f conftest.defines
+  mv conftest.tail conftest.defines
+done
+rm -f conftest.defines
+echo '  fi # grep' >>$CONFIG_STATUS
+echo >>$CONFIG_STATUS
+
+# Break up conftest.undefs because some shells have a limit on the size
+# of here documents, and old seds have small limits too (100 cmds).
+echo '  # Handle all the #undef templates' >>$CONFIG_STATUS
+rm -f conftest.tail
+while grep . conftest.undefs >/dev/null
+do
+  # Write a limited-size here document to $tmp/undefs.sed.
+  echo '  cat >$tmp/undefs.sed <<CEOF' >>$CONFIG_STATUS
+  # Speed up: don't consider the non `#undef'
+  echo '/^[	 ]*#[	 ]*undef/!b' >>$CONFIG_STATUS
+  # Work around the forget-to-reset-the-flag bug.
+  echo 't clr' >>$CONFIG_STATUS
+  echo ': clr' >>$CONFIG_STATUS
+  sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS
+  echo 'CEOF
+  sed -f $tmp/undefs.sed $tmp/in >$tmp/out
+  rm -f $tmp/in
+  mv $tmp/out $tmp/in
+' >>$CONFIG_STATUS
+  sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail
+  rm -f conftest.undefs
+  mv conftest.tail conftest.undefs
+done
+rm -f conftest.undefs
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+  # Let's still pretend it is `configure' which instantiates (i.e., don't
+  # use $as_me), people would be surprised to read:
+  #    /* config.h.  Generated by config.status.  */
+  if test x"$ac_file" = x-; then
+    echo "/* Generated by configure.  */" >$tmp/config.h
+  else
+    echo "/* $ac_file.  Generated by configure.  */" >$tmp/config.h
+  fi
+  cat $tmp/in >>$tmp/config.h
+  rm -f $tmp/in
+  if test x"$ac_file" != x-; then
+    if diff $ac_file $tmp/config.h >/dev/null 2>&1; then
+      { echo "$as_me:$LINENO: $ac_file is unchanged" >&5
+echo "$as_me: $ac_file is unchanged" >&6;}
+    else
+      ac_dir=`(dirname "$ac_file") 2>/dev/null ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+  	  /^X\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`
+      { if $as_mkdir_p; then
+    mkdir -p "$ac_dir"
+  else
+    as_dir="$ac_dir"
+    as_dirs=
+    while test ! -d "$as_dir"; do
+      as_dirs="$as_dir $as_dirs"
+      as_dir=`(dirname "$as_dir") 2>/dev/null ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+  	  /^X\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`
+    done
+    test ! -n "$as_dirs" || mkdir $as_dirs
+  fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
+echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
+   { (exit 1); exit 1; }; }; }
+
+      rm -f $ac_file
+      mv $tmp/config.h $ac_file
+    fi
+  else
+    cat $tmp/config.h
+    rm -f $tmp/config.h
+  fi
+# Compute $ac_file's index in $config_headers.
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $ac_file | $ac_file:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $ac_file" >`(dirname $ac_file) 2>/dev/null ||
+$as_expr X$ac_file : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X$ac_file : 'X\(//\)[^/]' \| \
+	 X$ac_file : 'X\(//\)$' \| \
+	 X$ac_file : 'X\(/\)' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X$ac_file |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+  	  /^X\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`/stamp-h$_am_stamp_count
+done
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+
+#
+# CONFIG_COMMANDS section.
+#
+for ac_file in : $CONFIG_COMMANDS; do test "x$ac_file" = x: && continue
+  ac_dest=`echo "$ac_file" | sed 's,:.*,,'`
+  ac_source=`echo "$ac_file" | sed 's,[^:]*:,,'`
+  ac_dir=`(dirname "$ac_dest") 2>/dev/null ||
+$as_expr X"$ac_dest" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_dest" : 'X\(//\)[^/]' \| \
+	 X"$ac_dest" : 'X\(//\)$' \| \
+	 X"$ac_dest" : 'X\(/\)' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X"$ac_dest" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+  	  /^X\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`
+  { if $as_mkdir_p; then
+    mkdir -p "$ac_dir"
+  else
+    as_dir="$ac_dir"
+    as_dirs=
+    while test ! -d "$as_dir"; do
+      as_dirs="$as_dir $as_dirs"
+      as_dir=`(dirname "$as_dir") 2>/dev/null ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+  	  /^X\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`
+    done
+    test ! -n "$as_dirs" || mkdir $as_dirs
+  fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
+echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
+   { (exit 1); exit 1; }; }; }
+
+  ac_builddir=.
+
+if test "$ac_dir" != .; then
+  ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
+  # A "../" for each directory in $ac_dir_suffix.
+  ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
+else
+  ac_dir_suffix= ac_top_builddir=
+fi
+
+case $srcdir in
+  .)  # No --srcdir option.  We are building in place.
+    ac_srcdir=.
+    if test -z "$ac_top_builddir"; then
+       ac_top_srcdir=.
+    else
+       ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
+    fi ;;
+  [\\/]* | ?:[\\/]* )  # Absolute path.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir ;;
+  *) # Relative path.
+    ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_builddir$srcdir ;;
+esac
+
+# Do not use `cd foo && pwd` to compute absolute paths, because
+# the directories may not exist.
+case `pwd` in
+.) ac_abs_builddir="$ac_dir";;
+*)
+  case "$ac_dir" in
+  .) ac_abs_builddir=`pwd`;;
+  [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
+  *) ac_abs_builddir=`pwd`/"$ac_dir";;
+  esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_builddir=${ac_top_builddir}.;;
+*)
+  case ${ac_top_builddir}. in
+  .) ac_abs_top_builddir=$ac_abs_builddir;;
+  [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
+  *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
+  esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_srcdir=$ac_srcdir;;
+*)
+  case $ac_srcdir in
+  .) ac_abs_srcdir=$ac_abs_builddir;;
+  [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
+  *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
+  esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_srcdir=$ac_top_srcdir;;
+*)
+  case $ac_top_srcdir in
+  .) ac_abs_top_srcdir=$ac_abs_builddir;;
+  [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
+  *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
+  esac;;
+esac
+
+
+  { echo "$as_me:$LINENO: executing $ac_dest commands" >&5
+echo "$as_me: executing $ac_dest commands" >&6;}
+  case $ac_dest in
+    depfiles ) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do
+  # Strip MF so we end up with the name of the file.
+  mf=`echo "$mf" | sed -e 's/:.*$//'`
+  # Check whether this is an Automake generated Makefile or not.
+  # We used to match only the files named `Makefile.in', but
+  # some people rename them; so instead we look at the file content.
+  # Grep'ing the first line is not enough: some people post-process
+  # each Makefile.in and add a new line on top of each file to say so.
+  # So let's grep whole file.
+  if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then
+    dirpart=`(dirname "$mf") 2>/dev/null ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$mf" : 'X\(//\)[^/]' \| \
+	 X"$mf" : 'X\(//\)$' \| \
+	 X"$mf" : 'X\(/\)' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X"$mf" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+  	  /^X\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`
+  else
+    continue
+  fi
+  # Extract the definition of DEPDIR, am__include, and am__quote
+  # from the Makefile without running `make'.
+  DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+  test -z "$DEPDIR" && continue
+  am__include=`sed -n 's/^am__include = //p' < "$mf"`
+  test -z "am__include" && continue
+  am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+  # When using ansi2knr, U may be empty or an underscore; expand it
+  U=`sed -n 's/^U = //p' < "$mf"`
+  # Find all dependency output files, they are included files with
+  # $(DEPDIR) in their names.  We invoke sed twice because it is the
+  # simplest approach to changing $(DEPDIR) to its actual value in the
+  # expansion.
+  for file in `sed -n "
+    s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+       sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+    # Make sure the directory exists.
+    test -f "$dirpart/$file" && continue
+    fdir=`(dirname "$file") 2>/dev/null ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$file" : 'X\(//\)[^/]' \| \
+	 X"$file" : 'X\(//\)$' \| \
+	 X"$file" : 'X\(/\)' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X"$file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+  	  /^X\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`
+    { if $as_mkdir_p; then
+    mkdir -p $dirpart/$fdir
+  else
+    as_dir=$dirpart/$fdir
+    as_dirs=
+    while test ! -d "$as_dir"; do
+      as_dirs="$as_dir $as_dirs"
+      as_dir=`(dirname "$as_dir") 2>/dev/null ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+  	  /^X\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`
+    done
+    test ! -n "$as_dirs" || mkdir $as_dirs
+  fi || { { echo "$as_me:$LINENO: error: cannot create directory $dirpart/$fdir" >&5
+echo "$as_me: error: cannot create directory $dirpart/$fdir" >&2;}
+   { (exit 1); exit 1; }; }; }
+
+    # echo "creating $dirpart/$file"
+    echo '# dummy' > "$dirpart/$file"
+  done
+done
+ ;;
+  esac
+done
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+
+{ (exit 0); exit 0; }
+_ACEOF
+chmod +x $CONFIG_STATUS
+ac_clean_files=$ac_clean_files_save
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded.  So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status.  When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+  ac_cs_success=:
+  ac_config_status_args=
+  test "$silent" = yes &&
+    ac_config_status_args="$ac_config_status_args --quiet"
+  exec 5>/dev/null
+  $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+  exec 5>>config.log
+  # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+  # would make configure fail if this is the last instruction.
+  $ac_cs_success || { (exit 1); exit 1; }
+fi
+
diff --git a/pki/base/tps/configure.ac b/pki/base/tps/configure.ac
new file mode 100644
index 000000000..4f3cc92bf
--- /dev/null
+++ b/pki/base/tps/configure.ac
@@ -0,0 +1,347 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#                                               -*- Autoconf -*-
+# Process this file with autoconf to produce a configure script.
+AC_PREREQ(2.59)
+AC_INIT([pki-tps], [8.0.0], [http://bugzilla.redhat.com/])
+# AC_CONFIG_HEADER must be called right after AC_INIT.
+AC_CONFIG_HEADERS([config.h])
+AM_INIT_AUTOMAKE([1.9 foreign subdir-objects])
+AM_MAINTAINER_MODE
+AC_CANONICAL_HOST
+
+# Checks for programs.
+AC_PROG_CXX
+AC_PROG_CC
+AM_PROG_CC_C_O
+# disable static libs by default - we only use a couple
+AC_DISABLE_STATIC
+AC_PROG_LIBTOOL
+
+# Checks for header files.
+AC_HEADER_DIRENT
+AC_HEADER_STDC
+AC_HEADER_SYS_WAIT
+AC_CHECK_HEADERS([arpa/inet.h fcntl.h malloc.h netdb.h netinet/in.h stdlib.h string.h strings.h sys/file.h sys/socket.h sys/time.h unistd.h])
+
+# Checks for typedefs, structures, and compiler characteristics.
+AC_HEADER_STAT
+AC_C_CONST
+AC_HEADER_STDBOOL
+AC_TYPE_UID_T
+AC_TYPE_PID_T
+AC_TYPE_SIZE_T
+AC_HEADER_TIME
+AC_STRUCT_TM
+
+# Checks for library functions.
+AC_FUNC_CHOWN
+AC_FUNC_CLOSEDIR_VOID
+AC_FUNC_ERROR_AT_LINE
+AC_FUNC_FORK
+AC_FUNC_LSTAT
+AC_FUNC_LSTAT_FOLLOWS_SLASHED_SYMLINK
+AC_FUNC_MALLOC
+AC_FUNC_MEMCMP
+AC_FUNC_MMAP
+AC_TYPE_SIGNAL
+AC_FUNC_STAT
+AC_FUNC_STRERROR_R
+AC_FUNC_STRFTIME
+AC_FUNC_VPRINTF
+AC_CHECK_FUNCS([setrlimit endpwent ftruncate getcwd gethostbyname inet_ntoa localtime_r memmove memset mkdir munmap putenv rmdir socket strcasecmp strchr strcspn strdup strerror strncasecmp strpbrk strrchr strstr strtol tzset])
+
+# Establish an optional "--enable-64bit" flag
+AC_MSG_CHECKING(for --enable-64bit)
+AC_ARG_ENABLE(64bit, [  --enable-64bit         Enable 64-bit features],
+[
+  AC_MSG_RESULT(yes)
+  USE_64=1
+],
+[
+  AC_MSG_RESULT(no)
+  USE_64=
+])
+
+# For historical reasons, establish various "--enable-debug" flags
+# for both DeBuG (yes) and OPTimized (no) builds
+AC_MSG_CHECKING(for --enable-debug)
+AC_ARG_ENABLE(debug, [  --enable-debug         Enable debug features],
+[
+  AC_MSG_RESULT(yes)
+  debug_defs="-DDEBUG -UNDEBUG -DTRACING"
+],
+[
+  AC_MSG_RESULT(no)
+  debug_defs="-UDEBUG -DNDEBUG -DTRIMMED"
+])
+AC_SUBST([debug_defs])
+
+AC_PREFIX_DEFAULT([/opt/tps])
+
+# installation paths - by default, configure will just
+# use /usr as the prefix for everything, which means
+# /usr/etc, /usr/opt, and /usr/var.  FHS sez to use
+# /etc, /opt, and /var.
+ac_default_prefix=/opt/tps
+prefix=$ac_default_prefix
+exec_prefix=$prefix
+dnl as opposed to the default $prefix/etc
+#sysconfdir='/etc'
+dnl as opposed to the default $prefix/var
+#localstatedir='/var'
+
+# relative to prefix
+aliasdir=/alias
+apache_modulesdir=/apache/modules
+appletsdir=/applets
+cgibin_demodir=/cgi-bin/demo
+cgibin_homedir=/cgi-bin/home
+cgibin_sodir=/cgi-bin/so
+cgibin_sowdir=/cgi-bin/sow
+confdir=/conf
+docrootdir=/docroot
+docroot_demodir=/docroot/demo
+docroot_homedir=/docroot/home
+docroot_sodir=/docroot/so
+docroot_sowdir=/docroot/sow
+docroot_sow_cssdir=/docroot/sow/css
+docroot_sow_imagesdir=/docroot/sow/images
+docroot_sow_jsdir=/docroot/sow/js
+docroot_tokendbdir=/docroot/tokendb
+docroot_tps_configdir=/docroot/tps/admin/console/config
+docroot_tps_cssdir=/docroot/tps/admin/console/css
+docroot_tps_imgdir=/docroot/tps/admin/console/img
+docroot_tps_jsdir=/docroot/tps/admin/console/js
+# relative to sysconfdir
+initddir=/init.d
+# relative to prefix
+licensedir=/doc
+logsdir=/logs
+perl_modulesdir=/perl/modules
+perl_templatesdir=/perl/templates
+samplesdir=/samples
+scriptsdir=/scripts
+setupdir=/setup
+templatesdir=/templates
+AC_SUBST(aliasdir)
+AC_SUBST(apache_modulesdir)
+AC_SUBST(appletsdir)
+AC_SUBST(cgibin_demodir)
+AC_SUBST(cgibin_homedir)
+AC_SUBST(cgibin_sodir)
+AC_SUBST(cgibin_sowdir)
+AC_SUBST(confdir)
+AC_SUBST(docrootdir)
+AC_SUBST(docroot_demodir)
+AC_SUBST(docroot_homedir)
+AC_SUBST(docroot_sodir)
+AC_SUBST(docroot_sowdir)
+AC_SUBST(docroot_sow_cssdir)
+AC_SUBST(docroot_sow_imagesdir)
+AC_SUBST(docroot_sow_jsdir)
+AC_SUBST(docroot_tokendbdir)
+AC_SUBST(docroot_tps_configdir)
+AC_SUBST(docroot_tps_cssdir)
+AC_SUBST(docroot_tps_imgdir)
+AC_SUBST(docroot_tps_jsdir)
+AC_SUBST(initddir)
+AC_SUBST(licensedir)
+AC_SUBST(logsdir)
+AC_SUBST(perl_modulesdir)
+AC_SUBST(perl_templatesdir)
+AC_SUBST(samplesdir)
+AC_SUBST(scriptsdir)
+AC_SUBST(setupdir)
+AC_SUBST(templatesdir)
+
+# WINNT should be true if building on Windows system not using
+# cygnus, mingw, or the like and using cmd.exe as the shell
+AM_CONDITIONAL([WINNT], false)
+
+# Deal with platform dependent defines
+case $host in
+  *-*-linux*)
+    AC_DEFINE([XP_UNIX], [], [UNIX])
+    AC_DEFINE([linux], [1], [linux])
+    AC_DEFINE([Linux], [], [Linux])
+    AC_DEFINE([LINUX], [], [Linux])
+    AC_DEFINE([LINUX2_0], [], [Linux 2.6])
+    AC_DEFINE([LINUX2_2], [], [Linux 2.6])
+    AC_DEFINE([LINUX2_4], [], [Linux 2.6])
+    AC_DEFINE([LINUX2_6], [], [Linux 2.6])
+    # For historical reasons, establish various "DEFINES" for TPS . . .
+    AC_DEFINE([_BSD_SOURCE], [1], [_BSD_SOURCE])
+    AC_DEFINE([_POSIX_SOURCE], [1], [_POSIX_SOURCE])
+    AC_DEFINE([_POSIX_C_SOURCE], [199506L], [_POSIX_C_SOURCE])
+    AC_DEFINE([_PR_NEED_FAKE_POLL], [], [_PR_NEED_FAKE_POLL])
+    AC_DEFINE([_REENTRANT], [], [_REENTRANT])
+    AC_DEFINE([_SVID_SOURCE], [1], [_SVID_SOURCE])
+    AC_DEFINE([HAVE_SIGNED_CHAR], [], [HAVE_SIGNED_CHAR])
+    AC_DEFINE([HAVE_SYS_BITYPES_H], [], [HAVE_SYS_BITYPES_H])
+    AC_DEFINE([NEED_ENDIAN_H], [], [NEED_ENDIAN_H])
+    AC_DEFINE([NEED_GETOPT_H], [], [NEED_GETOPT_H])
+    AC_DEFINE([NEED_IOCTL_H], [], [NEED_IOCTL_H])
+    AC_DEFINE([NEED_SYS_TIME_H], [], [NEED_SYS_TIME_H])
+    AC_DEFINE([NEED_UINT_T], [], [NEED_UINT_T])
+    AC_DEFINE([NET_SSL], [], [NET_SSL])
+    AC_DEFINE([NO_INT64_T], [], [NO_INT64_T])
+    AC_DEFINE([SW_THREADS], [], [SW_THREADS])
+    AC_DEFINE([USE_NODL_TABS], [], [USE_NODL_TABS])
+    platform="linux"
+    ;;
+  ia64-hp-hpux*)
+    AC_DEFINE([XP_UNIX], [], [UNIX])
+    AC_DEFINE([hpux], [1], [HP-UX])
+    AC_DEFINE([HPUX], [], [HP-UX])
+    AC_DEFINE([HPUX11], [1], [HP-UX 11])
+    AC_DEFINE([HPUX11_23], [1], [HP-UX 11.23])
+    AC_DEFINE([CPU_ia64], [], [cpu type ia64])
+    AC_DEFINE([OS_hpux], [1], [OS HP-UX])
+    AC_DEFINE([_POSIX_C_SOURCE], [199506L], [POSIX revision])
+    AC_DEFINE([_HPUX_SOURCE], [], [_HPUX_SOURCE])
+    platform="hpux"
+    ;;
+  hppa*-hp-hpux*)
+    AC_DEFINE([XP_UNIX], [], [UNIX])
+    AC_DEFINE([hpux], [1], [HP-UX])
+    AC_DEFINE([HPUX], [], [HP-UX])
+    AC_DEFINE([HPUX11], [1], [HP-UX 11])
+    AC_DEFINE([HPUX11_11], [1], [HP-UX 11.11])
+    AC_DEFINE([hppa], [], [HP-UX pa-risc])
+    AC_DEFINE([CPU_hppa], [], [cpu type pa-risc])
+    AC_DEFINE([OS_hpux], [1], [OS HP-UX])
+    AC_DEFINE([_POSIX_C_SOURCE], [199506L], [POSIX revision])
+    AC_DEFINE([_HPUX_SOURCE], [], [_HPUX_SOURCE])
+    # For historical reasons, establish various "DEFINES" for TPS . . .
+    AC_DEFINE([HPUX_SOURCE], [], [HPUX_SOURCE])
+    AC_DEFINE([HAVE_STRERROR], [], [HAVE_STRERROR])
+    AC_DEFINE([NET_SSL], [], [NET_SSL])
+    AC_DEFINE([SW_THREADS], [], [SW_THREADS])
+    platform="hpux"
+    ;;
+  sparc-sun-solaris*)
+    AC_DEFINE([XP_UNIX], [], [UNIX])
+    AC_DEFINE([SVR4], [], [SVR4])
+    AC_DEFINE([__svr4], [], [SVR4])
+    AC_DEFINE([__svr4__], [], [SVR4])
+    AC_DEFINE([_SVID_GETTOD], [], [SVID_GETTOD])
+    AC_DEFINE([SOLARIS], [], [SOLARIS])
+    AC_DEFINE([CPU_sparc], [], [cpu type sparc])
+    AC_DEFINE([OS_solaris], [1], [OS SOLARIS])
+    AC_DEFINE([sunos5], [1], [SunOS5])
+    AC_DEFINE([OSVERSION], [509], [OS version])
+    AC_DEFINE([_REENTRANT], [], [_REENTRANT])
+dnl socket nsl and dl are required to link several programs
+    LIBSOCKET=-lsocket
+    AC_SUBST([LIBSOCKET], [$LIBSOCKET])
+    LIBNSL=-lnsl
+    AC_SUBST([LIBNSL], [$LIBNSL])
+    LIBDL=-ldl
+    AC_SUBST([LIBDL], [$LIBDL])
+dnl Cstd and Crun are required to link any C++ related code
+    LIBCSTD=-lCstd
+    AC_SUBST([LIBCSTD], [$LIBCSTD])
+    LIBCRUN=-lCrun
+    AC_SUBST([LIBCRUN], [$LIBCRUN])
+    # For historical reasons, establish various "DEFINES" for TPS . . .
+    AC_DEFINE([_PR_NTHREAD], [], [_PR_NTHREAD])
+    AC_DEFINE([HAVE_WEAK_IO_SYMBOLS], [], [HAVE_WEAK_IO_SYMBOLS])
+    AC_DEFINE([NET_SSL], [], [NET_SSL])
+    AC_DEFINE([NS_USE_NATIVE], [], [NS_USE_NATIVE])
+    AC_DEFINE([NSPR], [], [NSPR])
+    AC_DEFINE([NSPR20], [], [NSPR20])
+    AC_DEFINE([SOLARIS_55_OR_GREATER], [], [SOLARIS_55_OR_GREATER])
+    AC_DEFINE([SYSV], [], [SYSV])
+    platform="solaris"
+    ;;
+  *)
+    platform=""
+    ;;
+esac
+
+AM_CONDITIONAL(LINUX,test "$platform" = "linux")
+AM_CONDITIONAL(HPUX,test "$platform" = "hpux")
+AM_CONDITIONAL(SOLARIS,test "$platform" = "solaris")
+
+# Check for library dependencies
+m4_include(m4/nspr.m4)
+m4_include(m4/nss.m4)
+m4_include(m4/mozldap.m4)
+m4_include(m4/sasl.m4)
+m4_include(m4/svrcore.m4)
+m4_include(m4/apr.m4)
+m4_include(m4/apache.m4)
+
+# write out paths for binary components
+AC_SUBST(nspr_inc)
+AC_SUBST(nspr_lib)
+AC_SUBST(nspr_libdir)
+AC_SUBST(nss_inc)
+AC_SUBST(nss_lib)
+AC_SUBST(nss_libdir)
+AC_SUBST(ldapsdk_inc)
+AC_SUBST(ldapsdk_lib)
+AC_SUBST(ldapsdk_libdir)
+AC_SUBST(ldapsdk_bindir)
+AC_SUBST(sasl_inc)
+AC_SUBST(sasl_lib)
+AC_SUBST(sasl_libdir)
+AC_SUBST(svrcore_inc)
+AC_SUBST(svrcore_lib)
+AC_SUBST(APRDIR)
+AC_SUBST(apr_inc)
+AC_SUBST(apr_lib)
+AC_SUBST(apr_lib_version)
+AC_SUBST(apr_libutil_version)
+AC_SUBST(apr_libdir)
+AC_SUBST(apr_bindir)
+AC_SUBST(apache_inc)
+AC_SUBST(apache_lib)
+AC_SUBST(apache_libdir)
+AC_SUBST(db_lib)
+AC_SUBST(db_libdir)
+AC_SUBST(apache_bindir)
+
+# libtool on fedora/rhel contains some gcc-isms which cause problems
+# if not using gcc (e.g. Forte on Solaris, aCC on HP-UX)
+# we remove them here
+if test "$GCC" != yes ; then
+   AC_MSG_NOTICE([Not using gcc - fixing libtool to remove gcc-isms . . .])
+   cp -p libtool libtool.orig
+   cp -p libtool libtool.tmp
+   # dnl note the special chars @<:@ and @:>@ - since m4 treats [ and ] specially,
+   # we have to use the quadrigraph @<:@ for [ and @:>@ for ] - and you thought
+   # perl produced write-only code . . .
+   sed -e '/^gcc_dir/ d' \
+       -e '/^gcc_ver/ d' \
+       -e 's/^predep_objects=.*echo \("@<:@^"@:>@*"\).*$/predep_objects=\1/' \
+       -e 's/^postdep_objects=.*echo \("@<:@^"@:>@*"\).*$/postdep_objects=\1/' \
+       -e 's/^compiler_lib_search_path=.*echo \("@<:@^"@:>@*"\).*$/compiler_lib_search_path=\1/' \
+       -e 's/^sys_lib_search_path_spec=.*echo \("@<:@^"@:>@*"\).*$/sys_lib_search_path_spec=\1/' \
+       libtool > libtool.tmp
+   cp -p libtool.tmp libtool
+   rm -f libtool.tmp
+fi
+
+AC_CONFIG_FILES([Makefile])
+
+AC_OUTPUT
diff --git a/pki/base/tps/depcomp b/pki/base/tps/depcomp
new file mode 100755
index 000000000..06b27902e
--- /dev/null
+++ b/pki/base/tps/depcomp
@@ -0,0 +1,530 @@
+#! /bin/sh
+# depcomp - compile a program generating dependencies as side-effects
+
+scriptversion=2005-07-09.11
+
+# Copyright (C) 1999, 2000, 2003, 2004, 2005 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301, USA.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
+
+case $1 in
+  '')
+     echo "$0: No command.  Try \`$0 --help' for more information." 1>&2
+     exit 1;
+     ;;
+  -h | --h*)
+    cat <<\EOF
+Usage: depcomp [--help] [--version] PROGRAM [ARGS]
+
+Run PROGRAMS ARGS to compile a file, generating dependencies
+as side-effects.
+
+Environment variables:
+  depmode     Dependency tracking mode.
+  source      Source file read by `PROGRAMS ARGS'.
+  object      Object file output by `PROGRAMS ARGS'.
+  DEPDIR      directory where to store dependencies.
+  depfile     Dependency file to output.
+  tmpdepfile  Temporary file to use when outputing dependencies.
+  libtool     Whether libtool is used (yes/no).
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+    exit $?
+    ;;
+  -v | --v*)
+    echo "depcomp $scriptversion"
+    exit $?
+    ;;
+esac
+
+if test -z "$depmode" || test -z "$source" || test -z "$object"; then
+  echo "depcomp: Variables source, object and depmode must be set" 1>&2
+  exit 1
+fi
+
+# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
+depfile=${depfile-`echo "$object" |
+  sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
+tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
+
+rm -f "$tmpdepfile"
+
+# Some modes work just like other modes, but use different flags.  We
+# parameterize here, but still list the modes in the big case below,
+# to make depend.m4 easier to write.  Note that we *cannot* use a case
+# here, because this file can only contain one case statement.
+if test "$depmode" = hp; then
+  # HP compiler uses -M and no extra arg.
+  gccflag=-M
+  depmode=gcc
+fi
+
+if test "$depmode" = dashXmstdout; then
+   # This is just like dashmstdout with a different argument.
+   dashmflag=-xM
+   depmode=dashmstdout
+fi
+
+case "$depmode" in
+gcc3)
+## gcc 3 implements dependency tracking that does exactly what
+## we want.  Yay!  Note: for some reason libtool 1.4 doesn't like
+## it if -MD -MP comes after the -MF stuff.  Hmm.
+  "$@" -MT "$object" -MD -MP -MF "$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  mv "$tmpdepfile" "$depfile"
+  ;;
+
+gcc)
+## There are various ways to get dependency output from gcc.  Here's
+## why we pick this rather obscure method:
+## - Don't want to use -MD because we'd like the dependencies to end
+##   up in a subdir.  Having to rename by hand is ugly.
+##   (We might end up doing this anyway to support other compilers.)
+## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
+##   -MM, not -M (despite what the docs say).
+## - Using -M directly means running the compiler twice (even worse
+##   than renaming).
+  if test -z "$gccflag"; then
+    gccflag=-MD,
+  fi
+  "$@" -Wp,"$gccflag$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+## The second -e expression handles DOS-style file names with drive letters.
+  sed -e 's/^[^:]*: / /' \
+      -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
+## This next piece of magic avoids the `deleted header file' problem.
+## The problem is that when a header file which appears in a .P file
+## is deleted, the dependency causes make to die (because there is
+## typically no way to rebuild the header).  We avoid this by adding
+## dummy dependencies for each header file.  Too bad gcc doesn't do
+## this for us directly.
+  tr ' ' '
+' < "$tmpdepfile" |
+## Some versions of gcc put a space before the `:'.  On the theory
+## that the space means something, we add a space to the output as
+## well.
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+hp)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+sgi)
+  if test "$libtool" = yes; then
+    "$@" "-Wp,-MDupdate,$tmpdepfile"
+  else
+    "$@" -MDupdate "$tmpdepfile"
+  fi
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+
+  if test -f "$tmpdepfile"; then  # yes, the sourcefile depend on other files
+    echo "$object : \\" > "$depfile"
+
+    # Clip off the initial element (the dependent).  Don't try to be
+    # clever and replace this with sed code, as IRIX sed won't handle
+    # lines with more than a fixed number of characters (4096 in
+    # IRIX 6.2 sed, 8192 in IRIX 6.5).  We also remove comment lines;
+    # the IRIX cc adds comments like `#:fec' to the end of the
+    # dependency line.
+    tr ' ' '
+' < "$tmpdepfile" \
+    | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
+    tr '
+' ' ' >> $depfile
+    echo >> $depfile
+
+    # The second pass generates a dummy entry for each header file.
+    tr ' ' '
+' < "$tmpdepfile" \
+   | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
+   >> $depfile
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+aix)
+  # The C for AIX Compiler uses -M and outputs the dependencies
+  # in a .u file.  In older versions, this file always lives in the
+  # current directory.  Also, the AIX compiler puts `$object:' at the
+  # start of each line; $object doesn't have directory information.
+  # Version 6 uses the directory in both cases.
+  stripped=`echo "$object" | sed 's/\(.*\)\..*$/\1/'`
+  tmpdepfile="$stripped.u"
+  if test "$libtool" = yes; then
+    "$@" -Wc,-M
+  else
+    "$@" -M
+  fi
+  stat=$?
+
+  if test -f "$tmpdepfile"; then :
+  else
+    stripped=`echo "$stripped" | sed 's,^.*/,,'`
+    tmpdepfile="$stripped.u"
+  fi
+
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+
+  if test -f "$tmpdepfile"; then
+    outname="$stripped.o"
+    # Each line is of the form `foo.o: dependent.h'.
+    # Do two passes, one to just change these to
+    # `$object: dependent.h' and one to simply `dependent.h:'.
+    sed -e "s,^$outname:,$object :," < "$tmpdepfile" > "$depfile"
+    sed -e "s,^$outname: \(.*\)$,\1:," < "$tmpdepfile" >> "$depfile"
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+icc)
+  # Intel's C compiler understands `-MD -MF file'.  However on
+  #    icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
+  # ICC 7.0 will fill foo.d with something like
+  #    foo.o: sub/foo.c
+  #    foo.o: sub/foo.h
+  # which is wrong.  We want:
+  #    sub/foo.o: sub/foo.c
+  #    sub/foo.o: sub/foo.h
+  #    sub/foo.c:
+  #    sub/foo.h:
+  # ICC 7.1 will output
+  #    foo.o: sub/foo.c sub/foo.h
+  # and will wrap long lines using \ :
+  #    foo.o: sub/foo.c ... \
+  #     sub/foo.h ... \
+  #     ...
+
+  "$@" -MD -MF "$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  # Each line is of the form `foo.o: dependent.h',
+  # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
+  # Do two passes, one to just change these to
+  # `$object: dependent.h' and one to simply `dependent.h:'.
+  sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
+  # Some versions of the HPUX 10.20 sed can't process this invocation
+  # correctly.  Breaking it into two sed invocations is a workaround.
+  sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
+    sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+tru64)
+   # The Tru64 compiler uses -MD to generate dependencies as a side
+   # effect.  `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
+   # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
+   # dependencies in `foo.d' instead, so we check for that too.
+   # Subdirectories are respected.
+   dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+   test "x$dir" = "x$object" && dir=
+   base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+
+   if test "$libtool" = yes; then
+      # With Tru64 cc, shared objects can also be used to make a
+      # static library.  This mecanism is used in libtool 1.4 series to
+      # handle both shared and static libraries in a single compilation.
+      # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d.
+      #
+      # With libtool 1.5 this exception was removed, and libtool now
+      # generates 2 separate objects for the 2 libraries.  These two
+      # compilations output dependencies in in $dir.libs/$base.o.d and
+      # in $dir$base.o.d.  We have to check for both files, because
+      # one of the two compilations can be disabled.  We should prefer
+      # $dir$base.o.d over $dir.libs/$base.o.d because the latter is
+      # automatically cleaned when .libs/ is deleted, while ignoring
+      # the former would cause a distcleancheck panic.
+      tmpdepfile1=$dir.libs/$base.lo.d   # libtool 1.4
+      tmpdepfile2=$dir$base.o.d          # libtool 1.5
+      tmpdepfile3=$dir.libs/$base.o.d    # libtool 1.5
+      tmpdepfile4=$dir.libs/$base.d      # Compaq CCC V6.2-504
+      "$@" -Wc,-MD
+   else
+      tmpdepfile1=$dir$base.o.d
+      tmpdepfile2=$dir$base.d
+      tmpdepfile3=$dir$base.d
+      tmpdepfile4=$dir$base.d
+      "$@" -MD
+   fi
+
+   stat=$?
+   if test $stat -eq 0; then :
+   else
+      rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+      exit $stat
+   fi
+
+   for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+   do
+     test -f "$tmpdepfile" && break
+   done
+   if test -f "$tmpdepfile"; then
+      sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+      # That's a tab and a space in the [].
+      sed -e 's,^.*\.[a-z]*:[	 ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+   else
+      echo "#dummy" > "$depfile"
+   fi
+   rm -f "$tmpdepfile"
+   ;;
+
+#nosideeffect)
+  # This comment above is used by automake to tell side-effect
+  # dependency tracking mechanisms from slower ones.
+
+dashmstdout)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout, regardless of -o.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test $1 != '--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  test -z "$dashmflag" && dashmflag=-M
+  # Require at least two characters before searching for `:'
+  # in the target name.  This is to cope with DOS-style filenames:
+  # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
+  "$@" $dashmflag |
+    sed 's:^[  ]*[^: ][^:][^:]*\:[    ]*:'"$object"'\: :' > "$tmpdepfile"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  tr ' ' '
+' < "$tmpdepfile" | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+dashXmstdout)
+  # This case only exists to satisfy depend.m4.  It is never actually
+  # run, as this mode is specially recognized in the preamble.
+  exit 1
+  ;;
+
+makedepend)
+  "$@" || exit $?
+  # Remove any Libtool call
+  if test "$libtool" = yes; then
+    while test $1 != '--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+  # X makedepend
+  shift
+  cleared=no
+  for arg in "$@"; do
+    case $cleared in
+    no)
+      set ""; shift
+      cleared=yes ;;
+    esac
+    case "$arg" in
+    -D*|-I*)
+      set fnord "$@" "$arg"; shift ;;
+    # Strip any option that makedepend may not understand.  Remove
+    # the object too, otherwise makedepend will parse it as a source file.
+    -*|$object)
+      ;;
+    *)
+      set fnord "$@" "$arg"; shift ;;
+    esac
+  done
+  obj_suffix="`echo $object | sed 's/^.*\././'`"
+  touch "$tmpdepfile"
+  ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  sed '1,2d' "$tmpdepfile" | tr ' ' '
+' | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile" "$tmpdepfile".bak
+  ;;
+
+cpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test $1 != '--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  "$@" -E |
+    sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
+       -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' |
+    sed '$ s: \\$::' > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  cat < "$tmpdepfile" >> "$depfile"
+  sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+msvisualcpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout, regardless of -o,
+  # because we must use -o when running libtool.
+  "$@" || exit $?
+  IFS=" "
+  for arg
+  do
+    case "$arg" in
+    "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
+	set fnord "$@"
+	shift
+	shift
+	;;
+    *)
+	set fnord "$@" "$arg"
+	shift
+	shift
+	;;
+    esac
+  done
+  "$@" -E |
+  sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::	\1 \\:p' >> "$depfile"
+  echo "	" >> "$depfile"
+  . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::\1\::p' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+none)
+  exec "$@"
+  ;;
+
+*)
+  echo "Unknown depmode $depmode" 1>&2
+  exit 1
+  ;;
+esac
+
+exit 0
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/pki/base/tps/doc/CS.cfg b/pki/base/tps/doc/CS.cfg
new file mode 100644
index 000000000..bd39b3b26
--- /dev/null
+++ b/pki/base/tps/doc/CS.cfg
@@ -0,0 +1,1366 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+cs.type=TPS
+service.machineName=[SERVER_NAME]
+service.instanceDir=[SERVER_ROOT]
+service.securePort=[SECURE_PORT]
+service.unsecurePort=[PORT]
+service.instanceID=[INSTANCE_ID]
+logging._000=#########################################
+logging._001=# RA configuration File
+logging._002=#
+logging._003=# All <...> must be replaced with
+logging._004=# appropriate values.
+logging._005=#########################################
+logging._006=########################################
+logging._007=# logging
+logging._008=#
+logging._009=# logging.debug.enable:
+logging._010=# logging.audit.enable:
+logging._011=# logging.error.enable:
+logging._012=#   - enable or disable the corresponding logging
+logging._013=# logging.debug.filename:
+logging._014=# logging.audit.filename:
+logging._015=# logging.error.filename:
+logging._016=#   - name of the log file
+logging._017=# logging.debug.level:
+logging._018=# logging.audit.level:
+logging._019=# logging.error.level:
+logging._020=#   - level of logging. (0-10)
+logging._021=#      0 - no logging,
+logging._022=#      4 - LL_PER_SERVER       these messages will occur only once
+logging._023=#                              during the entire invocation of the
+logging._024=#                              server, e. g. at startup or shutdown
+logging._025=#                              time., reading the conf parameters.
+logging._026=#                              Perhaps other infrequent events
+logging._027=#                              relating to failing over of CA, TKS,
+logging._028=#                              too
+logging._029=#      6 - LL_PER_CONNECTION   these messages happen once per
+logging._030=#                              connection - most of the log events
+logging._031=#                              will be at this level
+logging._032=#      8 - LL_PER_PDU          these messages relate to PDU
+logging._033=#                              processing. If you have something that
+logging._034=#                              is done for every PDU, such as
+logging._035=#                              applying the MAC, it should be logged
+logging._036=#                              at this level
+logging._037=#      9 - LL_ALL_DATA_IN_PDU  dump all the data in the PDU - a more
+logging._038=#                              chatty version of the above
+logging._039=#     10 - all logging
+logging._040=#########################################
+logging.debug.enable=true
+logging.debug.filename=[SERVER_ROOT]/logs/tps-debug.log
+logging.debug.level=7
+logging.audit.enable=true
+logging.audit.filename=[SERVER_ROOT]/logs/tps-audit.log
+logging.audit.level=10
+logging.error.enable=true
+logging.error.filename=[SERVER_ROOT]/logs/tps-error.log
+logging.error.level=10
+conn.ca1._000=#########################################
+conn.ca1._001=# CA connection
+conn.ca1._002=#
+conn.ca1._003=# conn.ca<n>.hostport:
+conn.ca1._004=#   - host name and port number of your CA, format is host:port
+conn.ca1._005=# conn.ca<n>.clientNickname:
+conn.ca1._006=#   - nickname of the client certificate for
+conn.ca1._007=#     authentication
+conn.ca1._008=# conn.ca<n>.servlet.enrollment:
+conn.ca1._009=#   - servlet to contact in CA
+conn.ca1._010=#   - must be '/ca/profileSubmitSSLClient'
+conn.ca1._011=# conn.ca<n>.retryConnect:
+conn.ca1._012=#   - number of reconnection attempts on failure
+conn.ca1._013=# conn.ca<n>.timeout:
+conn.ca1._014=#   - connection timeout
+conn.ca1._015=# conn.ca<n>.SSLOn:
+conn.ca1._016=#   - enable SSL or not
+conn.ca1._017=# conn.ca<n>.keepAlive:
+conn.ca1._018=#   - enable keep alive or not
+conn.ca1._019=#
+conn.ca1._020=# where 
+conn.ca1._021=#  <n>  - CA connection ID
+conn.ca1._022=#########################################
+failover.pod.enable=false
+conn.ca1.hostport=[CA_HOST]:[CA_PORT]
+conn.ca1.clientNickname=[HSM_LABEL][NICKNAME]
+conn.ca1.servlet.enrollment=/ca/ee/ca/profileSubmitSSLClient
+conn.ca1.servlet.revoke=/ca/subsystem/ca/doRevoke
+conn.ca1.servlet.unrevoke=/ca/subsystem/ca/doUnrevoke
+conn.ca1.retryConnect=3
+conn.ca1.timeout=100
+conn.ca1.SSLOn=true
+conn.ca1.keepAlive=true
+conn.tks1._000=#########################################
+conn.tks1._001=# TKS connection
+conn.tks1._002=#
+conn.tks1._003=# conn.tks<n>.hostport:
+conn.tks1._004=#   - host name and port number of your TKS, the format is host:port
+conn.tks1._005=# conn.tks<n>.clientNickname:
+conn.tks1._006=#   - nickname of the client certificate for
+conn.tks1._007=#     authentication
+conn.tks1._008=# conn.tks<n>.servlet.computeSessionKey:
+conn.tks1._009=#   - servlet to compute session key
+conn.tks1._010=#   - must be '/tks/computeSessionKey'
+conn.tks1._011=# conn.tks<n>.servlet.encryptData:
+conn.tks1._012=#   - servlet to encrypt data
+conn.tks1._013=#   - must be '/tks/encryptData'
+conn.tks1._014=# conn.tks<n>.servlet.createKeySetData:
+conn.tks1._015=#   - servlet to create key set data
+conn.tks1._016=#   - must be '/tks/createKeySetData'
+conn.tks1._017=# conn.tks<n>.retryConnect:
+conn.tks1._018=#   - number of reconnection attempts on failure
+conn.tks1._019=# conn.tks<n>.SSLOn
+conn.tks1._020=#   - enable SSL or not
+conn.tks1._021=# conn.tks<n>.keepAlive:
+conn.tks1._022=#   - enable keep alive or not
+conn.tks1._023=#
+conn.tks1._024=# where 
+conn.tks1._025=#  <n>  - TKS connection ID
+conn.tks1._026=#########################################
+conn.tks1.hostport=[TKS_HOST]:[TKS_PORT]
+conn.tks1.clientNickname=[HSM_LABEL][NICKNAME]
+conn.tks1.servlet.computeSessionKey=/tks/agent/tks/computeSessionKey
+conn.tks1.servlet.encryptData=/tks/agent/tks/encryptData
+conn.tks1.servlet.createKeySetData=/tks/agent/tks/createKeySetData
+conn.tks1.retryConnect=3
+conn.tks1.timeout=100
+conn.tks1.SSLOn=true
+conn.tks1.keepAlive=false
+conn.tks1.keySet=defKeySet
+conn.tks1.serverKeygen=[SERVER_KEYGEN]
+conn.drm1._000=#########################################
+conn.drm1._001=# DRM connection
+conn.drm1._002=#
+conn.drm1._003=#conn.drm.totalConns
+conn.drm1._004=#   - # of DRM connections
+conn.drm1._005=#conn.drm<n>.hostport
+conn.drm1._006=#   - host name and port number of your DRM, the format is host:port
+conn.drm1._007=#conn.drm<n>.clientNickname
+conn.drm1._008=#   - nickname of the client certificate for
+conn.drm1._009=#     authentication
+conn.drm1._010=#conn.drm<n>.servlet.GenerateKeyPair
+conn.drm1._011=#   - servlet to generate key pairs and archive keys on DRM
+conn.drm1._012=#   - must be '/kra/GenerateKeyPair'
+conn.drm1._013=#conn.drm<n>.servlet.TokenKeyRecovery=/kra/TokenKeyRecovery
+conn.drm1._014=#   - servlet to handle key recovery
+conn.drm1._015=#   - must be '/kra/TokenKeyRecovery'
+conn.drm1._016=#conn.drm<n>.retryConnect=3
+conn.drm1._017=#   - number of reconnection attempts on failure
+conn.drm1._018=#conn.drm<n>.SSLOn=true
+conn.drm1._019=#   - enable SSL or not
+conn.drm1._020=#conn.drm<n>.keepAlive=false
+conn.drm1._021=#   - enable keep alive or not
+conn.drm1._022=#
+conn.drm1._023=# where 
+conn.drm1._024=#  <n>  - DRM connection ID
+conn.drm1._025=#########################################
+conn.drm.totalConns=1
+conn.drm1.hostport=[DRM_HOST]:[DRM_PORT]
+conn.drm1.clientNickname=[HSM_LABEL][NICKNAME]
+conn.drm1.servlet.GenerateKeyPair=/kra/agent/kra/GenerateKeyPair
+conn.drm1.servlet.TokenKeyRecovery=/kra/agent/kra/TokenKeyRecovery
+conn.drm1.retryConnect=3
+conn.drm1.timeout=100
+conn.drm1.SSLOn=true
+conn.drm1.keepAlive=false
+auth.instance._000=########################################
+auth.instance._001=# publishing
+auth.instance._002=#
+auth.instance._003=# publisher.instance.<n>.libraryName:
+auth.instance._004=#   - name of the library specified with a fully qualified path name
+auth.instance._005=# publisher.instance.<n>.libraryFactory:
+auth.instance._006=#   - the name of the function which instantiates the publisher
+auth.instance._007=# publisher.instance.<n>.publisherId:
+auth.instance._008=#   - the publisher ID
+auth.instance._009=#
+auth.instance._010=# where 
+auth.instance._011=#  <n>  - publisher connection ID
+auth.instance._012=########################################
+auth.instance._013=#########################################
+auth.instance._014=# authentication
+auth.instance._015=#
+auth.instance._016=# auth.instance.<n>.libraryName:
+auth.instance._017=#   - name of the library specified with a fully qualified path name
+auth.instance._018=# auth.instance.<n>.libraryFactory:
+auth.instance._019=#   - the name of the function which instantiates the authentication
+auth.instance._020=# auth.instance.<n>.authId 
+auth.instance._021=#   - the authentication ID
+auth.instance._022=# auth.instance.<n>.hostport
+auth.instance._023=#   - parameter specific to the given authentication,
+auth.instance._024=#     i. e., LDAPAuthentication (id=ldap1)
+auth.instance._025=#   - host name and port number, host:port
+auth.instance._026=#   - for failover, provide multiple host:port designations
+auth.instance._027=#     separated by " "
+auth.instance._028=# auth.instance.<n>.SSLOn:
+auth.instance._029=#   - parameter specific to the given authentication,
+auth.instance._030=#     i. e., LDAPAuthentication (id=ldap1)
+auth.instance._031=#   - use SSL or not for LDAP service
+auth.instance._032=# auth.instance.<n>.retries:
+auth.instance._033=#   - parameter specific to the given authentication,
+auth.instance._034=#     i. e., LDAPAuthentication (id=ldap1)
+auth.instance._035=#   - number of authentication re-attempts when authentication failed
+auth.instance._036=# auth.instance.<n>.retryConnect:
+auth.instance._037=#   - parameter specific to the given authentication,
+auth.instance._038=#     i. e., LDAPAuthentication (id=ldap1)
+auth.instance._039=#   - number of connection re-attempts when connection failed
+auth.instance._040=#
+auth.instance._041=# where 
+auth.instance._042=#  <n>  - authentication connection ID
+auth.instance._043=#########################################
+auth.instance.0.type=LDAP_Authentication
+auth.instance.0.libraryName=[SYSTEM_USER_LIBRARIES]/[LIB_PREFIX]ldapauth[OBJ_EXT]
+auth.instance.0.libraryFactory=GetAuthentication
+auth.instance.0.authId=ldap1
+auth.instance.0.hostport=[LDAP_HOST]:[LDAP_PORT]
+auth.instance.0.SSLOn=false
+auth.instance.0.retries=1
+auth.instance.0.retryConnect=3
+auth.instance.0.baseDN=[LDAP_ROOT]
+auth.instance.0.ssl=false
+auth.instance.0.attributes._001=##############################################
+auth.instance.0.attributes._002=# attributes will be available 
+auth.instance.0.attributes._003=# as $auth.<attribute>$
+auth.instance.0.attributes._004=##############################################
+auth.instance.0.attributes=mail,cn,uid
+auth.instance.0.ui.title.en=LDAP Authentication
+auth.instance.0.ui.description.en=This authenticates user against the LDAP directory.
+auth.instance.0.ui.id.UID.name.en=LDAP User ID
+auth.instance.0.ui.id.PASSWORD.name.en=LDAP Password
+auth.instance.0.ui.id.UID.description.en=LDAP User ID
+auth.instance.0.ui.id.PASSWORD.description.en=LDAP Password
+auth.instance.1.type=LDAP_Authentication
+auth.instance.1.libraryName=[SYSTEM_USER_LIBRARIES]/[LIB_PREFIX]ldapauth[OBJ_EXT]
+auth.instance.1.libraryFactory=GetAuthentication
+auth.instance.1.authId=ldap2
+auth.instance.1.bindDN=cn=Directory Manager
+auth.instance.1.bindPWD=[SERVER_ROOT]/conf/password.conf
+auth.instance.1.hostport=[TOKENDB_HOST]:[TOKENDB_PORT]
+auth.instance.1.SSLOn=false
+auth.instance.1.retries=1
+auth.instance.1.retryConnect=3
+auth.instance.1.baseDN=[TOKENDB_ROOT]
+auth.instance.1.ssl=false
+auth.instance.1.attributes._001=##############################################
+auth.instance.1.attributes._002=# attributes will be available 
+auth.instance.1.attributes._003=# as $auth.<attribute>$
+auth.instance.1.attributes._004=##############################################
+auth.instance.1.attributes=mail,cn,uid
+auth.instance.1.ui.title.en=LDAP Authentication
+auth.instance.1.ui.description.en=This authenticates user against the LDAP directory.
+auth.instance.1.ui.id.UID.name.en=LDAP User ID
+auth.instance.1.ui.id.PASSWORD.name.en=LDAP Password
+auth.instance.1.ui.id.UID.description.en=LDAP User ID
+auth.instance.1.ui.id.PASSWORD.description.en=LDAP Password
+applet._000=#########################################
+applet._001=# applet information
+applet._002=# SAF Key:
+applet._003=# applet.aid.cardmgr_instance=A0000001510000 
+applet._004=#########################################
+applet.aid.cardmgr_instance=A0000000030000
+applet.aid.netkey_instance=627601FF000000
+applet.aid.netkey_file=627601FF0000
+applet.aid.netkey_old_instance=A00000000101
+applet.aid.netkey_old_file=A000000001
+applet.so_pin=000000000000
+applet.delete_old=true
+general.verifyProof=1
+general.applet_ext=ijc
+channel._000=#########################################
+channel._001=# channel.encryption:
+channel._002=#
+channel._003=#   - enable encryption for all operation commands to token
+channel._004=#   - default is true
+channel._005=#  channel.blocksize=242
+channel._006=#  channel.defKeyVersion=1
+channel._007=#  channel.defKeyIndex=1
+channel._008=#########################################
+channel.encryption=true
+channel.blocksize=248
+channel.defKeyVersion=1
+channel.defKeyIndex=1
+preop.pin=[PKI_RANDOM_NUMBER]
+preop.cert._000=#########################################
+preop.cert._001=# Installation configuration "preop" certs parameters
+preop.cert._002=#########################################
+preop.cert.list=sslserver,subsystem
+preop.cert.sslserver.enable=true
+preop.cert.subsystem.enable=true
+preop.cert.sslserver.defaultSigningAlgorithm=SHA1withRSA
+preop.cert.sslserver.dn=CN=[SERVER_NAME], OU=[INSTANCE_ID]
+preop.cert.sslserver.keysize.customsize=2048
+preop.cert.sslserver.keysize.size=2048
+preop.cert.sslserver.keysize.select=custom
+preop.cert.sslserver.nickname=Server-Cert cert-[INSTANCE_ID]
+preop.cert.sslserver.profile=caInternalAuthServerCert
+preop.cert.sslserver.subsystem=tps
+preop.cert._003=#preop.cert.sslserver.type=local
+preop.cert.sslserver.userfriendlyname=SSL Server Certificate
+preop.cert._004=#preop.cert.sslserver.cncomponent.override=false
+preop.cert.subsystem.defaultSigningAlgorithm=SHA1withRSA
+preop.cert.subsystem.dn=CN=TPS Subsystem Certificate, OU=[INSTANCE_ID]
+preop.cert.subsystem.keysize.customsize=2048
+preop.cert.subsystem.keysize.size=2048
+preop.cert.subsystem.keysize.select=custom
+preop.cert.subsystem.nickname=subsystemCert cert-[INSTANCE_ID]
+preop.cert.subsystem.profile=caInternalAuthSubsystemCert
+preop.cert.subsystem.subsystem=tps
+preop.cert._005=#preop.cert.subsystem.type=local
+preop.cert.subsystem.userfriendlyname=Subsystem Certificate
+preop.cert._006=#preop.cert.subsystem.cncomponent.override=true
+preop.configModules._000=#########################################
+preop.configModules._001=# Installation configuration "preop" module parameters
+preop.configModules._002=#########################################
+preop.configModules.count=3
+preop.configModules.module0.commonName=NSS Internal PKCS #11 Module
+preop.configModules.module0.imagePath=../img/clearpixel.gif
+preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module
+preop.configModules.module1.commonName=nfast
+preop.configModules.module1.imagePath=../img/clearpixel.gif
+preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module
+preop.configModules.module2.commonName=lunasa
+preop.configModules.module2.imagePath=../img/clearpixel.gif
+preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module
+preop.module.token=NSS Certificate DB
+preop.keysize._000=#########################################
+preop.keysize._001=# Installation configuration "preop" keysize parameters
+preop.keysize._002=#########################################
+preop.keysize.customsize=2048
+preop.keysize.select=custom
+preop.keysize.size=2048
+op.enroll._000=#########################################
+op.enroll._001=# Default Operations
+op.enroll._002=#
+op.enroll._003=# op.<op>.mapping.order=<n>,<n>,<n>
+op.enroll._004=#    - contains at least one value or a series
+op.enroll._005=#      of comma-separated mapping values which
+op.enroll._006=#      are checked in sequential order
+op.enroll._007=# op.<op>.mapping.<n>.filter.tokenType=userKey
+op.enroll._008=#    - can be either empty or token type
+op.enroll._009=#      specified by the client 
+op.enroll._010=# op.<op>.mapping.<n>.filter.tokenATR=
+op.enroll._011=#    - can be either empty or token ATR
+op.enroll._012=#      specified by the client 
+op.enroll._013=# op.<op>.mapping.<n>.filter.appletMajorVersion=1
+op.enroll._014=#    - can be either empty or applet major version
+op.enroll._015=#      specified by the client 
+op.enroll._016=# op.<op>.mapping.<n>.filter.appletMinorVersion=
+op.enroll._017=#    - can be either empty or applet minor version 
+op.enroll._018=#      specified by the client 
+op.enroll._019=#    - if major and minor versions are both zero, this
+op.enroll._020=#      indicate there is no applet on the token.
+op.enroll._021=# op.<op>.mapping.<n>.target.tokenType=userKey
+op.enroll._022=#    - if tokenType, tokenATR, appletMajorVersion, 
+op.enroll._023=#      and appletMinorVersion are matched, value in 
+op.enroll._024=#      targetTokenType will be used to locate
+op.enroll._025=#      the corresponding token profile to
+op.enroll._026=#      process the request.
+op.enroll._027=#
+op.enroll._028=# where 
+op.enroll._029=#  <op> - operation; enroll,pinReset,format
+op.enroll._030=#  <n>  - mapping ID; order is specifiable
+op.enroll._031=#
+op.enroll._032=# Token ATR:
+op.enroll._033=#   Web Store  - 3B759400006202020201
+op.enroll._034=#########################################
+op.enroll.mapping.order=0,1,2
+op.enroll.mapping.0.filter.tokenType=userKey
+op.enroll.mapping.0.filter.tokenATR=
+op.enroll.mapping.0.filter.tokenCUID.start=
+op.enroll.mapping.0.filter.tokenCUID.end=
+op.enroll.mapping.0.filter.appletMajorVersion=1
+op.enroll.mapping.0.filter.appletMinorVersion=
+op.enroll.mapping.0.target.tokenType=userKey
+op.enroll.mapping.1.filter.tokenType=soKey
+op.enroll.mapping.1.filter.tokenATR=
+op.enroll.mapping.1.filter.tokenCUID.start=
+op.enroll.mapping.1.filter.tokenCUID.end=
+op.enroll.mapping.1.filter.appletMajorVersion=
+op.enroll.mapping.1.filter.appletMinorVersion=
+op.enroll.mapping.1.target.tokenType=soKey
+op.enroll.mapping.2.filter.tokenType=
+op.enroll.mapping.2.filter.tokenATR=
+op.enroll.mapping.2.filter.tokenCUID.start=
+op.enroll.mapping.2.filter.tokenCUID.end=
+op.enroll.mapping.2.filter.appletMajorVersion=
+op.enroll.mapping.2.filter.appletMinorVersion=
+op.enroll.mapping.2.target.tokenType=userKey
+op.pinReset.mapping.order=0
+op.pinReset.mapping.0.filter.tokenType=
+op.pinReset.mapping.0.filter.tokenATR=
+op.pinReset.mapping.0.filter.tokenCUID.start=
+op.pinReset.mapping.0.filter.tokenCUID.end=
+op.pinReset.mapping.0.filter.appletMajorVersion=
+op.pinReset.mapping.0.filter.appletMinorVersion=
+op.pinReset.mapping.0.target.tokenType=userKey
+op.format.mapping.order=0,1,2,3,4,5,6
+op.format.mapping.0.filter.tokenType=soCleanUserToken
+op.format.mapping.0.filter.tokenATR=
+op.format.mapping.0.filter.tokenCUID.start=
+op.format.mapping.0.filter.tokenCUID.end=
+op.format.mapping.0.filter.appletMajorVersion=
+op.format.mapping.0.filter.appletMinorVersion=
+op.format.mapping.0.target.tokenType=soCleanUserToken
+op.format.mapping.1.filter.tokenType=soUserKey
+op.format.mapping.1.filter.tokenATR=
+op.format.mapping.1.filter.tokenCUID.start=
+op.format.mapping.1.filter.tokenCUID.end=
+op.format.mapping.1.filter.appletMajorVersion=
+op.format.mapping.1.filter.appletMinorVersion=
+op.format.mapping.1.target.tokenType=soUserKey
+op.format.mapping.2.filter.tokenType=soKey
+op.format.mapping.2.filter.tokenATR=
+op.format.mapping.2.filter.tokenCUID.start=
+op.format.mapping.2.filter.tokenCUID.end=
+op.format.mapping.2.filter.appletMajorVersion=
+op.format.mapping.2.filter.appletMinorVersion=
+op.format.mapping.2.target.tokenType=soKey
+op.format.mapping.3.filter.tokenType=userKey
+op.format.mapping.3.filter.tokenATR=
+op.format.mapping.3.filter.tokenCUID.start=
+op.format.mapping.3.filter.tokenCUID.end=
+op.format.mapping.3.filter.appletMajorVersion=
+op.format.mapping.3.filter.appletMinorVersion=
+op.format.mapping.3.target.tokenType=userKey
+op.format.mapping.4.filter.tokenType=soCleanSOToken
+op.format.mapping.4.filter.tokenATR=
+op.format.mapping.4.filter.tokenCUID.start=
+op.format.mapping.4.filter.tokenCUID.end=
+op.format.mapping.4.filter.appletMajorVersion=
+op.format.mapping.4.filter.appletMinorVersion=
+op.format.mapping.5.filter.tokenType=cleanToken
+op.format.mapping.5.filter.tokenATR=
+op.format.mapping.5.filter.tokenCUID.start=
+op.format.mapping.5.filter.tokenCUID.end=
+op.format.mapping.5.filter.appletMajorVersion=
+op.format.mapping.5.filter.appletMinorVersion=
+op.format.mapping.5.target.tokenType=cleanToken
+op.format.mapping.4.target.tokenType=soCleanSOToken
+op.format.mapping.6.filter.tokenATR=
+op.format.mapping.6.filter.tokenCUID.start=
+op.format.mapping.6.filter.tokenCUID.end=
+op.format.mapping.6.filter.appletMajorVersion=
+op.format.mapping.6.filter.appletMinorVersion=
+op.format.mapping.6.target.tokenType=tokenKey
+op.enroll.userKey._000=#########################################
+op.enroll.userKey._001=# Enrollment Operation For CoolKey
+op.enroll.userKey._002=#
+op.enroll.userKey._003=# op.enroll.<tokenType>.keyGen.<keyType>.keySize=1024
+op.enroll.userKey._004=#  - size of the key the token should generate
+op.enroll.userKey._005=#  - max value: 1024
+op.enroll.userKey._006=#
+op.enroll.userKey._007=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.encrypt=false
+op.enroll.userKey._008=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.sign=true
+op.enroll.userKey._009=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.signRecover=true
+op.enroll.userKey._010=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.decrypt=false
+op.enroll.userKey._011=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.derive=false
+op.enroll.userKey._012=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.unwrap=false
+op.enroll.userKey._013=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.wrap=false
+op.enroll.userKey._014=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.verifyRecover=true
+op.enroll.userKey._015=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.verify=true
+op.enroll.userKey._016=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.sensitive=true
+op.enroll.userKey._017=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.private=true
+op.enroll.userKey._018=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.token=true
+op.enroll.userKey._019=#  - specify the PKCS11 attributes to set on the token
+op.enroll.userKey._020=#
+op.enroll.userKey._021=# op.enroll.userKey.keyGen.signing.cuid_label
+op.enroll.userKey._022=#  - specify the CUID shown in the certificate
+op.enroll.userKey._023=#
+op.enroll.userKey._024=# op.enroll.userKey.keyGen.signing.label
+op.enroll.userKey._025=#  - specify the token name. all resulting labels for co-existing keys
+op.enroll.userKey._026=#    on the same token must be unique
+op.enroll.userKey._027=#  - $pretty_cuid$ - Pretty Print CUID (i.e. 4090-0062-FF02-0000-0B9C)
+op.enroll.userKey._028=#  - $cuid$ - CUID (i.e. 40900062FF0200000B9C)
+op.enroll.userKey._029=#  - $msn$ - MSN
+op.enroll.userKey._030=#  - $userid$ - User ID
+op.enroll.userKey._031=#  - $profileId$ - Profile ID
+op.enroll.userKey._032=#
+op.enroll.userKey._033=# op.enroll.<tokenType>.keyGen.<keyType>.overwrite=true|false
+op.enroll.userKey._034=#  - if key and certificate exist, should RA overwrite them
+op.enroll.userKey._035=#
+op.enroll.userKey._036=# op.enroll.<tokenType>.keyGen.<keyType>.certId=C1
+op.enroll.userKey._037=# op.enroll.<tokenType>.keyGen.<keyType>.certAttrId=c1
+op.enroll.userKey._038=# op.enroll.<tokenType>.keyGen.<keyType>.privateKeyAttrId=k2
+op.enroll.userKey._039=# op.enroll.<tokenType>.keyGen.<keyType>.publicKeyAttrId=k3
+op.enroll.userKey._040=# op.enroll.<tokenType>.keyGen.<keyType>.privateKeyNumber=2
+op.enroll.userKey._041=# op.enroll.<tokenType>.keyGen.<keyType>.publicKeyNumber=3
+op.enroll.userKey._042=#  - specify name PKCS11 object IDs
+op.enroll.userKey._043=#  - Lower case letters signify objects containing PKCS11 object attributes,
+op.enroll.userKey._044=#    in the format described below.
+op.enroll.userKey._045=#    'c' An object containing PKCS11 attributes for a certificate.  
+op.enroll.userKey._046=#    'k' An object containing PKCS11 attributes for a public or private key
+op.enroll.userKey._047=#    'r' An object containing PKCS11 attributes for an "reader".
+op.enroll.userKey._048=#  - Upper case letters signify objects containing raw data corresponding to
+op.enroll.userKey._049=#    the lower case letters described above.  For example, object "C0" 
+op.enroll.userKey._050=#    contains raw data corresponding to object "c0".  
+op.enroll.userKey._051=#   'C' This object contains an entire DER cert, and nothing else.  
+op.enroll.userKey._052=#   'K' This object contains a MUSCLE "key blob".  TPS does not use this.
+op.enroll.userKey._053=#
+op.enroll.userKey._054=# op.enroll.<tokenType>.keyGen.<keyType>.keyUsage=0
+op.enroll.userKey._055=# op.enroll.<tokenType>.keyGen.<keyType>.keyUser=0
+op.enroll.userKey._056=#  - user specifies which PIN user should be granted
+op.enroll.userKey._057=#    use privilege of the generated private key, or
+op.enroll.userKey._058=#    15 if all users have use privilege for the private key
+op.enroll.userKey._059=#  - Valid uage: (only specifies the usage for the private key)
+op.enroll.userKey._060=#    0 - default usage (Signing only for this APDU)
+op.enroll.userKey._061=#    1 - signing only
+op.enroll.userKey._062=#    2 - decryption only
+op.enroll.userKey._063=#    3 - signing and decryption
+op.enroll.userKey._064=#
+op.enroll.userKey._065=# op.enroll.<tokenType>.pkcs11obj.enable=true|false
+op.enroll.userKey._066=#  - enable writing of PKCS11 cache object to the token
+op.enroll.userKey._067=#
+op.enroll.userKey._068=# op.enroll.<tokenType>.pkcs11obj.compress.enable=true|false
+op.enroll.userKey._069=#  - enable compression for writing of PKCS11 cache object to the token
+op.enroll.userKey._070=#
+op.enroll.userKey._071=# op.enroll.<tokenType>.pinReset.pin.maxRetries=127
+op.enroll.userKey._072=#  - max number of retries before blocking the token
+op.enroll.userKey._073=#  - max value: 127
+op.enroll.userKey._074=#
+op.enroll.userKey._075=# There is a special case of tokenType userKeyTemporary. 
+op.enroll.userKey._076=# Make sure the profile specified by the profileId to have
+op.enroll.userKey._077=# short validity period (eg, 7 days) for the certificate.
+op.enroll.userKey._078=#########################################
+op.enroll.allowUnknownToken=true
+op.enroll.userKey.temporaryToken.tokenType=userKeyTemporary
+op.enroll.userKey.keyGen.recovery.destroyed.keyType.num=2
+op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.0=signing
+op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.1=encryption
+op.enroll.userKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert=true
+op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0
+op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast
+op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert=false
+op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0
+op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.num=2
+op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.0=signing
+op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption
+op.enroll.userKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert=true
+op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1
+op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true
+op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1
+op.enroll.userKey.keyGen.recovery.onHold.keyType.num=2
+op.enroll.userKey.keyGen.recovery.onHold.keyType.value.0=signing
+op.enroll.userKey.keyGen.recovery.onHold.keyType.value.1=encryption
+op.enroll.userKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert=true
+op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert.reason=6
+op.enroll.userKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert=true
+op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6
+op.enroll.userKey.keyGen.tokenName=$auth.cn$
+op.enroll.userKey.keyGen.keyType.num=2
+op.enroll.userKey.keyGen.keyType.value.0=signing
+op.enroll.userKey.keyGen.keyType.value.1=encryption
+op.enroll.userKey.keyGen.signing.keySize=1024
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.encrypt=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.sign=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.signRecover=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.decrypt=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.derive=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.unwrap=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.wrap=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.verifyRecover=true
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.verify=true
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.sensitive=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.private=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.token=true
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.encrypt=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.sign=true
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.signRecover=true
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.decrypt=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.derive=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.unwrap=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.wrap=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.verifyRecover=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.verify=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.sensitive=true
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.private=true
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.token=true
+op.enroll.userKey.keyGen.signing.label=signing key for $userid$
+op.enroll.userKey.keyGen.signing.cuid_label=$cuid$
+op.enroll.userKey.keyGen.signing.overwrite=true
+op.enroll.userKey.keyGen.signing.certId=C1
+op.enroll.userKey.keyGen.signing.certAttrId=c1
+op.enroll.userKey.keyGen.signing.privateKeyAttrId=k2
+op.enroll.userKey.keyGen.signing.publicKeyAttrId=k3
+op.enroll.userKey.keyGen.signing.keyUsage=0
+op.enroll.userKey.keyGen.signing.keyUser=0
+op.enroll.userKey.keyGen.signing.privateKeyNumber=2
+op.enroll.userKey.keyGen.signing.publicKeyNumber=3
+op.enroll.userKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment
+op.enroll.userKey.keyGen.signing.ca.conn=ca1
+op.enroll.userKey.keyGen.signing.revokeCert=true
+op.enroll.userKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher
+op.enroll.userKey.keyGen.encryption.keySize=1024
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.encrypt=true
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sign=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.signRecover=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.decrypt=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.derive=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.unwrap=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.wrap=true
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verify=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sensitive=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.private=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.token=true
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.encrypt=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sign=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.signRecover=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.decrypt=true
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.derive=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.unwrap=true
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.wrap=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verify=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sensitive=true
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.private=true
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.token=true
+op.enroll.userKey.keyGen.encryption.label=encryption key for $userid$
+op.enroll.userKey.keyGen.encryption.cuid_label=$cuid$
+op.enroll.userKey.keyGen.encryption.overwrite=true
+op.enroll.userKey.keyGen.encryption.certId=C2
+op.enroll.userKey.keyGen.encryption.certAttrId=c2
+op.enroll.userKey.keyGen.encryption.privateKeyAttrId=k4
+op.enroll.userKey.keyGen.encryption.publicKeyAttrId=k5
+op.enroll.userKey.keyGen.encryption.keyUsage=0
+op.enroll.userKey.keyGen.encryption.keyUser=0
+op.enroll.userKey.keyGen.encryption.privateKeyNumber=4
+op.enroll.userKey.keyGen.encryption.publicKeyNumber=5
+op.enroll.userKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment
+op.enroll.userKey.keyGen.encryption.ca.conn=ca1
+op.enroll.userKey.keyGen.encryption.revokeCert=true
+op.enroll.userKey.pkcs11obj.enable=true
+op.enroll.userKey.pkcs11obj.compress.enable=true
+op.enroll.userKey.update.applet.emptyToken.enable=true
+op.enroll.userKey.update.applet.enable=true
+op.enroll.userKey.update.applet.requiredVersion=1.3.44724DDE
+op.enroll.userKey.update.applet.directory=[TPS_DIR]/applets
+op.enroll.userKey.update.applet.encryption=true
+op.enroll.userKey.update.symmetricKeys.enable=false
+op.enroll.userKey.update.symmetricKeys.requiredVersion=1
+op.enroll.userKey.loginRequest.enable=true
+op.enroll.userKey.pinReset.enable=true
+op.enroll.userKey.pinReset.pin.maxRetries=127
+op.enroll.userKey.pinReset.pin.minLen=4
+op.enroll.userKey.pinReset.pin.maxLen=10
+op.enroll.userKey.cardmgr_instance=A0000000030000
+op.enroll.userKey.tks.conn=tks1
+op.enroll.userKey.auth.id=ldap1
+op.enroll.userKey.auth.enable=true
+op.enroll.userKey.issuerinfo.enable=true
+op.enroll.userKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi
+op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.num=2
+op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing
+op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption
+op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
+op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true
+op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0
+op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast
+op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true
+op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0
+op.enroll.userKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN]
+op.enroll.userKey.keyGen.encryption.serverKeygen.drm.conn=drm1
+op.enroll.userKey.keyGen.encryption.serverKeygen.archive=true
+op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable=true
+op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1
+op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.archive=true
+op.enroll.userKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary)
+op.enroll.userKeyTemporary.keyGen.keyType.num=3
+op.enroll.userKeyTemporary.keyGen.keyType.value.0=auth
+op.enroll.userKeyTemporary.keyGen.keyType.value.1=signing
+op.enroll.userKeyTemporary.keyGen.keyType.value.2=encryption
+op.enroll.userKeyTemporary.keyGen.auth.keySize=1024
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.private=false
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.token=true
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.private=false
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.token=true
+op.enroll.userKeyTemporary.keyGen.auth.label=Temporary Key for $userid$
+op.enroll.userKeyTemporary.keyGen.auth.cuid_label=$cuid$
+op.enroll.userKeyTemporary.keyGen.auth.overwrite=false
+op.enroll.userKeyTemporary.keyGen.auth.certId=C0
+op.enroll.userKeyTemporary.keyGen.auth.certAttrId=c0
+op.enroll.userKeyTemporary.keyGen.auth.privateKeyAttrId=k0
+op.enroll.userKeyTemporary.keyGen.auth.publicKeyAttrId=k1
+op.enroll.userKeyTemporary.keyGen.auth.keyUsage=0
+op.enroll.userKeyTemporary.keyGen.auth.keyUser=15
+op.enroll.userKeyTemporary.keyGen.auth.privateKeyNumber=0
+op.enroll.userKeyTemporary.keyGen.auth.publicKeyNumber=1
+op.enroll.userKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment
+op.enroll.userKeyTemporary.keyGen.auth.ca.conn=ca1
+op.enroll.userKeyTemporary.keyGen.auth.revokeCert=true
+op.enroll.userKeyTemporary.keyGen.signing.keySize=1024
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.private=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.token=true
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.private=true
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.token=true
+op.enroll.userKeyTemporary.keyGen.signing.label=signing key for $userid$
+op.enroll.userKeyTemporary.keyGen.signing.cuid_label=$cuid$
+op.enroll.userKeyTemporary.keyGen.signing.overwrite=true
+op.enroll.userKeyTemporary.keyGen.signing.certId=C1
+op.enroll.userKeyTemporary.keyGen.signing.certAttrId=c1
+op.enroll.userKeyTemporary.keyGen.signing.privateKeyAttrId=k2
+op.enroll.userKeyTemporary.keyGen.signing.publicKeyAttrId=k3
+op.enroll.userKeyTemporary.keyGen.signing.keyUsage=0
+op.enroll.userKeyTemporary.keyGen.signing.keyUser=0
+op.enroll.userKeyTemporary.keyGen.signing.privateKeyNumber=2
+op.enroll.userKeyTemporary.keyGen.signing.publicKeyNumber=3
+op.enroll.userKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment
+op.enroll.userKeyTemporary.keyGen.signing.ca.conn=ca1
+op.enroll.userKeyTemporary.keyGen.signing.revokeCert=true
+op.enroll.userKey._080=#op.enroll.userKeyTemporary.keyGen.signing.publisherId=fileBasedPublisher
+op.enroll.userKeyTemporary.keyGen.encryption.keySize=1024
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true
+op.enroll.userKeyTemporary.keyGen.encryption.label=encryption key for $userid$
+op.enroll.userKeyTemporary.keyGen.encryption.cuid_label=$cuid$
+op.enroll.userKeyTemporary.keyGen.encryption.overwrite=true
+op.enroll.userKeyTemporary.keyGen.encryption.certId=C2
+op.enroll.userKeyTemporary.keyGen.encryption.certAttrId=c2
+op.enroll.userKeyTemporary.keyGen.encryption.privateKeyAttrId=k4
+op.enroll.userKeyTemporary.keyGen.encryption.publicKeyAttrId=k5
+op.enroll.userKeyTemporary.keyGen.encryption.keyUsage=0
+op.enroll.userKeyTemporary.keyGen.encryption.keyUser=0
+op.enroll.userKeyTemporary.keyGen.encryption.privateKeyNumber=4
+op.enroll.userKeyTemporary.keyGen.encryption.publicKeyNumber=5
+op.enroll.userKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment
+op.enroll.userKeyTemporary.keyGen.encryption.ca.conn=ca1
+op.enroll.userKeyTemporary.keyGen.encryption.revokeCert=true
+op.enroll.userKeyTemporary.pkcs11obj.enable=true
+op.enroll.userKeyTemporary.pkcs11obj.compress.enable=true
+op.enroll.userKeyTemporary.update.applet.emptyToken.enable=true
+op.enroll.userKeyTemporary.update.applet.enable=true
+op.enroll.userKeyTemporary.update.applet.requiredVersion=1.3.44724DDE
+op.enroll.userKeyTemporary.update.applet.directory=[TPS_DIR]/applets
+op.enroll.userKeyTemporary.update.applet.encryption=true
+op.enroll.userKeyTemporary.update.symmetricKeys.enable=false
+op.enroll.userKeyTemporary.update.symmetricKeys.requiredVersion=1
+op.enroll.userKeyTemporary.loginRequest.enable=true
+op.enroll.userKeyTemporary.pinReset.enable=true
+op.enroll.userKeyTemporary.pinReset.pin.maxRetries=127
+op.enroll.userKeyTemporary.pinReset.pin.minLen=4
+op.enroll.userKeyTemporary.pinReset.pin.maxLen=10
+op.enroll.userKeyTemporary.tks.conn=tks1
+op.enroll.userKeyTemporary.cardmgr_instance=A0000000030000
+op.enroll.userKeyTemporary.auth.id=ldap1
+op.enroll.userKeyTemporary.auth.enable=true
+op.enroll.soKey.temporaryToken.tokenType=soKeyTemporary
+op.enroll.soKey.keyGen.recovery.destroyed.keyType.num=2
+op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.0=signing
+op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.1=encryption
+op.enroll.soKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert=true
+op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0
+op.enroll.soKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast
+op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert=false
+op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0
+op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.num=2
+op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.0=signing
+op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption
+op.enroll.soKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert=true
+op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1
+op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true
+op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1
+op.enroll.soKey.keyGen.recovery.onHold.keyType.num=2
+op.enroll.soKey.keyGen.recovery.onHold.keyType.value.0=signing
+op.enroll.soKey.keyGen.recovery.onHold.keyType.value.1=encryption
+op.enroll.soKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert=true
+op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert.reason=6
+op.enroll.soKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert=true
+op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6
+op.enroll.soKey.keyGen.tokenName=$auth.cn$
+op.enroll.soKey.keyGen.keyType.num=2
+op.enroll.soKey.keyGen.keyType.value.0=signing
+op.enroll.soKey.keyGen.keyType.value.1=encryption
+op.enroll.soKey.keyGen.signing.keySize=1024
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.encrypt=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.sign=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.signRecover=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.decrypt=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.derive=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.unwrap=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.wrap=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.verifyRecover=true
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.verify=true
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.sensitive=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.private=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.token=true
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.encrypt=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.sign=true
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.signRecover=true
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.decrypt=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.derive=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.unwrap=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.wrap=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.verifyRecover=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.verify=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.sensitive=true
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.private=true
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.token=true
+op.enroll.soKey.keyGen.signing.label=signing key for $userid$
+op.enroll.soKey.keyGen.signing.cuid_label=$cuid$
+op.enroll.soKey.keyGen.signing.overwrite=true
+op.enroll.soKey.keyGen.signing.certId=C1
+op.enroll.soKey.keyGen.signing.certAttrId=c1
+op.enroll.soKey.keyGen.signing.privateKeyAttrId=k2
+op.enroll.soKey.keyGen.signing.publicKeyAttrId=k3
+op.enroll.soKey.keyGen.signing.keyUsage=0
+op.enroll.soKey.keyGen.signing.keyUser=0
+op.enroll.soKey.keyGen.signing.privateKeyNumber=2
+op.enroll.soKey.keyGen.signing.publicKeyNumber=3
+op.enroll.soKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment
+op.enroll.soKey.keyGen.signing.ca.conn=ca1
+op.enroll.soKey.keyGen.signing.revokeCert=true
+op.enroll.soKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher
+op.enroll.soKey.keyGen.encryption.keySize=1024
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.encrypt=true
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sign=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.signRecover=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.decrypt=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.derive=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.unwrap=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.wrap=true
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verify=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sensitive=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.private=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.token=true
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.encrypt=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sign=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.signRecover=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.decrypt=true
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.derive=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.unwrap=true
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.wrap=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verify=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sensitive=true
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.private=true
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.token=true
+op.enroll.soKey.keyGen.encryption.label=encryption key for $userid$
+op.enroll.soKey.keyGen.encryption.cuid_label=$cuid$
+op.enroll.soKey.keyGen.encryption.overwrite=true
+op.enroll.soKey.keyGen.encryption.certId=C2
+op.enroll.soKey.keyGen.encryption.certAttrId=c2
+op.enroll.soKey.keyGen.encryption.privateKeyAttrId=k4
+op.enroll.soKey.keyGen.encryption.publicKeyAttrId=k5
+op.enroll.soKey.keyGen.encryption.keyUsage=0
+op.enroll.soKey.keyGen.encryption.keyUser=0
+op.enroll.soKey.keyGen.encryption.privateKeyNumber=4
+op.enroll.soKey.keyGen.encryption.publicKeyNumber=5
+op.enroll.soKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment
+op.enroll.soKey.keyGen.encryption.ca.conn=ca1
+op.enroll.soKey.keyGen.encryption.revokeCert=true
+op.enroll.soKey.pkcs11obj.enable=true
+op.enroll.soKey.pkcs11obj.compress.enable=true
+op.enroll.soKey.update.applet.emptyToken.enable=true
+op.enroll.soKey.update.applet.enable=true
+op.enroll.soKey.update.applet.requiredVersion=1.3.44724DDE
+op.enroll.soKey.update.applet.directory=[TPS_DIR]/applets
+op.enroll.soKey.update.applet.encryption=true
+op.enroll.soKey.update.symmetricKeys.enable=false
+op.enroll.soKey.update.symmetricKeys.requiredVersion=1
+op.enroll.soKey.loginRequest.enable=true
+op.enroll.soKey.pinReset.enable=true
+op.enroll.soKey.pinReset.pin.maxRetries=127
+op.enroll.soKey.pinReset.pin.minLen=4
+op.enroll.soKey.pinReset.pin.maxLen=10
+op.enroll.soKey.cardmgr_instance=A0000000030000
+op.enroll.soKey.tks.conn=tks1
+op.enroll.soKey.auth.id=ldap2
+op.enroll.soKey.auth.enable=true
+op.enroll.soKey.issuerinfo.enable=true
+op.enroll.soKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/so/index.cgi
+op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.num=2
+op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing
+op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption
+op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
+op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true
+op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0
+op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast
+op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true
+op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0
+op.enroll.soKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN]
+op.enroll.soKey.keyGen.encryption.serverKeygen.drm.conn=drm1
+op.enroll.soKey.keyGen.encryption.serverKeygen.archive=true
+op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.enable=true
+op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1
+op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.archive=true
+op.enroll.soKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary)
+op.enroll.soKeyTemporary.keyGen.keyType.num=3
+op.enroll.soKeyTemporary.keyGen.keyType.value.0=auth
+op.enroll.soKeyTemporary.keyGen.keyType.value.1=signing
+op.enroll.soKeyTemporary.keyGen.keyType.value.2=encryption
+op.enroll.soKeyTemporary.keyGen.auth.keySize=1024
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.private=false
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.token=true
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.private=false
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.token=true
+op.enroll.soKeyTemporary.keyGen.auth.label=Temporary Key for $userid$
+op.enroll.soKeyTemporary.keyGen.auth.cuid_label=$cuid$
+op.enroll.soKeyTemporary.keyGen.auth.overwrite=false
+op.enroll.soKeyTemporary.keyGen.auth.certId=C0
+op.enroll.soKeyTemporary.keyGen.auth.certAttrId=c0
+op.enroll.soKeyTemporary.keyGen.auth.privateKeyAttrId=k0
+op.enroll.soKeyTemporary.keyGen.auth.publicKeyAttrId=k1
+op.enroll.soKeyTemporary.keyGen.auth.keyUsage=0
+op.enroll.soKeyTemporary.keyGen.auth.keyUser=15
+op.enroll.soKeyTemporary.keyGen.auth.privateKeyNumber=0
+op.enroll.soKeyTemporary.keyGen.auth.publicKeyNumber=1
+op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment
+op.enroll.soKeyTemporary.keyGen.auth.ca.conn=ca1
+op.enroll.soKeyTemporary.keyGen.auth.revokeCert=true
+op.enroll.soKeyTemporary.keyGen.signing.keySize=1024
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.private=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.token=true
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.private=true
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.token=true
+op.enroll.soKeyTemporary.keyGen.signing.label=signing key for $userid$
+op.enroll.soKeyTemporary.keyGen.signing.cuid_label=$cuid$
+op.enroll.soKeyTemporary.keyGen.signing.overwrite=true
+op.enroll.soKeyTemporary.keyGen.signing.certId=C1
+op.enroll.soKeyTemporary.keyGen.signing.certAttrId=c1
+op.enroll.soKeyTemporary.keyGen.signing.privateKeyAttrId=k2
+op.enroll.soKeyTemporary.keyGen.signing.publicKeyAttrId=k3
+op.enroll.soKeyTemporary.keyGen.signing.keyUsage=0
+op.enroll.soKeyTemporary.keyGen.signing.keyUser=0
+op.enroll.soKeyTemporary.keyGen.signing.privateKeyNumber=2
+op.enroll.soKeyTemporary.keyGen.signing.publicKeyNumber=3
+op.enroll.soKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment
+op.enroll.soKeyTemporary.keyGen.signing.ca.conn=ca1
+op.enroll.soKeyTemporary.keyGen.signing.revokeCert=true
+op.enroll.soKeyTemporary.keyGen.encryption.keySize=1024
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true
+op.enroll.soKeyTemporary.keyGen.encryption.label=encryption key for $userid$
+op.enroll.soKeyTemporary.keyGen.encryption.cuid_label=$cuid$
+op.enroll.soKeyTemporary.keyGen.encryption.overwrite=true
+op.enroll.soKeyTemporary.keyGen.encryption.certId=C2
+op.enroll.soKeyTemporary.keyGen.encryption.certAttrId=c2
+op.enroll.soKeyTemporary.keyGen.encryption.privateKeyAttrId=k4
+op.enroll.soKeyTemporary.keyGen.encryption.publicKeyAttrId=k5
+op.enroll.soKeyTemporary.keyGen.encryption.keyUsage=0
+op.enroll.soKeyTemporary.keyGen.encryption.keyUser=0
+op.enroll.soKeyTemporary.keyGen.encryption.privateKeyNumber=4
+op.enroll.soKeyTemporary.keyGen.encryption.publicKeyNumber=5
+op.enroll.soKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment
+op.enroll.soKeyTemporary.keyGen.encryption.ca.conn=ca1
+op.enroll.soKeyTemporary.keyGen.encryption.revokeCert=true
+op.enroll.soKeyTemporary.pkcs11obj.enable=true
+op.enroll.soKeyTemporary.pkcs11obj.compress.enable=true
+op.enroll.soKeyTemporary.update.applet.emptyToken.enable=true
+op.enroll.soKeyTemporary.update.applet.enable=true
+op.enroll.soKeyTemporary.update.applet.requiredVersion=1.3.44724DDE
+op.enroll.soKeyTemporary.update.applet.directory=[TPS_DIR]/applets
+op.enroll.soKeyTemporary.update.applet.encryption=true
+op.enroll.soKeyTemporary.update.symmetricKeys.enable=false
+op.enroll.soKeyTemporary.update.symmetricKeys.requiredVersion=1
+op.enroll.soKeyTemporary.loginRequest.enable=true
+op.enroll.soKeyTemporary.pinReset.enable=true
+op.enroll.soKeyTemporary.pinReset.pin.maxRetries=127
+op.enroll.soKeyTemporary.pinReset.pin.minLen=4
+op.enroll.soKeyTemporary.pinReset.pin.maxLen=10
+op.enroll.soKeyTemporary.cardmgr_instance=A0000000030000
+op.enroll.soKeyTemporary.tks.conn=tks1
+op.enroll.soKeyTemporary.tks.keySet=defKeyset
+op.enroll.soKeyTemporary.auth.id=ldap2
+op.enroll.soKeyTemporary.auth.enable=true
+op.pinReset._000=#########################################
+op.pinReset._001=# Certificate Chain Imports 
+op.pinReset._002=#
+op.pinReset._003=# op.enroll.certificates.num=1
+op.pinReset._004=# op.enroll.certificates.value.0=caCert
+op.pinReset._005=# op.enroll.certificates.caCert.nickName=caCert0 pki-tps
+op.pinReset._006=# op.enroll.certificates.caCert.certId=C5
+op.pinReset._007=# op.enroll.certificates.caCert.certAttrId=c5
+op.pinReset._008=# op.enroll.certificates.caCert.label=caCert Label
+op.pinReset._009=#########################################
+op.pinReset._010=#########################################
+op.pinReset._011=# Pin Reset Operation For CoolKey
+op.pinReset._012=#
+op.pinReset._013=# op.pinReset.userKey.update.applet.emptyToken.enable=false
+op.pinReset._014=#  - update applet or not if token is empty
+op.pinReset._015=#
+op.pinReset._016=# - N/A for HouseKey
+op.pinReset._017=# - N/A for HouseKey with Legacy Applet
+op.pinReset._018=#########################################
+op.pinReset.userKey.update.applet.emptyToken.enable=true
+op.pinReset.userKey.update.applet.enable=false
+op.pinReset.userKey.update.applet.requiredVersion=1.3.44724DDE
+op.pinReset.userKey.update.applet.directory=[TPS_DIR]/applets
+op.pinReset.userKey.update.applet.encryption=true
+op.pinReset.userKey.update.symmetricKeys.enable=false
+op.pinReset.userKey.update.symmetricKeys.requiredVersion=1
+op.pinReset.userKey.loginRequest.enable=true
+op.pinReset.userKey.pinReset.pin.minLen=4
+op.pinReset.userKey.pinReset.pin.maxLen=10
+op.pinReset.userKey.tks.conn=tks1
+op.pinReset.userKey.cardmgr_instance=A0000000030000
+op.pinReset.userKey.auth.id=ldap1
+op.pinReset.userKey.auth.enable=true
+op.format._000=#########################################
+op.format._001=# Format Operation For tokenKey
+op.format._002=#
+op.format._003=# op.format.tokenKey.update.applet.emptyToken.enable=false
+op.format._004=#  - update applet or not if token is empty
+op.format._005=#
+op.format._006=# - applicable to CoolKey
+op.format._007=# - applicable to HouseKey
+op.format._008=# - applicable to HouseKey with Legacy Applet
+op.format._009=#########################################
+op.format.allowUnknownToken=true
+op.format.soCleanUserToken.update.applet.emptyToken.enable=true
+op.format.soCleanUserToken.update.applet.requiredVersion=1.3.44724DDE
+op.format.soCleanUserToken.update.applet.directory=[TPS_DIR]/applets
+op.format.soCleanUserToken.update.applet.encryption=true
+op.format.soCleanUserToken.update.symmetricKeys.enable=false
+op.format.soCleanUserToken.update.symmetricKeys.requiredVersion=1
+op.format.soCleanUserToken.revokeCert=true
+op.format.soCleanUserToken.ca.conn=ca1
+op.format.soCleanUserToken.loginRequest.enable=false
+op.format.soCleanUserToken.cardmgr_instance=A0000000030000
+op.format.soCleanUserToken.tks.conn=tks1
+op.format.soCleanUserToken.auth.id=ldap1
+op.format.soCleanUserToken.auth.enable=false
+op.format.soCleanUserToken.issuerinfo.enable=true
+op.format.soCleanUserToken.issuerinfo.value=
+op.format.soCleanSOToken.update.applet.emptyToken.enable=true
+op.format.soCleanSOToken.update.applet.requiredVersion=1.3.44724DDE
+op.format.soCleanSOToken.update.applet.directory=[TPS_DIR]/applets
+op.format.soCleanSOToken.update.applet.encryption=true
+op.format.soCleanSOToken.update.symmetricKeys.enable=false
+op.format.soCleanSOToken.update.symmetricKeys.requiredVersion=1
+op.format.soCleanSOToken.revokeCert=true
+op.format.soCleanSOToken.ca.conn=ca1
+op.format.soCleanSOToken.loginRequest.enable=false
+op.format.soCleanSOToken.cardmgr_instance=A0000000030000
+op.format.soCleanSOToken.tks.conn=tks1
+op.format.soCleanSOToken.auth.id=ldap1
+op.format.soCleanSOToken.auth.enable=false
+op.format.soCleanSOToken.issuerinfo.enable=true
+op.format.soCleanSOToken.issuerinfo.value=
+op.format.cleanToken.update.applet.emptyToken.enable=true
+op.format.cleanToken.update.applet.requiredVersion=1.3.44724DDE
+op.format.cleanToken.update.applet.directory=[TPS_DIR]/applets
+op.format.cleanToken.update.applet.encryption=true
+op.format.cleanToken.update.symmetricKeys.enable=false
+op.format.cleanToken.update.symmetricKeys.requiredVersion=1
+op.format.cleanToken.revokeCert=true
+op.format.cleanToken.ca.conn=ca1
+op.format.cleanToken.loginRequest.enable=true
+op.format.cleanToken.cardmgr_instance=A0000000030000
+op.format.cleanToken.tks.conn=tks1
+op.format.cleanToken.auth.id=ldap1
+op.format.cleanToken.auth.enable=false
+op.format.cleanToken.issuerinfo.enable=true
+op.format.cleanToken.issuerinfo.value=
+op.format.soUserKey.update.applet.emptyToken.enable=true
+op.format.soUserKey.update.applet.requiredVersion=1.3.44724DDE
+op.format.soUserKey.update.applet.directory=[TPS_DIR]/applets
+op.format.soUserKey.update.applet.encryption=true
+op.format.soUserKey.update.symmetricKeys.enable=false
+op.format.soUserKey.update.symmetricKeys.requiredVersion=1
+op.format.soUserKey.revokeCert=true
+op.format.soUserKey.ca.conn=ca1
+op.format.soUserKey.loginRequest.enable=false
+op.format.soUserKey.cardmgr_instance=A0000000030000
+op.format.soUserKey.tks.conn=tks1
+op.format.soUserKey.auth.id=ldap1
+op.format.soUserKey.auth.enable=false
+op.format.soUserKey.issuerinfo.enable=true
+op.format.soUserKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi
+op.format.soKey.update.applet.emptyToken.enable=true
+op.format.soKey.update.applet.requiredVersion=1.3.44724DDE
+op.format.soKey.update.applet.directory=[TPS_DIR]/applets
+op.format.soKey.update.applet.encryption=true
+op.format.soKey.update.symmetricKeys.enable=false
+op.format.soKey.update.symmetricKeys.requiredVersion=1
+op.format.soKey.revokeCert=true
+op.format.soKey.ca.conn=ca1
+op.format.soKey.loginRequest.enable=true
+op.format.soKey.cardmgr_instance=A0000000030000
+op.format.soKey.tks.conn=tks1
+op.format.soKey.auth.id=ldap2
+op.format.soKey.auth.enable=true
+op.format.soKey.issuerinfo.enable=true
+op.format.soKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/so/index.cgi
+op.format.userKey.update.applet.emptyToken.enable=true
+op.format.userKey.update.applet.requiredVersion=1.3.44724DDE
+op.format.userKey.update.applet.directory=[TPS_DIR]/applets
+op.format.userKey.update.applet.encryption=true
+op.format.userKey.update.symmetricKeys.enable=false
+op.format.userKey.update.symmetricKeys.requiredVersion=1
+op.format.userKey.revokeCert=true
+op.format.userKey.ca.conn=ca1
+op.format.userKey.loginRequest.enable=true
+op.format.userKey.cardmgr_instance=A0000000030000
+op.format.userKey.tks.conn=tks1
+op.format.userKey.auth.id=ldap1
+op.format.userKey.auth.enable=true
+op.format.userKey.issuerinfo.enable=true
+op.format.userKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi
+op.format.tokenKey.update.applet.emptyToken.enable=true
+op.format.tokenKey.update.applet.requiredVersion=1.3.44724DDE
+op.format.tokenKey.update.applet.directory=[TPS_DIR]/applets
+op.format.tokenKey.update.applet.encryption=true
+op.format.tokenKey.update.symmetricKeys.enable=false
+op.format.tokenKey.update.symmetricKeys.requiredVersion=1
+op.format.tokenKey.revokeCert=true
+op.format.tokenKey.ca.conn=ca1
+op.format.tokenKey.loginRequest.enable=true
+op.format.tokenKey.cardmgr_instance=A0000000030000
+op.format.tokenKey.tks.conn=tks1
+op.format.tokenKey.auth.id=ldap1
+op.format.tokenKey.auth.enable=true
+op.format.tokenKey.issuerinfo.enable=true
+op.format.tokenKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi
+tokendb._000=#########################################
+tokendb._001=# tokendb.auditLog:
+tokendb._002=#   - audit log path
+tokendb._003=# tokendb.host:
+tokendb._004=#   - tokendb host name
+tokendb._005=# tokendb.port:
+tokendb._006=#   - tokendb port number
+tokendb._007=# tokendb.bindDN:
+tokendb._008=#   - tokendb administration DN (i.e. cn=Directory Manager)
+tokendb._009=# tokendb.bindPassPath:
+tokendb._010=#   - tokendb administration password file path
+tokendb._011=# tokendb.templateDir
+tokendb._012=#   - directory where all the tokendb templates are located
+tokendb._013=# tokendb.userBaseDN:
+tokendb._014=#   - directory base DN for users and groups
+tokendb._015=# tokendb.baseDN:
+tokendb._016=#   - directory base DN for tokens
+tokendb._017=# tokendb.activityBaseDN:
+tokendb._018=#   - directory base DN for activities
+tokendb._019=# tokendb.indexTemplate=index.template
+tokendb._020=#   - index template
+tokendb._021=# tokendb.newTemplate=new.template
+tokendb._022=#   - add template
+tokendb._023=# tokendb.showTemplate=show.template
+tokendb._024=#   - show template
+tokendb._025=# tokendb.errorTemplate=error.template
+tokendb._026=#   - error template
+tokendb._027=# tokendb.searchTemplate=search.template
+tokendb._028=#   - search template
+tokendb._029=# tokendb.searchResultTemplate=searchResults.template
+tokendb._030=#   - search result template
+tokendb._031=# tokendb.editTemplate=edit.template
+tokendb._032=#   - edit template
+tokendb._033=# tokendb.editResultTemplate=editResults.template
+tokendb._034=#   - edit result template
+tokendb._035=# tokendb.addResultTemplate=addResults.template
+tokendb._036=#   - add result template
+tokendb._037=# tokendb.deleteResultTemplate=deleteResults.template
+tokendb._038=#   - delete result template
+tokendb._039=# tokendb.searchActivityTemplate=searchActivity.template
+tokendb._040=#   - search activity template
+tokendb._041=# tokendb.searchActivityResultTemplate=searchActivityResults.template
+tokendb._042=#   - search activity result template
+tokendb._043=# tokendb.showAdminTemplate=showAdmin.template
+tokendb._044=#   - show admin template
+tokendb._045=# tokendb.editAdminTemplate=editAdmin.template
+tokendb._046=#   - edit admin template
+tokendb._047=# tokendb.editAdminResultTemplate=editAdminResults.template
+tokendb._048=#   - edit admin result template
+tokendb._049=# tokendb.searchAdminTemplate=searchAdmin.template
+tokendb._050=#   - search admin template
+tokendb._051=# tokendb.searchAdminResultTemplate=searchAdminResults.template
+tokendb._052=#   - search admin result template
+tokendb._053=# tokendb.defaultPolicy:
+tokendb._054=# Supported Policy (Separated by ; [Semicolon]):
+tokendb._055=# For example, PIN_RESET=YES|NO;RE_ENROLL=YES|NO
+tokendb._056=#   PIN_RESET=YES|NO
+tokendb._057=#   - If not present, pin reset by user is allowed.
+tokendb._058=#   - If present and agent change PIN_RESET from NO 
+tokendb._059=#     to YES, user is allowed to do pin reset. This 
+tokendb._060=#     policy will be changed back to NO after pin reset.
+tokendb._061=#   RE_ENROLL=YES|NO
+tokendb._062=#   - If not present, re-enrollment is allowed.
+tokendb._063=#   - If present, re-enrollment is allowed when RE_ENROLL
+tokendb._064=#     is set to YES. Otherwise, re-enrollment is not 
+tokendb._065=#     allowed.
+tokendb._066=#########################################
+tokendb.auditLog=[SERVER_ROOT]/[INSTANCE_ID]/logs/tokendb-audit.log
+tokendb.hostport=[TOKENDB_HOST]:[TOKENDB_PORT]
+tokendb.ssl=false
+tokendb.bindDN=cn=Directory Manager
+tokendb.bindPassPath=[SERVER_ROOT]/conf/password.conf
+tokendb.templateDir=[SERVER_ROOT]/docroot/tus
+tokendb.userBaseDN=[TOKENDB_ROOT]
+tokendb.baseDN=ou=Tokens,[TOKENDB_ROOT]
+tokendb.activityBaseDN=ou=Activities,[TOKENDB_ROOT]
+tokendb.certBaseDN=ou=Certificates,[TOKENDB_ROOT]
+tokendb.indexTemplate=index.template
+tokendb.indexAdminTemplate=indexAdmin.template
+tokendb.newTemplate=new.template
+tokendb.showTemplate=show.template
+tokendb.showCertTemplate=showCert.template
+tokendb.errorTemplate=error.template
+tokendb.searchTemplate=search.template
+tokendb.searchResultTemplate=searchResults.template
+tokendb.searchCertificateResultTemplate=searchCertificateResults.template
+tokendb.editTemplate=edit.template
+tokendb.editResultTemplate=editResults.template
+tokendb.addResultTemplate=addResults.template
+tokendb.deleteTemplate=delete.template
+tokendb.deleteResultTemplate=deleteResults.template
+tokendb.searchActivityTemplate=searchActivity.template
+tokendb.searchCertificateTemplate=searchCertificate.template
+tokendb.searchActivityResultTemplate=searchActivityResults.template
+tokendb.showAdminTemplate=showAdmin.template
+tokendb.doTokenTemplate=doToken.template
+tokendb.doTokenConfirmTemplate=doTokenConfirm.template
+tokendb.revokeTemplate=revoke.template
+tokendb.editAdminTemplate=editAdmin.template
+tokendb.editAdminResultTemplate=editAdminResults.template
+tokendb.searchAdminTemplate=searchAdmin.template
+tokendb.searchAdminResultTemplate=searchAdminResults.template
+tokendb.defaultPolicy=RE_ENROLL=YES
diff --git a/pki/base/tps/etc/init.d/httpd b/pki/base/tps/etc/init.d/httpd
new file mode 100755
index 000000000..4ccad2205
--- /dev/null
+++ b/pki/base/tps/etc/init.d/httpd
@@ -0,0 +1,433 @@
+#!/bin/bash
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+# [INSTANCE_ID]    Startup script for the Apache HTTP Server
+#
+# chkconfig:    - 85 15
+# description:  Apache is a World Wide Web server.  It is used to serve \
+#               HTML files and CGI.
+# processname:  httpd
+# config:       [HTTPD_CONF]
+# pidfile:      [SERVER_ROOT]/logs/[INSTANCE_ID].pid
+
+# Check to insure that this script's original invocation directory
+# has not been deleted!
+CWD=`/bin/pwd > /dev/null 2>&1`
+if [ $? -ne 0 ] ; then
+	echo "Cannot invoke '$0' from non-existent directory!"
+	exit 255
+fi
+
+# Check to insure that at least one PKI subsystem
+# currently resides on this system.
+if	[ ! -x /usr/bin/pkiarch   ] ||
+	[ ! -x /usr/bin/pkiflavor ] ||
+	[ ! -x /usr/bin/pkiname   ]; then
+	echo "This machine is missing all PKI subsystems!"
+	exit 255
+fi
+
+# Check to insure that this script's associated PKI
+# subsystem currently resides on this system.
+SUBSYSTEM_TYPE=[SUBSYSTEM_TYPE]
+if [ ! -d /usr/share/`pkiflavor`/${SUBSYSTEM_TYPE} ] ; then
+	echo "This machine is missing the '${SUBSYSTEM_TYPE}' subsystem!"
+	exit 255
+fi
+
+# Obtain the operating system upon which this script is being executed
+OS=`pkiname`
+ARCHITECTURE=`pkiarch`
+
+# Time to wait in seconds, before killing process
+#
+#     NOTE:  Defined in "tomcat5.conf" for other PKI Subsystems.
+#
+STARTUP_WAIT=30
+SHUTDOWN_WAIT=30
+
+# This script must be run as root!
+RV=0
+if [ ${OS} = "Linux" ] ; then
+	if [ `id -u` -ne 0 ] ; then
+		echo "Must be 'root' to execute '$0'!"
+		exit 1
+	fi
+elif [ ${OS} = "SunOS" ] ; then
+	if [ `/usr/xpg4/bin/id -u` -ne 0 ] ; then
+		echo "Must be 'root' to execute '$0'!"
+		exit 1
+	fi
+else
+	echo "Unsupported OS '${OS}'!"
+	exit 1
+fi
+
+# Initialize environment variables
+LD_LIBRARY_PATH=[SYSTEM_USER_LIBRARIES]:[SYSTEM_LIBRARIES]:${LD_LIBRARY_PATH}
+LD_LIBRARY_PATH=[SECURITY_LIBRARIES]:${LD_LIBRARY_PATH}
+export LD_LIBRARY_PATH
+
+# Source function library.
+if [ -x /etc/init.d/functions ]; then
+	. /etc/init.d/functions
+else
+	# The checkpid() function is provided for platforms that do not
+	# contain the "/etc/init.d/functions" file (e. g. - Solaris) . . .
+
+	# Check if $pid (could be plural) are running (keep count)
+	checkpid()
+	{
+		rv=0
+		for i in $* ; do
+			ps -p $i > /dev/null 2>&1 ;
+			if [ $? -ne 0 ] ; then
+				rv=`expr $rv + 1`
+			else
+				rv=`expr $rv + 0`
+			fi
+		done
+		# echo "rv=$rv"
+		return $rv
+	}
+
+	# Create the following directories on platforms
+	# where they do not exist (e. g. - Solaris) . . .
+	if [ ! -d /var/lock/subsys ] ; then
+		mkdir -p /var/lock/subsys
+	fi
+fi
+
+########################################################################
+#   This section contains modified content of "/etc/sysconfig/httpd"   #
+########################################################################
+# Configuration file for the [INSTANCE_ID] service.
+
+#
+# The default processing model (MPM) is the process-based
+# 'prefork' model.  A thread-based model, 'worker', is also
+# available, but does not work with some modules (such as PHP).
+# The service must be stopped before changing this variable.
+#
+HTTPD=[FORTITUDE_DIR]/sbin/httpd.worker
+
+#
+# To pass additional options (for instance, -D definitions) to the
+# httpd binary at startup, set OPTIONS here.
+#
+OPTIONS="-f [HTTPD_CONF]"
+
+#
+# By default, the httpd process is started in the C locale; to 
+# change the locale in which the server runs, the HTTPD_LANG
+# variable can be set.
+#
+HTTPD_LANG=C
+########################################################################
+#                                                                      #
+########################################################################
+
+# This will prevent initlog from swallowing up a pass-phrase prompt if
+# mod_ssl needs a pass-phrase from the user.
+INITLOG_ARGS=""
+
+# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server
+# with the thread-based "worker" MPM; BE WARNED that some modules may not
+# work correctly with a thread-based MPM; notably PHP will refuse to start.
+
+# Path to the server binary and short-form for messages.
+httpd=${HTTPD:-[FORTITUDE_DIR]/sbin/httpd}
+prog=[INSTANCE_ID]
+pidfile=${PIDFILE:-[SERVER_ROOT]/logs/[INSTANCE_ID].pid}
+lockfile=${LOCKFILE:-/var/lock/subsys/[INSTANCE_ID]}
+RETVAL=0
+
+# see if httpd is linked with the openldap libraries - we need to override them
+if [ ${OS} = "Linux" ]; then
+	hasopenldap=0
+
+	/usr/bin/ldd $httpd 2>&1 | grep libldap- > /dev/null 2>&1 && hasopenldap=1
+
+	if [ $hasopenldap -eq 1 ] ; then
+		LD_PRELOAD="[SYSTEM_USER_LIBRARIES]/libldap60.so"
+		LD_PRELOAD="[SYSTEM_USER_LIBRARIES]/libssl3.so:${LD_PRELOAD}"
+		export LD_PRELOAD
+	fi
+elif [ ${OS} = "SunOS" ] ; then
+	LD_PRELOAD_64="[SYSTEM_USER_LIBRARIES]/libldap60.so"
+	LD_PRELOAD_64="[SYSTEM_USER_LIBRARIES]/libssl3.so:${LD_PRELOAD_64}"
+	export LD_PRELOAD_64
+fi
+
+get_pki_secure_port()
+{
+	# establish well-known strings
+	listen_statement="Listen"
+
+	# first check to see that an instance-specific "nss.conf" file exists
+	if [ ! -f [NSS_CONF] ] ; then
+		echo "File '[NSS_CONF]' does not exist!"
+		exit 255
+	fi
+
+	# read this instance-specific "nss.conf" file line-by-line
+	# to obtain the current value of the PKI secure port
+	exec < [NSS_CONF]
+	while read line; do
+		# look for the listen statement
+		head=`echo $line | cut -b1-6`
+		if [ "$head" == "$listen_statement" ] ; then
+			# once the listen statement has been found,
+			# extract the numeric port information
+			port=`echo $line | cut -d: -f2`
+			SECURE_PORT=$port
+			return 0
+		fi
+	done
+
+	return 255
+}
+
+# The semantics of these two functions differ from the way apachectl does
+# things -- attempting to start while running is a failure, and shutdown
+# when not running is also a failure.  So we just do it the way init scripts
+# are expected to behave here.
+start() {
+	echo -n $"Starting $prog: "
+
+	if [ -f ${lockfile} ] ; then
+		if [ -f ${pidfile} ]; then
+			read kpid < ${pidfile}
+			if checkpid $kpid 2>&1; then
+				echo
+				echo "process already running"
+				return -1
+			else
+				echo
+				echo -n "lock file found but no process "
+				echo -n "running for pid $kpid, continuing"
+				echo
+				echo
+			fi
+		fi
+	fi
+
+	if [ -x /etc/init.d/functions ]; then
+		/usr/sbin/selinuxenabled
+		RETVAL=$?
+		if [ $RETVAL = 0 ] ; then	
+			# start Apache in unconfined mode in SELinux-enabled RHEL4
+			if [ ${ARCHITECTURE} = "i386" ] ; then
+				LANG=$HTTPD_LANG daemon runcon -t unconfined_t -- $httpd $OPTIONS
+				# overwrite output from "daemon"
+				echo -n $"Starting $prog:                                        "
+			elif [ ${ARCHITECTURE} = "x86_64" ] ; then
+				# NOTE:  "daemon" is incompatible with "httpd"
+				#        on 64-bit architectures
+				LANG=$HTTPD_LANG runcon -t unconfined_t -- $httpd $OPTIONS
+			fi
+		else
+			LANG=$HTTPD_LANG daemon $httpd $OPTIONS
+			# overwrite output from "daemon"
+			echo -n $"Starting $prog:                                        "
+		fi
+	else
+		LANG=$HTTPD_LANG $httpd $OPTIONS -k start
+	fi
+
+	RETVAL=$?
+	[ $RETVAL = 0 ] && touch ${lockfile}
+
+	if [ $RETVAL = 0 ] ; then
+		count=0;
+
+		let swait=$STARTUP_WAIT
+		until	[ ! -s ${pidfile} ] ||
+				[ $count -gt $swait ]
+		do
+			sleep 1
+			let count=$count+1;
+		done
+
+		if [ -x /etc/init.d/functions ]; then
+			echo_success > /etc/rhgb/temp/rhgb-console
+			cat /etc/rhgb/temp/rhgb-console
+			echo
+		else
+			echo "                                       [  OK  ]"
+		fi
+
+		get_pki_secure_port
+		if [ $? -ne 0 ] ; then
+			SECURE_PORT="<Port Undefined>"
+		fi
+
+		echo
+		echo -n "PKI service(s) are available at "
+		echo -n "https://[SERVER_NAME]:$SECURE_PORT"
+		echo
+		echo
+	else
+		if [ -x /etc/init.d/functions ]; then
+			echo_failure > /etc/rhgb/temp/rhgb-console
+			cat /etc/rhgb/temp/rhgb-console
+			echo
+		else
+			echo "                                       [  FAILED  ]"
+		fi
+	fi
+
+	if [ ${OS} = "Linux" ] ; then
+		sleep 5
+	elif [ ${OS} = "SunOS" ] ; then
+		sleep 20
+	fi
+	return $RETVAL
+}
+
+stop() {
+	echo -n "Stopping $prog: "
+
+	if [ -f ${lockfile} ] ; then
+		$httpd $OPTIONS -k stop
+
+		RETVAL=$?
+
+		if [ $RETVAL = 0 ]; then
+			count=0;
+
+			if [ -f ${pidfile} ]; then
+				read kpid < ${pidfile}
+				let kwait=$SHUTDOWN_WAIT
+
+				until	[ `ps -p $kpid | grep -c $kpid` = '0' ] ||
+						[ $count -gt $kwait ]
+				do
+					sleep 1
+					let count=$count+1;
+				done
+
+				if [ $count -gt $kwait ]; then
+					kill -9 $kpid
+				fi
+			fi
+
+			rm -f ${lockfile}
+			rm -f ${pidfile}
+
+			if [ -x /etc/init.d/functions ]; then
+				echo_success > /etc/rhgb/temp/rhgb-console
+				cat /etc/rhgb/temp/rhgb-console
+				echo
+			else
+				echo "                                       [  OK  ]"
+			fi
+		else
+			if [ -x /etc/init.d/functions ]; then
+				echo_failure > /etc/rhgb/temp/rhgb-console
+				cat /etc/rhgb/temp/rhgb-console
+				echo
+			else
+				echo "                                       [  FAILED  ]"
+			fi
+		fi
+	else
+		echo
+		echo "process already stopped"
+	fi
+}
+
+reload() {
+	echo -n $"Reloading $prog: "
+
+	if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then
+		RETVAL=$?
+		echo $"not reloading due to configuration syntax error"
+		if [ -x /etc/init.d/functions ]; then
+			failure $"not reloading $httpd due to configuration syntax error"
+		else
+			echo $"not reloading $httpd due to configuration syntax error"
+		fi
+	else
+		if [ -x /etc/init.d/functions ]; then
+			killproc $httpd -HUP
+			# overwrite output from "killproc"
+			echo -n $"Stopping $prog:                                        "
+		else
+			if [ -f ${lockfile} ] ; then
+				if [ -f ${pidfile} ]; then
+					read kpid < ${pidfile}
+					if checkpid $kpid 2>&1; then
+						kill -HUP $kpid
+					fi
+				else
+					echo
+					echo -n "lock file found but no process "
+					echo -n "running for pid $kpid, continuing"
+					echo
+					echo
+				fi
+			fi
+		fi
+	fi
+	echo
+}
+
+# See how we were called.
+case "$1" in
+	start)
+		start
+		;;
+	stop)
+		stop
+		;;
+	status)
+		status $httpd
+		RETVAL=$?
+		;;
+	restart)
+		stop
+		sleep 2
+		start
+		;;
+	condrestart)
+		if [ -f ${pidfile} ] ; then
+			stop
+			sleep 2
+			start
+		else
+			echo -n "Unable to restart process since "
+			echo -n "'${pidfile}' does not exist!"
+			echo
+		fi
+		;;
+	reload)
+		reload
+		;;
+	*)
+		echo $"Usage: $prog {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}"
+		exit 1
+esac
+
+exit $RETVAL
+
diff --git a/pki/base/tps/forms/esc/cgi-bin/demo/enroll.cgi b/pki/base/tps/forms/esc/cgi-bin/demo/enroll.cgi
new file mode 100755
index 000000000..c0f4bcabf
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/demo/enroll.cgi
@@ -0,0 +1,183 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+use CGI;
+
+$gQuery = new CGI;
+
+$gQueryAction = "default";
+$gQueryOverrideAction = "default";
+
+@gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+$gQueryAction = $gQuery->param("action") if (defined $gQuery->param("action"));
+
+$gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+if ($gQueryOverrideAction ne "default") 
+{
+  $gQueryAction = $gQueryOverrideAction;
+}
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+if ($gQueryAction eq "default")
+{
+  GenerateEnrollmentPage(); 
+  exit 0;
+}
+
+
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< Enroll.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(ENROLL_FILE);
+}
diff --git a/pki/base/tps/forms/esc/cgi-bin/demo/index.cgi b/pki/base/tps/forms/esc/cgi-bin/demo/index.cgi
new file mode 100755
index 000000000..c9a1d21dd
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/demo/index.cgi
@@ -0,0 +1,47 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+print "Content-type: text/xml\n\n";
+print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>";
+print "<ServiceInfo>";
+print "<IssuerName>";
+print "Fedora Project";   # Vendor
+print "</IssuerName>\n";
+print "<Services>";
+print "<Operation>";
+print "http://[SERVER_NAME]:[PORT]/nk_service";
+print "</Operation>";
+print "<UI>";
+print "http://[SERVER_NAME]:[PORT]/cgi-bin/demo/enroll.cgi";
+print "</UI>";
+print "<EnrolledTokenBrowserURL>";
+print "</EnrolledTokenBrowserURL>";
+print "<EnrolledTokenURL>";
+print "</EnrolledTokenURL>";
+print "<TokenType>";
+print "userKey";
+print "</TokenType>";
+print "</Services>";
+print "</ServiceInfo>";
diff --git a/pki/base/tps/forms/esc/cgi-bin/home/enroll.cgi b/pki/base/tps/forms/esc/cgi-bin/home/enroll.cgi
new file mode 100755
index 000000000..c0f4bcabf
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/home/enroll.cgi
@@ -0,0 +1,183 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+use CGI;
+
+$gQuery = new CGI;
+
+$gQueryAction = "default";
+$gQueryOverrideAction = "default";
+
+@gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+$gQueryAction = $gQuery->param("action") if (defined $gQuery->param("action"));
+
+$gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+if ($gQueryOverrideAction ne "default") 
+{
+  $gQueryAction = $gQueryOverrideAction;
+}
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+if ($gQueryAction eq "default")
+{
+  GenerateEnrollmentPage(); 
+  exit 0;
+}
+
+
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< Enroll.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(ENROLL_FILE);
+}
diff --git a/pki/base/tps/forms/esc/cgi-bin/home/index.cgi b/pki/base/tps/forms/esc/cgi-bin/home/index.cgi
new file mode 100755
index 000000000..0386470d4
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/home/index.cgi
@@ -0,0 +1,48 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+print "Content-type: text/xml\n\n";
+print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>";
+print "<ServiceInfo>";
+print "<IssuerName>";
+print "Fedora Project";   # Vendor
+print "</IssuerName>\n";
+print "<Services>";
+print "<Operation>";
+print "http://[SERVER_NAME]:[PORT]/nk_service";
+print "</Operation>";
+print "<UI>";
+print "http://[SERVER_NAME]:[PORT]/cgi-bin/home/enroll.cgi";
+print "</UI>";
+print "<EnrolledTokenBrowserURL>";
+print "http://www.fedora.redhat.com";   # Company URL
+print "</EnrolledTokenBrowserURL>";
+print "<EnrolledTokenURL>";
+print "</EnrolledTokenURL>";
+print "<TokenType>";
+print "userKey";
+print "</TokenType>";
+print "</Services>";
+print "</ServiceInfo>";
diff --git a/pki/base/tps/forms/esc/cgi-bin/so/enroll.cgi b/pki/base/tps/forms/esc/cgi-bin/so/enroll.cgi
new file mode 100755
index 000000000..4ad46abfe
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/so/enroll.cgi
@@ -0,0 +1,193 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+require "../sow/cfg.pl";
+
+use CGI;
+
+my $port = get_port();
+my $host = get_host();
+my $secure_port = get_secure_port();
+
+$gQuery = new CGI;
+
+$gQueryAction = "default";
+$gQueryOverrideAction = "default";
+
+@gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+$gQueryAction = $gQuery->param("action") if (defined $gQuery->param("action"));
+
+$gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+if ($gQueryOverrideAction ne "default") 
+{
+  $gQueryAction = $gQueryOverrideAction;
+}
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+if ($gQueryAction eq "default")
+{
+  GenerateEnrollmentPage(); 
+  exit 0;
+}
+
+
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< Enroll.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      $l =~ s/\$host/$host/g;
+      $l =~ s/\$port/$port/g;
+      $l =~ s/\$secure_port/$secure_port/g;
+
+      print $l;
+    }
+  }
+
+  close(ENROLL_FILE);
+}
diff --git a/pki/base/tps/forms/esc/cgi-bin/so/index.cgi b/pki/base/tps/forms/esc/cgi-bin/so/index.cgi
new file mode 100755
index 000000000..7b3f2c68d
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/so/index.cgi
@@ -0,0 +1,48 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+print "Content-type: text/xml\n\n";
+print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>";
+print "<ServiceInfo>";
+print "<IssuerName>";
+print "Fedora Project";   # Vendor
+print "</IssuerName>\n";
+print "<Services>";
+print "<Operation>";
+print "http://[SERVER_NAME]:[PORT]/nk_service";
+print "</Operation>";
+print "<UI>";
+print "http://[SERVER_NAME]:[PORT]/cgi-bin/so/enroll.cgi";
+print "</UI>";
+print "<EnrolledTokenBrowserURL>";
+print "</EnrolledTokenBrowserURL>";
+print "<EnrolledTokenURL>";
+print "http://[SERVER_NAME]:[PORT]/cgi-bin/sow/welcome.cgi";
+print "</EnrolledTokenURL>";
+print "<TokenType>";
+print "soKey";
+print "</TokenType>";
+print "</Services>";
+print "</ServiceInfo>";
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/ajax-list.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/ajax-list.cgi
new file mode 100755
index 000000000..6d6db81a7
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/ajax-list.cgi
@@ -0,0 +1,77 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+require "./cfg.pl";
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $ldapsearch = get_ldapsearch();
+
+sub main()
+{
+
+  my $q = new CGI;
+
+  my $letters = $q->param('letters');
+  if ($letters eq "") {
+    # HACK: ajax.js posts parameters into POST URL
+    $letters = $ENV{'QUERY_STRING'};
+    $letters =~ s/.*letters=//g;
+    $letters =~ s/\+/ /g;
+  }
+
+  my $tmpfile = "/tmp/ajax-list-$$.txt";
+  my $cmd = $ldapsearch . " " .
+            "-b \"" .  $basedn . "\" " .
+            "-h \"" . $ldapHost . "\" " .
+            "-p \"" . $ldapPort ."\" " .
+            "-S \"cn\" " .
+            "-1 -s sub \"(cn=" . $letters . "*)\" cn uid > " . $tmpfile;
+  system($cmd);
+
+  my $result = "";
+  open(F, "<$tmpfile");
+  my $cn;
+  my $uid;
+  while (<F>) {
+    if (/cn/) {
+      $cn = $_;
+      chomp($cn);
+      $cn =~ s/cn: //g;
+      $uid = <F>;
+      chomp($uid);
+      $uid =~ s/uid: //g;
+      $result .= $uid . "###" . $cn . "|";
+    }
+  }
+  close(F);
+  system("rm $tmpfile");
+
+  print "Content-Type: text/html\n\n";
+  print $result;
+}
+
+&main();
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/cfg.pl b/pki/base/tps/forms/esc/cgi-bin/sow/cfg.pl
new file mode 100755
index 000000000..645063faf
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/cfg.pl
@@ -0,0 +1,142 @@
+#! /usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+#
+# Establish platform-dependent variables:
+#
+my $default_hardware_platform="";
+my $ldapsearch="";
+$default_hardware_platform=`pkiarch`;
+chomp($default_hardware_platform);
+if( $^O eq "linux" ) {
+	if( $default_hardware_platform eq "i386" ) {
+		$ldapsearch = "/usr/lib/mozldap/ldapsearch";
+	} elsif( $default_hardware_platform eq "x86_64" ) {
+		$ldapsearch = "/usr/lib64/mozldap/ldapsearch";
+	}
+} elsif( $^O eq "solaris" ) {
+	if( $default_hardware_platform eq "sparc" ) {
+		$ldapsearch = "/usr/lib/mozldap/ldapsearch";
+	} elsif( $default_hardware_platform eq "sparcv9" ) {
+		$ldapsearch = "/usr/lib/sparcv9/mozldap/ldapsearch";
+	}
+}
+
+#
+# Feel free to modify the following parameters:
+#
+my $ldapHost = "localhost";
+my $ldapPort = "389";
+my $basedn = "ou=People,dc=sfbay,dc=redhat,dc=com";
+my $port = "7888";
+my $secure_port = "7889";
+my $host = "localhost";
+
+my $cfg = "/var/lib/rhpki-tps/conf/CS.cfg";
+
+sub get_ldapsearch()
+{
+  return $ldapsearch;
+}
+
+sub get_ldap_host()
+{
+  my $ldapport = `grep auth.instance.0.hostport $cfg | cut -c26-`;
+  chomp($ldapport);
+  my ($ldapHost, $p) = split(/:/, $ldapport);
+  return $ldapHost;
+}
+
+sub get_ldap_port()
+{
+  my $ldapport = `grep auth.instance.0.hostport $cfg | cut -c26-`;
+  chomp($ldapport);
+  my ($p, $ldapPort) = split(/:/, $ldapport);
+  return $ldapPort;
+}
+
+sub get_base_dn()
+{
+  my $basedn = `grep auth.instance.0.baseDN $cfg | cut -c24-`;
+  chomp($basedn);
+  return $basedn;
+}
+
+sub get_port()
+{
+  my $port = `grep service.unsecurePort $cfg | cut -c22-`;
+  chomp($port);
+  return $port;
+}
+
+sub get_secure_port()
+{
+  my $secure_port = `grep service.securePort $cfg | cut -c20-`;
+  chomp($secure_port);
+  return $secure_port;
+}
+
+sub get_host()
+{
+  my $host = `grep service.machineName $cfg | cut -c21-`;
+  chomp($host);
+  return $host;
+}
+
+sub is_agent()
+{
+  my ($dn) = @_;
+
+  my $uid = $dn;
+  # need to map a subject dn into user DN
+  $uid =~ /uid=([^,]*)/; # retrieve the uid
+  $uid = $1;
+
+  my $x_hostport = `grep -e "^tokendb.hostport" $cfg | cut -c18-`;
+  chomp($x_hostport);
+  my ($x_host, $x_port) = split(/:/, $x_hostport);
+  my $x_basedn = `grep -e "^tokendb.userBaseDN" $cfg | cut -c20-`;
+  chomp($x_basedn);
+  my $x_binddn = `grep -e "^tokendb.bindDN" $cfg | cut -c16-`;
+  chomp($x_binddn);
+  my $x_bindpwdpath = `grep -e "^tokendb.bindPassPath" $cfg | cut -c22-`;
+  chomp($x_bindpwdpath);
+  my $x_bindpwd = `grep -e "^tokendbBindPass" $x_bindpwdpath | cut -c17-`;
+  chomp($x_bindpwd);
+
+  my $cmd = $ldapsearch . "\" " .
+            "-D \"" . $x_binddn . "\" " .
+            "-w \"" . $x_bindpwd . "\" " .
+            "-b \"" . "cn=TUS Officers,ou=Groups,".$x_basedn . "\" " .
+            "-h \"" . $x_host . "\" " .
+            "-p \"" . $x_port ."\" " .
+            "-1 \"(uniqueMember=uid=" . $uid . "*)\" | wc -l";
+  my $matched = `$cmd`;
+  chomp($matched);
+
+  if ($matched eq "0") {
+    return 0;
+  } else {
+    return 1;
+  }
+}
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/enroll.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/enroll.cgi
new file mode 100755
index 000000000..b78448c77
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/enroll.cgi
@@ -0,0 +1,269 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+require "./cfg.pl";
+
+use CGI;
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $port = get_port();
+my $host = get_host();
+my $secure_port = get_secure_port();
+my $ldapsearch = get_ldapsearch();
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GenerateEnrollmentPage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< enroll.html"));
+
+  print $gQuery->header();
+
+  my $uid = $gQuery->param("uid");
+
+  my $tmpfile = "/tmp/read-$$.txt";
+  my $cmd = $ldapsearch . " " .
+            "-b \"" . $basedn . "\" " .
+            "-h \"" . $ldapHost . "\" " .
+            "-p \"" . $ldapPort ."\" " .
+            "-1 \"(uid=" . $uid . ")\" > " . $tmpfile;
+  system($cmd);
+
+  open(F, "<$tmpfile");
+
+  my $givenName = "-";
+  my $cn = "-";
+  my $sn = "-";
+  $uid = "-";
+  my $mail = "-";
+  my $phone = "-";
+  my $departmentNumber = ""; # photo (full size)
+  my $employeeNumber = ""; # photo (thumb)
+
+  # get ldap values into internal varibles
+  while (<F>) {
+    if (/mail: (.*)/) {
+      $mail = $1;
+    }
+    if (/uid: (.*)/) {
+      $uid = $1;
+    }
+    if (/givenName: (.*)/) {
+      $givenName = $1;
+    }
+    if (/sn: (.*)/) {
+      $sn = $1;
+    }
+    if (/cn: (.*)/) {
+      $cn = $1;
+    }
+    if (/telephoneNumber: (.*)/) {
+      $phone = $1;
+    }
+    if (/departmentNumber: (.*)/) {
+      $departmentNumber = $1;
+    }
+    if (/employeeNumber: (.*)/) {
+      $employeeNumber = $1;
+    }
+  }
+  close(F);
+
+  system("rm $tmpfile");
+
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$mail/$mail/g;
+    $l =~ s/\$uid/$uid/g;
+    $l =~ s/\$givenName/$givenName/g;
+    $l =~ s/\$sn/$sn/g;
+    $l =~ s/\$cn/$cn/g;
+    $l =~ s/\$phone/$phone/g;
+    $l =~ s/\$departmentNumber/$departmentNumber/g;
+    $l =~ s/\$employeeNumber/$employeeNumber/g;
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/enroll_temp.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/enroll_temp.cgi
new file mode 100755
index 000000000..510c186a5
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/enroll_temp.cgi
@@ -0,0 +1,268 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+require "./cfg.pl";
+
+use CGI;
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $port = get_port();
+my $host = get_host();
+my $secure_port = get_secure_port();
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GenerateEnrollmentPage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< enroll_temp.html"));
+
+  print $gQuery->header();
+
+  my $uid = $gQuery->param("uid");
+
+  my $tmpfile = "/tmp/read-$$.txt";
+  my $cmd = $ldapsearch . "\" " .
+            "-b \"" . $basedn . "\" " .
+            "-h \"" . $ldapHost . "\" " .
+            "-p \"" . $ldapPort ."\" " .
+            "-1 \"(uid=" . $uid . ")\" > " . $tmpfile;
+  system($cmd);
+
+  open(F, "<$tmpfile");
+
+  my $givenName = "-";
+  my $cn = "-";
+  my $sn = "-";
+  $uid = "-";
+  my $mail = "-";
+  my $phone = "-";
+  my $departmentNumber = ""; # photo (full size)
+  my $employeeNumber = ""; # photo (thumb)
+
+  # get ldap values into internal varibles
+  while (<F>) {
+    if (/mail: (.*)/) {
+      $mail = $1;
+    }
+    if (/uid: (.*)/) {
+      $uid = $1;
+    }
+    if (/givenName: (.*)/) {
+      $givenName = $1;
+    }
+    if (/sn: (.*)/) {
+      $sn = $1;
+    }
+    if (/cn: (.*)/) {
+      $cn = $1;
+    }
+    if (/telephoneNumber: (.*)/) {
+      $phone = $1;
+    }
+    if (/departmentNumber: (.*)/) {
+      $departmentNumber = $1;
+    }
+    if (/employeeNumber: (.*)/) {
+      $employeeNumber = $1;
+    }
+  }
+  close(F);
+
+  system("rm $tmpfile");
+
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$mail/$mail/g;
+    $l =~ s/\$uid/$uid/g;
+    $l =~ s/\$givenName/$givenName/g;
+    $l =~ s/\$sn/$sn/g;
+    $l =~ s/\$cn/$cn/g;
+    $l =~ s/\$phone/$phone/g;
+    $l =~ s/\$departmentNumber/$departmentNumber/g;
+    $l =~ s/\$employeeNumber/$employeeNumber/g;
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/format.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/format.cgi
new file mode 100755
index 000000000..7b370f555
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/format.cgi
@@ -0,0 +1,207 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+require "./cfg.pl";
+
+use CGI;
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $host = get_host();
+my $port = get_port();
+my $secure_port = get_secure_port();
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GeneratePage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GeneratePage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< format.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/formatso.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/formatso.cgi
new file mode 100755
index 000000000..343d33830
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/formatso.cgi
@@ -0,0 +1,207 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+require "./cfg.pl";
+
+use CGI;
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $host = get_host();
+my $port = get_port();
+my $secure_port = get_secure_port();
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GeneratePage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GeneratePage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< formatso.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/index.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/index.cgi
new file mode 100755
index 000000000..43a31e8d5
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/index.cgi
@@ -0,0 +1,42 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+print "Content-type: text/xml\n\n";
+print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>";
+print "<ServiceInfo>";
+print "<IssuerName>";
+print "Fedora Project";   # Vendor
+print "</IssuerName>\n";
+print "<Services>";
+print "<Operation>";
+print "https://water.sfbay.redhat.com:7889/nk_service";
+print "</Operation>";
+print "<UI>";
+print "https://water.sfbay.redhat.com:7889/cgi-bin/sow/search.cgi";
+print "</UI>";
+print "<EnrolledTokenBrowserURL>";
+print "</EnrolledTokenBrowserURL>";
+print "</Services>";
+print "</ServiceInfo>";
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/main.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/main.cgi
new file mode 100755
index 000000000..349ebe056
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/main.cgi
@@ -0,0 +1,69 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+require "./cfg.pl";
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+
+my $q = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $error = $q->param('error');
+
+  open(FILE, "< main.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/noaccess.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/noaccess.cgi
new file mode 100755
index 000000000..3c3dc6ba9
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/noaccess.cgi
@@ -0,0 +1,56 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+require "./cfg.pl";
+
+
+my $host = get_host();
+my $secure_port = get_secure_port();
+my $port = get_port();
+
+my $q = new CGI;
+
+sub DoPage
+{
+
+  my $error = $q->param('error');
+
+  open(FILE, "< noaccess.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      $l =~ s/\$host/$host/g;
+      $l =~ s/\$secure_port/$secure_port/g;
+      $l =~ s/\$port/$port/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/read.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/read.cgi
new file mode 100755
index 000000000..df226e009
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/read.cgi
@@ -0,0 +1,153 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+require "./cfg.pl";
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $ldapsearch = get_ldapsearch();
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  my $q = new CGI;
+
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $name = $q->param('name');
+  my $uid = $q->param('name_ID');
+
+  if ($name eq "") {
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=Name cannot be empty");
+    return;
+  }
+
+  my $tmpfile = "/tmp/read-$$.txt";
+  my $cmd = $ldapsearch . " " .
+            "-b \"" . $basedn . "\" " .
+            "-h \"" . $ldapHost . "\" " .
+            "-p \"" . $ldapPort ."\" " .
+            "-1 \"(cn=" . $name . ")\" > " . $tmpfile;
+  system($cmd);
+
+  open(F, "<$tmpfile");
+
+  my $givenName = "-";
+  my $cn = "-";
+  my $sn = "-";
+  $uid = "-";
+  my $mail = "-";
+  my $phone = "-";
+  my $photoLarge = ""; # photo (full size)
+  my $photoSmall = ""; # photo (thumb)
+  my $height = "";
+  my $weight = "";
+  my $eyecolor = "";
+
+  # get ldap values into internal varibles
+  while (<F>) {
+    if (/mail: (.*)/) {
+      $mail = $1;
+    } 
+    if (/uid: (.*)/) {
+      $uid = $1;
+    } 
+    if (/givenName: (.*)/) {
+      $givenName = $1;
+    } 
+    if (/sn: (.*)/) {
+      $sn = $1;
+    } 
+    if (/cn: (.*)/) {
+      $cn = $1;
+    } 
+    if (/telephoneNumber: (.*)/) {
+      $phone = $1;
+    } 
+    if (/photoLarge: (.*)/) {
+      $photoLarge = $1;
+    } 
+    if (/photoSmall: (.*)/) {
+      $photoSmall = $1;
+    } 
+    if (/height: (.*)/) {
+      $height = $1;
+    } 
+    if (/weight: (.*)/) {
+      $weight = $1;
+    } 
+    if (/eyeColor: (.*)/) {
+      $eyecolor = $1;
+    } 
+  }
+  close(F);
+
+  system("rm $tmpfile");
+
+  if ($uid eq "-") {
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found");
+    return;
+  }
+
+  open(FILE, "< read.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$mail/$mail/g;
+      $l =~ s/\$uid/$uid/g;
+      $l =~ s/\$givenName/$givenName/g;
+      $l =~ s/\$sn/$sn/g;
+      $l =~ s/\$cn/$cn/g;
+      $l =~ s/\$phone/$phone/g;
+      $l =~ s/\$photoLarge/$photoLarge/g;
+      $l =~ s/\$photoSmall/$photoSmall/g;
+      $l =~ s/\$height/$height/g;
+      $l =~ s/\$weight/$weight/g;
+      $l =~ s/\$eyecolor/$eyecolor/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/read_temp.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/read_temp.cgi
new file mode 100755
index 000000000..c22b8a760
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/read_temp.cgi
@@ -0,0 +1,153 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+require "./cfg.pl";
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $ldapsearch = get_ldapsearch();
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  my $q = new CGI;
+
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $name = $q->param('name');
+  my $uid = $q->param('name_ID');
+
+  if ($name eq "") {
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=Name cannot be empty");
+    return;
+  }
+
+  my $tmpfile = "/tmp/read-$$.txt";
+  my $cmd = $ldapsearch . " " .
+            "-b \"" . $basedn . "\" " .
+            "-h \"" . $ldapHost . "\" " .
+            "-p \"" . $ldapPort ."\" " .
+            "-1 \"(cn=" . $name . ")\" > " . $tmpfile;
+  system($cmd);
+
+  open(F, "<$tmpfile");
+
+  my $givenName = "-";
+  my $cn = "-";
+  my $sn = "-";
+  $uid = "-";
+  my $mail = "-";
+  my $phone = "-";
+  my $photoLarge = ""; # photo (full size)
+  my $photoSmall = ""; # photo (thumb)
+  my $height = "";
+  my $weight = "";
+  my $eyecolor = "";
+
+  # get ldap values into internal varibles
+  while (<F>) {
+    if (/mail: (.*)/) {
+      $mail = $1;
+    } 
+    if (/uid: (.*)/) {
+      $uid = $1;
+    } 
+    if (/givenName: (.*)/) {
+      $givenName = $1;
+    } 
+    if (/sn: (.*)/) {
+      $sn = $1;
+    } 
+    if (/cn: (.*)/) {
+      $cn = $1;
+    } 
+    if (/telephoneNumber: (.*)/) {
+      $phone = $1;
+    } 
+    if (/photoLarge: (.*)/) {
+      $photoLarge = $1;
+    } 
+    if (/photoSmall: (.*)/) {
+      $photoSmall = $1;
+    } 
+    if (/height: (.*)/) {
+      $height = $1;
+    } 
+    if (/weight: (.*)/) {
+      $weight = $1;
+    } 
+    if (/eyeColor: (.*)/) {
+      $eyecolor = $1;
+    } 
+  }
+  close(F);
+
+  system("rm $tmpfile");
+
+  if ($uid eq "-") {
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found");
+    return;
+  }
+
+  open(FILE, "< read_temp.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$mail/$mail/g;
+      $l =~ s/\$uid/$uid/g;
+      $l =~ s/\$givenName/$givenName/g;
+      $l =~ s/\$sn/$sn/g;
+      $l =~ s/\$cn/$cn/g;
+      $l =~ s/\$phone/$phone/g;
+      $l =~ s/\$photoLarge/$photoLarge/g;
+      $l =~ s/\$photoSmall/$photoSmall/g;
+      $l =~ s/\$height/$height/g;
+      $l =~ s/\$weight/$weight/g;
+      $l =~ s/\$eyecolor/$eyecolor/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/search.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/search.cgi
new file mode 100755
index 000000000..ece353199
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/search.cgi
@@ -0,0 +1,69 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+require "./cfg.pl";
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+
+my $q = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $error = $q->param('error');
+
+  open(FILE, "< search.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/search_temp.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/search_temp.cgi
new file mode 100755
index 000000000..9bfd1be0c
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/search_temp.cgi
@@ -0,0 +1,69 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+require "./cfg.pl";
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+
+my $q = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $error = $q->param('error');
+
+  open(FILE, "< search_temp.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/seturl.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/seturl.cgi
new file mode 100755
index 000000000..2718d710c
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/seturl.cgi
@@ -0,0 +1,207 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+require "./cfg.pl";
+
+use CGI;
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $host = get_host();
+my $port = get_port();
+my $secure_port = get_secure_port();
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GeneratePage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GeneratePage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< seturl.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/welcome.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/welcome.cgi
new file mode 100755
index 000000000..f2eed1de0
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/welcome.cgi
@@ -0,0 +1,56 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+require "./cfg.pl";
+
+
+my $host = get_host();
+my $secure_port = get_secure_port();
+my $port = get_port();
+
+my $q = new CGI;
+
+sub DoPage
+{
+
+  my $error = $q->param('error');
+
+  open(FILE, "< welcome.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      $l =~ s/\$host/$host/g;
+      $l =~ s/\$secure_port/$secure_port/g;
+      $l =~ s/\$port/$port/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/pki/base/tps/forms/esc/esc.cgi b/pki/base/tps/forms/esc/esc.cgi
new file mode 100755
index 000000000..70a93c0a0
--- /dev/null
+++ b/pki/base/tps/forms/esc/esc.cgi
@@ -0,0 +1,1239 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+use CGI;
+
+$gQuery = new CGI;
+
+$gQueryAction = "default";
+$gQueryOverrideAction = "default";
+
+@gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+$gQueryAction = $gQuery->param("action") if (defined $gQuery->param("action"));
+
+$gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+if ($gQueryOverrideAction ne "default") 
+{
+  $gQueryAction = $gQueryOverrideAction;
+}
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+if ($gQueryAction eq "default")
+{
+  GenerateAdminPage(); 
+  exit 0;
+}
+
+########################################################################
+#
+# We aren't doing any admin functions, before proceeding
+# on to user specific functions, make sure we have a screen name
+# and that they are subscribed to a service.
+#
+########################################################################
+
+#if (!HaveScreenName() || $gQueryAction eq "screennamepage")
+#{
+#  GenerateScreenNamePage($gQueryAction);
+#  exit 0;
+#}
+
+LoadUserDatabase("default");
+
+########################################################################
+#
+# Subscribe?
+#
+#   http://www.foo.com/esc.cgi?action=subscribe
+#
+########################################################################
+
+#if ($gQueryAction eq "subscribe")
+#{
+#  SaveSubscription();
+#  $nextAction = GetNextAction();
+#  $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&screenname=".GetScreenName();
+#  print $gQuery->redirect(-uri=>$redirectLocation);
+#  exit 0;
+#}
+
+#if (!IsSubscriber() || $gQueryAction eq "subscriptionpage")
+#{
+#  GenerateTOSPage($gQueryAction);
+#  exit 0;
+#}
+
+########################################################################
+#
+# Show our cookie management page?
+#
+#   http://www.foo.com/esc.cgi?action=cookiepage
+#
+########################################################################
+
+#if ($gQueryAction eq "cookiepage")
+#{
+#  GenerateCookiesPage(); 
+#  exit 0;
+#}
+
+########################################################################
+#
+# Clear cookies?
+#
+#   http://www.foo.com/esc.cgi?action=clearAllCookies
+#
+########################################################################
+
+#if ($gQueryAction eq "removeCookies")
+#{
+#  @expCookies = ();
+#  foreach $cookie (@gCookieNames)
+#  {
+#    if (defined $gQuery->param($cookie))
+#    {
+#      $expCookies[$cookieCnt++] = CreateExpiredCookie($cookie);
+#    }
+#  }
+#  $redirectLocation = $gQuery->url(-path_info=>1)."?action=cookiepage&screenname=".GetScreenName();
+#  print $gQuery->redirect(-uri=>$redirectLocation,
+#                          -cookie=>\@expCookies);
+#  exit 0;
+#}
+
+########################################################################
+#
+# Bind?
+#
+#
+########################################################################
+
+if ($gQueryAction eq "bind")
+{
+  UpdateBindingsForBind();
+  $nextAction = GetNextAction();
+
+  $nextAction = "bindpage" if ($nextAction eq $gQueryAction);
+
+  $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&prevaction=bind&screenname=".GetScreenName()."&keytype=".GetKeyType()."&keyid=".GetKeyID()."&keylabel=".GetKeyLabelArg();
+  print $gQuery->redirect(-uri=>$redirectLocation);
+  exit 0;
+}
+
+########################################################################
+#
+# Unbind?
+#
+#
+########################################################################
+
+if ($gQueryAction eq "unbind")
+{
+  UpdateBindingsForUnbind();
+
+  $nextAction = GetNextAction();
+
+  $nextAction = "bindpage" if ($nextAction eq $gQueryAction);
+
+  $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&prevaction=unbind&screenname=".GetScreenName()."&keytype=".GetKeyType()."&keyid=".GetKeyID()."&keylabel=".GetKeyLabelArg();
+  print $gQuery->redirect(-uri=>$redirectLocation);
+  exit 0;
+}
+
+########################################################################
+#
+# Label?
+#
+#
+########################################################################
+
+if ($gQueryAction eq "label")
+{
+  UpdateBindingsForLabel();
+
+  $nextAction = GetNextAction();
+
+  $nextAction = "bindpage" if ($nextAction eq $gQueryAction);
+
+  $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&screenname=".GetScreenName();
+  print $gQuery->redirect(-uri=>$redirectLocation);
+  exit 0;
+}
+
+########################################################################
+#
+# ScreenName?
+#
+#
+########################################################################
+
+#if ($gQueryAction eq "screenname")
+#{
+#  $nextAction = GetNextAction();
+#  $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&screenname=".GetScreenName();
+#  print $gQuery->redirect(-uri=>$redirectLocation);
+#  exit 0;
+#}
+
+########################################################################
+#
+# Check if we are displaying the label page.
+#
+#
+########################################################################
+
+if ($gQueryAction eq "labelpage")
+{
+  my $nextAction = GetNextAction();
+  $nextAction = "bindpage" if ($nextAction eq $gQueryAction);
+
+  my $keyType = GetKeyType();
+  my $keyId = GetKeyID();
+
+  GenerateLabelPage($keyType, $keyId, $nextAction);
+  exit 0;
+}
+
+########################################################################
+#
+# Show our enrollment page?
+#
+#   http://www.foo.com/esc.cgi?action=enrollmentpage
+#
+########################################################################
+
+if ($gQueryAction eq "enrollmentpage")
+{
+  GenerateEnrollmentPage(); 
+  exit 0;
+}
+
+if ($gQueryAction eq "advancepage")
+{
+  GenerateAdvancePage(); 
+  exit 0;
+}
+
+if ($gQueryAction eq "tokenmanagerpage")
+{
+  GenerateTokenManagerPage(); 
+  exit 0;
+}
+
+if($gQueryAction eq "authenticate")
+{
+
+   GenerateAuthenticationPage();
+   exit 0;
+}
+ 
+if ($gQueryAction eq "autoenroll")
+{
+  GenerateAutoEnrollmentPage(); 
+  exit 0;
+}
+
+########################################################################
+#
+# Show our ticket request page?
+#
+#
+########################################################################
+
+if ($gQueryAction eq "ticketreqpage")
+{
+  GenerateTicketRequestPage(); 
+  exit 0;
+}
+
+########################################################################
+#
+# Show our load external url page?
+#
+#   http://www.foo.com/esc.cgi?action=loadurlpage
+#
+########################################################################
+
+
+if ($gQueryAction eq "loadurl")
+{
+  $nextAction = GetNextAction();
+  $redirectLocation = $gQuery->param('url');
+  print $gQuery->redirect(-uri=>$redirectLocation);
+  exit 0;
+}
+
+if ($gQueryAction eq "loadurlpage")
+{
+  GenerateLoadURLPage(); 
+  exit 0;
+}
+
+########################################################################
+#
+# User is subscribed, check if we are displaying the
+# settings page.
+#
+#
+########################################################################
+
+if ($gQueryAction eq "settingspage")
+{
+  GenerateSettingsPage();
+  exit 0;
+}
+
+########################################################################
+#
+# Check if we are displaying the set label page.
+#
+#
+########################################################################
+
+if ($gQueryAction eq "setlabelpage")
+{
+  GenerateSetLabelPage();
+  exit 0;
+}
+
+########################################################################
+#
+# Check if we are displaying the bind/unbind progress page!
+#
+#
+########################################################################
+
+if ($gQueryAction eq "bindprogresspage")
+{
+  GenerateBindProgressPage("bind");
+  exit 0;
+}
+
+if ($gQueryAction eq "unbindprogresspage")
+{
+  GenerateBindProgressPage("unbind");
+  exit 0;
+}
+
+########################################################################
+#
+# Check if we are displaying the bind/unbind success page!
+#
+#
+########################################################################
+
+if ($gQueryAction eq "bindsuccesspage")
+{
+  GenerateBindSuccessPage("bind");
+  exit 0;
+}
+
+if ($gQueryAction eq "unbindsuccesspage")
+{
+  GenerateBindSuccessPage("unbind");
+  exit 0;
+}
+
+########################################################################
+#
+# XXX: Lose this code!
+# User is subscribed, check if we are displaying the
+# binding page.
+#
+#
+########################################################################
+
+if ($gQueryAction eq "bindpage")
+{
+  GenerateBindingConfigPage();
+  exit 0;
+}
+
+print "<html><body><H1> Unknown Query Action ";
+print $qQueryAction;
+print "</H1></body></html>";
+exit 0;
+
+########################################################################
+#
+#
+########################################################################
+
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateAdminPage()
+{
+  my ($l);
+
+  ExitError("Failed to load Admin Page") if (!open(ADMIN_FILE, "< ./AdminEsc.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ADMIN_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+    }
+    print $l;
+  }
+  close(ADMIN_FILE);
+}
+
+sub GenerateCookiesPage()
+{
+  my ($nextPage) = @_;
+
+  my ($l);
+
+  ExitError("Failed to load TOS Page") if (!open(COOKIE_FILE, "< Cookies.html"));
+
+  print $gQuery->header();
+
+  while ($l = <COOKIE_FILE>)
+  {
+    if ($l =~ /SECURECOOL_COOKIE_LIST/)
+    {
+      my @cookies = $gQuery->cookie();
+      if (@cookies < 1)
+      {
+        print "No ASC Cookies currently defined!<br>\n";
+      }
+      else
+      {
+        my $cookieName;
+        foreach $cookieName (@cookies)
+        {
+          #
+          # Display only ASC related cookies!
+          #
+
+          if ($cookieName =~ /^asc/)
+          {
+            print "<tr><td valign=\"center\" align=\"center\"><input type=\"checkbox\" name=\"$cookieName\"></td><td>$cookieName</td><td>", $gQuery->cookie($cookieName), "</td></tr>\n";
+          }
+        }
+        print "<br>\n";
+      }
+    }
+    elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+  close(COOKIE_FILE);
+}
+
+sub GenerateScreenNamePage
+{
+  my ($nextPage) = @_;
+
+  my ($l);
+
+  ExitError("Failed to load ScreenName Page") if (!open(SN_FILE, "< ScreenName.html"));
+
+  print $gQuery->header();
+
+  my $sn = GetScreenName();
+
+  while ($l = <SN_FILE>)
+  {
+    if ($l =~ /SECURECOOL_NEXTACTION_INPUT_TAG/)
+    {
+      if ($nextPage)
+      {
+        print "<input type=\"hidden\" name=\"nextaction\" value=\"$nextPage\">\n";
+        print "<input type=\"hidden\" name=\"screenname\" value=\"$sn\">\n";
+      }
+
+      if ($sn)
+      {
+        print "<script>document.getElementById('screenname').value = \"$sn\"</script>\n";
+      }
+    }
+    elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+  close(SN_FILE);
+}
+
+sub GenerateTOSPage
+{
+  my ($nextPage) = @_;
+
+  my ($l);
+
+  ExitError("Failed to load TOS Page") if (!open(TOS_FILE, "< Subscribe.html"));
+
+  print $gQuery->header();
+
+  while ($l = <TOS_FILE>)
+  {
+    if ($l =~ /SECURECOOL_NEXTACTION_INPUT_TAG/)
+    {
+      if ($nextPage)
+      {
+        print "<input type=\"hidden\" name=\"nextaction\" value=\"$nextPage\">\n";
+        print "<input type=\"hidden\" name=\"screenname\" value=\"". GetScreenName() ."\">\n";
+      }
+    }
+    elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+  close(TOS_FILE);
+}
+
+sub GenerateSettingsPage
+{
+  my ($l);
+
+  ExitError("Failed to load settings page!") if (!open(SETTINGS_FILE, "< SettingsEsc.html"));
+
+  print $gQuery->header();
+
+  while ($l = <SETTINGS_FILE>)
+  {
+    if ($l =~ /SECURECOOL_BINDINGS_ARRAY/)
+    {
+      my(@curBindings) = GetBindings();
+      my $arrSize = scalar(@curBindings);
+      my($i);
+
+      for ($i = 0; $i < $arrSize; $i++)
+      {
+        my($keyType, $keyId, $keyLabel) = split(/&/, $curBindings[$i]);
+        print "  [ $keyType, \"$keyId\", \"$keyLabel\" ]";
+        print "," if ($arrSize > 1 && $i != $arrSize - 1);
+        print "\n";
+      }
+    }
+    elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+  close(SETTINGS_FILE);
+}
+
+sub GenerateSetLabelPage
+{
+  my ($l);
+
+  ExitError("Failed to open label page!") if (!open(LABEL_PAGE, "< Label.html"));
+
+  my $sn = GetScreenName();
+  ExitError("Failed to get a valid screen name!") if (! $sn);
+
+  my $keyType = GetKeyType();
+  my $keyID = GetKeyID();
+  ExitError("Failed to get a valid keyID!") if (! $keyID);
+
+  $defLabel = $keyID;
+  $defLabel =~ s/^[0-9a-fA-F]{12}//;
+  $defLabel = "$sn-$defLabel";
+
+  print $gQuery->header();
+
+  while ($l = <LABEL_PAGE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYTYPE *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYTYPE *-->/$keyType/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYID *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYID *-->/$keyID/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYLABEL *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYLABEL *-->/$defLabel/g;
+    }
+    print $l;
+  }
+  close(LABEL_FILE);
+}
+
+sub GenerateBindProgressPage
+{
+  my ($action) = @_;
+  my ($l);
+
+  ExitError("Failed to open progress page!") if (!open(PROG_PAGE, "< Progress.html"));
+
+  my $sn = GetScreenName();
+  ExitError("Failed to get a valid screen name!") if (! $sn);
+
+  my $keyType = GetKeyType();
+  my $keyID = GetKeyID();
+  ExitError("Failed to get a valid keyID!") if (! $keyID);
+
+  my $keyLabel = "";
+
+  if ($action eq "bind")
+  {
+    $keyLabel = GetKeyLabelArg();
+    ExitError("Failed to get a valid keyLabel!") if (! $keyLabel);
+  }
+
+  print $gQuery->header();
+
+  while ($l = <PROG_PAGE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYTYPE *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYTYPE *-->/$keyType/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYID *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYID *-->/$keyID/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYLABEL *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYLABEL *-->/$keyLabel/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_ACTION *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_ACTION *-->/$action/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_CHALLENGEDATA *-->/)
+    {
+      $challengeData = "";
+      $challengeData = "QVNDIHJvY2tzIHRoZSBwYXJ0eSE=" if ($action eq "bind");
+
+      $l =~ s/<!-- *SECURECOOL_CHALLENGEDATA *-->/$challengeData/g;
+    }
+    print $l;
+  }
+  close(PROG_PAGE);
+}
+
+sub GenerateBindSuccessPage
+{
+  my ($action) = @_;
+  my ($l);
+
+  ExitError("Failed to open progress page!") if (!open(SUCCESS_PAGE, "< BindSuccess.html"));
+
+  my $sn = GetScreenName();
+  ExitError("Failed to get a valid screen name!") if (! $sn);
+
+  my $keyType = GetKeyType();
+  my $keyID = GetKeyID();
+  ExitError("Failed to get a valid keyID!") if (! $keyID);
+
+  my $keyLabel = "";
+  
+  if ($action eq "bind")
+  {
+    $keyLabel = GetKeyLabelArg();
+    ExitError("Failed to get a valid keyLabel!") if (! $keyLabel);
+  }
+
+  print $gQuery->header();
+
+  while ($l = <SUCCESS_PAGE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYTYPE *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYTYPE *-->/$keyType/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYID *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYID *-->/$keyID/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYLABEL *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYLABEL *-->/$keyLabel/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_ACTION *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_ACTION *-->/$action/g;
+    }
+    print $l;
+  }
+  close(SUCCESS_PAGE);
+}
+
+sub GenerateBindingConfigPage
+{
+  my ($l);
+
+  ExitError("Failed to load binding page!") if (!open(BINDING_FILE, "< Bindings.html"));
+
+  print $gQuery->header();
+
+  while ($l = <BINDING_FILE>)
+  {
+    if ($l =~ /SECURECOOL_BINDINGS_ARRAY/)
+    {
+      my(@curBindings) = GetBindings();
+      my $arrSize = scalar(@curBindings);
+      my($i);
+
+      for ($i = 0; $i < $arrSize; $i++)
+      {
+        my($keyType, $keyId, $keyLabel) = split(/&/, $curBindings[$i]);
+        print "  [ $keyType, \"$keyId\", \"$keyLabel\" ]";
+        print "," if ($arrSize > 1 && $i != $arrSize - 1);
+        print "\n";
+      }
+    }
+    elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+  close(BINDING_FILE);
+}
+
+sub GetKeyLabel
+{
+  my($keyType, $keyId) = @_;
+
+  my(@curBindings) = GetBindings();
+  my($numBindings) = scalar(@curBindings);
+
+  while($numBindings > 0)
+  {
+    --$numBindings;
+    if ($curBindings[$numBindings] =~ /^$keyType&$keyId&/)
+    {
+      my($ktype, $id, $lbl) = split(/&/, $curBindings[$numBindings]);
+      return $lbl;
+    }
+  }
+
+  return "";
+}
+
+sub GenerateLabelPage
+{
+  my($keyType, $keyId, $nextAction) = @_;
+  my($keyLabel) = GetKeyLabel($keyType, $keyId);
+
+  return if ($keyLabel eq "");
+
+  my ($l);
+
+  ExitError("Failed to load label page!") if (!open(EDIT_LABEL_FILE, "< EditLabel.html"));
+
+  print $gQuery->header();
+
+  while ($l = <EDIT_LABEL_FILE>)
+  {
+    if ($l =~ /SECURECOOL_NEXTACTION_INPUT_TAG/)
+    {
+      print "<input type=\"hidden\" name=\"nextaction\" value=\"$nextAction\">\n";
+      print "<input type=\"hidden\" name=\"keytype\" value=\"$keyType\">\n";
+      print "<input type=\"hidden\" name=\"keyid\" value=\"$keyId\">\n";
+      print "<input type=\"hidden\" name=\"keylabel\" value=\"$keyLabel\">\n";
+      print "<input type=\"hidden\" name=\"screenname\" value=\"".GetScreenName()."\">\n";
+    }
+    elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+  close(EDIT_LABEL_FILE);
+}
+
+sub GenerateAutoEnrollmentPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< EnrollPopup.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+sub GenerateAuthenticationPage
+{
+  my ($l); 
+  ExitError("Failed to load enrollment page!") if (!open(AUTH_FILE, "< GenericAuth.html"));
+
+  print $gQuery->header();
+
+  while ($l = <AUTH_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(AUTH_FILE);
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< EnrollPopup.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(ENROLL_FILE);
+}
+
+sub GenerateAdvancePage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< AdvancePopup.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(ENROLL_FILE);
+}
+
+sub GenerateTokenManagerPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< TokenManager.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(ENROLL_FILE);
+}
+
+sub GenerateTicketRequestPage
+{
+  my ($l);
+
+  ExitError("Failed to load ticket request page!") if (!open(TICKETREQ_FILE, "< Ticket.html"));
+
+  print $gQuery->header();
+
+  while ($l = <TICKETREQ_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(TICKETREQ_FILE);
+}
+
+sub GenerateLoadURLPage
+{
+  my ($l);
+
+  ExitError("Failed to load url request page!") if (!open(LOADURL_FILE, "< LoadURL.html"));
+
+  print $gQuery->header();
+
+  while ($l = <LOADURL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(LOADURL_FILE);
+}
+
+sub CreateExpiredCookie
+{
+  my($cookieName) = @_;
+  my $cookie = $gQuery->cookie(-name=>$cookieName,
+                               -value=>'',
+                               -expires=>'-2d',
+                               -path=>$gQuery->url(-absolute=>1),
+                               -domain=>$gQuery->server_name());
+  return $cookie;
+
+}
+
+sub SaveSubscription
+{
+  
+  $gUserObj{'SUBSCRIPTION'} = $gQuery->param("subscriptiontype");
+  SaveUserDatabase(GetScreenName());
+}
+
+sub GetBindings
+{
+  my $bindings = $gUserObj{'BINDINGS'};
+  return @$bindings;
+}
+
+sub BindingsArrayToString
+{
+  my(@bindings) = @_;
+  my $i;
+  my $str = "";
+
+  for ($i = 0; $i < @bindings; $i++)
+  {
+    if ($bindings[$i] ne "")
+    {
+      $str .= "&" if ($str ne "");
+      $str .= ASCUrlEncode($bindings[$i]);
+    }
+  }
+
+  return $str;
+}
+
+sub AddItemToBindings
+{
+  my($keyType, $keyId, $keyLabel) = @_;
+
+  my(@curBindings) = GetBindings();
+  my($pos) = scalar(@curBindings);
+
+  # First check to see if the key already  exists in
+  # the  cookie! If it does, we'll just overwrite it.
+
+  my($i) = $pos;
+  while($i > 0)
+  {
+    --$i;
+    if ($curBindings[$i] =~ /^$keyType&$keyId&/)
+    {
+      $pos = $i;
+      last;
+    }
+  }
+
+  $curBindings[$pos] = "$keyType&$keyId&$keyLabel";
+
+  $gUserObj{'BINDINGS'} = \@curBindings;
+  #SaveUserDatabase(GetScreenName());
+}
+
+sub RemoveItemFromBindings
+{
+  my($keyType, $keyId) = @_;
+
+  my(@curBindings) = GetBindings();
+  my($numBindings) = scalar(@curBindings);
+  my @newBindings;
+
+  while($numBindings > 0)
+  {
+    --$numBindings;
+    next if ($curBindings[$numBindings] =~ /^$keyType&$keyId&/);
+    push @newBindings, $curBindings[$numBindings];
+  }
+
+  $gUserObj{'BINDINGS'} = \@newBindings;
+  #SaveUserDatabase(GetScreenName());
+}
+
+sub UpdateBindingsForBind
+{
+  return if (! defined $gQuery->param("keytype"));
+  my($keyType) = $gQuery->param("keytype");
+
+  return if (! defined $gQuery->param("keyid"));
+  my($keyId) = $gQuery->param("keyid");
+
+  return if (! defined $gQuery->param("keylabel"));
+  my($keyLabel) = $gQuery->param("keylabel");
+
+  return AddItemToBindings($keyType, $keyId, $keyLabel);
+}
+
+sub UpdateBindingsForUnbind
+{
+  return if (! defined $gQuery->param("keytype"));
+  my($keyType) = $gQuery->param("keytype");
+
+  return if (! defined $gQuery->param("keyid"));
+  my($keyId) = $gQuery->param("keyid");
+
+  return RemoveItemFromBindings($keyType, $keyId,);
+}
+
+sub UpdateBindingsForLabel
+{
+  return UpdateBindingsForBind();
+}
+
+sub ASCUrlDecode
+{
+  my($qstr) = @_;
+  $qstr =~ s/\+/ /g;
+  $qstr =~ s/%([0-9A-F]{2})/pack("C", hex($1))/eig;
+  return $qstr;
+}
+
+sub ASCUrlEncode
+{
+  my($qstr) = @_;
+  $qstr =~ s/([^a-zA-Z0-9_ ])/sprintf("%%%.2X", unpack("C", $1))/eig;
+  $qstr =~ s/ /+/g;
+  return $qstr;
+}
+
+sub LoadUserDatabase
+{
+  my($sn) = @_; 
+
+  $gUserObj{'SUBSCRIPTION'}  = "";
+
+  $gUserObj{'BINDINGS'} = "";
+  return;
+
+}
+
+sub SaveUserDatabase
+{
+  my($sn) = @_;
+  my($snfile) = "UserDatabase/$sn";
+
+  return;
+
+}
diff --git a/pki/base/tps/forms/esc/home.cgi b/pki/base/tps/forms/esc/home.cgi
new file mode 100755
index 000000000..5fdf5ecf8
--- /dev/null
+++ b/pki/base/tps/forms/esc/home.cgi
@@ -0,0 +1,40 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+print "Content-type: text/xml\n\n";
+print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>";
+print "<ServiceInfo>";
+print "<IssuerName>";
+print "Fedora Project";   # Vendor
+print "</IssuerName>\n";
+print "<Services>";
+print "<Operation>";
+print "http://machine.fedora.redhat.com:7888/nk_service";
+print "</Operation>";
+print "<UI>";
+print "http://machine.fedora.redhat.com:7888/cgi-bin/esc.cgi";
+print "</UI>";
+print "</Services>";
+print "</ServiceInfo>";
diff --git a/pki/base/tps/forms/index.html b/pki/base/tps/forms/index.html
new file mode 100644
index 000000000..ba31afd8c
--- /dev/null
+++ b/pki/base/tps/forms/index.html
@@ -0,0 +1,22 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation;
+     version 2.1 of the License.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<META HTTP-EQUIV="Refresh" CONTENT="0; URL=/tus">
+</html>
diff --git a/pki/base/tps/install-sh b/pki/base/tps/install-sh
new file mode 100755
index 000000000..4d4a9519e
--- /dev/null
+++ b/pki/base/tps/install-sh
@@ -0,0 +1,323 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2005-05-14.22
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.  It can only install one file at a time, a restriction
+# shared with many OS's install programs.
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit="${DOITPROG-}"
+
+# put in absolute paths if you don't have them in your path; or use env. vars.
+
+mvprog="${MVPROG-mv}"
+cpprog="${CPPROG-cp}"
+chmodprog="${CHMODPROG-chmod}"
+chownprog="${CHOWNPROG-chown}"
+chgrpprog="${CHGRPPROG-chgrp}"
+stripprog="${STRIPPROG-strip}"
+rmprog="${RMPROG-rm}"
+mkdirprog="${MKDIRPROG-mkdir}"
+
+chmodcmd="$chmodprog 0755"
+chowncmd=
+chgrpcmd=
+stripcmd=
+rmcmd="$rmprog -f"
+mvcmd="$mvprog"
+src=
+dst=
+dir_arg=
+dstarg=
+no_target_directory=
+
+usage="Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+-c         (ignored)
+-d         create directories instead of installing files.
+-g GROUP   $chgrpprog installed files to GROUP.
+-m MODE    $chmodprog installed files to MODE.
+-o USER    $chownprog installed files to USER.
+-s         $stripprog installed files.
+-t DIRECTORY  install into DIRECTORY.
+-T         report an error if DSTFILE is a directory.
+--help     display this help and exit.
+--version  display version info and exit.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG
+"
+
+while test -n "$1"; do
+  case $1 in
+    -c) shift
+        continue;;
+
+    -d) dir_arg=true
+        shift
+        continue;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+        shift
+        shift
+        continue;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) chmodcmd="$chmodprog $2"
+        shift
+        shift
+        continue;;
+
+    -o) chowncmd="$chownprog $2"
+        shift
+        shift
+        continue;;
+
+    -s) stripcmd=$stripprog
+        shift
+        continue;;
+
+    -t) dstarg=$2
+	shift
+	shift
+	continue;;
+
+    -T) no_target_directory=true
+	shift
+	continue;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    *)  # When -d is used, all remaining arguments are directories to create.
+	# When -t is used, the destination is already specified.
+	test -n "$dir_arg$dstarg" && break
+        # Otherwise, the last argument is the destination.  Remove it from $@.
+	for arg
+	do
+          if test -n "$dstarg"; then
+	    # $@ is not empty: it contains at least $arg.
+	    set fnord "$@" "$dstarg"
+	    shift # fnord
+	  fi
+	  shift # arg
+	  dstarg=$arg
+	done
+	break;;
+  esac
+done
+
+if test -z "$1"; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+for src
+do
+  # Protect names starting with `-'.
+  case $src in
+    -*) src=./$src ;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    src=
+
+    if test -d "$dst"; then
+      mkdircmd=:
+      chmodcmd=
+    else
+      mkdircmd=$mkdirprog
+    fi
+  else
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dstarg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+
+    dst=$dstarg
+    # Protect names starting with `-'.
+    case $dst in
+      -*) dst=./$dst ;;
+    esac
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dstarg: Is a directory" >&2
+	exit 1
+      fi
+      dst=$dst/`basename "$src"`
+    fi
+  fi
+
+  # This sed command emulates the dirname command.
+  dstdir=`echo "$dst" | sed -e 's,/*$,,;s,[^/]*$,,;s,/*$,,;s,^$,.,'`
+
+  # Make sure that the destination directory exists.
+
+  # Skip lots of stat calls in the usual case.
+  if test ! -d "$dstdir"; then
+    defaultIFS='
+	 '
+    IFS="${IFS-$defaultIFS}"
+
+    oIFS=$IFS
+    # Some sh's can't handle IFS=/ for some reason.
+    IFS='%'
+    set x `echo "$dstdir" | sed -e 's@/@%@g' -e 's@^%@/@'`
+    shift
+    IFS=$oIFS
+
+    pathcomp=
+
+    while test $# -ne 0 ; do
+      pathcomp=$pathcomp$1
+      shift
+      if test ! -d "$pathcomp"; then
+        $mkdirprog "$pathcomp"
+	# mkdir can fail with a `File exist' error in case several
+	# install-sh are creating the directory concurrently.  This
+	# is OK.
+	test -d "$pathcomp" || exit
+      fi
+      pathcomp=$pathcomp/
+    done
+  fi
+
+  if test -n "$dir_arg"; then
+    $doit $mkdircmd "$dst" \
+      && { test -z "$chowncmd" || $doit $chowncmd "$dst"; } \
+      && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } \
+      && { test -z "$stripcmd" || $doit $stripcmd "$dst"; } \
+      && { test -z "$chmodcmd" || $doit $chmodcmd "$dst"; }
+
+  else
+    dstfile=`basename "$dst"`
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+    trap '(exit $?); exit' 1 2 13 15
+
+    # Copy the file name to the temp name.
+    $doit $cpprog "$src" "$dsttmp" &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } \
+      && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } \
+      && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } \
+      && { test -z "$chmodcmd" || $doit $chmodcmd "$dsttmp"; } &&
+
+    # Now rename the file to the real destination.
+    { $doit $mvcmd -f "$dsttmp" "$dstdir/$dstfile" 2>/dev/null \
+      || {
+	   # The rename failed, perhaps because mv can't rename something else
+	   # to itself, or perhaps because mv is so ancient that it does not
+	   # support -f.
+
+	   # Now remove or move aside any old file at destination location.
+	   # We try this two ways since rm can't unlink itself on some
+	   # systems and the destination file might be busy for other
+	   # reasons.  In this case, the final cleanup might fail but the new
+	   # file should still install successfully.
+	   {
+	     if test -f "$dstdir/$dstfile"; then
+	       $doit $rmcmd -f "$dstdir/$dstfile" 2>/dev/null \
+	       || $doit $mvcmd -f "$dstdir/$dstfile" "$rmtmp" 2>/dev/null \
+	       || {
+		 echo "$0: cannot unlink or rename $dstdir/$dstfile" >&2
+		 (exit 1); exit 1
+	       }
+	     else
+	       :
+	     fi
+	   } &&
+
+	   # Now rename the file to the real destination.
+	   $doit $mvcmd "$dsttmp" "$dstdir/$dstfile"
+	 }
+    }
+  fi || { (exit 1); exit 1; }
+done
+
+# The final little trick to "correctly" pass the exit status to the exit trap.
+{
+  (exit 0); exit 0
+}
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/pki/base/tps/lib/perl/PKI/TPS/AdminAuthPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/AdminAuthPanel.pm
new file mode 100755
index 000000000..f25da642b
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/AdminAuthPanel.pm
@@ -0,0 +1,85 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::AdminAuthPanel;
+$PKI::TPS::AdminAuthPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(8);
+    $self->{"getName"} = &PKI::TPS::Common::r("Admin Authentication");
+    $self->{"vmfile"} = "adminauthenticatepanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AdminAuthPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AdminAuthPanel: update");
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AdminAuthPanel: display");
+    return 1;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/AdminPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/AdminPanel.pm
new file mode 100755
index 000000000..5c03ddac4
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/AdminPanel.pm
@@ -0,0 +1,216 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use URI::URL;
+use URI::Escape;
+
+package PKI::TPS::AdminPanel;
+$PKI::TPS::AdminPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(14);
+    $self->{"getName"} = &PKI::TPS::Common::r("Administrator");
+    $self->{"vmfile"} = "adminpanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AdminPanel: validate");
+    return 1;
+}
+
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AdminPanel: update");
+
+    my $uid = $q->param("uid");
+    my $name = $q->param("name");
+    my $email = $q->param("email");
+    my $password = $q->param("__pwd");
+    my $password_again = $q->param("__admin_password_again");
+
+    my $cert_request = $q->param("cert_request");
+    my $subject = $q->param("subject");
+    my $profile_id = $q->param("profileId");
+    my $cert_request_type = $q->param("cert_request_type");
+
+    $cert_request =~ s/%0D%0A//g; # remove carraige return
+
+    # submit request to CA
+#    my $cainfo = $::config->get("preop.cainfo.select");
+
+    # Admin Certificate should be obtained from the ca selected in the 
+    # name panel. If name panel use External CA, the admin certificate
+    # will be issued by the security domain CA.
+    my $cainfo = $::config->get("preop.ca.url");
+    &PKI::TPS::Wizard::debug_log("AdminPanel: preop.ca.url=$cainfo");
+    if ($cainfo eq "" || $cainfo =~ /:$/) {
+      $cainfo = $::config->get("config.sdomainURL");
+      &PKI::TPS::Wizard::debug_log("AdminPanel: config.sdomainURL=$cainfo");
+    }
+    &PKI::TPS::Wizard::debug_log("AdminPanel: Connecting to CA: $cainfo");
+    my $cainfo_url = new URI::URL($cainfo);
+    my $sdom = $::config->get("config.sdomainURL");
+    my $sdom_url = new URI::URL($sdom);
+
+    my $machineName = $::config->get("service.machineName");
+    my $securePort = $::config->get("service.securePort");
+    my $session_id = $::config->get("preop.sessionID");
+
+    my $tokenname = $::config->get("preop.module.token");
+    my $token_pwd = $::pwdconf->get($tokenname);
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    my $instanceID = $::config->get("service.instanceID");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+
+    my $requestor_name = "TPS-" . $machineName . "-" . $securePort;
+
+    my $params = "profileId=" . $profile_id . "&" .
+                  "requestor_name=" . $requestor_name . "&" .
+                  "cert_request_type=" . $cert_request_type . "&" .
+                  "subject=" . $subject . "&" .
+                  "cert_request=" . 
+                      URI::Escape::uri_escape("$cert_request") . "&" .
+                  "xmlOutput=true" . "&" .
+                  "sessionID=" . $session_id .  "&" .
+                  "auth_hostname=" . $sdom_url->host . "&" .
+                  "auth_port=" . $sdom_url->port;
+
+    my $host = $cainfo_url->host;
+    my $port = $cainfo_url->port;
+    my $content = "";
+    my $tmpfile = "/tmp/admin-$$";
+    if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port > $tmpfile");
+        $content = `cat $tmpfile`;
+    } else {
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port > $tmpfile");
+        $content = `cat $tmpfile`;
+    }
+    system("rm $tmpfile");
+    &PKI::TPS::Wizard::debug_log("req = " . $content);
+
+    $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+    $content = $1;
+
+    # create user in internal database
+    &PKI::TPS::Wizard::debug_log("AdminPanel: Creating user in internal database");
+    # use scripts/addAgents.ldif
+
+    my $parser = XML::Simple->new();
+    my $response = $parser->XMLin($content);
+    my $admincert = $response->{Requests}->{Request}->{b64};
+    &PKI::TPS::Wizard::debug_log("AdminPanel: admincert " . $admincert);
+
+    $host = $::config->get("preop.database.host");
+    $port = $::config->get("preop.database.port");
+    my $basedn = $::config->get("preop.database.basedn");
+    my $binddn = $::config->get("preop.database.binddn");
+#    my $bindpwd = $::config->get("tokendb.bindPass");
+    my $bindpwd = `grep \"tokendbBindPass:\" \"$instanceDir/conf/password.conf\" | cut -c17-`;
+    $bindpwd =~ s/\n$//g;
+
+    my $tmp = "/tmp/addAgents-$$.ldif";
+
+    my $flavor = `pkiflavor`;
+    $flavor =~ s/\n//g;
+
+    my $mozldap_path = "/usr/lib/mozldap";
+    my $arch = `pkiarch`;
+    $arch =~ s/\n//g;
+    if ($arch eq "x86_64") {
+      $mozldap_path = "/usr/lib64/mozldap";
+    } elsif ($arch eq "sparcv9") {
+      $mozldap_path = "/usr/lib/sparcv9/mozldap6";
+    }
+
+    $admincert =~ s/\//\\\//g;
+    system("sed -e 's/\$TOKENDB_ROOT/$basedn/' " .
+              "-e 's/\$TOKENDB_AGENT_PWD/$password/' " .
+              "-e 's/\$TOKENDB_AGENT_CERT/$admincert/' " .
+              "/usr/share/$flavor/tps/scripts/addAgents.ldif > $tmp");
+    system("$mozldap_path/ldapmodify -h '$host' -p '$port' -D '$binddn' " .
+              "-w '$bindpwd' -a " .
+              "-f '$tmp'");
+    system("rm $tmp");
+
+    my $reqid = $response->{Requests}->{Request}->{Id};
+    $::config->put("preop.admincert.requestId.0", $reqid);
+    my $sn = $response->{Requests}->{Request}->{serialno};
+    $::config->put("preop.admincert.serialno.0", $sn);
+    $::config->commit();
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AdminPanel: display");
+    $::symbol{admin_uid} = "admin";
+    $::symbol{admin_name} = "TPS Administrator";
+    $::symbol{admin_email} = "";
+    $::symbol{admin_pwd} = "";
+    $::symbol{admin_pwd_again} = "";
+    $::symbol{import} = "true";
+    my $domain_name = $::config->get("preop.securitydomain.name");
+    $::symbol{securityDomain} = $domain_name;
+
+    return 1;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/AgentAuthPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/AgentAuthPanel.pm
new file mode 100755
index 000000000..422dcf9bc
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/AgentAuthPanel.pm
@@ -0,0 +1,85 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::AgentAuthPanel;
+$PKI::TPS::AgentAuthPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(7);
+    $self->{"getName"} = &PKI::TPS::Common::r("Agent Authentication");
+    $self->{"vmfile"} = "agentauthenticatepanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AgentAuthPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AgentAuthPanel: update");
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AgentAuthPanel: display");
+    return 1;
+}
+
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/AuthDBPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/AuthDBPanel.pm
new file mode 100755
index 000000000..36a64f3ed
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/AuthDBPanel.pm
@@ -0,0 +1,158 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::AuthDBPanel;
+$PKI::TPS::AuthDBPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(7);
+    $self->{"getName"} = &PKI::TPS::Common::r("Authentication Directory");
+    $self->{"vmfile"} = "authdbpanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AuthDBPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AuthDBPanel: update");
+
+    my $host = $q->param('host');
+    my $port = $q->param('port');
+    my $basedn = $q->param('basedn');
+
+    &PKI::TPS::Wizard::debug_log("AuthDBPanel: host=" . $host);
+    &PKI::TPS::Wizard::debug_log("AuthDBPanel: port=" . $port);
+    &PKI::TPS::Wizard::debug_log("AuthDBPanel: basedn=" . $basedn);
+
+    if (!($port =~ /^[0-9]+$/)) {
+      &PKI::TPS::Wizard::debug_log("AuthDBPanel: bad port " . $port);
+      $::symbol{errorString} = "Bad Port";
+      return 0;
+    }
+
+    # try to do a ldapsearch
+    my $tmp = "/tmp/file$$";
+    my $mozldap_path = "/usr/lib/mozldap";
+    my $arch = `pkiarch`;
+    $arch =~ s/\n//g;
+    if ($arch eq "x86_64") {
+      $mozldap_path = "/usr/lib64/mozldap";
+    } elsif ($arch eq "sparcv9") {
+      $mozldap_path = "/usr/lib/sparcv9/mozldap6";
+    }
+    &PKI::TPS::Wizard::debug_log("AuthDBPanel: invoking $mozldap_path/ldapsearch");
+    my $status = system("$mozldap_path/ldapsearch -h '$host' " .
+                     "-p '$port' -b '$basedn' -s base 'objectclass=*' > $tmp 2>&1");
+    if ($status eq "0") {
+     &PKI::TPS::Wizard::debug_log("AuthDBPanel: auth database looks ok");
+    } else {
+      my $reason = `cat $tmp`;
+      &PKI::TPS::Wizard::debug_log("AuthDBPanel: failed to connect " . $reason);
+      $::symbol{errorString} = "Failed to Connect";
+      return 0;
+    }
+    system("rm $tmp");
+
+    # save values to CS.cfg
+    $::config->put("auth.instance.0.baseDN", $basedn);
+    $::config->put("auth.instance.0.hostport", $host . ":" . $port);
+    $::config->commit();
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AuthDBPanel: display");
+
+    my $machineName = $::config->get("service.machineName");
+    my $instanceId = $::config->get("service.instanceID");
+
+    my $basedn = $::config->get("auth.instance.0.baseDN");
+    if ($basedn =~ /\[/) {
+      $basedn = $machineName;    
+      $basedn =~ s/^[^.]+\.//;
+      if ($basedn eq "") {
+        $basedn = "dc=" . $machineName;    
+      } else {
+        $basedn =~ s/\./,dc=/g;
+        $basedn = "dc=" . $basedn;
+      }
+    }
+    my $host = "";
+    my $port = "";
+    my $hostport = $::config->get("auth.instance.0.hostport");
+    if ($hostport =~ /\[/) {
+      $host = "localhost";
+      $port = "389";
+    } else {
+      my ($hostx, $portx) = split(/:/, $hostport);
+      $host = $hostx;
+      $port = $portx;
+    }
+
+    $::symbol{hostname} = $host;
+    $::symbol{portStr} = $port;
+    $::symbol{basedn} = $basedn;
+
+    return 1;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/BasePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/BasePanel.pm
new file mode 100755
index 000000000..7b5e2a1b5
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/BasePanel.pm
@@ -0,0 +1,39 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::BasePanel;
+$PKI::TPS::BasePanel::VERSION = '1.00';
+
+sub new {
+    my ($class) = @_;
+    my $self = {};
+    bless $self, $class;
+    return $self;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/CAInfoPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/CAInfoPanel.pm
new file mode 100755
index 000000000..9056e2ef1
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/CAInfoPanel.pm
@@ -0,0 +1,192 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use URI::URL;
+
+package PKI::TPS::CAInfoPanel;
+$PKI::TPS::CAInfoPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+our $cert_header="-----BEGIN CERTIFICATE-----";
+our $cert_footer="-----END CERTIFICATE-----";
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(4);
+    $self->{"getName"} = &PKI::TPS::Common::r("CA Information");
+    $self->{"vmfile"} = "cainfopanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("CAInfoPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("CAInfoPanel: update");
+
+    my $count = $q->param('urls');
+    &PKI::TPS::Wizard::debug_log("CAInfoPanel: update - got urls = $count");
+
+    &PKI::TPS::Wizard::debug_log("CAInfoPanel: update - selected ca= $count");
+    
+    my $instanceID = $::config->get("service.instanceID");
+    my $host = "";
+    my $port = "";
+
+    if ($count =~ /http/) {
+      my $info = new URI::URL($count);
+      $host = $info->host;
+      $port = $info->port;
+    } else {
+      $host = $::config->get("preop.securitydomain.ca$count.host");
+      $port = $::config->get("preop.securitydomain.ca$count.secureport");
+    }
+    if (($host eq "") || ($port eq "")) {
+      $::symbol{errorString} = "no CA found.  CA, TKS and optionally DRM must be installed prior to TPS installation";
+      return 0;
+    }
+
+    &PKI::TPS::Wizard::debug_log("CAInfoPanel: update - host= $host, port= $port");
+
+    $::config->put("preop.cainfo.select", "https://$host:$port");
+    my $serverCertNickName = $::config->get("preop.cert.sslserver.nickname");
+
+    my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname");
+    $::config->put("conn.ca1.clientNickname", $subsystemCertNickName);
+    $::config->put("conn.ca1.hostport", $host . ":" . $port);
+
+    $::config->commit();
+
+    # connect to the CA, and retrieve the CA certificate
+    &PKI::TPS::Wizard::debug_log("CAInfoPanel: update connecting to CA and retrieve cert chain");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+    my $tmpfile = "/tmp/ca-$$";
+    system("/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$serverCertNickName\" -r \"/ca/ee/ca/getCertChain\" $host:$port > $tmpfile");
+    my $cmd = `cat $tmpfile`;
+    system("rm $tmpfile");
+    my $caCert;
+    if ($cmd =~ /\<ChainBase64\>(.*)\<\/ChainBase64\>/) {
+        $caCert =  $1;
+        &PKI::TPS::Wizard::debug_log("CAInfoPanel: ca= $caCert");
+    }
+    if ($caCert eq "") {
+        &PKI::TPS::Wizard::debug_log("CAInfoPanel: update no cert chain found");
+        return 0;
+    }
+    open(F, ">$instanceDir/conf/caCertChain2.txt");
+    print F $cert_header."\n".$caCert."\n".$cert_footer;
+    close(F);
+
+    &PKI::TPS::Wizard::debug_log("CAInfoPanel: update retrieve cert chain done");
+
+    #import cert chain
+    system("p7tool -d $instanceDir/alias -p $instanceDir/conf/chain2cert -a -i $instanceDir/conf/caCertChain2.txt -o $instanceDir/conf/CAchain2_pp.txt");
+        my $r =  $? >> 8;
+    my $failed = $? & 127;
+    if (($r > 0) && ($r < 10) && !$failed)  {
+        my $i = 0;
+        while ($i ne $r) {
+          my $tmp = `certutil -d $instanceDir/alias -D -n "Trusted CA c2cert$i"`;
+          $tmp = `certutil -d $instanceDir/alias -A -f $instanceDir/conf/.pwfile -n "Trusted CA c2cert$i"  -t "CT,C,C" -i $instanceDir/conf/chain2cert$i.der`;
+          $i++;
+        }
+    }
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("CAInfoPanel: display");
+
+    $::symbol{urls}        = [];
+#    unshift(@{$::symbol{urls}}, "External CA");
+    my $count = 0;
+    my $first = 1;
+    my $list = "";
+    while (1) {
+      my $host = $::config->get("preop.securitydomain.ca$count.host");
+      if ($host eq "") {
+        goto DONE;
+      }
+      my $port = $::config->get("preop.securitydomain.ca$count.secureport");
+      my $name = $::config->get("preop.securitydomain.ca$count.subsystemname");
+      my $item = $name . " - https://" . $host . ":" . $port;
+#      my $item = "https://" . $host . ":" . $port;
+#      unshift(@{$::symbol{urls}}, $item);
+      $::symbol{urls}[$count++] = $item;
+      if ($first eq 1) {
+          $list = $item;
+          $first = 0;
+      } else {
+          $list = $list.",".$item;
+      }
+    }
+DONE:
+#    $list = $list.",External CA";
+    $::config->put("preop.ca.list", $list);
+    
+    $::symbol{urls_size}   = $count;
+    if ($count eq 0) {
+      $::symbol{errorString} = "no CA found. CA, TKS, and optionally DRM must be installed prior to TPS installation";
+      return 0;
+    }
+    return 1;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/CertInfo.pm b/pki/base/tps/lib/perl/PKI/TPS/CertInfo.pm
new file mode 100755
index 000000000..957b1ba56
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/CertInfo.pm
@@ -0,0 +1,132 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::CertInfo;
+$PKI::TPS::CertInfo::VERSION = '1.00';
+
+sub new {
+    my ($class, $name, $dn, $tag) = @_;
+    my $self = {};
+
+    &PKI::TPS::Wizard::debug_log("CertInfo: start new");
+    $self->{"getUserFriendlyName"} = \&get_user_friendly_name;
+    $self->{"getCertTag"} = \&get_cert_tag;
+    $self->{"getDN"} = \&get_dn;
+    $self->{"getNickname"} = \&get_nickname;
+    $self->{"useDefaultKey"} = \&use_default_key;
+    $self->{"getCustomKeysize"} = \&get_custom_keysize;
+    $self->{"keyOption"} = \&get_key_option;
+    &PKI::TPS::Wizard::debug_log("CertInfo: end new");
+
+    $self->{name} = $name;
+    $self->{dn} = $dn;
+    $self->{tag} = $tag;
+
+    bless $self, $class;
+    return $self;
+}
+
+sub get_user_friendly_name
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("CertInfo: get_user_friendly_name");
+    return $self->{name};
+}
+
+sub get_cert_tag
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("CertInfo: get_cert_tag");
+    return $self->{tag};
+}
+
+sub get_dn
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("CertInfo: get_cert_dn");
+    return $self->{dn};
+}
+
+sub use_default_key
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("CertInfo: use_default_key");
+    my $option = $::config->get("preop.cert.$self->{tag}.keysize.select");
+    if (($option ne "") && ($option ne "default")) {
+        return 0;
+    }
+    return 1;
+}
+
+sub get_nickname
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("CertInfo: get_nickname");
+    my $nickname = $::config->get("preop.cert.$self->{tag}.nickname");
+
+    my $flavor = `pkiflavor`;
+    $flavor =~ s/\n//g;
+
+    if ($nickname ne "") {
+        return $nickname;
+    } else {
+        return  $self->{tag}."cert cert-$flavor-tps";
+    }
+}
+
+sub get_key_option
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("CertInfo: get_key_option");
+    my $option = $::config->get("preop.cert.$self->{tag}.keysize.select");
+
+    if ($option ne "") {
+        &PKI::TPS::Wizard::debug_log("CertInfo: get_key_option from config = $option");
+        return $option;
+    } else {
+        &PKI::TPS::Wizard::debug_log("CertInfo: get_key_option not from config");
+        return "default";
+    }
+}
+
+sub get_custom_keysize
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("CertInfo: get_custom_keysize");
+    my $size = $::config->get("preop.cert.$self->{tag}.keysize.customsize");
+    &PKI::TPS::Wizard::debug_log("CertInfo: get_custom_keysize for preop.cert.$self->{tag}.keysize.customsize is $size");
+    if ($size ne "") {
+        &PKI::TPS::Wizard::debug_log("CertInfo: get_custom_keysize from config is $size");
+        return $size;
+    } else {
+        &PKI::TPS::Wizard::debug_log("CertInfo: get_custom_keysize not from config");
+        return 2048;
+    }
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/CertPrettyPrintPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/CertPrettyPrintPanel.pm
new file mode 100755
index 000000000..51d4e5e87
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/CertPrettyPrintPanel.pm
@@ -0,0 +1,84 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::CertPrettyPrintPanel;
+$PKI::TPS::CertPrettyPrintPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(13);
+    $self->{"getName"} = &PKI::TPS::Common::r("Certificates");
+    $self->{"vmfile"} = "certprettyprintpanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("CertPrettyPrintPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("CertPrettyPrintPanel: update");
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("CertPrettyPrintPanel: display");
+    return 1;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/CertRequestPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/CertRequestPanel.pm
new file mode 100755
index 000000000..0ce493496
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/CertRequestPanel.pm
@@ -0,0 +1,299 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use PKI::TPS::ReqCertInfo;
+use FileHandle;
+
+package PKI::TPS::CertRequestPanel;
+$PKI::TPS::CertRequestPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+our $cert_req_header="-----BEGIN NEW CERTIFICATE REQUEST-----";
+our $cert_req_footer="-----END NEW CERTIFICATE REQUEST-----";
+our $cert_header="-----BEGIN CERTIFICATE-----";
+our $cert_footer="-----END CERTIFICATE-----";
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(13);
+    $self->{"getName"} = &PKI::TPS::Common::r("Certificate Requests");
+    $self->{"vmfile"} = "certrequestpanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("CertRequestPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("CertRequestPanel: update");
+
+    my $i = 0;
+
+    my $instanceDir = $::config->get("service.instanceDir");
+
+    my $useExternalCA = $::config->get("preop.certenroll.useExternalCA");
+    if ($useExternalCA eq "on") {
+        &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: useExternalCA is on");
+    } else {
+        &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: useExternalCA is off");
+        &PKI::TPS::Wizard::debug_log("CertRequestPanel: update auto enrollment should have been done, no more action needed");
+        return 1;
+    }
+
+    &PKI::TPS::Wizard::debug_log("CertRequestPanel: update External CA selected, retrieve/process user input");
+
+    my $tokenname = $::config->get("preop.module.token");
+    &PKI::TPS::Wizard::debug_log("CertRequestPanel: update got token name = $tokenname");
+    my $token_pwd = $::pwdconf->get($tokenname);
+    $token_pwd  =~ s/\n//g;
+    open FILE, ">$instanceDir/conf/.pwfile";
+    print FILE $token_pwd;
+    close FILE;
+
+    my $hw;
+    my $tk;
+
+    if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
+        $hw = "";
+        $tk = "";
+    } else {
+        $hw = "-h $tokenname";
+        $tk = $tokenname.":";
+    }
+
+    foreach my $certtag (@PKI::TPS::Wizard::certtags) {
+        if ($certtag eq "subsystem") {
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: subsystem cert is pre-generated by the security domain");
+            return 1;
+        }
+        &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: for certag= $certtag");
+        my $ccert = $::config->get("preop.cert.$certtag.cert");
+        if ($ccert ne "") {
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: cert already exists in CS.cfg, go to next");
+            next;
+        }
+        my $certchain = $q->param($certtag.'_cc');
+        if ($certchain ne "") {
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: $certtag certchain is $certchain");
+            my $cc_fn = "$instanceDir/conf/caCertChain.txt";
+            my $tmp = `echo "$certchain" > $cc_fn`;
+            # remove existing one
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: try to delete existing certchain, if any....ok if it fails");
+# XXX remove should not be done lightly...
+            $tmp = `p7tool -d $instanceDir/alias -p $instanceDir/conf/chain1cert -a -i $cc_fn -o $instanceDir/conf/CAchain_pp.txt`;
+            my $r =  $? >> 8;
+            my $failed = $? & 127;
+            if (($r > 0) && ($r < 10) && !$failed)  {
+                my $i = 0;
+                while ($i ne $r) {
+                    $tmp = `certutil -d $instanceDir/alias -D -n "Trusted CA $certtag cert$i"`;
+                    $tmp = `certutil -d $instanceDir/alias -A -f $instanceDir/conf/.pwfile -n "Trusted CA $certtag cert$i"  -t "CT,C,C" -i $instanceDir/conf/chain1cert$i.der`;
+#            $tmp = `rm $cc_fn`;
+                  $i++
+                }
+            }
+        } else {
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: no certchain included for certtag $certtag");
+        }
+
+        my $cert = $q->param($certtag);
+        if ($cert ne "") {
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: $certtag cert is $cert");
+            my $nickname = $::config->get("preop.cert.$certtag.nickname");
+            if ($nickname eq "") {
+                $nickname = "TPS ".$certtag." cert";
+                $::config->put("preop.cert.$certtag.nickname", $nickname);
+                &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: $certtag cert nickname not found in CS.cfg, generating one= $nickname");
+            }
+            #remove existing one
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: try to delete existing cert $nickname, if any....ok if it fails");
+#XXX remove should not be done lightly...
+            my $tmp = `certutil -d $instanceDir/alias -D -n "$nickname"`;
+            $tmp = `certutil -d $instanceDir/alias -D $hw -f $instanceDir/conf/.pwfile -n "$tk$nickname"`;
+            #now import the cert
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: try to import cert");
+            my $cert_fn = "$instanceDir/conf/$certtag"."_cert.txt";
+            $tmp = `echo "$cert" > $cert_fn`;
+
+#            $cert = extract_cert_from_file_sans_header_and_footer($cert_fn); 
+            my $certa ="";
+            my $save_line = 0;
+            my @cert_a = split "\n", $cert;
+            foreach my $line (@cert_a) {
+                chomp( $line );
+                $line =~ s/\r//g;
+                if ($line eq $cert_header) {
+                    $save_line = 1;
+                } elsif( $line eq $cert_footer ) {
+                    $save_line = 0;
+                    last;
+                } elsif( $save_line == 1 ) {
+                    $certa .= "$line";
+                }
+            }
+
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update putting cert in CS.cfg: $certa");
+
+            $::config->put("preop.cert.$certtag.cert", $certa);
+
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: about to certutil -d $instanceDir/alias $hw -A -f $instanceDir/conf/.pwfile -n $nickname -t u,u,u -a -i $cert_fn");
+            $tmp = `certutil -d $instanceDir/alias $hw -A -f $instanceDir/conf/.pwfile -n "$nickname" -t "u,u,u" -a -i $cert_fn`;
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: done certutil: $tmp");
+            $tmp = `rm $cert_fn`;
+
+            # changed the cert, need to change nickname too, if necessary
+            if ($hw ne "") {
+                $::config->put("preop.cert.$certtag.nickname", "$tk$nickname");
+                if ($certtag eq "subsystem") {
+                    $::config->put("conn.ca1.clientNickname","$tk$nickname");
+                    $::config->put("conn.drm1.clientNickname","$tk$nickname");
+                    $::config->put("conn.tks1.clientNickname","$tk$nickname");
+                }
+            }
+
+        } else {
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: no cert");
+        }
+    }
+
+DONE:
+    $::config->commit();
+    my $tmp = `rm $instanceDir/conf/.pwfile`;
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("CertRequestPanel: display");
+
+    my $domain_name = $::config->get("preop.securitydomain.name");
+    if ($domain_name eq "") {
+        $domain_name = "TPS Domain";
+    }
+    my $machine_name = $::config->get("service.machineName");
+    my $instance_id = $::config->get("service.instanceID");
+
+    my $i = 0;
+    foreach my $certtag (@PKI::TPS::Wizard::certtags) {
+        my $cert_dn = $::config->get("preop.cert.".$certtag.".dn");
+        if ($cert_dn eq "") {
+            if ($certtag eq "subsystem") {
+                $cert_dn = "CN=TPS Subsystem, " .
+                  "OU=" . $instance_id . ", " .
+                  "O=" . $domain_name;
+            } elsif ($certtag eq "sslserver") {
+                $cert_dn ="CN=" . $machine_name . ", " .
+                  "OU=" . $instance_id . ", " .
+                  "O=" . $domain_name;
+            } else {
+                $cert_dn = $certtag;
+            }
+        }
+
+        my $name = $::config->get("preop.cert.".$certtag.".userfriendlyname");
+        if ($name eq "") {
+            $name = $certtag."Cert ".$instance_id;
+        }
+
+        my $reqcert = new PKI::TPS::ReqCertInfo($name,
+                  $cert_dn, $certtag);
+        $::symbol{reqscerts}[$i++] = $reqcert;
+    }
+
+    $::symbol{errorString} = "";
+    $::symbol{showApplyButton} = "true";
+
+    return 1;
+}
+
+# arg0 message containing certificate
+# return certificate sans header and footer
+# -- all in a one-liner
+sub extract_cert_from_file_sans_header_and_footer
+{
+    my $filename = $_[0];
+    my $save_line = 0;
+
+    my $fd = new FileHandle;
+
+    my $cert = "";
+
+    $fd->open( "<$filename" ) or die "Could not open '$filename'!\n";
+
+    while( <$fd> )
+    {
+        my $line = $_;
+        chomp( $line );
+        $line =~ s/^M//g;
+
+        if( $line eq $cert_header ) {
+            $save_line = 1;
+        } elsif( $line eq $cert_footer ) {
+            $save_line = 0;
+            last;
+        } elsif( $save_line == 1 ) {
+            $cert .= "$line";
+        }
+    }
+
+    $fd->close();
+
+    return $cert;
+}
+
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/Common.pm b/pki/base/tps/lib/perl/PKI/TPS/Common.pm
new file mode 100755
index 000000000..f5d481041
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/Common.pm
@@ -0,0 +1,49 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+package PKI::TPS::Common;
+
+use strict;
+use warnings;
+use Exporter;
+
+use vars qw(@ISA @EXPORT @EXPORT_OK);
+@ISA = qw(Exporter Autoloader);
+@EXPORT = qw(r yes no);
+
+$PKI::TPS::Common::VERSION = '1.00';
+
+sub yes { 
+  return sub {1}; 
+}
+
+sub no { 
+  return sub {0}; 
+}
+
+sub r { 
+  my $a = shift; 
+  return sub { $a; } 
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/Config.pm b/pki/base/tps/lib/perl/PKI/TPS/Config.pm
new file mode 100755
index 000000000..c6cce70fd
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/Config.pm
@@ -0,0 +1,161 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+package PKI::TPS::Config;
+
+use strict;
+use warnings;
+use Exporter;
+
+$PKI::TPS::Config::VERSION = '1.00';
+
+#######################################################
+# Configuration Store
+#######################################################
+sub new {
+    my $class = shift;
+    my $self = {};
+    my %hash = ();
+    $self->{filename} = "";
+    $self->{hash} = \%hash;
+    bless $self,$class;
+    return $self;
+}
+
+sub load_file
+{
+    my ($self, $filename) = @_;
+
+    $self->{filename} = $filename;
+    if (-e $filename) {
+      open(CF, "<$filename");
+      if (defined fileno CF) {
+        while (<CF>) {
+          if (/^#/) {
+            # comments
+          } elsif (/([^=]+)=(.*)$/) {
+            # print "$1 = $2\n";
+            $self->{hash}{$1} = $2;
+          } else {
+            # preserve comments
+          }  
+        }
+      }
+      close(CF);
+    }
+}
+
+sub get_filename
+{
+    my ($self) = @_;
+    return $self->{filename};
+}
+
+sub get
+{
+    my ($self, $n) = @_;
+    return $self->{hash}{$n};
+}
+
+sub put
+{
+    my ($self, $n, $v) = @_;
+    $self->{hash}{$n} = $v;
+}
+
+sub deleteSubstore
+{
+    my ($self, $n) = @_;
+    foreach my $xkey (keys %{$self->{hash}}) {
+        if ($xkey =~ /^\Q$n\E/) {
+            delete $self->{hash}{$xkey};
+        }
+    } 
+}
+
+sub commit
+{
+    my ($self) = @_;
+
+    # write stuff back to the file
+#    print $self->{filename} . "\n";
+    my $hash = $self->{hash};
+    my $suffix = time();
+
+    if (-e $self->{filename}) {
+      system("mv \"" . $self->{filename} . "\" \"" . 
+          $self->{filename} . "." . $suffix . "\"");
+    }
+
+    open(F, ">" . $self->{filename});
+    foreach my $k (sort keys %{$hash}) {
+         print F "$k=$self->{hash}{$k}\n";
+    }
+    close(F);
+
+    if (-e $self->{filename} . "." . $suffix) {
+      system("rm \"" . $self->{filename} . "." . $suffix . "\"");
+    }
+}
+
+sub commit_with_backup
+{
+    my ($self) = @_;
+
+    # write stuff back to the file
+#    print $self->{filename} . "\n";
+    my $hash = $self->{hash};
+    my $suffix = time();
+    system("mv \"" . $self->{filename} . "\" \"" . 
+          $self->{filename} . "." . $suffix . "\"");
+
+    open(F, ">" . $self->{filename});
+    foreach my $k (sort keys %{$hash}) {
+         print F "$k=$self->{hash}{$k}\n";
+    }
+    close(F);
+}
+
+1;
+
+#######################################################
+# Test Program
+#######################################################
+#my $config = PKI::TPS::Config->new();
+#$config->load_file("/tmp/CS.cfg");
+#print $config->get("tokendb.indexAdminTemplate") . "\n";
+#$config->put("tokendb.indexAdminTemplate", "Testing");
+#print $config->get("tokendb.indexAdminTemplate") . "\n";
+#$config->commit();
+
+1;
+
+#######################################################
+# Test Program
+#######################################################
+#my $config = PKI::TPS::Config->new();
+#$config->load_file("/tmp/CS.cfg");
+#print $config->get("tokendb.indexAdminTemplate") . "\n";
+#$config->put("tokendb.indexAdminTemplate", "Testing");
+#print $config->get("tokendb.indexAdminTemplate") . "\n";
+#$config->commit();
diff --git a/pki/base/tps/lib/perl/PKI/TPS/ConfigHSMLoginPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/ConfigHSMLoginPanel.pm
new file mode 100755
index 000000000..756c3ee49
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/ConfigHSMLoginPanel.pm
@@ -0,0 +1,103 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::ConfigHSMLoginPanel;
+$PKI::TPS::ConfigHSMLoginPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(9);
+    $self->{"getName"} = &PKI::TPS::Common::r("Security Modules Login");
+    $self->{"vmfile"} = "config_hsmloginpanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 1;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("ConfigHSMLoginPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("ConfigHSMLoginPanel: update");
+    my $uTokName = $q->param('uTokName');
+    my $uPasswd = $q->param('__uPasswd');
+
+#    &PKI::TPS::Wizard::debug_log("ConfigHSMLoginPanel: update tokname= $uTokName pwd =$uPasswd");
+
+    $::pwdconf->put($uTokName, $uPasswd);
+    $::pwdconf->commit();
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    use Data::Dumper;
+    $Data::Dumper::Indent = 1;
+#    &PKI::TPS::Wizard::debug_log("ConfigHSMLoginPanel -> dump of q=  ". Dumper($q));
+    $::symbol{SecToken} = $q->param('SecToken');
+#   &PKI::TPS::Wizard::debug_log("ConfigHSMLoginPanel -> display has ".$q->param('SecToken'));
+
+    &PKI::TPS::Wizard::debug_log("ConfigHSMLoginPanel -> display retrieving $q->param('SecToken') ");
+    my $pwd = $::pwdconf->get( $q->param('SecToken'));
+    if ($pwd ne "") {
+        &PKI::TPS::Wizard::debug_log("ConfigHSMLoginPanel -> display retrieved pwd from pwdconf");
+    }
+
+    return 1;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/ConfigHSMPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/ConfigHSMPanel.pm
new file mode 100755
index 000000000..f0e065425
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/ConfigHSMPanel.pm
@@ -0,0 +1,71 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::ConfigHSMPanel;
+$PKI::TPS::ConfigHSMPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&PKI::TPS::Common::no;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(12);
+    $self->{"getName"} = &PKI::TPS::Common::r("ConfigHSMLogin");
+    $self->{"vmfile"} = "config_hsm.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("ConfigHSMPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("ConfigHSMPanel: update");
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("ConfigHSMPanel: display");
+    return 1;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm
new file mode 100755
index 000000000..89eaee619
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm
@@ -0,0 +1,139 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use URI::URL;
+
+package PKI::TPS::DRMInfoPanel;
+$PKI::TPS::DRMInfoPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(6);
+    $self->{"getName"} = &PKI::TPS::Common::r("DRM Information");
+    $self->{"vmfile"} = "drminfopanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DRMInfoPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DRMInfoPanel: update");
+
+    my $choice = $q->param('choice');
+    $::config->put("preop.krainfo.keygen", $choice);
+
+    if ($choice eq "keygen") {
+      my $count = $q->param('urls');
+      my $instanceID = $::config->get("service.instanceID");
+      my $host = "";
+      my $port = "";
+      if ($count =~ /http/) {
+        my $info = new URI::URL($count);
+        $host = $info->host;
+        $port = $info->port;
+      } else {
+        $host = $::config->get("preop.securitydomain.kra$count.host");
+        $port = $::config->get("preop.securitydomain.kra$count.secureport");
+      }
+      if (($host eq "") || ($port eq "")) {
+        $::symbol{errorString} = "no DRM found.  CA, TKS and DRM must be installed prior to TPS installation";
+        return 0;
+      }
+
+      $::config->put("preop.krainfo.select", "https://$host:$port");
+      my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname");
+      $::config->put("conn.drm1.clientNickname", $subsystemCertNickName);
+      $::config->put("conn.drm1.hostport", $host . ":" . $port); 
+      $::config->put("conn.tks1.serverKeygen", "true");
+      $::config->put("op.enroll.userKey.keyGen.encryption.serverKeygen.enable", "true");
+      $::config->put("op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable", "true");
+    } else { 
+      # no keygen
+      $::config->put("conn.tks1.serverKeygen", "false");
+      $::config->put("op.enroll.userKey.keyGen.encryption.serverKeygen.enable", "false");
+      $::config->put("op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable", "false");
+      $::config->put("conn.drm1.clientNickname", "");
+      $::config->put("conn.drm1.hostport", "");
+    }
+    $::config->commit();
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DRMInfoPanel: display");
+
+    $::symbol{urls}        = [];
+    my $count = 0;
+    while (1) {
+      my $host = $::config->get("preop.securitydomain.kra$count.host");
+      if ($host eq "") {
+        goto DONE;
+      }
+      my $port = $::config->get("preop.securitydomain.kra$count.secureport");
+      my $name = $::config->get("preop.securitydomain.kra$count.subsystemname");
+      $::symbol{urls}[$count++] = $name . " - https://" . $host . ":" . $port;
+    }
+DONE:
+    $::symbol{urls_size}   = $count;
+
+    return 1;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/DatabasePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/DatabasePanel.pm
new file mode 100755
index 000000000..b6a96d813
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/DatabasePanel.pm
@@ -0,0 +1,218 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::DatabasePanel;
+$PKI::TPS::DatabasePanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(8);
+    $self->{"getName"} = &PKI::TPS::Common::r("Internal Database");
+    $self->{"vmfile"} = "databasepanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DatabasePanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DatabasePanel: update");
+    my $instDir =  $::config->get("service.instanceDir");
+
+    my $host = $q->param('host');
+    my $port = $q->param('port');
+    my $basedn = $q->param('basedn');
+    my $database = $q->param('database');
+    my $binddn = $q->param('binddn');
+    my $bindpwd = $q->param('__bindpwd');
+
+    # save values to CS.cfg
+    $::config->put("preop.database.host", $host);
+    $::config->put("preop.database.port", $port);
+    $::config->put("preop.database.basedn", $basedn);
+    $::config->put("preop.database.database", $database);
+    $::config->put("preop.database.binddn", $binddn);
+    $::config->put("tokendb.activityBaseDN", "ou=Activities," . $basedn);
+    $::config->put("tokendb.baseDN", "ou=Tokens," . $basedn);
+    $::config->put("tokendb.certBaseDN", "ou=Certificates," . $basedn);
+    $::config->put("tokendb.hostport", $host . ":" . $port);
+    $::config->put("tokendb.userBaseDN", $basedn);
+
+    $::config->put("auth.instance.1.hostport", $host . ":" . $port);
+    $::config->put("auth.instance.1.baseDN", $basedn);
+    $::config->commit();
+
+#    $::config->put("tokendb.bindPass", $bindpwd);
+    if ($bindpwd ne "") {
+      open(PWD_CONF, ">>$instDir/conf/password.conf");
+      print PWD_CONF "tokendbBindPass:$bindpwd\n";
+      close (PWD_CONF);
+    }
+
+    &PKI::TPS::Wizard::debug_log("DatabasePanel: host=$host port=$port basedn=$basedn");
+    &PKI::TPS::Wizard::debug_log("DatabasePanel: database=$database binddn=$binddn");
+
+    my $rdn = $basedn;
+    $rdn =~ s/,.*//g;
+    my ($type, $value) = split(/=/, $rdn);
+    my $objectclass = "domain";
+    if ($type eq "O" || $type eq "o") {
+      $objectclass = "organization";
+    } elsif ($type eq "OU" || $type eq "ou") {
+      $objectclass = "organizationalUnit";
+    }
+
+    my $flavor = `pkiflavor`;
+    $flavor =~ s/\n//g;
+
+    my $mozldap_path = "/usr/lib/mozldap";
+    my $arch = `pkiarch`;
+    $arch =~ s/\n//g;
+    if ($arch eq "x86_64") {
+      $mozldap_path = "/usr/lib64/mozldap";
+    } elsif ($arch eq "sparcv9") {
+      $mozldap_path = "/usr/lib/sparcv9/mozldap6";
+    }
+
+    # creating database
+    my $tmp = "/tmp/database-$$.ldif";
+    system("sed -e 's/\$DATABASE/$database/' " .
+              "-e 's/\$BASEDN/$basedn/' " .
+              "-e 's/\$OBJECTCLASS/$objectclass/' " .
+              "-e 's/\$TYPE/$type/' " .
+              "-e 's/\$VALUE/$value/' " .
+              "/usr/share/$flavor/tps/scripts/database.ldif > $tmp");
+    system("$mozldap_path/ldapmodify -h '$host' -p '$port' -D '$binddn' " .
+              "-w '$bindpwd' -a " .
+              "-f '$tmp'");
+    system("rm $tmp");
+
+    # add schema
+    system("$mozldap_path/ldapmodify -h '$host' -p '$port' " .
+              "-D '$binddn' -w '$bindpwd' -a " .
+              "-f '/usr/share/$flavor/tps/scripts/schemaMods.ldif'");
+
+    # populdate database
+    $tmp = "/tmp/addTokens-$$.ldif";
+    system("sed -e 's/\$TOKENDB_ROOT/$basedn/g' " .
+              "/usr/share/$flavor/tps/scripts/addTokens.ldif > $tmp");
+    system("$mozldap_path/ldapmodify -h '$host' -p '$port' -D '$binddn' " .
+              "-w '$bindpwd' -a " .
+              "-f '$tmp'");
+    system("rm $tmp");
+
+    # add regular indexes
+    $tmp = "/tmp/addIndexes-$$.ldif";
+    system("sed -e 's/userRoot/$database/g' " .
+              "/usr/share/$flavor/tps/scripts/addIndexes.ldif > $tmp");
+    system("$mozldap_path/ldapmodify -h '$host' -p '$port' -D '$binddn' " .
+              "-w '$bindpwd' -a " .
+              "-f '$tmp'");
+    system("rm $tmp");
+
+    # add VLV indexes
+    $tmp = "/tmp/addVLVIndexes-$$.ldif";
+    system("sed -e 's/userRoot/$database/g' " .
+              "/usr/share/$flavor/tps/scripts/addVLVIndexes.ldif > $tmp");
+    system("$mozldap_path/ldapmodify -h '$host' -p '$port' -D '$binddn' " .
+              "-w '$bindpwd' -a " .
+              "-f '$tmp'");
+    system("rm $tmp");
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DatabasePanel: display");
+
+    my $machineName = $::config->get("service.machineName");
+    my $instanceId =  $::config->get("service.instanceID");
+
+    my $host = $::config->get("preop.database.host");
+    $::symbol{hostname} = "localhost"; # default
+    if ($host ne "") {
+      $::symbol{hostname} = $host;
+    }
+    my $port = $::config->get("preop.database.port");
+    $::symbol{portStr} = "389";
+    if ($port ne "") {
+      $::symbol{portStr} = $port;
+    }
+    my $basedn = $::config->get("preop.database.basedn");
+    $::symbol{basedn} = "dc=" . $machineName . "-" . $instanceId;
+    if ($basedn ne "") {
+      $::symbol{basedn} = $basedn;
+    }
+    my $database = $::config->get("preop.database.database");
+    $::symbol{database} = $machineName . "-" . $instanceId;
+    if ($database ne "") {
+      $::symbol{database} = $database;
+    }
+    my $binddn = $::config->get("preop.database.binddn");
+    $::symbol{binddn} = "cn=directory manager";
+    if ($binddn ne "") {
+      $::symbol{binddn} = $binddn;
+    }
+
+    $::symbol{bindpwd} = "";
+
+    return 1;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChain2Panel.pm b/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChain2Panel.pm
new file mode 100755
index 000000000..00e1ce64e
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChain2Panel.pm
@@ -0,0 +1,178 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use FileHandle;
+
+package PKI::TPS::DisplayCertChain2Panel;
+$PKI::TPS::DisplayCertChain2Panel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+our $cert_header="-----BEGIN CERTIFICATE-----";
+our $cert_footer="-----END CERTIFICATE-----";
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(7);
+    $self->{"getName"} = &PKI::TPS::Common::r("Display Certificate Chain");
+    $self->{"vmfile"} = "displaycertchain2panel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub readFile
+{
+    my $fn = $_[0];
+    open FILE, "< $fn" or return "";
+    my $content =  join "",<FILE>;
+    close FILE;
+
+    return $content;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DisplayCertChain2Panel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DisplayCertChain2Panel: update");
+
+    my $instanceDir = $::config->get("service.instanceDir");
+
+#    my $caCert = readFile("$instanceDir/conf/caCertChain2.txt");
+    my $caCert = extract_cert_from_file_sans_header_and_footer("$instanceDir/conf/caCertChain2.txt");
+
+    #store in config
+    $::config->put("preop.ca.certchain", $caCert);
+    $::config->commit();
+    # import it into the security database
+    my $tmp = `p7tool -d $instanceDir/alias -p $instanceDir/conf/chain2cert -a -i $instanceDir/conf/caCertChain2.txt -o $instanceDir/conf/CAchain2_pp.txt`;
+    my $r =  $? >> 8;
+    my $failed = $? & 127;
+    if (($r > 0) && ($r < 10) && !$failed)  {
+        my $i = 0;
+        while ($i ne $r) {
+            $tmp = `certutil -d $instanceDir/alias -D -n "Trusted CA c2cert$i"`;
+            $tmp = `certutil -d $instanceDir/alias -A -f $instanceDir/conf/.pwfile -n "Trusted CA c2cert$i"  -t "CT,C,C" -i $instanceDir/conf/chain2cert$i.der`;
+            $i++
+        }
+    }
+
+    # clean up
+#    my $tmp = `rm $instanceDir/conf/caCertChain2.txt`;
+#    $tmp = `rm $instanceDir/conf/CAchain2_pp.txt`;
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DisplayCertChain2Panel: display");
+    my $instanceDir = $::config->get("service.instanceDir");
+
+    my $found = -e "$instanceDir/conf/caCertChain2.txt";
+    my $certpp = "";
+    if ($found) {
+        &PKI::TPS::Wizard::debug_log("DisplayCertChain2Panel: display found caCertChain2.txt");
+        my $tmp = `p7tool -d $instanceDir/alias -p $instanceDir/conf/chain2cert -a -i $instanceDir/conf/caCertChain2.txt -o $instanceDir/conf/CAchain2_pp.txt`;
+
+        $certpp = readFile("$instanceDir/conf/CAchain2_pp.txt");
+        &PKI::TPS::Wizard::debug_log("DisplayCertChain2Panel: display read CAchain2_pp.txt");
+        $certpp =~ s/"//g;
+        &PKI::TPS::Wizard::debug_log("DisplayCertChain2Panel: certpp2= $certpp");
+    }
+
+#      $symbol{certchain}        = [ "cert1", "cert2" ];
+#      $symbol{certchain_size}   = 2;
+    $::symbol{certchain}        = "$certpp";
+    $::symbol{certchain_size}   = 1;
+
+    &PKI::TPS::Wizard::debug_log("DisplayCertChain2Panel: display done");
+    return 1;
+}
+
+# return certificate sans header and footer
+# -- all in a one-liner
+sub extract_cert_from_file_sans_header_and_footer
+{
+    my $filename = $_[0];
+    my $save_line = 0;
+
+    my $fd = new FileHandle;
+
+    my $cert = "";
+
+    $fd->open( "<$filename" ) or die "Could not open '$filename'!\n";
+
+    while( <$fd> )
+    {
+        my $line = $_;
+        chomp( $line );
+        $line =~ s/^M//g;
+
+        if( $line eq $cert_header ) {
+            $save_line = 1;
+        } elsif( $line eq $cert_footer ) {
+            $save_line = 0;
+            last;
+        } elsif( $save_line == 1 ) {
+            $cert .= "$line";
+        }
+    }
+
+    $fd->close();
+
+    return $cert;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm
new file mode 100755
index 000000000..af999057e
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm
@@ -0,0 +1,289 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use URI::URL;
+use MIME::Base64;
+
+package PKI::TPS::DisplayCertChainPanel;
+$PKI::TPS::DisplayCertChainPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(2);
+    $self->{"getName"} = &PKI::TPS::Common::r("Display Certificate Chain");
+    $self->{"vmfile"} = "displaycertchainpanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 1;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: validate");
+    return 1;
+}
+
+sub readFile
+{
+    my $fn = $_[0];
+    open FILE, "< $fn" or return "";
+    my $content =  join "",<FILE>;
+    close FILE;
+
+    return $content;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: update");
+
+    my $instanceDir = $::config->get("service.instanceDir");
+
+    my $caCert = readFile("$instanceDir/conf/caCert.txt");
+
+    #store in config
+    $::config->put("preop.ca.certchain", $caCert);
+    $::config->commit();
+
+    # import it into the security database
+#    my $cmd1 = `/usr/bin/AtoB $instanceDir/conf/caCert.txt $instanceDir/conf/caCert.der`;
+    my $cmd2 = `/usr/bin/certutil -A -d \"$instanceDir/alias\" -t \"CT,CT,CT\" -n \"caCert\" -i $instanceDir/conf/caCert.der`;
+
+    # clean up
+    my $tmp = `rm $instanceDir/conf/caCert.txt`;
+    $tmp = `rm $instanceDir/conf/caCert.der`;
+    $tmp = `rm $instanceDir/conf/caCert_pp.txt`;
+
+    # complete the SeucrityDomain task
+    my $sdomainURL =  $::config->get("config.sdomainURL");
+    if ($sdomainURL eq "") {
+        return 2;
+      }
+
+    my $machineName = $::config->get("service.machineName");
+    my $securePort = $::config->get("service.securePort");
+    my $unsecurePort = $::config->get("service.unsecurePort");
+
+    # check if url is accessible
+    # redirect to the security domain authentication
+    if ($ENV{'SERVER_PORT'} eq $unsecurePort) {
+       $::symbol{redirect} = $sdomainURL . "/ca/ee/ca/securityDomainLogin?url=http%3A%2F%2F" . $machineName . "%3A" . $unsecurePort . "%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DTPS";
+    } else {
+       $::symbol{redirect} = $sdomainURL . "/ca/ee/ca/securityDomainLogin?url=https%3A%2F%2F" . $machineName . "%3A" . $securePort . "%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DTPS";
+    }
+
+    get_domain_xml($sdomainURL);
+
+
+    return 3;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: display");
+
+    # connect to the CA, and retrieve the CA certificate
+    &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: update connecting to CA and retrieve cert chain");
+    my $instanceID = $::config->get("service.instanceID");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $sdomainURL =  $::config->get("config.sdomainURL");
+    if ($sdomainURL eq "") {
+        return 2;
+      }
+
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+
+    my $url_info = new URI::URL($sdomainURL);
+    my $host = $url_info->host;
+    my $port = $url_info->port;
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/getCertChain\" $host:$port`;
+
+    my $caCert;
+    if ($cmd =~ /\<ChainBase64\>(.*)\<\/ChainBase64\>/) {
+        $caCert =  $1;
+        &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: ca= $caCert");
+    }
+
+    my $certpp;
+    if ($caCert ne "") {
+        open(F, ">$instanceDir/conf/caCert.txt");
+        print F $caCert;
+        close(F);
+
+        # test to see if tmp directory exists, if not, create
+        my $found =  -e "$instanceDir/conf/tmp";
+        if (! $found) {
+            my $tmp = `mkdir $instanceDir/conf/tmp`;
+        }
+
+        # import it into a temporary security database
+#        my $cmd1 = `/usr/bin/AtoB $instanceDir/conf/caCert.txt $instanceDir/conf/caCert.der`;
+        # my $cmd1 = `/usr/bin/openssl base64 -d -A -in $instanceDir/conf/caCert.txt -out $instanceDir/conf/caCert.der`;
+
+        my $txt = `cat $instanceDir/conf/caCert.txt`;
+        open(OUT, ">$instanceDir/conf/caCert.der");
+        print OUT MIME::Base64::decode($txt);
+        close(OUT);
+
+        my $cmd2 = `/usr/bin/certutil -A -d \"$instanceDir/conf/tmp\" -t \"CT,CT,CT\" -n \"caCert\" -i $instanceDir/conf/caCert.der`;
+
+        # get pretty print from temp db
+        my $tmp = `certutil -d $instanceDir/conf/tmp -n "caCert" -L > $instanceDir/conf/caCert_pp.txt`;
+        $certpp = readFile("$instanceDir/conf/caCert_pp.txt");
+        $certpp =~ s/"//g;
+        &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: certpp= $certpp");
+        # clean up temp db
+        $tmp = `certutil -d $instanceDir/alias/tmp -D -n "caCert"`;
+    } else {
+        &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: update no certchain found");
+    }
+
+    &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: display certchain=$caCert");
+
+#               $symbol{certchain}        = [ "cert1", "cert2" ];
+#               $symbol{certchain_size}   = 2;
+    $::symbol{certchain}        = "$certpp";
+# This certchain_size does not matter
+    $::symbol{certchain_size}   = 1;
+
+    return 1;
+}
+sub get_domain_xml
+{
+    my ($sdomainURL) = @_;
+
+    my $sdom_info = new URI::URL($sdomainURL);
+    # get the domain xml
+    # e. g. - https://water.sfbay.redhat.com:9443/ca/ee/ca/getDomainXML
+
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    my $instanceID = $::config->get("service.instanceID");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+
+    my $host = $sdom_info->host;
+    my $port = $sdom_info->port;
+    my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/getDomainXML\" $host:$port`;
+
+    $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+    $content = $1;
+
+    &PKI::TPS::Wizard::debug_log("content = " . $content);
+
+    my $parser = XML::Simple->new();
+    my $response = $parser->XMLin($content);
+    my $xml = $parser->XMLin($response->{'DomainInfo'},
+                       ForceArray => 1);
+   
+    &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: security domain '" . 
+                $xml->{'Name'}[0] . "'");
+    $::config->put("preop.securitydomain.name", $xml->{'Name'}[0]);
+
+    # parse xml and store information in CS.cfg
+    my $count = 0;
+    $count = 0;
+    foreach my $c (@{$xml->{'CAList'}[0]->{'CA'}}) {
+        &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: Found CA '" . 
+              $c->{'SubsystemName'}[0] . "'");
+        $::config->put("preop.securitydomain.ca" . $count . ".subsystemname", 
+                        $c->{'SubsystemName'}[0]);
+        $::config->put("preop.securitydomain.ca" . $count . ".secureport", 
+                        $c->{'SecurePort'}[0]);
+        $::config->put("preop.securitydomain.ca" . $count . ".host", 
+                        $c->{'Host'}[0]);
+        $count++;
+    }
+
+    $count = 0;
+    foreach my $c (@{$xml->{'TKSList'}[0]->{'TKS'}}) {
+        &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: Found TKS '" . 
+              $c->{'SubsystemName'}[0] . "'");
+        $::config->put("preop.securitydomain.tks" . $count . ".subsystemname", 
+                        $c->{'SubsystemName'}[0]);
+        $::config->put("preop.securitydomain.tks" . $count . ".secureport", 
+                        $c->{'SecurePort'}[0]);
+        $::config->put("preop.securitydomain.tks" . $count . ".host", 
+                        $c->{'Host'}[0]);
+        $count++;
+    }
+
+    $count = 0;
+    foreach my $c (@{$xml->{'KRAList'}[0]->{'KRA'}}) {
+       &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: Found KRA '" . 
+              $c->{'SubsystemName'}[0] . "'");
+        $::config->put("preop.securitydomain.kra" . $count . ".subsystemname", 
+                        $c->{'SubsystemName'}[0]);
+        $::config->put("preop.securitydomain.kra" . $count . ".secureport", 
+                        $c->{'SecurePort'}[0]);
+        $::config->put("preop.securitydomain.kra" . $count . ".host", 
+                        $c->{'Host'}[0]);
+        $count++;
+    }
+
+    $count = 0;
+    foreach my $c (@{$xml->{'TPSList'}[0]->{'TPS'}}) {
+       &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: Found TPS '" . 
+              $c->{'SubsystemName'}[0] . "'");
+        $::config->put("preop.securitydomain.tps" . $count . ".subsystemname", 
+                        $c->{'SubsystemName'}[0]);
+        $::config->put("preop.securitydomain.tps" . $count . ".secureport", 
+                        $c->{'SecurePort'}[0]);
+        $::config->put("preop.securitydomain.tps" . $count . ".host", 
+                        $c->{'Host'}[0]);
+        $count++;
+    }
+    $::config->commit();
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm
new file mode 100755
index 000000000..1f5b1a4d5
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm
@@ -0,0 +1,350 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use URI::URL;
+use XML::Simple;
+
+package PKI::TPS::DonePanel;
+$PKI::TPS::DonePanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(16);
+    $self->{"getName"} = &PKI::TPS::Common::r("Done");
+    $self->{"vmfile"} = "donepanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DonePanel: validate");
+    return 1;
+}
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DonePanel: update");
+    return 1;
+}
+
+sub register_tps
+{
+    my ($sdom, $url, $uri, $xname) = @_;
+
+    &PKI::TPS::Wizard::debug_log("DonePanel: register_tps at $url");
+    &PKI::TPS::Wizard::debug_log("DonePanel: subsystem $xname uri=$uri");
+
+    my $url_info = new URI::URL($url);
+    my $sdom_info = new URI::URL($sdom);
+
+    # register TPS to Security Domain
+    # submit request to CA
+    &PKI::TPS::Wizard::debug_log("DonePanel: Connecting to Security Domain");
+
+    my $machineName = $::config->get("service.machineName");
+    my $securePort = $::config->get("service.securePort");
+    my $session_id = $::config->get("preop.sessionID");
+
+    &PKI::TPS::Wizard::debug_log("DonePanel: Security Domain Info " . $url);
+
+    my $uid = "TPS-" . $machineName . "-" . $securePort;
+    my $name = "Token Processing Subsystem";
+
+    my $instDir = $::config->get("service.instanceDir");
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+
+    my $hw;
+    my $tk;
+    my $tokenname = $::config->get("preop.module.token");
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: update got token name = $tokenname");
+
+    if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
+        $hw = "";
+        $tk = "";
+    } else {
+        $hw = "-h $tokenname";
+        $tk = $tokenname.":";
+    }
+
+    my $token_pwd = $::pwdconf->get($tokenname);
+    open FILE, ">$instDir/conf/.pwfile";
+    $token_pwd  =~ s/\n//g;
+    print FILE $token_pwd;
+    close FILE;
+
+    my $subsystemNickname = $::config->get("preop.cert.subsystem.nickname");
+    my $certificate = `/usr/bin/certutil -d "$instDir/alias" -L $hw -f "$instDir/conf/.pwfile" -n "$subsystemNickname" -a`;
+    $certificate =~ s/-----BEGIN CERTIFICATE-----//g;
+    $certificate =~ s/-----END CERTIFICATE-----//g;
+    $certificate =~ s/\n$//g;
+
+
+    &PKI::TPS::Wizard::debug_log("DonePanel: Connecting");
+
+    my $instanceID = $::config->get("service.instanceID");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+
+    my $params = "uid=" . $uid . "&" .
+                  "name=" . $name . "&" .
+                  "certificate=" .
+                      URI::Escape::uri_escape("$certificate") . "&" .
+                  "xmlOutput=true" . "&" .
+                  "sessionID=" . $session_id .  "&" .
+                  "auth_hostname=" . $sdom_info->host . "&" .
+                  "auth_port=" . $sdom_info->port;
+
+    my $host = $url_info->host;
+    my $port = $url_info->port;
+    my $tmpfile = "/tmp/donepanel-$$";
+    if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"$uri\" $host:$port > $tmpfile");
+    } else {
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"$uri\" $host:$port > $tmpfile");
+    }
+    my $content = `cat $tmpfile`;
+    system("rm $tmpfile");
+
+    &PKI::TPS::Wizard::debug_log("req = " . $content);
+    $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+    $content = $1;
+
+    &PKI::TPS::Wizard::debug_log("DonePanel: result " . $content);
+    my $tmp = `rm $instDir/conf/.pwfile`;
+}
+
+sub get_kra_transport_cert
+{
+    my ($sdom) = @_;
+
+    my $sdom_info = new URI::URL($sdom);
+
+    # register TPS to Security Domain
+    # submit request to CA
+    &PKI::TPS::Wizard::debug_log("DonePanel: Connecting to KRA");
+
+    my $krainfo = $::config->get("preop.krainfo.select");
+    my $krainfo_url = new URI::URL($krainfo);
+
+    my $machineName = $::config->get("service.machineName");
+    my $securePort = $::config->get("service.securePort");
+    my $session_id = $::config->get("preop.sessionID");
+
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    my $tokenname = $::config->get("preop.module.token");
+    my $token_pwd = $::pwdconf->get($tokenname);
+    my $instanceID = $::config->get("service.instanceID");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+
+    my $params = "sessionID=" . $session_id .  "&" .
+                  "auth_hostname=" . $sdom_info->host . "&" .
+                  "auth_port=" . $sdom_info->port;
+
+    my $host = $krainfo_url->host;
+    my $port = $krainfo_url->port;
+    my $tmpfile = "/tmp/donepanel-$$";
+    if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/kra/admin/kra/getTransportCert\" $host:$port > $tmpfile");
+    } else {
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"/kra/admin/kra/getTransportCert\" $host:$port > $tmpfile");
+    }
+    my $content = `cat $tmpfile`;
+    system("rm $tmpfile");
+
+    $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+    $content = $1;
+
+    my $parser = XML::Simple->new();
+    my $response = $parser->XMLin($content);
+    my $transportCert = $response->{TransportCert};
+    
+    &PKI::TPS::Wizard::debug_log("DonePanel: TransportCert " . $transportCert);
+
+    return $transportCert;
+}
+
+sub send_kra_transport_cert
+{
+    my ($sdom, $certificate) = @_;
+
+    my $sdom_info = new URI::URL($sdom);
+
+    # register TPS to Security Domain
+    # submit request to CA
+    &PKI::TPS::Wizard::debug_log("DonePanel: Connecting to TKS");
+    my $tksinfo = $::config->get("preop.tksinfo.select");
+    my $tksinfo_url = new URI::URL($tksinfo);
+
+    my $machineName = $::config->get("service.machineName");
+    my $securePort = $::config->get("service.securePort");
+    my $session_id = $::config->get("preop.sessionID");
+
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    my $tokenname = $::config->get("preop.module.token");
+    my $token_pwd = $::pwdconf->get($tokenname);
+    my $instanceID = $::config->get("service.instanceID");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+
+    my $name = "transportCert-" . $machineName . "-" . $securePort;
+    my $params = "name=" . $name . "&" .
+                  "certificate=" .
+                      URI::Escape::uri_escape("$certificate") . "&" .
+                  "xmlOutput=true" . "&" .
+                  "sessionID=" . $session_id .  "&" .
+                  "auth_hostname=" . $sdom_info->host . "&" .
+                  "auth_port=" . $sdom_info->port;
+
+    my $host = $tksinfo_url->host;
+    my $port = $tksinfo_url->port;
+    my $tmpfile = "/tmp/donepanel-$$";
+    if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/tks/admin/tks/importTransportCert\" $host:$port > $tmpfile");
+    } else {
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"/tks/admin/tks/importTransportCert\" $host:$port > $tmpfile");
+    }
+
+    my $content = `cat $tmpfile`;
+    system("rm $tmpfile");
+
+    $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+    $content = $1;
+
+    &PKI::TPS::Wizard::debug_log("DonePanel: Response from TKS " . $content);
+}
+
+sub display
+{
+    my ($q) = @_;
+        #         $symbol{systemType}  = "tps";
+        #         $symbol{host}  = "chico";
+        #         $symbol{port}  = "443";
+    &PKI::TPS::Wizard::debug_log("DonePanel: display");
+
+    my $status = $::config->get("preop.done.status");
+    if ($status eq "done") {
+      return 1;
+    }
+
+    my $instDir = $::config->get("service.instanceDir");
+    my $tokenname = $::config->get("preop.module.token");
+    my $token_pwd = $::pwdconf->get($tokenname);
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    if (($tokenname ne "") && ($tokenname ne "NSS Certificate DB")) {
+      open(PWD_CONF, ">>$instDir/conf/password.conf");
+      print PWD_CONF "$tokenname:$token_pwd\n";
+      close (PWD_CONF);
+    }
+
+    # Add this TPS's server certificate to the subsystems
+    my $sdom = $::config->get("config.sdomainURL");
+    my $cainfo = $::config->get("preop.cainfo.select");
+    $cainfo =~ s/.* - //g;
+    &register_tps($sdom, $cainfo, "/ca/admin/ca/registerUser", "CA");
+    my $tksinfo = $::config->get("preop.tksinfo.select");
+    &register_tps($sdom, $tksinfo, "/tks/admin/tks/registerUser", "TKS");
+
+    my $keygen = $::config->get("conn.tks1.serverKeygen");
+    if ($keygen ne "false") {
+      &PKI::TPS::Wizard::debug_log("DonePanel: KRA available");
+      my $krainfo = $::config->get("preop.krainfo.select");
+      &register_tps($sdom, $krainfo, "/kra/admin/kra/registerUser", "KRA");
+      my $transportCert = &get_kra_transport_cert($sdom);
+      &send_kra_transport_cert($sdom, $transportCert);
+    } else {
+      &PKI::TPS::Wizard::debug_log("DonePanel: No KRA setup");
+    }
+
+    $::config->put("preop.done.status", "done");
+    $::config->commit();
+
+    # update nss.conf
+    open(TMP_NSS_CONF, ">$instDir/conf/nss.conf.tmp");
+    open(NSS_CONF, "<$instDir/conf/nss.conf");
+    while (<NSS_CONF>) {
+      if (/NSSVerifyClient none/) {
+        print TMP_NSS_CONF "NSSVerifyClient require\n";
+      } else {
+        if ((/^NSSNickname/) && ($tokenname ne "") && ($tokenname ne "NSS Certificate DB")) {
+            print TMP_NSS_CONF "NSSNickname \"$nickname\"\n";
+        } else {
+          print TMP_NSS_CONF $_;
+        }
+      }
+    }
+    close(NSS_CONF);
+    close(TMP_NSS_CONF);
+
+    system("mv $instDir/conf/nss.conf.tmp $instDir/conf/nss.conf");
+
+    &PKI::TPS::Wizard::debug_log("DonePanel: Connecting to Security Domain");
+
+    my $machineName = $::config->get("service.machineName");
+    my $securePort = $::config->get("service.securePort");
+    my $unsecurePort = $::config->get("service.unsecurePort");
+    my $instanceID = $::config->get("service.instanceID");
+
+    $::symbol{host}  = $machineName;
+    $::symbol{port}  = $securePort;
+    $::symbol{unsecurePort}  = $unsecurePort;
+    $::symbol{instanceId}  = $instanceID;
+
+    $::config->deleteSubstore("preop.");
+    $::config->commit();
+
+    return 1;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/GlobalVar.pm b/pki/base/tps/lib/perl/PKI/TPS/GlobalVar.pm
new file mode 100755
index 000000000..7348aab68
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/GlobalVar.pm
@@ -0,0 +1,41 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+
+package PKI::TPS::GlobalVar;
+$PKI::TPS::GlobalVar::VERSION = '1.00';
+
+sub new { 
+	my $class = shift;
+	my $self = {}; 
+	my %args = (@_);
+	foreach my $q (keys %args) {
+		$self->{$q} = $args{$q};
+	}
+	bless $self,$class; 
+	return $self; 
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm
new file mode 100755
index 000000000..e14020d60
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm
@@ -0,0 +1,130 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use URI::URL;
+
+package PKI::TPS::ImportAdminCertPanel;
+$PKI::TPS::ImportAdminCertPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(15);
+    $self->{"getName"} = &PKI::TPS::Common::r("Import Administrator Certificate");
+    $self->{"vmfile"} = "importadmincertpanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("ImportAdminCertPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("ImportAdminCertPanel: update");
+
+    # register to Security Domain
+    my $sdom = $::config->get("config.sdomainURL");
+    my $sdom_url = new URI::URL($sdom);
+
+    #
+    # we need to authenticate to the security domain with the subsystem
+    # certificate
+    #
+    my $machineName = $::config->get("service.machineName");
+    my $instanceID = $::config->get("service.instanceID");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $securePort = $::config->get("service.securePort");
+    my $subsystemName = $::config->get("preop.subsystem.name");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    my $name = $subsystemName;
+    my $subCertNickName = $::config->get("preop.cert.subsystem.nickname");
+
+    $db_password =~ s/\n$//g;
+
+    my $params = "list=" . "TPSList" . "&" .
+                 "type=" . "TPS" . "&" .
+                 "host=" . $machineName . "&" .
+                 "name=" . $name . "&" .
+                 "sport=" . $securePort . "&" .
+                 "dm=false"; # domain manager or not
+
+    my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$subCertNickName\" -r \"/ca/agent/ca/updateDomainXML?$params\" $sdom_url->host:$sdom_url->port`;
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("ImportAdminCertPanel: display");
+
+#    my $cainfo = $::config->get("preop.cainfo.select");
+    my $cainfo = "https://".$::config->get("conn.ca1.hostport");
+
+    my $cainfo_url = new URI::URL($cainfo);
+    my $serialNumber = $::config->get("preop.admincert.serialno.0");
+
+    $::symbol{info} = "";
+    $::symbol{errorString} = "";
+    $::symbol{import} = "true";
+    $::symbol{ca} = "false";
+    $::symbol{caType} = "ca";
+    $::symbol{caHost} = $cainfo_url->host;
+    $::symbol{caPort} = $cainfo_url->port;
+    $::symbol{serialNumber} = $serialNumber;
+
+    return 1;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/Login.pm b/pki/base/tps/lib/perl/PKI/TPS/Login.pm
new file mode 100755
index 000000000..22809a022
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/Login.pm
@@ -0,0 +1,438 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+# wizard - 
+#  Fedora Certificate System - Token Processing System configuration wizard
+
+
+# This script is run as a 'mod_perl' CGI. Configure mod_perl by adding
+# the following to /etc/httpd/conf.d/perl.conf
+#
+# PerlModule ModPerl::Registry
+# PerlModule Apache::compat
+# PerlModule RHCS::TPS::Wizard
+# PerlSetEnv RHCS_DOCROOT /u/sparkins/t/cs_tip/certsystem/prj/common/ui
+# <Location /wizard>
+#    SetHandler perl-script
+#    PerlHandler RHCS::TPS::Wizard
+#    Order deny,allow
+#    Allow from all
+# </Location>
+
+
+# Note: The Velocity parser is not very helpful when it comes to
+# errors right now. Here are some common errors, and what they mean:
+#
+# ERROR:
+#    [Mon Apr 03 13:57:33 2006] [error] [client 172.16.24.26] 
+#    Can't use string ("0") as an ARRAY ref while "strict refs" 
+#    in use at /usr/lib/perl5/site_perl/5.8.5/Template/Velocity.pm
+#    line 423.\n, referer: http://chico/wizard?p=2
+# MEANING
+#    This probably means that your *.vm file refers to an array
+#    variable in a foreach statement that is not defined
+#    Check your foreach array variables.
+
+use warnings;
+use ModPerl::Registry;
+use Template::Velocity;
+use Getopt::Std;
+use Data::Dumper;
+use CGI::Carp qw(fatalsToBrowser);
+use CGI;
+use APR::Const    -compile => qw(:error SUCCESS);
+use PKI::TPS::GlobalVar;
+use PKI::TPS::WelcomePanel;
+use PKI::TPS::SecurityDomainPanel;
+use PKI::TPS::DisplayCertChainPanel;
+use PKI::TPS::SubsystemTypePanel;
+use PKI::TPS::CAInfoPanel;
+use PKI::TPS::TKSInfoPanel;
+use PKI::TPS::DRMInfoPanel;
+use PKI::TPS::DisplayCertChain2Panel;
+use PKI::TPS::AdminAuthPanel;
+use PKI::TPS::AgentAuthPanel;
+use PKI::TPS::AuthDBPanel;
+use PKI::TPS::DatabasePanel;
+use PKI::TPS::ModulePanel;
+use PKI::TPS::SizePanel;
+use PKI::TPS::NamePanel;
+use PKI::TPS::ConfigHSMLoginPanel;
+use PKI::TPS::CertRequestPanel;
+use PKI::TPS::AdminPanel;
+use PKI::TPS::ImportAdminCertPanel;
+use PKI::TPS::LoginPanel;
+use PKI::TPS::DonePanel;
+use PKI::TPS::Config;
+
+use PKI::TPS::Common qw(yes no r);
+
+package PKI::TPS::Login;
+$PKI::TPS::Login::VERSION = '1.00';
+
+# read configuration file
+my $flavor = `pkiflavor`;
+$flavor =~ s/\n//g;
+
+my $pkiroot = $ENV{PKI_ROOT};
+
+my $config = PKI::TPS::Config->new();
+$config->load_file("$pkiroot/conf/CS.cfg");
+# read password cache file
+my $pwdconf = PKI::TPS::Config->new();
+$pwdconf->load_file("$pkiroot/conf/pwcache.conf");
+
+# create cfg debug log
+open(DEBUG, ">>" . $config->get("service.instanceDir") . 
+                "/logs/debug");
+
+# apache server
+
+our $debug;
+
+my $STATUS_OK = 1;
+my $STATUS_ERROR = 2;
+my $STATUS_REDIRECT = 3;
+
+&debug_log("TPS wizard: starting up");
+  
+my $docroot = $ENV{PKI_DOCROOT};
+
+if (! $docroot) {
+    &debug_log("TPS wizard: ERROR: PKI_DOCROOT is null");
+    return 0;
+}
+
+our $parser = new Template::Velocity($docroot);
+our $symbol;
+our @certtags;
+
+makepanels();
+
+&debug_log("TPS wizard: start up complete");
+
+1;
+
+sub debug_log
+{
+  my ($msg) = @_;
+  my $date = `date`;
+  chomp($date);
+  print DEBUG "$date - $msg\n";
+}
+
+  # initializes entries in parser's global symbol table for panels
+sub makepanels
+{
+    #REAL PANELS BELOW
+    my $login = new  PKI::TPS::LoginPanel();
+
+    $symbol{panels}  = [ 
+        $login,           # com.netscape.cms.servlet.csadmin.WelcomePanel
+    ];
+};
+
+sub render_panel
+{
+    my ($panelnum, $q) = @_;
+
+    $symbol{errorString} = "";
+
+    my $currentpanel;
+
+    if ($q->param('op') && $q->param('op') eq "next") {
+        $currentpanel = $symbol{panels}[$panelnum];
+        # validate variables for panel
+        if ($currentpanel->{validate}) {
+            $currentpanel->{validate}($q);
+        }
+        # execute current panel
+        my $status = "0";
+
+        if ($currentpanel->{update}) {
+            $status = $currentpanel->{update}($q);
+            &debug_log("TPS wizard: update returns status '" . 
+			$status . "'");
+            if ($status == $STATUS_REDIRECT) {
+              return $STATUS_REDIRECT;
+            }
+           
+	}
+
+        &debug_log("TPS wizard: about to find out about sub panel");
+        if ($status eq "1") {
+          if ($currentpanel->{hasSubPanel} && &{$currentpanel->{hasSubPanel}}($q)) {
+              &debug_log("TPS wizard: has sub panel");
+              $panelnum = $panelnum + 2;
+	  } elsif ($currentpanel->{isSubPanel} && &{$currentpanel->{isSubPanel}}($q)) {
+              &debug_log("TPS wizard: is sub panel");
+              $panelnum = $panelnum - 1;
+          } else {
+              &debug_log("TPS wizard: no sub panel and is not subpanel");
+              $panelnum = $panelnum + 1;
+          }
+        }
+    } elsif ($q->param('op') && $q->param('op') eq "back") {
+            $panelnum = $panelnum - 1;
+            #check if this a subpanel, if so, go back to it's parent.
+            #only handles one-deep at this point
+            my $panel = $symbol{panels}[$panelnum];
+            if (&{$panel->{isSubPanel}}($q)) {
+                $panelnum = $panelnum - 1;
+	    }
+    } elsif ($q->param('op') && $q->param('op') eq "apply") {
+        &debug_log("TPS wizard: update : apply button pressed");
+        $currentpanel = $symbol{panels}[$panelnum];
+        # validate variables for panel
+        if ($currentpanel->{validate}) {
+            $currentpanel->{validate}($q);
+        }
+        # execute current panel
+        if ($currentpanel->{update}) {
+            my $status = $currentpanel->{update}($q);
+            &debug_log("TPS wizard: update returns status '" . 
+			$status . "'");
+            if ($status == $STATUS_REDIRECT) {
+              return $STATUS_REDIRECT;
+            }
+           
+	}
+    }
+
+    &debug_log("TPS wizard: after looking into about sub panel");
+
+    # advance to next panel
+    $currentpanel = $symbol{panels}[$panelnum];
+
+    # initialize symbol table values
+    $symbol{showApplyButton} = "false";
+
+    # fill in variables for new panel
+    if ($currentpanel->{panelvars}) {
+        $Data::Dumper::Indent = 1;
+ 	    &debug_log("q=".Dumper($q));
+        $currentpanel->{panelvars}($q);
+    }
+
+    $symbol{panel} = "tps/admin/console/config/".$currentpanel->{vmfile};
+
+    #wizard.vm:
+    $symbol{name}    = "Token Processing System";
+    $symbol{title}   = $currentpanel->{getName}();
+    if ($panelnum == 0) {
+      $symbol{firstpanel} = "1";
+    } else {
+      $symbol{firstpanel} = "0";
+    }
+    if ($panelnum == 17) {
+      $symbol{lastpanel}  = "1";
+    } else {
+      $symbol{lastpanel}  = "0";
+    }
+    $symbol{p}        = $panelnum;
+    $symbol{subpanelno}        = $panelnum+1;
+    $symbol{csstate}        = "1";
+
+#    $symbol{urls}        = [ "cert1", "cert2" ];  #createsubsystem
+#    $symbol{urls_size}   = 2;
+#    $symbol{instanceId}  = "tps";
+#    $symbol{errorString}  = "";
+
+    #modulepanel
+#    $symbol{certs}   = [ ];
+#    $symbol{reqscerts}   = [ ];
+    $symbol{ppcerts}   = [ ];
+
+    return $STATUS_OK;
+}
+
+
+
+sub dbg {
+    my $msg = shift;
+    $::symbol{dbg} .= "$msg\n";
+}
+
+sub handler {
+    my $r = shift;
+
+    *::symbol = \%symbol;
+    *::s = \$s;
+    *::config = \$config;
+    *::pwdconf = \$pwdconf;
+
+    &debug_log("TPS wizard: in handler");
+    if ($#ARGV == -1) {
+        $r->send_http_header('text/html');
+    }
+
+    my $q = new CGI;
+
+    # check cookie
+    my $pin = $q->param('pin');
+    if (defined($pin)) {
+         my $cookie = $q->cookie(
+                -name=>'pin',
+                -value=> $pin,
+                -expires=>'+1y',
+                -path=>'/');
+         print $q->redirect(-location => "wizard", -cookie => $cookie);
+         return;
+    }
+
+    # output http parameters
+    &debug_log("TPS wizard: uri='" . $ENV{REQUEST_URI} . "'");
+    my @pnames = $q->param();
+    foreach $pn (@pnames) {
+      if ($pn =~ /^__/) {
+        &debug_log("TPS wizard: http parameter name='" . $pn . "' value='(sensitive)'");
+      } else {
+        &debug_log("TPS wizard: http parameter name='" . $pn . "' value='" . $q->param($pn) . "'");
+      }
+    }
+
+    my $panelnum = $q->param('p');
+    if (!defined($panelnum) || $panelnum eq "") {
+      # Apache fails to pick up the p parameter after 
+      # redirecting from the security domain. This is 
+      # a quick hack to solve the issue.
+      if ($ENV{'QUERY_STRING'} ne "") {
+        $ENV{'QUERY_STRING'} =~ /p=([0-9]+)&/;
+        $panelnum = $1;
+      }
+    }
+
+    use subs qw(debug);
+    *debug = \&Template::Velocity::Executor::debug;
+
+    $::symbol{dbg} = "";
+
+    &debug_log("TPS wizard: before argparsing");
+    if ($#ARGV == -1) {
+     $Data::Dumper::Maxdepth = 7;
+        $startfile = "tps/admin/console/config/login.vm";
+    }
+
+    &debug_log("TPS wizard: setting up test objects");
+
+    #initialize from config file
+    my $certlist = $::config->get("preop.cert.list");
+    if ($certlist eq "") {
+       $certlist = "sslserver,subsystem"; 
+    }
+    @certtags = split(/,/, $certlist);
+    $numtags =  @certtags;
+    if ($numtags eq 0) {
+         @certtags = ("sslserver", "subsystem");
+    }
+    &debug_log("TPS wizard: found $numtags certtags");
+
+    if (! $panelnum) {
+        $panelnum = 0;
+    }
+
+    my $status = render_panel($panelnum, $q);
+    if ($status == 3) {
+        $r->header_out(Location => $symbol{redirect});
+        $r->status(301);
+        $r->send_http_header();
+        return;
+    }
+
+    use Data::Dumper;
+    &debug_log("TPS wizard: executing file $startfile");
+    foreach $q (sort keys %symbol) {
+        &debug_log("TPS wizard:/config/wizard?p=9&SecToken=NSS%20Generic%20Crypto%20Services sym{$q}=".$symbol{$q});
+    }
+
+    my $result;
+    if ($q->param("xml") eq "true") {
+        $r->send_http_header('text/xml');
+        $result = "<xml>";
+        foreach $s (sort keys %symbol) {
+          if ($s =~ /^__/) {
+              next;
+          }
+          $result .= "<" . $s . ">"; 
+          my $v = $symbol{$s};
+          $result .= &get_xml($s, $v);
+          $result .= "</" . $s . ">"; 
+        }
+        $result .= "</xml>";
+    } else {
+      $result = $parser->execute_file($startfile);
+      if (!defined $result) {
+          die("Couldn't execute template file: $docroot/$startfile");
+      }
+    }
+
+    print "$result\n";
+    return $STATUS_OK;
+}
+
+sub get_xml 
+{
+    my ($s, $v) = @_;
+
+    my $result;
+    if (ref($v) eq "HASH") {
+      foreach my $xkey (keys %$v) {
+              $result .= "<" . $xkey . ">";
+              $result .= &get_xml($xkey, $v{$xkey});
+          #    $result .= "-" . ref($xkey);
+              $result .= "</" . $xkey . ">";
+            }
+    } elsif (ref($v) eq "PKI::TPS::CertInfo") {
+              my $certinfo = $v;
+              $result .= "<certinfo>";
+              $result .= "<dn>" . $certinfo->get_dn() ."</dn>";
+              $result .= "<tag>" . $certinfo->get_cert_tag() . "</tag>";
+              $result .= "<friendly>" . $certinfo->get_user_friendly_name() .
+                             "</friendly>";
+              $result .= "</certinfo>";
+    } elsif (ref($v) eq "PKI::TPS::ReqCertInfo") {
+              my $reqcertinfo = $v;
+              $result .= "<reqcertinfo>";
+              $result .= "<name>" . $reqcertinfo->get_user_friendly_name() ."</name>";
+              $result .= "<req>" . $reqcertinfo->get_request() ."</req>";
+              $result .= "<cert>" . $reqcertinfo->get_cert() ."</cert>";
+              $result .= "<certpp>" . $reqcertinfo->get_cert_pp() ."</certpp>";
+              $result .= "<tag>" . $reqcertinfo->get_cert_tag() ."</tag>";
+              $result .= "<dn>" . $reqcertinfo->get_cert_tag() ."</dn>";
+              $result .= "</reqcertinfo>";
+    } elsif (ref($v) eq "ARRAY") {
+            my $pos = 0;
+            foreach my $item (@$v) {
+              $result .= "<element>";
+              $result .= &get_xml("p" . $pos, $item);
+          #    $result .= "-" . ref($item);
+              $result .= "</element>";
+              $pos++;
+            }
+    } else {
+            $result .= $v;
+    }
+  return $result;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/LoginPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/LoginPanel.pm
new file mode 100755
index 000000000..d8d358f43
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/LoginPanel.pm
@@ -0,0 +1,90 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::LoginPanel;
+$PKI::TPS::LoginPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(0);
+    $self->{"getName"} = &PKI::TPS::Common::r("Welcome");
+    $self->{"vmfile"} = "login.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("WelcomePanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("WelcomePanel: update");
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log($ENV{'SERVER_PORT'});
+    &PKI::TPS::Wizard::debug_log("Debug=" . $::config->get("logging.debug.enable"));
+    &PKI::TPS::Wizard::debug_log("WelcomePanel: display");
+    $::symbol{wizardname}  = "TPS Configuration Wizard";
+    $::symbol{systemname}  = "TPS";
+    $::symbol{fullsystemname}  = "Token Processing System";
+
+    return 1;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/ModulePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/ModulePanel.pm
new file mode 100755
index 000000000..c841cc1c8
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/ModulePanel.pm
@@ -0,0 +1,272 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use PKI::TPS::Modutil;
+
+package PKI::TPS::ModulePanel;
+$PKI::TPS::ModulePanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+our $modutil;
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(9);
+    $self->{"getName"} = &PKI::TPS::Common::r("Security Modules");
+    $self->{"vmfile"} = "modulepanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+
+    my $flavor = `pkiflavor`;
+    $flavor =~ s/\n//g;
+
+    my $pkiroot = $ENV{PKI_ROOT};
+	$modutil = new PKI::TPS::Modutil("$pkiroot/alias");
+
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 1;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    my $defTok = $::config->get("preop.module.token");
+    my $select = $q->param('choice');
+    if ($select eq "") {
+        &PKI::TPS::Wizard::debug_log("ModulePanel -> update no selection found");
+        $::symbol{errorString} = "No selection found";
+        return 0;
+    } elsif ($defTok ne $select) {
+        &PKI::TPS::Wizard::debug_log("ModulePanel -> update changing defTok to $select");
+        $::config->put("preop.module.token", $select);
+        $::config->put("preop.ModulePanel.done", "true");
+    } else {
+        # this is not an error...just information
+        &PKI::TPS::Wizard::debug_log("ModulePanel -> update  defTok not changed");
+    }
+
+    $::config->commit();
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("ModulePanel -> display");
+    getModules();
+    my $defTok = $::config->get("preop.module.token");
+
+    $::symbol{defTok}   = $defTok;
+
+     return 1;
+}
+
+use Data::Dumper;
+sub getTokens {
+ my $modulename = shift;
+ 
+ &PKI::TPS::Wizard::debug_log("ModulePanel -> getTokens");
+
+#$Data::Dumper::Indent = 0;
+#PKI::TPS::Wizard::dbg("in gettokens. modutil = ".Dumper($modutil));
+ my @tokens;
+ my $mod = $modutil->getmodule($modulename);
+ foreach my $tokenname (keys %{$mod->{tokens}}) {
+    #PKI::TPS::Wizard::dbg("found token $tokenname");
+    if ($tokenname ne "NSS Generic Crypto Services") {
+        my $token = $modutil->gettoken($tokenname);
+        my $t = new PKI::TPS::GlobalVar(
+                        getNickName        => sub { return $tokenname; },
+                        isLoggedIn         => sub { return isLoggedIn($tokenname); },
+                        isPresent          => sub { return 1; },
+                        );
+        push @tokens, $t;
+    } else {
+        &PKI::TPS::Wizard::debug_log("ModulePanel -> getTokens token NSS Generic Crypto Services not available for key generation");
+
+    }
+ }
+
+ return \@tokens;
+}
+
+# if password is found, then it's considered "logged in"
+# otherwise it is "not logged in"
+sub Login {
+    my $tokenname = $_[0];
+    my $pwd = $::pwdconf->get($tokenname);
+    if ($pwd ne "") {
+        &PKI::TPS::Wizard::debug_log("ModulePanel -> isLoggedIn retrieved pwd from pwdconf");
+        return 1;
+    }
+    &PKI::TPS::Wizard::debug_log("ModulePanel -> isLoggedIn pwd not found from pwdconf for token: $tokenname");
+
+    if ($tokenname eq "NSS Certificate DB") {
+        my $instanceDir = $::config->get("service.instanceDir");
+        &PKI::TPS::Wizard::debug_log("ModulePanel -> isLoggedIn get internal password for $tokenname");
+        # these are referred as "internal" in password.conf
+        $pwd = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+        $pwd =~ s/\n//g;
+        $::pwdconf->put($tokenname, $pwd);
+        $::pwdconf->commit();
+
+        return 1;
+    }
+    return 0;
+}
+
+sub isLoggedIn {
+    my $tokenname = $_[0];
+    return &Login($tokenname);
+}
+
+sub getModules {
+    my $count;
+    my $i;
+    my @supportedModules;
+ 
+    &PKI::TPS::Wizard::debug_log("ModulePanel -> getModules");
+    $count = $::config->get("preop.configModules.count");
+    &PKI::TPS::Wizard::debug_log("ModulePanel -> getModules count =$count");
+
+    my @modules = $modutil->getmodules();
+  #  $::symbol{steve} = join ",Module:", @modules;
+  #  $::symbol{steve}.= "\n";
+
+    my $x = "
+        preop.configModules.count=3
+        preop.configModules.module0.commonName=NSS Internal PKCS #11 Module
+        preop.configModules.module0.imagePath=../img/mozilla.png
+        preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module
+        preop.configModules.module1.commonName=nfast
+        preop.configModules.module1.imagePath=../img/ncipher.png
+        preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module
+        preop.configModules.module2.commonName=lunasa
+        preop.configModules.module2.imagePath=../img/safenet.png
+        preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module
+        ";
+
+    my %supmodules;
+    for ($i=0; $i <$count; $i++) {
+        my $cn;
+        my $pn;
+        my $img;
+#   &PKI::TPS::Wizard::debug_log("ModulePanel -> getModules look for cn=","preop.configModules.module" , $i , ".commonName");
+        $cn = $::config->get("preop.configModules.module$i.commonName");
+        $supmodules{$cn} = 1;
+
+        $pn = $::config->get("preop.configModules.module$i.userFriendlyName");
+        $img = $::config->get("preop.configModules.module$i.imagePath");
+        &PKI::TPS::Wizard::debug_log("ModulePanel -> getModules: got module $cn from config");
+
+        my $module = $modutil->getmodule($cn);
+        my $file   = $module->{detail}->{"Library file"};
+         &PKI::TPS::Wizard::debug_log("ModulePanel -> getModules Library file = $file");
+        my $found = 0;
+        if ($file) {
+            $found  =  ($file =~ /Internal ONLY module/)  || -e $file;
+        }
+
+        my $name = $module->{detail}->{Name};
+#   PKI::TPS::Wizard::dbg("name: $name");
+
+        $supportedModules[$i] = new  PKI::TPS::GlobalVar(
+                        getImagePath        => sub { return $img; },
+                        getUserFriendlyName => sub { return $pn; },
+                        isFound             => sub { return $found; },
+                        getTokens           => sub { return getTokens($name); },
+                        );
+
+        # login to tokens
+        &PKI::TPS::Wizard::debug_log("Ready to login to tokens for $name");
+        my $mod = $modutil->getmodule($name);
+        foreach my $tokenname (keys %{$mod->{tokens}}) {
+          &PKI::TPS::Wizard::debug_log("Logging in Module $name Token " . $tokenname);
+          &Login($tokenname);
+        }
+
+    }
+
+    my @otherModules;
+    #compile the "others" modules
+
+    foreach my $modname (@modules) {
+    #is this modname in the supported modules list?
+        if ($supmodules{$modname}) {
+            &PKI::TPS::Wizard::debug_log("ModulePanel -> getModules: found module $modname supported");
+	    # does not belong to "others"
+        } else {
+            &PKI::TPS::Wizard::debug_log("ModulePanel -> getModules: found module $modname unsupported");
+            #add the module to "others" list
+	    my $m = $modutil->getmodule($modname);
+            my $mod = new  PKI::TPS::GlobalVar(
+                        getImagePath        => sub { return ""; },
+                        getUserFriendlyName => sub { return $m->{modulename}; },
+                        isFound             => sub { return 1; },
+                        getTokens           => sub { return getTokens($m->{detail}->{Name});}
+            );
+
+            push @otherModules, $mod;
+
+            &PKI::TPS::Wizard::debug_log("ModulePanel -> getModules: module $modname added to otherModules list");
+        }
+    }
+
+    $::symbol{sms}   = \@supportedModules;
+    $::symbol{oms}   = \@otherModules;
+#  PKI::TPS::Wizard::dbg("oms: ". Dumper([@otherModules]));
+#  PKI::TPS::Wizard::dbg("sms: ". Dumper([@supportedModules]));
+
+    &PKI::TPS::Wizard::debug_log("ModulePanel -> set sms, oms");
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/Modutil.pm b/pki/base/tps/lib/perl/PKI/TPS/Modutil.pm
new file mode 100755
index 000000000..efaf35a6c
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/Modutil.pm
@@ -0,0 +1,261 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+
+package PKI::TPS::Modutil;
+
+
+sub new {
+	my $class = shift;
+	my ($dir) = @_;
+
+	if (! $dir) { die "no module directory provided\n"; }
+
+	my $self = {};
+
+	$self->{dir} = $dir;
+	$self->{modules} = makemodules($self);
+
+	bless $self, $class;
+	return $self;
+}
+
+sub exists {
+	my $self = shift;
+	
+	return -e "$self->{dir}/secmod.db";
+}
+
+sub create {
+	my $self = shift;
+	
+	my $mods = `modutil -force -dbdir '$self->{dir}' -nocertdb -create`;
+	return $mods;
+}
+
+use Data::Dumper;
+
+sub makemodules {
+	my $self = shift;
+	my $modules = {};
+
+	my $mods = `modutil -force -dbdir '$self->{dir}' -nocertdb -list`;
+ 	#my $mods = join "",<::DATA>;
+
+	#print "raw mods = $mods";
+
+	my (@modules) = (
+			$mods =~ /
+				^       #beginning of a line
+				\s+     #some spaces
+				\d+\.\s*   #some digits
+				(.*?)   #lots of text
+				((?=^\s*\d+)|(?=------)) #if we would next match some spaces and digits
+					/msxg );
+
+	@modules = grep /.+/ms, @modules;
+	
+	foreach $module (@modules) {
+		#print "Module #$i:$module --\n";
+ 		$module = "modulename:$module";
+		my ($moduleheader, $rest) = (
+			$module =~ /
+				(.*status: .*?\n)    # moduleheader
+				(\s*slot:.*)		 # slot
+				(?=\n(\n|$))              #empty line
+			  /msxg );
+		#print "moduleheader: $moduleheader\n";
+		my $m = makehash($moduleheader);
+		$modules->{$m->{modulename}} = $m;
+		$m->{tokens} = {};
+
+		my @tokens = split "\n\n", $rest;
+
+
+
+# get summary slot info with:  -list
+		foreach my $token (@tokens) {
+			#print "slottext:       $slot\n";
+			my $slh = makehash($token);
+			$m->{tokens}->{$slh->{token}} = $slh;
+		}
+
+# get detailed slot info with:  -list "modulename"
+
+		my $moduledetail = `modutil -force -dbdir '$self->{dir}' -nocertdb -list "$m->{modulename}" 2> /dev/null`;
+		my @details= split "\n\n", $moduledetail;
+		shift @details;
+
+		$m->{detail} = makehash(shift @details);
+		foreach $d (@details) {
+			my $sdh = makehash($d);
+			my $tokenname = $sdh->{"Token Name"};
+			$tokenname =~ s/\s+$//;  # remove trailing spaces
+			if ($tokenname) {
+				$m->{tokens}->{$tokenname}->{detail} = $sdh;
+			}
+		}
+		$i++;
+			
+	}
+	return $modules;
+}
+
+# input: a multi-list string with nv/pairs
+# return a hashtable reference 
+sub makehash {
+	my $str = shift;
+	my $ht = { };
+	my @lines  = split "\n", $str;
+	my $line;
+LINE:
+	foreach $line (@lines) {
+		if ($line =~ /Using database directory/) { next LINE; }
+		if ($line =~ /--------------/) { next LINE; }
+		my ($name, $value) = ($line =~ /^\s*(.*?):\s*(.*?)\s*$/);
+		if ($name) {
+			#print "name:$name\n";
+			#print "value:$value\n";
+			$ht->{$name} = $value;
+		}
+	}
+	return $ht;
+}
+
+sub getmodules {
+	my $self = shift;
+	#print "modules: ".$self->{modules}. "\n";
+	#print "keys: ".(join ",",keys %{$self->{modules}})."\n";
+	return keys %{$self->{modules}};
+}
+
+sub getmodule {
+	my $self = shift;
+	my $modulename = shift;
+
+	#print Dumper($self->{modules});
+	return $self->{modules}->{$modulename};
+}
+
+
+sub gettokens {
+	my $self = shift;
+	my $module = shift;
+
+	return keys %{$module->{tokens}};
+}
+
+sub gettoken {
+	my $self = shift;
+	my $token= shift;
+	foreach my $m (values %{$self->{modules}}) {
+		foreach $t (values %{$m->{tokens}}) {
+			#print join ",", keys %{$t};
+			#print Dumper($t->{detail});
+			if ($t->{detail}->{"Token Name"} eq $token) { 
+				return $t; 
+			}
+		}
+	}
+}
+
+
+
+package;
+
+sub ::test {
+
+# initialize
+	my $modutil = new PKI::TPS::Modutil(".");
+
+#make database if it doesn't exist
+	if (! $modutil->exists()) {
+		$modutil->create();
+	}
+
+#get an array of module names
+	my @mods   = $modutil->getmodules();
+
+	print "Found ".@mods." pkcs#11 modules\n";
+
+#for each module...
+	foreach my $modname (@mods) {
+		my $module = $modutil->getmodule($modname);
+
+		print "Module: $modname\n";
+		print "Library: ".$module->{detail}->{"Library file"}."\n";
+		print "Other keys: ".(join ",", keys %{$module->{detail}})."\n";
+
+#find all the tokens in a module, e.g. each partition for a lunasa
+		foreach my $tokenname ($modutil->gettokens($module)) {
+			print "  token: $tokenname\n";
+			my $token = $modutil->gettoken($tokenname);
+			
+#dump out the information we have on the token
+			foreach my $key (keys %{$token}) {
+				print "  token keys/values: $key: ".$token->{$key}."\n";
+			}
+			my @detailkeys = (keys %{$token->{detail}}) ;
+			print "  token detail keys:". (join ",", @detailkeys)."\n";
+			print "  token detail Manufacturer:". $token->{detail}->{Manufacturer}."\n";
+			print "\n";
+		}
+		print "\n";
+	}
+
+}
+
+# this is where 'main' starts
+
+if ($ARGV[0] eq "--test") {
+        ::test();
+}
+
+1;
+
+__DATA__
+Listing of PKCS #11 Modules
+-----------------------------------------------------------
+  1. NSS Internal PKCS #11 Module
+         slots: 2 slots attached
+        status: loaded
+
+         slot: NSS Internal Cryptographic Services
+        token: NSS Generic Crypto Services
+
+         slot: NSS User Private Key and Certificate Services
+        token: NSS Certificate DB
+
+  2. lunasa
+        library name: /usr/lunasa/lib/libCryptoki2.so
+         slots: 2 slots attached
+        status: loaded
+
+         slot: LunaNet Slot
+        token: lunasa1-ca
+
+         slot: LunaNet Slot
+        token: lunasa2-ca
+-----------------------------------------------------------
+
+
diff --git a/pki/base/tps/lib/perl/PKI/TPS/NamePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/NamePanel.pm
new file mode 100755
index 000000000..0c65f100c
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/NamePanel.pm
@@ -0,0 +1,534 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use FileHandle;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use PKI::TPS::CertInfo;
+use URI::URL;
+use URI::Escape;
+
+package PKI::TPS::NamePanel;
+$PKI::TPS::NamePanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+our $cert_req_header="-----BEGIN NEW CERTIFICATE REQUEST-----";
+our $cert_req_footer="-----END NEW CERTIFICATE REQUEST-----";
+our $cert_header="-----BEGIN CERTIFICATE-----";
+our $cert_footer="-----END CERTIFICATE-----";
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(12);
+    $self->{"getName"} = &PKI::TPS::Common::r("Subject Names");
+    $self->{"vmfile"} = "namepanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("NamePanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("NamePanel: update");
+    my $instanceDir =  $::config->get("service.instanceDir");
+
+    my $count = $q->param('urls');
+
+    &PKI::TPS::Wizard::debug_log("NamePanel: update - selected ca= $count");
+
+    my $host = "";
+    my $port = "";
+
+    my $useExternalCA = "off";
+    if ($count =~ /http/) {
+      my $info = new URI::URL($count);
+      $host = $info->host;
+      $port = $info->port;
+    } else {
+      $host = $::config->get("preop.securitydomain.ca$count.host");
+      if ($host eq "") {
+          $useExternalCA = "on";
+      } else {
+          $port = $::config->get("preop.securitydomain.ca$count.secureport");
+          &PKI::TPS::Wizard::debug_log("NamePanel: update - host= $host, port= $port");
+      }
+    }
+    $::config->put("preop.certenroll.useExternalCA", $useExternalCA);
+
+    $::config->put("preop.ca.url", "https://" . $host . ":" . $port);
+
+    my $tokenname = $::config->get("preop.module.token");
+    &PKI::TPS::Wizard::debug_log("NamePanel: update got token name = $tokenname");
+    my $hw;
+    my $tk;
+
+    if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
+        $hw = "";
+        $tk = "";
+    } else {
+        $hw = "-h $tokenname";
+        $tk = $tokenname.":";
+    }
+
+    # is nickname changed because of token (hardware) selection?
+    my $changed = "false";
+    foreach my $certtag (@PKI::TPS::Wizard::certtags) {
+        &PKI::TPS::Wizard::debug_log("NamePanel: update begins for certag= $certtag");
+        my $cert_dn = $q->param($certtag);
+        $::config->put("preop.cert.".$certtag.".dn", $cert_dn);
+        $::config->commit();
+
+        my $cert_request = $::config->get("preop.cert.$certtag.certreq");
+        if ($cert_request ne "") {
+            &PKI::TPS::Wizard::debug_log("NamePanel: update do not generate new keys");
+            goto GEN_CERT;
+        }
+        &PKI::TPS::Wizard::debug_log("NamePanel: update generate new keys");
+
+        # =====generate requests========
+        #   getting new request should void old cert
+        my $sslnickname = $::config->get("preop.cert.sslserver.nickname");
+        my $nickname = $::config->get("preop.cert.$certtag.nickname");
+        if ($nickname eq "") {
+            $nickname = "TPS ".$certtag." cert";
+            &PKI::TPS::Wizard::debug_log("NamePanel: update nickname not found for $certtag  -- try $nickname");
+        }
+
+        my $file= "$instanceDir/conf/".$certtag."_cert.txt";
+        my $tmp = `rm $file`;
+
+        &PKI::TPS::Wizard::debug_log("NamePanel: retrieving $tokenname from pwdconf");
+        my $token_pwd = $::pwdconf->get($tokenname);
+        &PKI::TPS::Wizard::debug_log("NamePanel: creating pwfile");
+        open FILE, ">$instanceDir/conf/.pwfile";
+        $token_pwd  =~ s/\n//g;
+        print FILE $token_pwd;
+        close FILE;
+
+        my $keytype = $::config->get("preop.cert.$certtag.keytype");
+        if ($keytype eq "") {
+            $keytype = "rsa";
+        }
+
+        my $select = $::config->get("preop.cert.$certtag.keysize.select");
+
+        my $keysize;
+
+        if ($keytype eq "rsa") {
+            $keysize = 2048;
+        } elsif ($keytype eq "ecc") {
+            $keysize = 256;
+        }
+
+        if (($select eq "") || ($select eq "default")) {
+            my $size = $::config->get("preop.cert.$certtag.keysize.size");
+            if ($size ne "") {
+                $keysize = $size;
+            }
+        } else {
+            my $size = $::config->get("preop.cert.$certtag.keysize.customsize");
+            if ($size ne "") {
+                $keysize = $size;
+            }
+            if (($keytype eq "ecc") && ($keysize ne 256)) {
+                &PKI::TPS::Wizard::debug_log("NamePanel: update got keysize from config= $keysize changing to 256, the only supported ECC strength");
+                $keysize = 256;
+            }
+        }
+
+        &PKI::TPS::Wizard::debug_log("NamePanel: update got key type $keytype");
+        my $req;
+        my $filename = "/tmp/random.$$";
+        `dd if\=/dev/urandom of\=\"$filename\" count\=256 bs\=1`;
+        if ($keytype eq "rsa") {
+            #XXX temporary
+            &PKI::TPS::Wizard::debug_log("NamePanel: update "."certutil -R -s $cert_dn -k $keytype -g $keysize -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -a -z $filename");
+            my $tmpfile = "/tmp/req$$";
+            system("certutil -R -s \"$cert_dn\" -k $keytype -g $keysize -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -a -z $filename > $tmpfile");
+            $req = `cat $tmpfile`;
+            system("rm $tmpfile");
+        } elsif ($keytype eq "ecc") {
+            #only support curve nistp256 for now
+            my $tmpfile = "/tmp/req$$";
+            system("certutil -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -R -s \"$cert_dn\" -k ec -q nistp256 -a -z $filename> $tmpfile");
+            $req = `cat $tmpfile`;
+            system("rm $tmpfile");
+        } else {
+            &PKI::TPS::Wizard::debug_log("NamePanel: update unsupported keytype $keytype");
+        }
+        system("rm $filename");
+
+        my $save_line = 0;
+        my @req_a = split "\n", $req;
+        foreach my $line (@req_a) {
+            chomp( $line );
+            $line =~ s/
//g;
+            if ($line eq $cert_req_header) {
+                $save_line = 1;
+            } elsif( $line eq $cert_req_footer ) {
+                $save_line = 0;
+                last;
+            } elsif( $save_line == 1 ) {
+                $cert_request .= "$line";
+            }
+        }
+        &PKI::TPS::Wizard::debug_log("NamePanel: update putting cert_request in CS.cfg: $cert_request");
+        $::config->put("preop.cert.$certtag.certreq", $cert_request);
+        $::config->commit();
+
+GEN_CERT:
+# =====request for certs========
+#   see if there is an existing cert
+
+        my $cert = $::config->get("preop.cert.$certtag.cert");
+        my $sdom = $::config->get("config.sdomainURL");
+        my $sdom_url = new URI::URL($sdom);
+
+        if (($useExternalCA eq "on") && ($certtag ne "subsystem")) {
+                &PKI::TPS::Wizard::debug_log("NamePanel: update External CA selected");
+            if ($cert eq "") {
+                &PKI::TPS::Wizard::debug_log("NamePanel: update no cert found...need manual enrollment");
+            }
+        } else {
+            if ($cert eq "") {
+                &PKI::TPS::Wizard::debug_log("NamePanel: update External CA not selected...need automatic enrollment");
+
+                my $machineName = $::config->get("service.machineName");
+                my $securePort = $::config->get("service.securePort");
+                my $session_id = $::config->get("preop.sessionID");
+
+                if ($cert_request ne "") {
+                    &PKI::TPS::Wizard::debug_log("NamePanel: update found existing request: $cert_request");
+                } else {
+                    &PKI::TPS::Wizard::debug_log("NamePanel: update existing request not found");
+                    #something is wrong...no request, no cert
+                    goto DONE;
+                    return  $cert;
+                }
+
+                my $instanceID = $::config->get("service.instanceID");
+                my $instanceDir = $::config->get("service.instanceDir");
+                my $db_password = "";
+                &PKI::TPS::Wizard::debug_log("NamePanel: greping password");
+                 
+                my $tmpfile = "/tmp/grep$$"; 
+                system ("grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10- > $tmpfile");
+                $db_password = `cat $tmpfile`;
+                $db_password =~ s/\n$//g;
+                system("rm $tmpfile");
+
+                my $profile_id = $::config->get("preop.cert.$certtag.profile");
+                &PKI::TPS::Wizard::debug_log("NamePanel: profileId=" . $profile_id);
+                my $requestor_name = "TPS-" . $machineName . "-" . $securePort;
+                my $params = "profileId=" . $profile_id . "&" .
+                      "cert_request_type=" . "pkcs10" . "&" .
+                      "requestor_name=" . $requestor_name . "&" .
+                      "cert_request=" .
+                          URI::Escape::uri_escape("$cert_request") . "&" .
+                      "xmlOutput=true" . "&" .
+                      "sessionID=" . $session_id .  "&" .
+                      "auth_hostname=" . $sdom_url->host . "&" .
+                      "auth_port=" . $sdom_url->port;
+
+                if ($certtag eq "subsystem") {
+                    $host = $sdom_url->host;
+                    $port = $sdom_url->port;
+                }
+                if ($changed eq "true") {
+$req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port";
+                } else {
+$req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port";
+                }
+
+                &PKI::TPS::Wizard::debug_log("req = " . $req);
+                system("$req > $tmpfile");
+                my $content = `cat $tmpfile`;
+                system("rm $tmpfile");
+                &PKI::TPS::Wizard::debug_log("content = " . $content);
+
+                $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+                $content = $1;
+
+
+                my $parser = XML::Simple->new();
+                &PKI::TPS::Wizard::debug_log("NamePanel: response content= " . $content);
+                my $response = $parser->XMLin($content);
+                my $status = $response->{Status};
+                if ($status ne "0") {
+                    my $error = $response->{Error};
+                    &PKI::TPS::Wizard::debug_log("NamePanel: Error = $error");
+                    $::symbol{errorString} = "CA response: $error.  Please also check previous related panels.";
+                    return 0;
+                }
+                $cert = $response->{Requests}->{Request}->{b64};
+                &PKI::TPS::Wizard::debug_log("NamePanel: new cert generated= " . $cert);
+
+#            my $reqid = $response->{Requests}->{Request}->{Id};
+#            $::config->put("preop.admincert.requestId.0", $reqid);
+#            my $sn = $response->{Requests}->{Request}->{serialno};
+#            $::config->put("preop.admincert.serialno.0", $sn);
+#            $::config->commit();
+
+                &PKI::TPS::Wizard::debug_log("NamePanel: update putting cert in CS.cfg: $cert");
+                $::config->put("preop.cert.$certtag.cert", $cert);
+                $::config->commit();
+
+            } else {
+                # cert is not null
+                &PKI::TPS::Wizard::debug_log("NamePanel: update External CA not selected. Cert found...no need for enrollment");
+            }
+
+#               write cert to file so certutil can import
+            my $cert_fn = "$instanceDir/conf/".$certtag."_cert.txt";
+            open FILE, "> $cert_fn";
+            print FILE $cert_header."\n".$cert."\n".$cert_footer;
+            close FILE;
+
+            # import cert, whether it was imported before or not
+            my $nickname = $::config->get("preop.cert.$certtag.nickname");
+            if ($nickname eq "") {
+        #XXX
+                $nickname = "TPS ".$certtag." cert";
+                &PKI::TPS::Wizard::debug_log("NamePanel: update nickname not found for $certtag  -- try $nickname");
+            }
+            &PKI::TPS::Wizard::debug_log("NamePanel: update: try to delete existing cert $nickname, if any....ok if it fails");
+            $tmp = `certutil -d $instanceDir/alias -D -n "$nickname"`;
+            $tmp = `certutil -d $instanceDir/alias -D $hw -f $instanceDir/conf/.pwfile -n "$tk$nickname"`;
+
+            &PKI::TPS::Wizard::debug_log("NamePanel: update: try to import cert from $cert_fn");
+            $tmp = `certutil -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -A -n "$nickname" -t "u,u,u" -a -i $cert_fn`;
+            # changed the cert, need to change nickname too, if necessary
+            if ($hw ne "") {
+                if ($certtag eq "sslserver") {
+                    if ($changed eq "false") {
+                        $::config->put("preop.cert.$certtag.nickname", "$tk$nickname");
+                    }
+                    $changed = "true";
+                }
+                if ($certtag eq "subsystem") {
+                    &PKI::TPS::Wizard::debug_log("NamePanel: update: sslnickname changed");
+                    $::config->put("preop.cert.$certtag.nickname", "$tk$nickname");
+                    $::config->put("conn.ca1.clientNickname", "$tk$nickname");
+                    $::config->put("conn.drm1.clientNickname", "$tk$nickname");
+                    $::config->put("conn.tks1.clientNickname", "$tk$nickname");
+                }
+                $::config->commit();
+            }
+
+            &PKI::TPS::Wizard::debug_log("NamePanel: update: done importing cert: $tk$nickname");
+            $tmp = `rm $cert_fn`;
+        }
+    }
+
+DONE:
+    &PKI::TPS::Wizard::debug_log("NamePanel: removing pwfile");
+    my $tmp = `rm $instanceDir/conf/.pwfile`;
+    return 1;
+}
+
+sub readFile
+{
+    my $fn = $_[0];
+    open FILE, "< $fn" or return "";
+    my $content =  join "",<FILE>;
+    close FILE;
+
+    return $content;
+}
+
+use Data::Dumper;
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("NamePanel: display");
+
+    my $domain_name = $::config->get("preop.securitydomain.name");
+    if ($domain_name eq "") {
+        $domain_name = "TPS Domain";
+    }
+    my $machine_name =  $::config->get("service.machineName");
+    my $instance_id =  $::config->get("service.instanceID");
+
+    my $i = 0;
+    foreach my $certtag (@PKI::TPS::Wizard::certtags) {
+        &PKI::TPS::Wizard::debug_log("NamePanel: display certtag=$certtag");
+        my $cert_dn = $::config->get("preop.cert.".$certtag.".dn");
+        if ($cert_dn eq "") {
+            if ($certtag eq "subsystem") {
+                $cert_dn = "CN=TPS Subsystem, " .
+                  "OU=" . $instance_id . ", " .
+                  "O=" . $domain_name;
+            } elsif ($certtag eq "sslserver") {
+                $cert_dn ="CN=" . $machine_name . ", " .
+                  "OU=" . $instance_id . ", " .
+                  "O=" . $domain_name;
+            } else {
+                &PKI::TPS::Wizard::debug_log("NamePanel: display other certtag=$certtag");
+                $cert_dn = $certtag;
+            }
+            $::config->put("preop.cert.".$certtag.".dn", $cert_dn);
+            $::config->commit();
+        } else {
+          if (!($cert_dn =~ /O=/)) {
+            $cert_dn .= ", O=" . $domain_name;
+            $::config->put("preop.cert.".$certtag.".dn", $cert_dn);
+            $::config->commit();
+          }
+        }
+
+        my $name = $::config->get("preop.cert.".$certtag.".userfriendlyname");
+        if ($name eq "") {
+            $name = $certtag."Cert ".$instance_id;
+            $::config->put("preop.cert.".$certtag.".userfriendlyname", $name);
+            $::config->commit();
+        }
+
+        my $cert = new PKI::TPS::CertInfo($name,
+                  $cert_dn, $certtag);
+        $::symbol{certs}[$i++] = $cert;
+    }
+
+    &PKI::TPS::Wizard::debug_log("NamePanel: getting CA info");
+    $::symbol{urls}        = [];
+    my $count = 0;
+
+    while (1) {
+      my $host = $::config->get("preop.securitydomain.ca$count.host");
+      if ($host eq "") {
+        goto DONE;
+      }
+      my $port = $::config->get("preop.securitydomain.ca$count.secureport");
+      my $name = $::config->get("preop.securitydomain.ca$count.subsystemname");
+      my $item = $name . " - https://" . $host . ":" . $port;
+      $::symbol{urls}[$count++] = $item;
+
+    }
+DONE:
+
+    $::symbol{urls}[$count++] = "External CA";
+    $::symbol{urls_size}   = $count+1;
+
+    return 1;
+}
+
+
+# arg0 filename containing certificate request
+# return certificate request plus header and footer
+sub extract_cert_req_from_file
+{
+    my $save_line = 0;
+
+    my $filename = $_[0];
+
+    my $fd = new FileHandle;
+
+    my $cert_request = "";
+
+    $fd->open( "<$filename" ) or die "Could not open '$filename'!\n";
+
+    while( <$fd> )
+    {
+        my $line = $_;
+        chomp( $line );
+
+        if( $line eq $cert_req_header ) {
+            $save_line = 1;
+            $cert_request .= "$line\n";
+        } elsif( $line eq $cert_req_footer ) {
+            $cert_request .= "$line\n";
+            $save_line = 0;
+            last;
+        } elsif( $save_line == 1 ) {
+            $cert_request .= "$line\n";
+        }
+    }
+
+    $fd->close();
+
+    return $cert_request;
+}
+
+# arg0 message containing certificate request
+# return certificate request sans header and footer
+sub extract_cert_req_from_file_sans_header_and_footer
+{
+    my $filename = $_[0];
+    my $save_line = 0;
+
+    my $fd = new FileHandle;
+
+    my $cert_request = "";
+
+    $fd->open( "<$filename" ) or die "Could not open '$filename'!\n";
+
+    while( <$fd> )
+    {
+        my $line = $_;
+        chomp( $line );
+
+        if( $line eq $cert_req_header ) {
+            $save_line = 1;
+        } elsif( $line eq $cert_req_footer ) {
+            $save_line = 0;
+            last;
+        } elsif( $save_line == 1 ) {
+            $cert_request .= "$line\n";
+        }
+    }
+
+    $fd->close();
+
+    return $cert_request;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/ReqCertInfo.pm b/pki/base/tps/lib/perl/PKI/TPS/ReqCertInfo.pm
new file mode 100755
index 000000000..8600ad1d1
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/ReqCertInfo.pm
@@ -0,0 +1,233 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::ReqCertInfo;
+$PKI::TPS::ReqCertInfo::VERSION = '1.00';
+
+our $cert_req_header="-----BEGIN NEW CERTIFICATE REQUEST-----";
+our $cert_req_footer="-----END NEW CERTIFICATE REQUEST-----";
+our $cert_header="-----BEGIN CERTIFICATE-----";
+our $cert_footer="-----END CERTIFICATE-----";
+
+sub new {
+    my ($class, $name, $dn, $tag) = @_;
+    my $self = {};
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: start new");
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: creating name: $name, dn: $dn, tag: $tag");
+
+    $self->{"getUserFriendlyName"} = \&get_user_friendly_name;
+    $self->{"getCertTag"} = \&get_cert_tag;
+    $self->{"getCert"} = \&get_cert;
+    $self->{"getCertpp"} = \&get_cert_pp;
+    $self->{"getRequest"} = \&get_request;
+    $self->{"getDN"} = \&get_dn;
+    $self->{"useDefaultKey"} = \&use_default_key;
+    $self->{"getCustomKeysize"} = \&get_custom_keysize;
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: end new");
+
+    $self->{name} = $name;
+    $self->{dn} = $dn;
+    $self->{tag} = $tag;
+
+    bless $self, $class;
+    return $self;
+}
+
+sub get_user_friendly_name
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_user_friendly_name");
+    return $self->{name};
+}
+
+sub readFile
+{
+    my $fn = $_[0];
+    open FILE, "< $fn" or return "";
+    my $content =  join "",<FILE>;
+    close FILE;
+
+    return $content;
+}
+
+sub wrap_lines
+{
+   my $lines = shift;
+    my $temp ;
+    foreach my $line (split "\n", $lines) {
+	if (length $line > 59) {
+    		$line =~ s/(.{0,60})/$1\n/g;
+	}
+	# get rid of a line that is just an empty newline
+	$line =~ s/^\n$//gms;
+	$temp .= $line;
+    }
+    # collapse multiple newlines into one
+    $temp =~ s/\n+/\n/gms;
+    $temp =~ s/\n$//gms;
+    $temp;
+
+}
+
+sub get_request
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_request");
+    # first, try to see if request has been made before
+#    my $req = readFile( "/var/lib/fpki-tps/conf/$self->{tag}_cert_request.txt");
+
+    my $req = $::config->get("preop.cert.$self->{tag}.certreq");
+    
+    $req = wrap_lines($req);
+    
+    if ($req ne "") {
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_request found existing request");
+        return $cert_req_header."\n".$req."\n".$cert_req_footer;;
+    } else {
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_request existing request not found");
+    }
+
+    return $req;
+}
+
+sub get_cert
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert");
+#   see if there is an existing cert
+#    my $cert =  readFile("/var/lib/fpki-tps/conf/".$self->{tag}."_cert.txt");
+    my $cert = $::config->get("preop.cert.$self->{tag}.cert");
+
+    $cert = wrap_lines($cert);
+    if ($cert ne "") {
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert found existing cert");
+        return $cert_header."\n".$cert."\n".$cert_footer;;
+    } else {
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert existing cert not found");
+    }
+    if ($cert eq "") {
+        $cert = "...paste certificate here...";
+    }
+
+
+    return $cert;
+}
+
+sub get_cert_pp
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert_pp");
+    my $instanceDir =  $::config->get("service.instanceDir");
+
+    my $hw;
+    my $tokenname = $::config->get("preop.module.token");
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: update got token name = $tokenname");
+
+    if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
+        $hw = "";
+    } else {
+        $hw = "-h $tokenname";
+    }
+
+    my $token_pwd = $::pwdconf->get($tokenname);
+    open FILE, ">$instanceDir/conf/.pwfile";
+    $token_pwd  =~ s/\n//g;
+    print FILE $token_pwd;
+    close FILE;
+
+    my $nickname = $::config->get("preop.cert.$self->{tag}.nickname");
+    if ($nickname eq "") {
+#XXX
+        $nickname = "TPS ".$self->{tag}." cert";
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert_pp nickname not found for $self->{tag}  -- try $nickname");
+    }
+    my $certpp="";
+#    my $found = -e "/var/lib/fpki-tps/conf/$self->{tag}_cert.txt";
+    my $cert = $::config->get("preop.cert.$self->{tag}.cert");
+
+    if ($cert ne "") {
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert_pp found request, ready to get prettyprint");
+        my $tmp = `certutil -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -n "$nickname" -L > $instanceDir/conf/$self->{tag}_cert_pp.txt`;
+        $certpp = readFile("$instanceDir/conf/$self->{tag}_cert_pp.txt");
+        $certpp =~ s/"//g;
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert_pp pp=$certpp");
+        $tmp =`rm $instanceDir/conf/$self->{tag}_cert_pp.txt`;
+    } else {
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert_pp cert not found, will not get prettyprint");
+    }
+    my $tmp = `rm $instanceDir/conf/.pwfile`;
+
+    return $certpp;
+}
+
+sub get_cert_tag
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert_tag");
+    return $self->{tag};
+}
+
+sub get_dn
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert_dn");
+    return $self->{dn};
+}
+
+sub use_default_key
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: use_default_key");
+    my $select = $::config->get("preop.cert.$self->{tag}.keysize.select");
+    if ($select ne "") {
+        if ($select eq "custom") {
+            &PKI::TPS::Wizard::debug_log("ReqCertInfo: use_default_key from config = $select returning 0");
+            return 0;
+        }
+    }
+
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: use_default_key returning 1");
+    return 1;
+}
+
+sub get_custom_keysize
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_custom_keysize");
+    my $keysize = $::config->get("preop.cert.$self->{tag}.keysize.customsize");
+    if ($keysize ne "") {
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_custom_keysize from config = $keysize");
+        return $keysize;
+    } else {
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_custom_keysize not from config");
+    }
+    return 2048;
+}
+
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm
new file mode 100755
index 000000000..c2756cbe0
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm
@@ -0,0 +1,106 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use XML::Simple;
+use Data::Dumper;
+
+package PKI::TPS::SecurityDomainPanel;
+$PKI::TPS::SecurityDomainPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(1);
+    $self->{"getName"} = &PKI::TPS::Common::r("Security Domain");
+    $self->{"vmfile"} = "securitydomainpanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("SecurityPanel: validate");
+
+    return 1;
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("SecurityPanel: display");
+    $::symbol{panelname} = "Security Domain";
+    $::symbol{sdomainName} = "Security Domain";
+    my $hostname = $::config->get("service.machineName");
+    $::symbol{sdomainURL} = "https://" . $hostname . ":9443";
+
+    return 1;
+}
+
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("SecurityPanel: update");
+    my $sdomainURL = $q->param("sdomainURL");
+
+    if ($sdomainURL eq "") {
+        &PKI::TPS::Wizard::debug_log("SecurityPanel: sdomainURL not found");
+        $::symbol{errorString} = "Security Domain URL not found";
+        return 0;
+    }
+
+    # save url in CS.cfg
+    &PKI::TPS::Wizard::debug_log("SecurityPanel: sdomainURL=" . $sdomainURL);
+    $::config->put("config.sdomainURL", $sdomainURL);
+    $::config->commit();
+
+    return 1;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/SizePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/SizePanel.pm
new file mode 100755
index 000000000..3ccf1a225
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/SizePanel.pm
@@ -0,0 +1,236 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use PKI::TPS::CertInfo;
+
+package PKI::TPS::SizePanel;
+$PKI::TPS::SizePanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(11);
+    $self->{"getName"} = &PKI::TPS::Common::r("Key Pairs");
+    $self->{"vmfile"} = "sizepanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("SizePanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("SizePanel: update");
+
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $done = $::config->get("preop.SizePanel.done");
+    my $genKeyPair = $q->param('generateKeyPair');
+    &PKI::TPS::Wizard::debug_log("SizePanel: update generateKeyPair value=$genKeyPair");
+    if ($done eq "true") {
+        if ($genKeyPair eq "") {
+            &PKI::TPS::Wizard::debug_log("SizePanel: update generateKeyPair value not found, turn to off");
+            $genKeyPair = "off";
+        }
+    } else {
+        # firstime should always generate keys
+        $genKeyPair = "on";
+    }
+
+    foreach my $certtag (@PKI::TPS::Wizard::certtags) { 
+        my $select = $q->param($certtag.'_choice');
+        my $keytype = $q->param($certtag.'_keytype');
+        my $size = $q->param($certtag.'_custom_size');
+
+        &PKI::TPS::Wizard::debug_log("SizePanel: update $certtag _choice=$select $certtag _keytype=$keytype customsize= $size");
+
+        $::config->put("preop.keysize.select", $select);
+        $::config->put("preop.cert.".$certtag.".keysize.select", $select);
+
+        if (! isSupportedSize($keytype, $size)) {
+            &PKI::TPS::Wizard::debug_log("SizePanel: update size $size not supported");
+            return 0;
+        }
+        $::config->put("preop.cert.".$certtag.".keysize.customsize", $size);
+            $::config->put("preop.cert.".$certtag.".keytype", $keytype);
+
+        if ($select eq "default") {
+            my $defaultSize = getDefaultSize($keytype);
+            &PKI::TPS::Wizard::debug_log("SizePanel: update in default, defaultsize = $defaultSize");
+            $::config->put("preop.keysize.customsize", $defaultSize);
+            $::config->put("preop.keysize.size", $defaultSize);
+            $::config->put("preop.cert.".$certtag.".keysize.size", $defaultSize);
+
+        } elsif ($select eq "custom") {
+            &PKI::TPS::Wizard::debug_log("SizePanel: update in custom, customsize = $size");
+            $::config->put("preop.keysize.size", $size);
+            $::config->put("preop.cert.".$certtag.".keysize.size", $size);
+        }
+
+        if ($genKeyPair eq "on") {
+            $::config->put("preop.cert.".$certtag.".certreq", "");
+            $::config->put("preop.cert.".$certtag.".cert", "");
+        }
+    }
+#XXX should have better error checking to work better
+    $done = $::config->put("preop.SizePanel.done", "true");
+    $::config->commit();
+
+    return 1;
+}
+
+sub getDefaultSize {
+    my $keytype = $_[0];
+
+    if ($keytype eq "ecc") {
+        return 256;
+    } elsif ($keytype eq "rsa") {
+        return 2048;
+    }
+
+    $::symbol{errorString} = "Unsupported keytype $keytype";
+    return 0;
+}
+
+sub isSupportedSize {
+    my $keytype = $_[0];
+    my $size = $_[1];
+
+    if (($keytype eq "ecc") && ($size ne "256")) {
+        &PKI::TPS::Wizard::debug_log("SizePanel: isSupportedSize ECC only supports size 256");
+        $::symbol{errorString} = "Unsupported Size $size. ECC only supports size 256";
+        return 0;
+    }
+
+    if (($size eq "256") || ($size eq "512") || ($size eq "1024") ||
+        ($size eq "2048") || ($size eq "4096")) {
+        return 1;
+    }
+    # wrong size
+    $::symbol{errorString} = "Unsupported Size $size. RSA only supports sizes 256, 512, 1024, 2048, and 4096";
+    return 0;
+}
+
+sub display
+{
+    my ($q) = @_;
+
+    &PKI::TPS::Wizard::debug_log("SizePanel: display");
+
+    my $done = $::config->get("preop.SizePanel.done");
+    &PKI::TPS::Wizard::debug_log("SizePanel: display is panel done? $done");
+    if ($done eq "true") {
+        $::symbol{firsttime} = "false";
+    } else {
+        $::symbol{firsttime} = "true";
+    } 
+
+    my $domain_name = $::config->get("preop.securitydomain.name");
+    if ($domain_name eq "") {
+        $domain_name = "TPS Domain";
+    }
+
+    my $machine_name =  $::config->get("service.machineName");
+    my $instance_id = $::config->get("service.instanceID");
+
+    my $i = 0;
+    foreach my $certtag (@PKI::TPS::Wizard::certtags) { 
+        my $cert_dn = $::config->get("preop.cert.".$certtag.".dn");
+        if ($cert_dn eq "") {
+            if ($certtag eq "subsystem") {
+                $cert_dn = "CN=TPS Subsystem, " .
+                  "OU=" . $instance_id . ", " .
+                  "O=" . $domain_name;
+            } elsif ($certtag eq "sslserver") {
+                $cert_dn ="CN=" . $machine_name . ", " .
+                  "OU=" . $instance_id . ", " .
+                  "O=" . $domain_name;
+            } else {
+                $cert_dn = $certtag;
+            }
+        }
+        my $name = $::config->get("preop.cert.".$certtag.".userfriendlyname");
+        if ($name eq "") {
+            $name = $certtag."Cert ".$instance_id;
+        }
+        my $cert = new PKI::TPS::CertInfo($name,
+                  $cert_dn, $certtag);
+        $::symbol{certs}[$i++] = $cert;
+    }
+
+    #for "common key settings"
+    my $select = $::config->get("preop.keysize.select");
+    if ($select ne "") {
+        &PKI::TPS::Wizard::debug_log("SizePanel: display keysize select= $select");
+        $::symbol{select} = $select;
+    } else {
+        $::symbol{select} = "default";
+    }
+    my $default_size = $::config->get("preop.keysize.size");
+    if ($default_size eq "") {
+        $::symbol{default_keysize} = 2048;
+    } else {
+        $::symbol{default_keysize} = $default_size;
+    }
+    my $custom_size = $::config->get("preop.keysize.customsize");
+    if ($custom_size eq "") {
+        $::symbol{custom_size} = 2048;
+    } else {
+        $::symbol{custom_size} = $default_size;
+    }
+
+
+    return 1;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/SubsystemTypePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/SubsystemTypePanel.pm
new file mode 100755
index 000000000..dba4aa33a
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/SubsystemTypePanel.pm
@@ -0,0 +1,136 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::SubsystemTypePanel;
+$PKI::TPS::SubsystemTypePanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(3);
+    $self->{"getName"} = &PKI::TPS::Common::r("Subsystem Type");
+    $self->{"vmfile"} = "createsubsystempanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("SubsystemTypePanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("SubsystemTypePanel: update");
+    $::symbol{systemname} = "Token Processing ";
+    $::symbol{subsystemName} = "Token Processing System";
+    $::symbol{fullsystemname} = "Token Processing System ";
+    $::symbol{machineName} = "localhost";
+    $::symbol{https_port} = "7889";
+    $::symbol{check_clonesubsystem} = " ";
+    $::symbol{check_newsubsystem} = " ";
+    $::symbol{disableClone} = 1;
+
+    my $subsystemName = $q->param('subsystemName');
+    $::config->put("preop.subsystem.name", $subsystemName);
+    $::config->commit();
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("SubsystemTypePanel: display");
+    $::symbol{systemname} = "Token Processing ";
+    $::symbol{subsystemName} = "Token Processing System";
+    $::symbol{fullsystemname} = "Token Processing System ";
+
+    my $machineName = $::config->get("service.machineName");
+    my $securePort = $::config->get("service.securePort");
+    my $unsecurePort = $::config->get("service.unsecurePort");
+
+
+    $::symbol{machineName} = $machineName;
+    $::symbol{https_port} = $securePort;
+    $::symbol{check_clonesubsystem} = "";
+    $::symbol{check_newsubsystem} = "checked ";
+
+    my $session_id = $q->param("session_id");
+    $::config->put("preop.sessionID", $session_id);
+    $::config->commit();
+
+    $::symbol{urls}        = [];
+    my $count = 0;
+    while (1) {
+      my $host = $::config->get("preop.securitydomain.tps$count.host");
+      if ($host eq "") {
+        goto DONE;
+      }
+      my $port = $::config->get("preop.securitydomain.tps$count.secureport");
+      my $name = $::config->get("preop.securitydomain.tps$count.subsystemname");
+      unshift(@{$::symbol{urls}}, "https://" . $host . ":" . $port);
+      $count++;
+    }
+DONE:
+    $::symbol{urls_size}   = $count;
+
+#    if ($count == 0) {
+      $::symbol{disableClone} = 1;
+#    }
+
+    # XXX - how to deal with urls
+    return 1;
+}
+
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/TKSInfoPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/TKSInfoPanel.pm
new file mode 100755
index 000000000..bfdaa0ed6
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/TKSInfoPanel.pm
@@ -0,0 +1,133 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use URI::URL;
+
+package PKI::TPS::TKSInfoPanel;
+$PKI::TPS::TKSInfoPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(5);
+    $self->{"getName"} = &PKI::TPS::Common::r("TKS Information");
+    $self->{"vmfile"} = "tksinfopanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("TKSInfoPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("TKSInfoPanel: update");
+
+    my $count = $q->param('urls');
+
+    my $instanceID = $::config->get("service.instanceID");
+
+    my $host = "";
+    my $port = "";
+    if ($count =~ /http/) {
+      my $info = new URI::URL($count);
+      $host = $info->host;
+      $port = $info->port;
+      if (($host eq "") || ($port eq "")) {
+        $::symbol{errorString} = "no TKS found.  CA, TKS and optionally DRM must be installed prior to TPS installation";
+        return 0;
+      }
+      $::config->put("preop.tksinfo.select", $count);
+    } else {
+      $host = $::config->get("preop.securitydomain.tks$count.host");
+      $port = $::config->get("preop.securitydomain.tks$count.secureport");
+      if (($host eq "") || ($port eq "")) {
+        $::symbol{errorString} = "no TKS found.  CA, TKS and optionally DRM must be installed prior to TPS installation";
+        return 0;
+      }
+      $::config->put("preop.tksinfo.select", "https://$host:$port");
+    }
+    my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname");
+    $::config->put("conn.tks1.clientNickname", $subsystemCertNickName);
+    $::config->put("conn.tks1.hostport", $host . ":" . $port); 
+    $::config->commit();
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("TKSInfoPanel: display");
+    $::symbol{urls}        = [];
+    my $count = 0;
+    while (1) {
+      my $host = $::config->get("preop.securitydomain.tks$count.host");
+      if ($host eq "") {
+        goto DONE;
+      }
+      my $port = $::config->get("preop.securitydomain.tks$count.secureport");
+      my $name = $::config->get("preop.securitydomain.tks$count.subsystemname");
+      $::symbol{urls}[$count++] = $name . " - https://" . $host . ":" . $port;
+    }
+DONE:
+    $::symbol{urls_size}   = $count;
+    if ($count eq 0) {
+      $::symbol{errorString} = "no TKS found.  CA, TKS and optionally DRM must be installed prior to TPS installation";
+      return 0;
+    }
+
+    return 1;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/WelcomePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/WelcomePanel.pm
new file mode 100755
index 000000000..252bf4f1d
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/WelcomePanel.pm
@@ -0,0 +1,89 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::WelcomePanel;
+$PKI::TPS::WelcomePanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&PKI::TPS::Common::no;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(0);
+    $self->{"getName"} = &PKI::TPS::Common::r("Welcome");
+    $self->{"vmfile"} = "welcomepanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("WelcomePanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("WelcomePanel: update");
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("XXX " . $::config->get("logging.debug.enable"));
+    &PKI::TPS::Wizard::debug_log("WelcomePanel: display");
+    $::symbol{wizardname}  = "TPS Configuration Wizard";
+    $::symbol{systemname}  = "TPS";
+    $::symbol{fullsystemname}  = "Token Processing System";
+
+    return 1;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/wizard.pm b/pki/base/tps/lib/perl/PKI/TPS/wizard.pm
new file mode 100755
index 000000000..075893da2
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/wizard.pm
@@ -0,0 +1,479 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+# wizard - 
+#  Fedora Certificate System - Token Processing System configuration wizard
+
+
+# This script is run as a 'mod_perl' CGI. Configure mod_perl by adding
+# the following to /etc/httpd/conf.d/perl.conf
+#
+# PerlModule ModPerl::Registry
+# PerlModule Apache::compat
+# PerlModule RHCS::TPS::Wizard
+# PerlSetEnv RHCS_DOCROOT /u/sparkins/t/cs_tip/certsystem/prj/common/ui
+# <Location /wizard>
+#    SetHandler perl-script
+#    PerlHandler RHCS::TPS::Wizard
+#    Order deny,allow
+#    Allow from all
+# </Location>
+
+
+# Note: The Velocity parser is not very helpful when it comes to
+# errors right now. Here are some common errors, and what they mean:
+#
+# ERROR:
+#    [Mon Apr 03 13:57:33 2006] [error] [client 172.16.24.26] 
+#    Can't use string ("0") as an ARRAY ref while "strict refs" 
+#    in use at /usr/lib/perl5/site_perl/5.8.5/Template/Velocity.pm
+#    line 423.\n, referer: http://chico/wizard?p=2
+# MEANING
+#    This probably means that your *.vm file refers to an array
+#    variable in a foreach statement that is not defined
+#    Check your foreach array variables.
+
+use warnings;
+use ModPerl::Registry;
+use Template::Velocity;
+use Getopt::Std;
+use Data::Dumper;
+use CGI::Carp qw(fatalsToBrowser);
+use CGI;
+use APR::Const    -compile => qw(:error SUCCESS);
+use PKI::TPS::GlobalVar;
+use PKI::TPS::WelcomePanel;
+use PKI::TPS::SecurityDomainPanel;
+use PKI::TPS::DisplayCertChainPanel;
+use PKI::TPS::SubsystemTypePanel;
+use PKI::TPS::CAInfoPanel;
+use PKI::TPS::TKSInfoPanel;
+use PKI::TPS::DRMInfoPanel;
+use PKI::TPS::DisplayCertChain2Panel;
+use PKI::TPS::AdminAuthPanel;
+use PKI::TPS::AgentAuthPanel;
+use PKI::TPS::AuthDBPanel;
+use PKI::TPS::DatabasePanel;
+use PKI::TPS::ModulePanel;
+use PKI::TPS::SizePanel;
+use PKI::TPS::NamePanel;
+use PKI::TPS::ConfigHSMLoginPanel;
+use PKI::TPS::CertRequestPanel;
+use PKI::TPS::AdminPanel;
+use PKI::TPS::ImportAdminCertPanel;
+use PKI::TPS::DonePanel;
+use PKI::TPS::Config;
+
+use PKI::TPS::Common qw(yes no r);
+
+package PKI::TPS::Wizard;
+$PKI::TPS::Wizard::VERSION = '1.00';
+
+# read configuration file
+my $flavor = `pkiflavor`;
+$flavor =~ s/\n//g;
+
+my $pkiroot = $ENV{PKI_ROOT};
+
+my $config = PKI::TPS::Config->new();
+$config->load_file("$pkiroot/conf/CS.cfg");
+# read password cache file
+my $pwdconf = PKI::TPS::Config->new();
+$pwdconf->load_file("$pkiroot/conf/pwcache.conf");
+
+# create cfg debug log
+open(DEBUG, ">>" . $config->get("service.instanceDir") . 
+                "/logs/debug");
+
+# apache server
+
+our $debug;
+
+my $STATUS_OK = 0; # Apache 2 needs this to be zero
+my $STATUS_ERROR = 2;
+my $STATUS_REDIRECT = 3;
+
+&debug_log("TPS wizard: starting up");
+  
+my $docroot = $ENV{PKI_DOCROOT};
+
+if (! $docroot) {
+    &debug_log("TPS wizard: ERROR: PKI_DOCROOT is null");
+    return 0;
+}
+
+our $parser = new Template::Velocity($docroot);
+our $symbol;
+our @certtags;
+
+makepanels();
+
+&debug_log("TPS wizard: start up complete");
+
+1;
+
+sub debug_log
+{
+  my ($msg) = @_;
+  my $date = `date`;
+  chomp($date);
+  print DEBUG "$date - $msg\n";
+}
+
+  # initializes entries in parser's global symbol table for panels
+sub makepanels
+{
+    #REAL PANELS BELOW
+    my $welcome = new  PKI::TPS::WelcomePanel();
+    my $securitydomain = new PKI::TPS::SecurityDomainPanel();
+    my $displaycertchain = new PKI::TPS::DisplayCertChainPanel();
+    my $subsystem = new PKI::TPS::SubsystemTypePanel();
+    my $cainfopanel = new PKI::TPS::CAInfoPanel();
+#    my $displaycertchain2 = new PKI::TPS::DisplayCertChain2Panel();
+    my $tksinfopanel = new PKI::TPS::TKSInfoPanel();
+    my $drminfopanel = new PKI::TPS::DRMInfoPanel();
+    my $authdbpanel = new  PKI::TPS::AuthDBPanel();
+    my $databasepanel = new  PKI::TPS::DatabasePanel();
+    my $modulepanel = new PKI::TPS::ModulePanel();
+    my $confighsmloginpanel = new PKI::TPS::ConfigHSMLoginPanel();
+    my $sizepanel   = new PKI::TPS::SizePanel();
+    my $namepanel   = new  PKI::TPS::NamePanel();
+    my $certrequestpanel = new  PKI::TPS::CertRequestPanel();
+    my $adminpanel = new PKI::TPS::AdminPanel();
+    my $importadmincertpanel = new  PKI::TPS::ImportAdminCertPanel();
+    my $donepanel = new PKI::TPS::DonePanel();
+
+    $symbol{panels}  = [ 
+        $welcome,           # com.netscape.cms.servlet.csadmin.WelcomePanel
+        $securitydomain,    # com.netscape.cms.servlet.csadmin.SecurityDomainPanel
+        $displaycertchain,  # com.netscape.cms.servlet.csadmin.DisplayCertChainPanel
+        $subsystem,         # com.netscape.cms.servlet.csadmin.CreateSubsystemPanel
+        $cainfopanel,       # com.netscape.cms.servlet.csadmin.CAInfoPanel
+#        $displaycertchain2,  # com.netscape.cms.servlet.csadmin.DisplayCertChain2Panel
+        $tksinfopanel,       # com.netscape.cms.servlet.csadmin.TKSInfoPanel
+        $drminfopanel,       # com.netscape.cms.servlet.csadmin.DRMInfoPanel
+        $authdbpanel,     # com.netscape.cms.servlet.csadmin.DatabasePanel
+        $databasepanel,     # com.netscape.cms.servlet.csadmin.DatabasePanel
+        $modulepanel,       # com.netscape.cms.servlet.csadmin.ModulePanel
+        $confighsmloginpanel,        # com.netscape.cms.servlet.csadmin.ConfigHSMLoginPanel
+        $sizepanel,         # com.netscape.cms.servlet.csadmin.SizePanel
+        $namepanel,         # com.netscape.cms.servlet.csadmin.NamePanel
+        $certrequestpanel,  # com.netscape.cms.servlet.csadmin.CertRequestPanel
+        $adminpanel,        # com.netscape.cms.servlet.csadmin.AdminPanel
+        $importadmincertpanel,  # com.netscape.cms.servlet.csadmin.ImportAdminCertPanel
+        $donepanel,         # com.netscape.cms.servlet.csadmin.DonePanel</param-value>
+    ];
+};
+
+sub render_panel
+{
+    my ($panelnum, $q) = @_;
+
+    $symbol{errorString} = "";
+
+    my $currentpanel;
+
+    if ($q->param('op') && $q->param('op') eq "next") {
+        $currentpanel = $symbol{panels}[$panelnum];
+        # validate variables for panel
+        if ($currentpanel->{validate}) {
+            $currentpanel->{validate}($q);
+        }
+        # execute current panel
+        my $status = "0";
+
+        if ($currentpanel->{update}) {
+            $status = $currentpanel->{update}($q);
+            &debug_log("TPS wizard: update returns status '" . 
+			$status . "'");
+            if ($status == $STATUS_REDIRECT) {
+              return $STATUS_REDIRECT;
+            }
+           
+	}
+
+        &debug_log("TPS wizard: about to find out about sub panel");
+        if ($status eq "1") {
+          if ($currentpanel->{hasSubPanel} && &{$currentpanel->{hasSubPanel}}($q)) {
+              &debug_log("TPS wizard: has sub panel");
+              $panelnum = $panelnum + 2;
+	  } elsif ($currentpanel->{isSubPanel} && &{$currentpanel->{isSubPanel}}($q)) {
+              &debug_log("TPS wizard: is sub panel");
+              $panelnum = $panelnum - 1;
+          } else {
+              &debug_log("TPS wizard: no sub panel and is not subpanel");
+              $panelnum = $panelnum + 1;
+          }
+        }
+    } elsif ($q->param('op') && $q->param('op') eq "back") {
+            $panelnum = $panelnum - 1;
+            #check if this a subpanel, if so, go back to it's parent.
+            #only handles one-deep at this point
+            my $panel = $symbol{panels}[$panelnum];
+            if (&{$panel->{isSubPanel}}($q)) {
+                $panelnum = $panelnum - 1;
+	    }
+    } elsif ($q->param('op') && $q->param('op') eq "apply") {
+        &debug_log("TPS wizard: update : apply button pressed");
+        $currentpanel = $symbol{panels}[$panelnum];
+        # validate variables for panel
+        if ($currentpanel->{validate}) {
+            $currentpanel->{validate}($q);
+        }
+        # execute current panel
+        if ($currentpanel->{update}) {
+            my $status = $currentpanel->{update}($q);
+            &debug_log("TPS wizard: update returns status '" . 
+			$status . "'");
+            if ($status == $STATUS_REDIRECT) {
+              return $STATUS_REDIRECT;
+            }
+           
+	}
+    }
+
+    &debug_log("TPS wizard: after looking into about sub panel");
+
+    # advance to next panel
+    $currentpanel = $symbol{panels}[$panelnum];
+
+    # initialize symbol table values
+    $symbol{showApplyButton} = "false";
+
+    # fill in variables for new panel
+    if ($currentpanel->{panelvars}) {
+        $Data::Dumper::Indent = 1;
+ 	    &debug_log("q=".Dumper($q));
+        $currentpanel->{panelvars}($q);
+    }
+
+    $symbol{panel} = "tps/admin/console/config/".$currentpanel->{vmfile};
+
+    #wizard.vm:
+    $symbol{name}    = "Token Processing System";
+    $symbol{title}   = $currentpanel->{getName}();
+    if ($panelnum == 0) {
+      $symbol{firstpanel} = "1";
+    } else {
+      $symbol{firstpanel} = "0";
+    }
+    if ($panelnum == 16) {
+      $symbol{lastpanel}  = "1";
+    } else {
+      $symbol{lastpanel}  = "0";
+    }
+    $symbol{p}        = $panelnum;
+    $symbol{subpanelno}        = $panelnum+1;
+    $symbol{productversion}    = "1.0.0";
+    $symbol{csstate}        = "1";
+
+#    $symbol{urls}        = [ "cert1", "cert2" ];  #createsubsystem
+#    $symbol{urls_size}   = 2;
+#    $symbol{instanceId}  = "tps";
+#    $symbol{errorString}  = "";
+
+    #modulepanel
+#    $symbol{certs}   = [ ];
+#    $symbol{reqscerts}   = [ ];
+    $symbol{ppcerts}   = [ ];
+
+    return $STATUS_OK;
+}
+
+
+
+sub dbg {
+    my $msg = shift;
+    $::symbol{dbg} .= "$msg\n";
+}
+
+sub handler {
+    my $r = shift;
+
+    *::symbol = \%symbol;
+    *::s = \$s;
+    *::config = \$config;
+    *::pwdconf = \$pwdconf;
+
+    &debug_log("TPS wizard: in handler");
+    if ($#ARGV == -1) {
+        $r->send_http_header('text/html');
+    }
+
+    my $q = new CGI;
+
+    # check cookie
+    my $cookie = $q->cookie('pin');
+    my $pin = $::config->get("preop.pin");
+    if ($cookie ne $pin) {
+         print $q->redirect("login");
+         return;
+    }
+
+    # output http parameters
+    &debug_log("TPS wizard: uri='" . $ENV{REQUEST_URI} . "'");
+    my @pnames = $q->param();
+    foreach $pn (@pnames) {
+      if ($pn =~ /^__/) {
+        &debug_log("TPS wizard: http parameter name='" . $pn . "' value='(sensitive)'");
+      } else {
+        &debug_log("TPS wizard: http parameter name='" . $pn . "' value='" . $q->param($pn) . "'");
+      }
+    }
+
+    my $panelnum = $q->param('p');
+    if (!defined($panelnum) || $panelnum eq "") {
+      # Apache fails to pick up the p parameter after 
+      # redirecting from the security domain. This is 
+      # a quick hack to solve the issue.
+      if ($ENV{'QUERY_STRING'} ne "") {
+        $ENV{'QUERY_STRING'} =~ /p=([0-9]+)&/;
+        $panelnum = $1;
+      }
+    }
+
+    use subs qw(debug);
+    *debug = \&Template::Velocity::Executor::debug;
+
+    $::symbol{dbg} = "";
+
+    &debug_log("TPS wizard: before argparsing");
+    if ($#ARGV == -1) {
+     $Data::Dumper::Maxdepth = 7;
+        $startfile = "tps/admin/console/config/wizard.vm";
+    }
+
+    &debug_log("TPS wizard: setting up test objects");
+
+    #initialize from config file
+    my $certlist = $::config->get("preop.cert.list");
+    if ($certlist eq "") {
+       $certlist = "sslserver,subsystem"; 
+    }
+    @certtags = split(/,/, $certlist);
+    $numtags =  @certtags;
+    if ($numtags eq 0) {
+         @certtags = ("sslserver", "subsystem");
+    }
+    &debug_log("TPS wizard: found $numtags certtags");
+
+    if (! $panelnum) {
+        $panelnum = 0;
+    }
+
+    my $status = render_panel($panelnum, $q);
+    if ($status == 3) {
+        $r->header_out(Location => $symbol{redirect});
+        $r->status(301);
+        $r->send_http_header();
+        return;
+    }
+
+    use Data::Dumper;
+    &debug_log("TPS wizard: executing file $startfile");
+    foreach $q (sort keys %symbol) {
+        &debug_log("TPS wizard:/config/wizard?p=9&SecToken=NSS%20Generic%20Crypto%20Services sym{$q}=".$symbol{$q});
+    }
+
+    my $result;
+    if ($q->param("xml") eq "true") {
+        $r->send_http_header('text/xml');
+        $result = "<xml>";
+        foreach $s (sort keys %symbol) {
+          if ($s =~ /^__/) {
+              next;
+          }
+          $result .= "<" . $s . ">"; 
+          my $v = $symbol{$s};
+          $result .= &get_xml($s, $v);
+          $result .= "</" . $s . ">"; 
+        }
+        $result .= "</xml>";
+    } else {
+      $result = $parser->execute_file($startfile);
+      if (!defined $result) {
+          die("Couldn't execute template file: $docroot/$startfile");
+      }
+    }
+
+    print "$result\n";
+    return $STATUS_OK;
+}
+
+sub escape_xml
+{
+  my ($v) = @_;
+  $v =~ s/\"/&quot;/g;
+  $v =~ s/\'/&apos;/g;
+  $v =~ s/\&/&amp;/g;
+  $v =~ s/</&lt;/g;
+  $v =~ s/>/&gt;/g;
+  return $v;
+}
+
+sub get_xml 
+{
+    my ($s, $v) = @_;
+
+    my $result;
+    if (ref($v) eq "HASH") {
+      foreach my $xkey (keys %$v) {
+              $result .= "<" . $xkey . ">";
+              $result .= &get_xml($xkey, $v{$xkey});
+          #    $result .= "-" . ref($xkey);
+              $result .= "</" . $xkey . ">";
+            }
+    } elsif (ref($v) eq "PKI::TPS::CertInfo") {
+              my $certinfo = $v;
+              $result .= "<certinfo>";
+              $result .= "<dn>" . $certinfo->get_dn() ."</dn>";
+              $result .= "<tag>" . $certinfo->get_cert_tag() . "</tag>";
+              $result .= "<friendly>" . $certinfo->get_user_friendly_name() .
+                             "</friendly>";
+              $result .= "</certinfo>";
+    } elsif (ref($v) eq "PKI::TPS::ReqCertInfo") {
+              my $reqcertinfo = $v;
+              $result .= "<reqcertinfo>";
+              $result .= "<name>" . $reqcertinfo->get_user_friendly_name() ."</name>";
+              $result .= "<req>" . $reqcertinfo->get_request() ."</req>";
+              $result .= "<cert>" . $reqcertinfo->get_cert() ."</cert>";
+              $result .= "<certpp>" . &escape_xml($reqcertinfo->get_cert_pp()) ."</certpp>";
+              $result .= "<tag>" . $reqcertinfo->get_cert_tag() ."</tag>";
+              $result .= "<dn>" . $reqcertinfo->get_cert_tag() ."</dn>";
+              $result .= "</reqcertinfo>";
+    } elsif (ref($v) eq "ARRAY") {
+            my $pos = 0;
+            foreach my $item (@$v) {
+              $result .= "<element>";
+              $result .= &get_xml("p" . $pos, $item);
+          #    $result .= "-" . ref($item);
+              $result .= "</element>";
+              $pos++;
+            }
+    } else {
+            $result .= &escape_xml($v);
+    }
+  return $result;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/Template/Velocity.pm b/pki/base/tps/lib/perl/Template/Velocity.pm
new file mode 100755
index 000000000..d276a75ce
--- /dev/null
+++ b/pki/base/tps/lib/perl/Template/Velocity.pm
@@ -0,0 +1,1052 @@
+#!/usr/bin/pkiperl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+
+use strict;
+
+package Template::Velocity::Executor;
+sub new;
+
+package Template::Velocity;
+
+
+# The Template::Velocity package implements a Template execution
+# engine similar to the Java Velocity package.
+
+use Parse::RecDescent;
+use Data::Dumper;
+
+
+$Template::Velocity::parser;
+
+our  $docroot="docroot";
+our  $parser;
+my %parsetrees = ();
+my $debugflag = 0;
+
+
+#GRAMMAR defined here
+
+my $vmgrammar = q{
+
+	{
+			use Data::Dumper;
+			sub Dumper
+			{
+				$::debugdumper = undef;
+				if ($::debugflag && $::debugdumper ) { return Data::Dumper(@_); }
+				else {""};
+			}
+
+	}
+	
+
+# Template is the top-level object
+	template: <skip:'[ \t]*'> section(s) /\Z/
+
+	section: blockdirective
+		   | nonblockdirective
+		   | plainline 
+
+	blockdirective: ifblock
+				  | foreachblock
+
+	plainline : <skip:''> /[ \t]*/ ...!'#' linecomp(s?) /\n*/
+
+	HASH: '#'
+
+# HMM - this doesn't handle multiple variables on one line?
+	linecomp: variable 
+	        | <skip:'[ \t]*'> /[^\$\n]*/
+
+	nonblockdirective: '#' 'include' <commit> includeargs /\n*/ {  $item[4] ; }
+					 | '#' 'parse'   <commit> parseargs   /\n*/ {  $item[4] ; }
+					 | '#' 'set'     <commit> setargs     /\n*/ {  $item[4] ; }
+ 					 | <error:unknown command $text>
+
+
+	ifblock: ifdirective section(s) elseclause(?) enddirective 
+
+
+# this bubbles up the result of the expression inside the if()
+# which is from the 'ifargs' rule
+ 	ifdirective: '#' 'if' <skip:'[ \t]*'> ifargs /\n/  
+
+ 	enddirective: <skip:'[ \t]*'> '#' 'end' "\n"
+
+	elseclause: elsedirective section(s) 
+
+ 	elsedirective: '#' 'else' "\n"
+
+	foreachblock: foreachdirective section(s) enddirective
+
+ 	foreachdirective: '#' 'foreach' foreachargs "\n"
+
+   ifargs:        '(' expression ')' 
+			| <error:Argument to if must be an expression: $text>
+
+   foreachargs:   '(' variablename 'in' variable ')'
+			|  <error:Arguments to 'foreach' must be of form \$a in \$b: $text>
+
+   includeargs:   '(' string ')'
+			|  <error:invalid argument to include: $text>
+
+   parseargs:   '(' expression ')'
+			|  <error:invalid argument to parsearges: $text>
+
+
+   setargs:   <skip:'[ \t]*'>  '(' assignment ')'  
+			|  <error:Argument to set must be an assignment : $text>
+
+
+# expression evaluation
+
+# this goes roughly in order of precendence:
+#   ==
+#   &&, ||
+#   +, -
+#   *
+#   !
+
+# does not properly distinguish between lvalues and rvalues
+
+
+    expression: boolean
+			  | <error>
+
+
+    assignment: variablename '=' boolean 
+
+    boolean:    equality (boolean_operator equality)(?)
+
+	boolean_operator:     ( '&&' | '||' )
+
+	equality:   summation (equality_operator summation)(?)
+			
+
+	equality_operator:    ( '==' | '!=' )
+
+    summation:   product (summation_operator summation)(?)
+
+	summation_operator:   ( '+' | '-' )
+
+
+# must parenthesize operator '*' to get it to appear in the $item array
+
+    product:   negation ('*' product)(?)
+
+#XXX need to implement
+	negation:   notoperator(?) factor 
+
+	notoperator: "!"
+
+    factor:      number
+		|        string
+        |        variable
+
+
+
+#  These rules deal with variables
+#  handles $process
+#          $file.executablename
+#          $process.getpid()
+#          $person.getparent().getbrother().slap()
+#          $fred.getchildren()
+
+#   You'd make a dependency on the 'variable' rule if you want the value
+#   of the variable.
+#   You'd make a dependency on the 'variablename' rule if you want the
+#   name of the variable.
+#   (There's no real difference here - the expression evaluation is
+#   in the variable() subroutine)
+
+	variable:  variablename { ["variable", $item[1][1] ]; }
+
+	variablename: '$' identifier subfield(s?)
+		{
+			my $variableinfo = { 
+					top    => $item{identifier}, 
+					fields => $item{'subfield(s?)'}
+				};
+   			$return = [ "variablename", \$variableinfo ];
+		}
+
+	subfield:     '.' identifier arglist(?)
+		{
+			my $d;
+			my $a = $item{"arglist(?)"};
+			my $args;
+			
+			#::debug "arglist = ".Dumper($a)."\n";
+			if ($a) {
+
+				my ($argcount, $al, $alpresent);
+			
+				#$args = @{$a}->[2];
+				$args = $a->[0][2];
+				#::debug "arglist args=".Dumper($args)."\n";
+				$alpresent = $args;
+				$argcount = $#$args;
+				if ($alpresent && $argcount == -1) {
+					$args->[0] = [ ];
+				}
+			}
+
+			#::debug "arglist identifier=".$item{identifier}."\n";
+			$return = [ "subfield", { 
+					fieldname => $item{identifier},
+					arglist   => $args->[0],
+					} ];
+		}
+
+	arglist:      '(' list(?) ')'
+
+    list:         expression (',' list)(s?)
+	
+
+# Basic data types
+# identifiers, numbers and strings
+
+	identifier:  /[A-Za-z0-9_]+/ { $item[1]; }
+
+    number: /\d+/   {$item[1]; }
+
+	#XXX skip is all wrong here... should be in []
+    string:   <skip:'[ \t]'>   '"' <skip:""> /[^"]*/ '"' { $return = ["string",$item[4]]; }
+          |   <skip:'[ \t]'>   "'" <skip:""> /[^']*/ "'" { $return = ["string",$item[4]]; }
+
+
+# other literals
+	whitespace:  /\s*/
+
+  
+};
+
+
+# Get a parser object (transforming the built-in text grammar into RecDescent
+# data structure). This object can be reused for parsing multiple velocity files
+sub new
+{
+	#$::debugflag = 0;
+	my $class = shift;
+	$docroot = shift;
+	undef $::RD_HINT;
+	undef $::RD_WARN;
+	#$::RD_TRACE = 1;
+	$parser = new Parse::RecDescent($vmgrammar) or die "Bad Grammar\n"; 
+	$Data::Dumper::Maxdepth = 1;;
+	my $self = {};
+	$self->{parser} = $parser;
+	# ugly - :-(
+	$Template::Velocity::parser = $parser;
+	bless $self, $class;
+	return $self;
+}
+
+
+# Execute a template.  Given a text string and a parser object, will return
+# a parse tree, useful for feeding into the executor.
+sub execute_string
+{
+	my $self = shift;
+	my $string = shift;
+	my $rule = shift;
+	if (! $rule ) { $rule = "template"; }
+	#print Dumper($self);
+
+	my $parser = $self->{parser};
+	my $parsetree = $parser->$rule($string);
+	my $executor = new Template::Velocity::Executor($parsetree, $parser );
+	
+	my @value = $executor->run();
+	#my @value = Template::Velocity::Executor::execute($parsetree, $parser);
+	my $value = shift @value;
+	return $value;
+}
+
+
+sub execute_file
+{
+
+	my $self = shift;
+	my $filename = shift;
+
+	my $rule;
+	my $tree = $parsetrees{$filename};
+
+	if (! $tree) {
+		$rule = "template";
+		open my $fh, "<$docroot/$filename" or return undef;
+		my $string = join "",<$fh>;
+		close $fh;
+		$tree = $parser->$rule($string);
+		$parsetrees{$filename} = $tree;
+	}
+	
+	my $executor = new Template::Velocity::Executor($tree, $parser );
+
+	my @value = $executor->run();
+	my $value = shift @value;
+	return $value;
+	
+
+}
+
+
+
+
+
+
+
+
+sub Dumper
+{
+ return "";
+ if ($::debugflag && $::debugdumper) { 
+	return Data::Dumper->Dump([@_]); 
+ }
+ else {""};
+}
+
+
+
+
+# This autoaction returns an array of each parse element
+# The net result is a parse tree
+# I couldn't use <autotree> because I wanted to preserve
+# the order of the elements, and <autotree> returns a
+# hashtable, not an array
+
+$::RD_AUTOACTION = q{
+   [@item];
+};
+
+# debug flags set here
+
+
+
+
+
+
+#########   EXECUTE FUNCTIONS
+
+
+# These functions deal with executing the velocity parse tree
+{
+	package Template::Velocity::Executor::Rules;
+	use Data::Dumper;
+
+	# this imports symbols from these other packages, so
+    # we don't have to always use the fully-qualified names
+	*exe_all      = \&Template::Velocity::Executor::exe_all;
+	*exe_optional = \&Template::Velocity::Executor::exe_optional;
+	*execute      = \&Template::Velocity::Executor::execute;
+	*debug        = \&Template::Velocity::Executor::debug;
+	*indent       = \&Template::Velocity::Executor::indent;
+	*deindent     = \&Template::Velocity::Executor::deindent;
+#XXX probably should be $, not &
+	*docroot      = \&Template::Velocity::docroot;
+
+	sub Dumper
+	{
+		return "";
+ 		if ($::debugflag && $::debugdumper) { return Dumper(@_); }
+ 		else {""};
+	}
+
+	#template: <skip:'[ \t]*'> section(s) /\Z/
+	sub template {
+		my $f = "template";
+		my @item = exe_all(@_);
+		debug ("$::level $f - sections should be an array of text: .".Dumper($item[2])."\n");
+		my $sections = $item[2];
+		debug ("sections is a: ".(ref $sections)." - it should be an array\n");
+		my $r= ( join "", @{$item[2]});
+		return $r;
+	}
+	
+
+	#linecomp: variable 
+	#        | <skip:'[ \t]*'> /[^\$\n]*/
+	sub linecomp {
+		my $item;
+		debug ("linecomp: _[2] = '".$_[2]."'\n");
+		if ($_[2]) {
+			debug ("linecomp: inside if\n");
+			$item = $_[1].$_[2];
+		} else {
+			debug ("linecomp: inside else{\n");
+			($item) = exe_all($_[1]);
+			debug ("linecomp: end of else}\n");
+			debug ("linecomp: item =\n".Dumper($item)."\n");
+		}
+		debug ("linecomp: returning $item\n");
+		return $item;
+	}
+
+	# plainline : <skip:''> /[ \t]*/ ...!'#' linecomp(s?) /\n+/
+	sub plainline {
+		my @item = exe_all(@_);
+		debug ("$::level in plainline - linecomps should be an array of text: .".Dumper($item[4])."\n");
+		my $r = join "", @{$item[4]};
+		debug ("$::level in plainline - joined as: $r\n");
+		$r = $item[2] . $r. $item[5];
+		debug ("$::level in plainline - returning : $r\n");
+		return $r;
+	}
+
+	sub expression {
+		debug ("$::level expression  = ".Dumper($_[1])."\n");
+		my ($item) = exe_all($_[1]);
+		debug ("$::level expression returning $item\n");
+		return $item;
+	}
+
+	#foreachblock: foreachdirective section(s) enddirective
+	sub foreachblock {
+		my $f = "foreachblock";
+		debug ("$::level $f started!\n");
+		my ($directive)  = exe_all($_[1]);
+		debug ("$::level $f directive = \n".Dumper($directive)."\n");
+		my ($variable, $list) = @{$directive};
+		my $variablename = $$variable->{top};
+		debug ("$::level $f variable = $variablename\n");
+		debug ("$::level $f list = \n".Dumper($list)."\n");
+
+		my $result = "";
+		foreach my $q (@{$list}) {
+			debug ("$::level $f q=$q\n");
+			$::symbol{$variablename} = $q;
+			debug ("$::level $f setting variable $variablename = $q\n");
+			
+			my ($sections)  = exe_all($_[2]);
+			debug ("$::level $f sections was: ".Dumper($sections)."\n");
+			$result .= join "",@{$sections};
+		}
+		return $result;
+	}
+
+ 	#foreachdirective: '#' 'foreach' foreachargs "\n"
+	sub foreachdirective {
+		my ($item) = exe_all($_[3]);
+		return $item;
+	}
+
+    #foreachargs:   '(' variablename 'in' expression ')'
+	sub foreachargs {
+		my $f = "foreachargs";
+		my ($variable, $list) = exe_all($_[2], $_[4]);
+		debug ("$::level $f variable = \n".Dumper($variable)."\n");
+		debug ("$::level $f list = \n".Dumper($list)."\n");
+		return [$variable, $list];
+	}
+
+	# XXX if block should only execute section(s) if if arg is positve)
+	# likewise for else
+	#ifblock: ifdirective section(s) elseclause(?) enddirective 
+	sub ifblock {
+		my $f = "ifblock";
+		my @item = exe_all(@_);
+		debug ("$::level $f - sections should be an array of text: .".Dumper($item[2])."\n");
+		my $sections = $item[2];
+		my $else = $item[3];
+		debug ("$::level $f sections is a: ".(ref $sections)." - it should be an array\n");
+		debug ("$::level   item1: if expression = ".$item[1]."\n");
+		debug ("$::level $f elseclause is a: ".(ref $else)." - it should be an scalar\n");
+		my $r= ( 
+				$item[1]>0 ?                           # if expression
+					(join "", @{$item[2]}) : 
+					($item[3] ? join "",@{$item[3]} : "")
+			   );
+		# this is not quite right ... elseclause returns a scalar (it joins the sections)
+		# so why do I have to join again here? possibly because it's a '?'
+		return $r;
+	}
+
+	#elseclause: elsedirective section(s) 
+	sub elseclause {
+		my $f = "elseclause";
+		my ($sections) = exe_all($_[2]);
+		debug ("$::level $f sections is a: ".(ref $sections)." - it should be an array\n");
+		my $return = join "", @{$sections};
+		debug ("$::level $f returning: $return\n");
+		return $return;
+	}
+
+	sub ifargs {
+		debug ("$::level ifargs [2] = ".Dumper($_[2])."\n");
+		my ($item) = exe_all($_[2]);
+		debug ("$::level item  = ".Dumper($item)."\n");
+		my $r = $item>0 ? 1 : 0;  
+		debug ("$::level ifargs returning $r\n");
+		return $r;
+	}
+
+ 	#ifdirective: '#' 'if' <skip:'[ \t]*'> ifargs /\n/  
+	sub ifdirective {
+		my ($item) = exe_all($_[4]);
+		my $r = $item>0 ? 1 : 0;  
+		debug ("$::level ifdirective returning $r\n");
+		return $r;
+	}
+
+    #boolean:    equality (boolean_operator equality)(?)
+	sub boolean {
+		my $f = "boolean";
+		my ($equality, $alt) = ( execute($_[1]), $_[2]);
+		my $r = $equality;
+		if (scalar @$alt) {
+			my ($op, $equality2) = exe_optional($alt, 1,2);
+
+			if ($op eq '&&') { 
+				$r = $equality && $equality2;
+			}
+			if ($op eq '||') {
+				$r = $equality || $equality2;
+			}
+		}
+
+		return $r;
+	}
+
+
+    #summation:   product (summation_operator summation)(?)
+	sub summation {
+		#my @item = exe_all(@_);
+		my $f = "summation";
+		my ($product, $alt) = ( execute($_[1]), $_[2]);
+		debug("$::level $f - product = $product, alternation = $alt\n");
+		debug("$::level $f - alternation = \n".Dumper($alt)."\n");
+
+		if (scalar @$alt) {
+			if (0) {
+			debug("$::level $f - alt1= \n".Dumper($alt->[0][1])."\n");
+			debug("$::level $f - alt2= \n".Dumper($alt->[0][2])."\n");
+			my ($operator, $summation) = ( execute($alt->[0][1]), execute($alt->[0][2]),);
+			}
+			my ($operator, $summation) = exe_optional($alt, 1,2);
+
+			if ($operator eq '+') { return $product + $summation;
+			} else { return $product - $summation; }
+		} else {
+			return $product;
+		}
+	}
+
+	
+
+	#equality:   summation (equality_operator summation)(?)
+	sub equality {
+		my $f = "equality";
+		my ($summation, $alt) = ( execute($_[1]), $_[2] );
+
+		if (scalar @$alt) {
+			my ($operator, $summation2) = exe_optional($alt, 1,2);
+
+			# string comparison used, so (0.0) is NOT equal to (0)
+			if ($operator eq '==') { return ($summation eq $summation2) ? 1:0; }
+			else { return ($summation eq $summation2) ? 0:1; }
+		} else {
+			return $summation;
+		}
+	}
+
+
+	sub product {
+		my $f = "product";
+		my ($negation, $alt) = ( execute($_[1]), $_[2]);
+		debug("$::level $f negation = $negation, alternation = $alt\n");
+		debug("$::level $f - alternation = ".Dumper($alt)."\n");
+
+		if (scalar @$alt) {
+			if (0) {
+			debug("$::level $f - alt1= \n".Dumper($alt->[0][1])."\n");
+			debug("$::level $f - alt2= \n".Dumper($alt->[0][2])."\n");
+			my ($operator, $product) = ( execute($alt->[0][1]), execute($alt->[0][2]),);
+			}
+			my ($operator, $product) = exe_optional($alt,1,2);
+			return ($negation * $product);
+		} else {
+			return $negation;
+		}
+	}
+
+	sub factor {
+		my ($value) = exe_all($_[1]);
+		return $value;
+	}
+
+	#negation:   notoperator(?) factor 
+	sub negation {
+		debug ("$::level in negation... input = ".(join ",",@_)."\n");
+		#my @item = exe_all(@_);
+		my ($alt, $value) = ( $_[1], execute($_[2]) );
+		debug ("$::level negation: alternation= $alt\n");
+		debug ("$::level negation: value = $value\n");
+		my $operator = execute($alt->[0][1]);
+
+		my $r;
+		if ($operator && $operator eq '!') {
+			if ($value ) { $r = 0; }
+			else { $r = 1; }
+			debug ("$::level negation: inverting\n");
+		} else {
+			debug ("$::level negation: not inverting\n");
+			$r = $value;
+		}
+		debug ("$::level negation: returning $r\n");
+		return $r;
+	}
+
+   #setargs:   <skip:'[ \t]*'>  '(' assignment ')'  
+	sub setargs {
+		my $f = "setargs";
+		my ($args) = exe_all($_[3]);
+		debug("$::level $f args = \n".Dumper($args)."\n");
+		my ($variable, $value) = @{$args};
+		debug("$::level $f variable type =".(ref $variable)."\n");
+		debug("$::level $f variable = \n".Dumper($variable)."\n");
+		my $symbolname = $$variable->{top};
+		debug("$::level $f setting variable '$symbolname' = $value\n");
+		$::symbol{$symbolname} = $value;
+		return "";
+	}
+
+    #assignment: variablename '=' boolean 
+	sub assignment { 
+		my $f = "assignment";
+		my ($variable, $value) = exe_all($_[1],$_[3]);
+		debug("$::level $f variable = \n".Dumper($variable)."\n");
+		my $r = [ $variable, $value ];
+		debug("$::level $f returning: \n".Dumper($r)."\n");
+		return $r;
+	}
+
+   	#includeargs:   '(' string ')'
+	sub includeargs {
+		my $f = "includeargs";
+		my ($filename ) = execute($_[2]);
+
+		debug("including file: $filename\n");
+		open my $fh, "<$docroot/$filename" or return "filenotfound $docroot/$filename!\n";
+		my $file = join "", <$fh>;
+		close FILE;
+		
+		return $file;
+	}
+
+	sub parseargs {
+		my $f = "parseargs";
+		my ($filename ) = execute($_[2]);
+
+		debug("parsing file: $filename\n");
+		
+		#open my $fh, "<$docroot/$filename" or return "filenotfound $docroot/$filename!\n";
+		#my $file = join "", <$fh>;
+		#close FILE;
+
+		#my $parsetree = $Template::Velocity::parser->template($file);
+		#my @value = execute($parsetree);
+		#my $value = shift @value;
+
+		my @value = Template::Velocity::execute_file(undef,$filename);
+		my $value = shift @value;
+
+		return $value;
+	}
+
+# variables
+
+# variables
+# this rule converts a variable name/identifier into its value
+# $main.subfield(argument1,argument2).subfield2(arg1,arg2)
+# There are two data structures at work here.
+#  1. the data structure specifying the variable name to be queried
+# this represents  $a.b.c(100,9,5,4)
+#{
+# 'top' => 'a'
+# 'fields' => [
+#   { 'fieldname' => 'b', 'arglist' => undef },
+#   { 'fieldname' => 'c', 'arglist' => [ '100', 9, 5, '4', ], }
+#   ],
+#}
+#  2. Data structure specifying the symbol table
+
+# return value could be:
+#  a scalar: either a string/number value or reference to an array of values
+#  an array
+ 
+	sub  variable {
+# look up the root object in the symbol table
+		my $f = "variable";
+		debug("$::level $f: input\n".Dumper(\@_)."\n");
+		my $var    = $_[1];
+		debug("$::level $f var=\n".Dumper($var)."\n");
+# $$var works with # 27:   '#set (\$a=1+3)\n\$a\n'
+#0  REF(0x8fa0510)
+#   -> HASH(0x8fa1454)
+#        'fields' => ARRAY(0x8fa8c08)
+#            empty array
+#        'top' => 'a'
+
+# $var works with # 25:   '$employee.add(100,4+5,2+3,4,4,5,6)'
+#DB<2> x $var
+#0  HASH(0x9c7a340)
+#  'fields' => ARRAY(0xa06e7d8)
+#  0  ARRAY(0xa06e9ac)
+#     0  'subfield'
+#     1  HASH(0xa06e880)
+#        'arglist' => ARRAY(0xa074184)
+
+		my $top    = $$var->{top};    # name of the root object
+			debug("$::level $f top=\n".Dumper($top)."\n");
+		my $fields  = $$var->{fields}; # array of the subidentifiers
+			my $val    = "";
+
+		debug("$::level $f - top_id = $top\n");
+		debug("$::level $f : var: \n".Dumper($var)."\n");
+		debug("$::level $f - fields = \n".Dumper($fields)."\n");
+
+
+		debug("$::level $f : top = ".$top."\n");
+		if (! defined $::symbol{$top} ) {
+# XXX
+			debug ("symbol table = ",(join ",",sort keys %::symbol)."\n");
+			debug ("undefined variable: $top\n");
+			return 0;
+		}
+		debug("$::level $f symbol table: \n".Dumper(\%::symbol)."\n");
+		$val = $::symbol{$top};
+		debug("$::level $f val before: \n".Dumper($val)."\n");
+
+		debug("$::level $f - fields = \n".Dumper($fields)."\n");
+		my $pass = 1;
+		foreach my $field (@$fields) {
+			my $args;
+
+			my ($fieldname, $values);
+			{
+				debug("$::level $f pass $pass \@_=\n".Dumper(\@_)."\n");
+				debug("$::level $f before strip field = \n".Dumper($field)."\n");
+#shift @$fn;   # 'subfield' string
+#$fn = $fn->[0];
+#$fn = [ (@{$fn}) ];
+#shift @$fn;
+				debug("$::level $f after strip fn = \n".Dumper($field)."\n");
+
+				$fieldname = $field->[1]->{fieldname};
+				debug("$::level $f processing field: $fieldname\n");
+				$args= $field->[1]->{arglist};
+
+
+# convert the argument list (which could be expressions, other
+# variables, etc) into raw values
+				if ($args) {
+					debug("$::level $f executing $fieldname with args:\n".Dumper($args)."\n");
+					($values) = execute($args);
+					debug("$::level $f returned values:\n".Dumper($values)."\n");
+				}
+			}
+
+			debug("$::level $f after execute, \@_=\n".Dumper(\@_)."\n");
+
+#call the function
+			if (ref $val) {
+				debug("$::level $f : inside loop(before) {\n".Dumper($val)."\n");
+				debug("$::level $f : inside loop(before) {\n".Dumper($val)."\n");
+				if ($args) {
+					debug("$::level $f: function call\n");
+#$val = $$val->$fieldname ($args);    # method call
+					my $func = $val->{$fieldname};    # method call
+					debug("$::level $f: $fieldname func=\n ".Dumper($func)."\n");
+					no strict;
+					$val = &$func($val, @$values);
+					debug("$::level $f: $fieldname result=$val\n");
+					debug("$::level $f: $fieldname result=\n".Dumper($val)."\n");
+
+				} else {
+					&::debug("$::level $f: plain field access\n");
+					if (ref $val eq "REF") {
+						$val = $$val->{$fieldname};  # field access
+					} else {
+						$val = $val->{$fieldname};  # field access
+					}
+				}
+				debug("$::level $f } inside loop(after val retrieval) val=\n".Dumper($val)."\n");
+			} 
+			$pass++;
+
+		}
+
+		return $val;
+	}
+
+	#$return = [ "variablename", \$variableinfo ];
+	sub  variablename {
+		my $f = "variablename";
+		debug("$::level $f: input\n".Dumper(\@_)."\n");
+		my $var    = $_[1];
+		return $var;
+	}
+
+	#arglist:      '(' list(?) ')'
+	sub arglist {
+		my ($list) = exe_all($_[2]);
+		debug("$::level list: ".Dumper($list)."\n");
+		if ($list) {
+			my $ll = $list->[0];
+			debug("$::level ll \n".Dumper($ll)."\n");
+			debug("$::level \$\$list: \n");
+			return $ll;
+		}
+		return undef;
+	}
+
+    #list:         expression (',' list)(s?)
+	sub list {
+		my ($expr, $alt) = ( execute($_[1]), $_[2] );
+
+		if (scalar @$alt) {
+			my ($list) = exe_optional($alt, 2);
+
+			debug("$::level list: expr: $expr\n");
+			debug("$::level list: list: $list\n:");
+			debug("$::level list ".Dumper($list)."\n");
+			my $r = [ $expr, (@$list) ];
+			return $r;
+		}
+		debug("$::level returning simple expression: $expr\n:");
+		return [$expr];
+	}
+
+	
+
+	sub _default {
+		debug ("$::level default rule {\n");
+		indent();
+		debug ("$::level parsing parameters\n");
+		my @item = exe_all(@_);
+		debug ("$::level default rule - last item in array is: ".$item[$#item]."\n");
+		my $r = join "",@item[1..$#item];
+		debug ("$::level default rule - returning: $r\n");
+		deindent();
+		debug ("$::level }\n");
+		return $r;
+
+	}
+
+
+}
+
+
+package Template::Velocity::Executor;
+
+use Data::Dumper;
+
+
+
+sub new
+{
+	my $class = shift;
+
+	my $parsetree = shift;
+	my $parser    = shift;
+
+	my $self = {};
+	$self->{parser} = $parser;
+	$self->{parsetree} = $parsetree;
+	bless $self, $class;
+	return $self;
+}
+
+
+sub run {
+	my $self = shift;
+
+	return (execute($self->{parsetree}));
+}
+
+
+
+my $level = " ";
+
+sub debug {
+	if ($::debugflag) {
+		print @_;
+	}
+}
+
+# This basically all works calling execute($parsetree).
+# Execute will look the Parsetree, which is built by a special autoaction
+#
+# It will call top-down, into functions called 'Executor::XXX', (where XXX is
+# the name of the production)
+#
+# Additional trees, representing child productions, will be passed in
+# as arguments to the Executor::XXX function. These arguments be processed
+# before the Executor::XXX function can proceed.
+#
+# If no such function is present, Executor:_default will be run
+# 
+# To process the arguments, use this in the Executor function:
+#     my @item = exe(@_);
+# Which will give you an @item array similar to that in the RD rules, one
+# exception being that productions which return arrays are flattened into
+# the @item array. (bad idea?)
+# 
+
+
+
+# executes a parsetree (gotten as a result of calling recdescent $parser->rule()
+# and returns the string value of the result.
+
+sub Dumper {
+ "";
+}
+
+sub execute {
+		my $result;
+		my $tree = shift;   # a reference to a tree is passed in
+		debug "$level execute: {\n";	
+		indent();
+		debug ("$level tree = \n".Dumper($tree)."\n");
+
+# there are 3 possible things this tree could be:
+
+# 1 a scalar .. in which case this rule represents a literal, and the
+#              the literal is just returned
+#
+# 2 an array of the form (array, ...)   - in which case this is the result of a production
+#                                         which returned an array of trees. This happens
+#                                         if you specify (s), (?), etc, in a production.
+# 3 an array of the form (scalar, ...)  - in which case this refers to a subrule
+# 
+
+# case 1...
+		my $type = ref $tree;
+		if ($type) {
+			debug "\n$level tree type: ".(ref $tree)." \n";
+		} else {
+			debug "\n$level tree type: scalar \n";
+		}
+		if ($type ne "ARRAY") {
+			debug "$level   returning literal: '$tree'\n";
+			deindent();
+			debug "$level }\n\n";
+			return $tree;
+		}
+
+		my @result;
+
+# if this tree is the result of a auto-generated rule (e.g. alternation)
+# then tree[0] is not a name.. it is an array. just call the default action with
+# the arguments
+
+		my $rule = @{$tree}->[0];   # rule name is first
+
+		if ($rule && ref $rule eq "ARRAY") {    # case 2
+			debug "$level element[0] is an array (case 2) \n";
+			debug "$level contents of input: \n".Dumper(\@{$tree})."\n";
+			#@result = exe(@{$rule});
+			debug "$level running exe on the array..\n";
+		# not sure about this...
+			@result = (exe_all(@{$tree}));
+			debug "$level contents of output: \n".Dumper(\@result)."\n";
+			#shift @result;   # get rid of function name
+			$result = \@result;
+			
+		} else {                                # case 3
+			my @args = @{$tree};
+
+			debug "$level rule is a function to execute (case 3): '$rule'\n";
+			indent();
+			my $qr = "Template::Velocity::Executor::Rules::$rule";
+			if (defined &$qr) {
+				no strict ;
+				$result = (&$qr(@args));
+			} else {
+				debug "$level no function defined for: '$rule' - calling default action\n";
+				$result = Template::Velocity::Executor::Rules::_default(@args);
+			}
+		}
+		deindent();
+		debug "$level function: $rule returned=\n".Dumper($result)."\n";
+
+		debug "$level }\n";
+		return $result;
+
+		}
+
+# these hold and set the current indent level. It's only used for nested debug messages
+sub indent {
+	if (!$debugflag) { return; }
+	$level .= "  ";
+	$Data::Dumper::Pad = $level."  ";
+}
+sub deindent {
+	if (!$debugflag) { return; }
+	$level = substr ($level,0,-2);
+	$Data::Dumper::Pad = $level."  ";
+}
+
+
+sub exe_optional {
+	my @r;
+	my $f = shift;
+	foreach my $q (@_) {
+		debug("$level: getting arg# $q\n");
+		push @r, execute($f->[0][$q]);
+	}
+	return @r;
+}
+
+# exe: for each argument, run the 'execute' function
+#
+
+sub exe_all {
+	my $d = $Data::Dumper::Maxdepth;
+	$Data::Dumper::Maxdepth = 9;
+	debug "\n$level exe_all (".$_[0].") arguments: {\n".Dumper(\@_)." \n";
+	my @r;
+	indent();
+
+	foreach my $i (@_) {
+		push @r, execute($i);
+	}
+	deindent();
+	debug "$level exe_all: returning: \n".Dumper(\@r)."$level}\n\n";
+	$Data::Dumper::Maxdepth = $d;
+	return @r;
+}
+
+
+
+
+
+#package RHCS::TPS::GlobalVar;
+
+#sub new { my $self = {}; bless $self; return $self; }
+
+
+1;
+
diff --git a/pki/base/tps/ltmain.sh b/pki/base/tps/ltmain.sh
new file mode 100644
index 000000000..2cc123792
--- /dev/null
+++ b/pki/base/tps/ltmain.sh
@@ -0,0 +1,6863 @@
+# ltmain.sh - Provide generalized library-building support services.
+# NOTE: Changing this file will not affect anything until you rerun configure.
+#
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005
+# Free Software Foundation, Inc.
+# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+basename="s,^.*/,,g"
+
+# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
+# is ksh but when the shell is invoked as "sh" and the current value of
+# the _XPG environment variable is not equal to 1 (one), the special
+# positional parameter $0, within a function call, is the name of the
+# function.
+progpath="$0"
+
+# The name of this program:
+progname=`echo "$progpath" | $SED $basename`
+modename="$progname"
+
+# Global variables:
+EXIT_SUCCESS=0
+EXIT_FAILURE=1
+
+PROGRAM=ltmain.sh
+PACKAGE=libtool
+VERSION=1.5.22
+TIMESTAMP=" (1.1220.2.365 2005/12/18 22:14:06)"
+
+# See if we are running on zsh, and set the options which allow our
+# commands through without removal of \ escapes.
+if test -n "${ZSH_VERSION+set}" ; then
+  setopt NO_GLOB_SUBST
+fi
+
+# Check that we have a working $echo.
+if test "X$1" = X--no-reexec; then
+  # Discard the --no-reexec flag, and continue.
+  shift
+elif test "X$1" = X--fallback-echo; then
+  # Avoid inline document here, it may be left over
+  :
+elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then
+  # Yippee, $echo works!
+  :
+else
+  # Restart under the correct shell, and then maybe $echo will work.
+  exec $SHELL "$progpath" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+  # used as fallback echo
+  shift
+  cat <<EOF
+$*
+EOF
+  exit $EXIT_SUCCESS
+fi
+
+default_mode=
+help="Try \`$progname --help' for more information."
+magic="%%%MAGIC variable%%%"
+mkdir="mkdir"
+mv="mv -f"
+rm="rm -f"
+
+# Sed substitution that helps us do robust quoting.  It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed="${SED}"' -e 1s/^X//'
+sed_quote_subst='s/\([\\`\\"$\\\\]\)/\\\1/g'
+# test EBCDIC or ASCII
+case `echo X|tr X '\101'` in
+ A) # ASCII based system
+    # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
+  SP2NL='tr \040 \012'
+  NL2SP='tr \015\012 \040\040'
+  ;;
+ *) # EBCDIC based system
+  SP2NL='tr \100 \n'
+  NL2SP='tr \r\n \100\100'
+  ;;
+esac
+
+# NLS nuisances.
+# Only set LANG and LC_ALL to C if already set.
+# These must not be set unconditionally because not all systems understand
+# e.g. LANG=C (notably SCO).
+# We save the old values to restore during execute mode.
+if test "${LC_ALL+set}" = set; then
+  save_LC_ALL="$LC_ALL"; LC_ALL=C; export LC_ALL
+fi
+if test "${LANG+set}" = set; then
+  save_LANG="$LANG"; LANG=C; export LANG
+fi
+
+# Make sure IFS has a sensible default
+lt_nl='
+'
+IFS=" 	$lt_nl"
+
+if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then
+  $echo "$modename: not configured to build any kind of library" 1>&2
+  $echo "Fatal configuration error.  See the $PACKAGE docs for more information." 1>&2
+  exit $EXIT_FAILURE
+fi
+
+# Global variables.
+mode=$default_mode
+nonopt=
+prev=
+prevopt=
+run=
+show="$echo"
+show_help=
+execute_dlfiles=
+duplicate_deps=no
+preserve_args=
+lo2o="s/\\.lo\$/.${objext}/"
+o2lo="s/\\.${objext}\$/.lo/"
+
+#####################################
+# Shell function definitions:
+# This seems to be the best place for them
+
+# func_mktempdir [string]
+# Make a temporary directory that won't clash with other running
+# libtool processes, and avoids race conditions if possible.  If
+# given, STRING is the basename for that directory.
+func_mktempdir ()
+{
+    my_template="${TMPDIR-/tmp}/${1-$progname}"
+
+    if test "$run" = ":"; then
+      # Return a directory name, but don't create it in dry-run mode
+      my_tmpdir="${my_template}-$$"
+    else
+
+      # If mktemp works, use that first and foremost
+      my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null`
+
+      if test ! -d "$my_tmpdir"; then
+	# Failing that, at least try and use $RANDOM to avoid a race
+	my_tmpdir="${my_template}-${RANDOM-0}$$"
+
+	save_mktempdir_umask=`umask`
+	umask 0077
+	$mkdir "$my_tmpdir"
+	umask $save_mktempdir_umask
+      fi
+
+      # If we're not in dry-run mode, bomb out on failure
+      test -d "$my_tmpdir" || {
+        $echo "cannot create temporary directory \`$my_tmpdir'" 1>&2
+	exit $EXIT_FAILURE
+      }
+    fi
+
+    $echo "X$my_tmpdir" | $Xsed
+}
+
+
+# func_win32_libid arg
+# return the library type of file 'arg'
+#
+# Need a lot of goo to handle *both* DLLs and import libs
+# Has to be a shell function in order to 'eat' the argument
+# that is supplied when $file_magic_command is called.
+func_win32_libid ()
+{
+  win32_libid_type="unknown"
+  win32_fileres=`file -L $1 2>/dev/null`
+  case $win32_fileres in
+  *ar\ archive\ import\ library*) # definitely import
+    win32_libid_type="x86 archive import"
+    ;;
+  *ar\ archive*) # could be an import, or static
+    if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | \
+      $EGREP -e 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then
+      win32_nmres=`eval $NM -f posix -A $1 | \
+	$SED -n -e '1,100{/ I /{s,.*,import,;p;q;};}'`
+      case $win32_nmres in
+      import*)  win32_libid_type="x86 archive import";;
+      *)        win32_libid_type="x86 archive static";;
+      esac
+    fi
+    ;;
+  *DLL*)
+    win32_libid_type="x86 DLL"
+    ;;
+  *executable*) # but shell scripts are "executable" too...
+    case $win32_fileres in
+    *MS\ Windows\ PE\ Intel*)
+      win32_libid_type="x86 DLL"
+      ;;
+    esac
+    ;;
+  esac
+  $echo $win32_libid_type
+}
+
+
+# func_infer_tag arg
+# Infer tagged configuration to use if any are available and
+# if one wasn't chosen via the "--tag" command line option.
+# Only attempt this if the compiler in the base compile
+# command doesn't match the default compiler.
+# arg is usually of the form 'gcc ...'
+func_infer_tag ()
+{
+    if test -n "$available_tags" && test -z "$tagname"; then
+      CC_quoted=
+      for arg in $CC; do
+	case $arg in
+	  *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+	  arg="\"$arg\""
+	  ;;
+	esac
+	CC_quoted="$CC_quoted $arg"
+      done
+      case $@ in
+      # Blanks in the command may have been stripped by the calling shell,
+      # but not from the CC environment variable when configure was run.
+      " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*) ;;
+      # Blanks at the start of $base_compile will cause this to fail
+      # if we don't check for them as well.
+      *)
+	for z in $available_tags; do
+	  if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then
+	    # Evaluate the configuration.
+	    eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`"
+	    CC_quoted=
+	    for arg in $CC; do
+	    # Double-quote args containing other shell metacharacters.
+	    case $arg in
+	      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+	      arg="\"$arg\""
+	      ;;
+	    esac
+	    CC_quoted="$CC_quoted $arg"
+	  done
+	    case "$@ " in
+	      " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*)
+	      # The compiler in the base compile command matches
+	      # the one in the tagged configuration.
+	      # Assume this is the tagged configuration we want.
+	      tagname=$z
+	      break
+	      ;;
+	    esac
+	  fi
+	done
+	# If $tagname still isn't set, then no tagged configuration
+	# was found and let the user know that the "--tag" command
+	# line option must be used.
+	if test -z "$tagname"; then
+	  $echo "$modename: unable to infer tagged configuration"
+	  $echo "$modename: specify a tag with \`--tag'" 1>&2
+	  exit $EXIT_FAILURE
+#        else
+#          $echo "$modename: using $tagname tagged configuration"
+	fi
+	;;
+      esac
+    fi
+}
+
+
+# func_extract_an_archive dir oldlib
+func_extract_an_archive ()
+{
+    f_ex_an_ar_dir="$1"; shift
+    f_ex_an_ar_oldlib="$1"
+
+    $show "(cd $f_ex_an_ar_dir && $AR x $f_ex_an_ar_oldlib)"
+    $run eval "(cd \$f_ex_an_ar_dir && $AR x \$f_ex_an_ar_oldlib)" || exit $?
+    if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then
+     :
+    else
+      $echo "$modename: ERROR: object name conflicts: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" 1>&2
+      exit $EXIT_FAILURE
+    fi
+}
+
+# func_extract_archives gentop oldlib ...
+func_extract_archives ()
+{
+    my_gentop="$1"; shift
+    my_oldlibs=${1+"$@"}
+    my_oldobjs=""
+    my_xlib=""
+    my_xabs=""
+    my_xdir=""
+    my_status=""
+
+    $show "${rm}r $my_gentop"
+    $run ${rm}r "$my_gentop"
+    $show "$mkdir $my_gentop"
+    $run $mkdir "$my_gentop"
+    my_status=$?
+    if test "$my_status" -ne 0 && test ! -d "$my_gentop"; then
+      exit $my_status
+    fi
+
+    for my_xlib in $my_oldlibs; do
+      # Extract the objects.
+      case $my_xlib in
+	[\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;;
+	*) my_xabs=`pwd`"/$my_xlib" ;;
+      esac
+      my_xlib=`$echo "X$my_xlib" | $Xsed -e 's%^.*/%%'`
+      my_xdir="$my_gentop/$my_xlib"
+
+      $show "${rm}r $my_xdir"
+      $run ${rm}r "$my_xdir"
+      $show "$mkdir $my_xdir"
+      $run $mkdir "$my_xdir"
+      exit_status=$?
+      if test "$exit_status" -ne 0 && test ! -d "$my_xdir"; then
+	exit $exit_status
+      fi
+      case $host in
+      *-darwin*)
+	$show "Extracting $my_xabs"
+	# Do not bother doing anything if just a dry run
+	if test -z "$run"; then
+	  darwin_orig_dir=`pwd`
+	  cd $my_xdir || exit $?
+	  darwin_archive=$my_xabs
+	  darwin_curdir=`pwd`
+	  darwin_base_archive=`$echo "X$darwin_archive" | $Xsed -e 's%^.*/%%'`
+	  darwin_arches=`lipo -info "$darwin_archive" 2>/dev/null | $EGREP Architectures 2>/dev/null`
+	  if test -n "$darwin_arches"; then 
+	    darwin_arches=`echo "$darwin_arches" | $SED -e 's/.*are://'`
+	    darwin_arch=
+	    $show "$darwin_base_archive has multiple architectures $darwin_arches"
+	    for darwin_arch in  $darwin_arches ; do
+	      mkdir -p "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+	      lipo -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}"
+	      cd "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+	      func_extract_an_archive "`pwd`" "${darwin_base_archive}"
+	      cd "$darwin_curdir"
+	      $rm "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}"
+	    done # $darwin_arches
+      ## Okay now we have a bunch of thin objects, gotta fatten them up :)
+	    darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print| xargs basename | sort -u | $NL2SP`
+	    darwin_file=
+	    darwin_files=
+	    for darwin_file in $darwin_filelist; do
+	      darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP`
+	      lipo -create -output "$darwin_file" $darwin_files
+	    done # $darwin_filelist
+	    ${rm}r unfat-$$
+	    cd "$darwin_orig_dir"
+	  else
+	    cd "$darwin_orig_dir"
+ 	    func_extract_an_archive "$my_xdir" "$my_xabs"
+	  fi # $darwin_arches
+	fi # $run
+	;;
+      *)
+        func_extract_an_archive "$my_xdir" "$my_xabs"
+        ;;
+      esac
+      my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP`
+    done
+    func_extract_archives_result="$my_oldobjs"
+}
+# End of Shell function definitions
+#####################################
+
+# Darwin sucks
+eval std_shrext=\"$shrext_cmds\"
+
+disable_libs=no
+
+# Parse our command line options once, thoroughly.
+while test "$#" -gt 0
+do
+  arg="$1"
+  shift
+
+  case $arg in
+  -*=*) optarg=`$echo "X$arg" | $Xsed -e 's/[-_a-zA-Z0-9]*=//'` ;;
+  *) optarg= ;;
+  esac
+
+  # If the previous option needs an argument, assign it.
+  if test -n "$prev"; then
+    case $prev in
+    execute_dlfiles)
+      execute_dlfiles="$execute_dlfiles $arg"
+      ;;
+    tag)
+      tagname="$arg"
+      preserve_args="${preserve_args}=$arg"
+
+      # Check whether tagname contains only valid characters
+      case $tagname in
+      *[!-_A-Za-z0-9,/]*)
+	$echo "$progname: invalid tag name: $tagname" 1>&2
+	exit $EXIT_FAILURE
+	;;
+      esac
+
+      case $tagname in
+      CC)
+	# Don't test for the "default" C tag, as we know, it's there, but
+	# not specially marked.
+	;;
+      *)
+	if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "$progpath" > /dev/null; then
+	  taglist="$taglist $tagname"
+	  # Evaluate the configuration.
+	  eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$tagname'$/,/^# ### END LIBTOOL TAG CONFIG: '$tagname'$/p' < $progpath`"
+	else
+	  $echo "$progname: ignoring unknown tag $tagname" 1>&2
+	fi
+	;;
+      esac
+      ;;
+    *)
+      eval "$prev=\$arg"
+      ;;
+    esac
+
+    prev=
+    prevopt=
+    continue
+  fi
+
+  # Have we seen a non-optional argument yet?
+  case $arg in
+  --help)
+    show_help=yes
+    ;;
+
+  --version)
+    $echo "$PROGRAM (GNU $PACKAGE) $VERSION$TIMESTAMP"
+    $echo
+    $echo "Copyright (C) 2005  Free Software Foundation, Inc."
+    $echo "This is free software; see the source for copying conditions.  There is NO"
+    $echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+    exit $?
+    ;;
+
+  --config)
+    ${SED} -e '1,/^# ### BEGIN LIBTOOL CONFIG/d' -e '/^# ### END LIBTOOL CONFIG/,$d' $progpath
+    # Now print the configurations for the tags.
+    for tagname in $taglist; do
+      ${SED} -n -e "/^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$/,/^# ### END LIBTOOL TAG CONFIG: $tagname$/p" < "$progpath"
+    done
+    exit $?
+    ;;
+
+  --debug)
+    $echo "$progname: enabling shell trace mode"
+    set -x
+    preserve_args="$preserve_args $arg"
+    ;;
+
+  --dry-run | -n)
+    run=:
+    ;;
+
+  --features)
+    $echo "host: $host"
+    if test "$build_libtool_libs" = yes; then
+      $echo "enable shared libraries"
+    else
+      $echo "disable shared libraries"
+    fi
+    if test "$build_old_libs" = yes; then
+      $echo "enable static libraries"
+    else
+      $echo "disable static libraries"
+    fi
+    exit $?
+    ;;
+
+  --finish) mode="finish" ;;
+
+  --mode) prevopt="--mode" prev=mode ;;
+  --mode=*) mode="$optarg" ;;
+
+  --preserve-dup-deps) duplicate_deps="yes" ;;
+
+  --quiet | --silent)
+    show=:
+    preserve_args="$preserve_args $arg"
+    ;;
+
+  --tag)
+    prevopt="--tag"
+    prev=tag
+    preserve_args="$preserve_args --tag"
+    ;;
+  --tag=*)
+    set tag "$optarg" ${1+"$@"}
+    shift
+    prev=tag
+    preserve_args="$preserve_args --tag"
+    ;;
+
+  -dlopen)
+    prevopt="-dlopen"
+    prev=execute_dlfiles
+    ;;
+
+  -*)
+    $echo "$modename: unrecognized option \`$arg'" 1>&2
+    $echo "$help" 1>&2
+    exit $EXIT_FAILURE
+    ;;
+
+  *)
+    nonopt="$arg"
+    break
+    ;;
+  esac
+done
+
+if test -n "$prevopt"; then
+  $echo "$modename: option \`$prevopt' requires an argument" 1>&2
+  $echo "$help" 1>&2
+  exit $EXIT_FAILURE
+fi
+
+case $disable_libs in
+no) 
+  ;;
+shared)
+  build_libtool_libs=no
+  build_old_libs=yes
+  ;;
+static)
+  build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac`
+  ;;
+esac
+
+# If this variable is set in any of the actions, the command in it
+# will be execed at the end.  This prevents here-documents from being
+# left over by shells.
+exec_cmd=
+
+if test -z "$show_help"; then
+
+  # Infer the operation mode.
+  if test -z "$mode"; then
+    $echo "*** Warning: inferring the mode of operation is deprecated." 1>&2
+    $echo "*** Future versions of Libtool will require --mode=MODE be specified." 1>&2
+    case $nonopt in
+    *cc | cc* | *++ | gcc* | *-gcc* | g++* | xlc*)
+      mode=link
+      for arg
+      do
+	case $arg in
+	-c)
+	   mode=compile
+	   break
+	   ;;
+	esac
+      done
+      ;;
+    *db | *dbx | *strace | *truss)
+      mode=execute
+      ;;
+    *install*|cp|mv)
+      mode=install
+      ;;
+    *rm)
+      mode=uninstall
+      ;;
+    *)
+      # If we have no mode, but dlfiles were specified, then do execute mode.
+      test -n "$execute_dlfiles" && mode=execute
+
+      # Just use the default operation mode.
+      if test -z "$mode"; then
+	if test -n "$nonopt"; then
+	  $echo "$modename: warning: cannot infer operation mode from \`$nonopt'" 1>&2
+	else
+	  $echo "$modename: warning: cannot infer operation mode without MODE-ARGS" 1>&2
+	fi
+      fi
+      ;;
+    esac
+  fi
+
+  # Only execute mode is allowed to have -dlopen flags.
+  if test -n "$execute_dlfiles" && test "$mode" != execute; then
+    $echo "$modename: unrecognized option \`-dlopen'" 1>&2
+    $echo "$help" 1>&2
+    exit $EXIT_FAILURE
+  fi
+
+  # Change the help message to a mode-specific one.
+  generic_help="$help"
+  help="Try \`$modename --help --mode=$mode' for more information."
+
+  # These modes are in order of execution frequency so that they run quickly.
+  case $mode in
+  # libtool compile mode
+  compile)
+    modename="$modename: compile"
+    # Get the compilation command and the source file.
+    base_compile=
+    srcfile="$nonopt"  #  always keep a non-empty value in "srcfile"
+    suppress_opt=yes
+    suppress_output=
+    arg_mode=normal
+    libobj=
+    later=
+
+    for arg
+    do
+      case $arg_mode in
+      arg  )
+	# do not "continue".  Instead, add this to base_compile
+	lastarg="$arg"
+	arg_mode=normal
+	;;
+
+      target )
+	libobj="$arg"
+	arg_mode=normal
+	continue
+	;;
+
+      normal )
+	# Accept any command-line options.
+	case $arg in
+	-o)
+	  if test -n "$libobj" ; then
+	    $echo "$modename: you cannot specify \`-o' more than once" 1>&2
+	    exit $EXIT_FAILURE
+	  fi
+	  arg_mode=target
+	  continue
+	  ;;
+
+	-static | -prefer-pic | -prefer-non-pic)
+	  later="$later $arg"
+	  continue
+	  ;;
+
+	-no-suppress)
+	  suppress_opt=no
+	  continue
+	  ;;
+
+	-Xcompiler)
+	  arg_mode=arg  #  the next one goes into the "base_compile" arg list
+	  continue      #  The current "srcfile" will either be retained or
+	  ;;            #  replaced later.  I would guess that would be a bug.
+
+	-Wc,*)
+	  args=`$echo "X$arg" | $Xsed -e "s/^-Wc,//"`
+	  lastarg=
+	  save_ifs="$IFS"; IFS=','
+ 	  for arg in $args; do
+	    IFS="$save_ifs"
+
+	    # Double-quote args containing other shell metacharacters.
+	    # Many Bourne shells cannot handle close brackets correctly
+	    # in scan sets, so we specify it separately.
+	    case $arg in
+	      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+	      arg="\"$arg\""
+	      ;;
+	    esac
+	    lastarg="$lastarg $arg"
+	  done
+	  IFS="$save_ifs"
+	  lastarg=`$echo "X$lastarg" | $Xsed -e "s/^ //"`
+
+	  # Add the arguments to base_compile.
+	  base_compile="$base_compile $lastarg"
+	  continue
+	  ;;
+
+	* )
+	  # Accept the current argument as the source file.
+	  # The previous "srcfile" becomes the current argument.
+	  #
+	  lastarg="$srcfile"
+	  srcfile="$arg"
+	  ;;
+	esac  #  case $arg
+	;;
+      esac    #  case $arg_mode
+
+      # Aesthetically quote the previous argument.
+      lastarg=`$echo "X$lastarg" | $Xsed -e "$sed_quote_subst"`
+
+      case $lastarg in
+      # Double-quote args containing other shell metacharacters.
+      # Many Bourne shells cannot handle close brackets correctly
+      # in scan sets, and some SunOS ksh mistreat backslash-escaping
+      # in scan sets (worked around with variable expansion),
+      # and furthermore cannot handle '|' '&' '(' ')' in scan sets 
+      # at all, so we specify them separately.
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+	lastarg="\"$lastarg\""
+	;;
+      esac
+
+      base_compile="$base_compile $lastarg"
+    done # for arg
+
+    case $arg_mode in
+    arg)
+      $echo "$modename: you must specify an argument for -Xcompile"
+      exit $EXIT_FAILURE
+      ;;
+    target)
+      $echo "$modename: you must specify a target with \`-o'" 1>&2
+      exit $EXIT_FAILURE
+      ;;
+    *)
+      # Get the name of the library object.
+      [ -z "$libobj" ] && libobj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%'`
+      ;;
+    esac
+
+    # Recognize several different file suffixes.
+    # If the user specifies -o file.o, it is replaced with file.lo
+    xform='[cCFSifmso]'
+    case $libobj in
+    *.ada) xform=ada ;;
+    *.adb) xform=adb ;;
+    *.ads) xform=ads ;;
+    *.asm) xform=asm ;;
+    *.c++) xform=c++ ;;
+    *.cc) xform=cc ;;
+    *.ii) xform=ii ;;
+    *.class) xform=class ;;
+    *.cpp) xform=cpp ;;
+    *.cxx) xform=cxx ;;
+    *.f90) xform=f90 ;;
+    *.for) xform=for ;;
+    *.java) xform=java ;;
+    esac
+
+    libobj=`$echo "X$libobj" | $Xsed -e "s/\.$xform$/.lo/"`
+
+    case $libobj in
+    *.lo) obj=`$echo "X$libobj" | $Xsed -e "$lo2o"` ;;
+    *)
+      $echo "$modename: cannot determine name of library object from \`$libobj'" 1>&2
+      exit $EXIT_FAILURE
+      ;;
+    esac
+
+    func_infer_tag $base_compile
+
+    for arg in $later; do
+      case $arg in
+      -static)
+	build_old_libs=yes
+	continue
+	;;
+
+      -prefer-pic)
+	pic_mode=yes
+	continue
+	;;
+
+      -prefer-non-pic)
+	pic_mode=no
+	continue
+	;;
+      esac
+    done
+
+    qlibobj=`$echo "X$libobj" | $Xsed -e "$sed_quote_subst"`
+    case $qlibobj in
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+	qlibobj="\"$qlibobj\"" ;;
+    esac
+    test "X$libobj" != "X$qlibobj" \
+	&& $echo "X$libobj" | grep '[]~#^*{};<>?"'"'"' 	&()|`$[]' \
+	&& $echo "$modename: libobj name \`$libobj' may not contain shell special characters."
+    objname=`$echo "X$obj" | $Xsed -e 's%^.*/%%'`
+    xdir=`$echo "X$obj" | $Xsed -e 's%/[^/]*$%%'`
+    if test "X$xdir" = "X$obj"; then
+      xdir=
+    else
+      xdir=$xdir/
+    fi
+    lobj=${xdir}$objdir/$objname
+
+    if test -z "$base_compile"; then
+      $echo "$modename: you must specify a compilation command" 1>&2
+      $echo "$help" 1>&2
+      exit $EXIT_FAILURE
+    fi
+
+    # Delete any leftover library objects.
+    if test "$build_old_libs" = yes; then
+      removelist="$obj $lobj $libobj ${libobj}T"
+    else
+      removelist="$lobj $libobj ${libobj}T"
+    fi
+
+    $run $rm $removelist
+    trap "$run $rm $removelist; exit $EXIT_FAILURE" 1 2 15
+
+    # On Cygwin there's no "real" PIC flag so we must build both object types
+    case $host_os in
+    cygwin* | mingw* | pw32* | os2*)
+      pic_mode=default
+      ;;
+    esac
+    if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then
+      # non-PIC code in shared libraries is not supported
+      pic_mode=default
+    fi
+
+    # Calculate the filename of the output object if compiler does
+    # not support -o with -c
+    if test "$compiler_c_o" = no; then
+      output_obj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext}
+      lockfile="$output_obj.lock"
+      removelist="$removelist $output_obj $lockfile"
+      trap "$run $rm $removelist; exit $EXIT_FAILURE" 1 2 15
+    else
+      output_obj=
+      need_locks=no
+      lockfile=
+    fi
+
+    # Lock this critical section if it is needed
+    # We use this script file to make the link, it avoids creating a new file
+    if test "$need_locks" = yes; then
+      until $run ln "$progpath" "$lockfile" 2>/dev/null; do
+	$show "Waiting for $lockfile to be removed"
+	sleep 2
+      done
+    elif test "$need_locks" = warn; then
+      if test -f "$lockfile"; then
+	$echo "\
+*** ERROR, $lockfile exists and contains:
+`cat $lockfile 2>/dev/null`
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together.  If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+	$run $rm $removelist
+	exit $EXIT_FAILURE
+      fi
+      $echo "$srcfile" > "$lockfile"
+    fi
+
+    if test -n "$fix_srcfile_path"; then
+      eval srcfile=\"$fix_srcfile_path\"
+    fi
+    qsrcfile=`$echo "X$srcfile" | $Xsed -e "$sed_quote_subst"`
+    case $qsrcfile in
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+      qsrcfile="\"$qsrcfile\"" ;;
+    esac
+
+    $run $rm "$libobj" "${libobj}T"
+
+    # Create a libtool object file (analogous to a ".la" file),
+    # but don't create it if we're doing a dry run.
+    test -z "$run" && cat > ${libobj}T <<EOF
+# $libobj - a libtool object file
+# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# Name of the PIC object.
+EOF
+
+    # Only build a PIC object if we are building libtool libraries.
+    if test "$build_libtool_libs" = yes; then
+      # Without this assignment, base_compile gets emptied.
+      fbsd_hideous_sh_bug=$base_compile
+
+      if test "$pic_mode" != no; then
+	command="$base_compile $qsrcfile $pic_flag"
+      else
+	# Don't build PIC code
+	command="$base_compile $qsrcfile"
+      fi
+
+      if test ! -d "${xdir}$objdir"; then
+	$show "$mkdir ${xdir}$objdir"
+	$run $mkdir ${xdir}$objdir
+	exit_status=$?
+	if test "$exit_status" -ne 0 && test ! -d "${xdir}$objdir"; then
+	  exit $exit_status
+	fi
+      fi
+
+      if test -z "$output_obj"; then
+	# Place PIC objects in $objdir
+	command="$command -o $lobj"
+      fi
+
+      $run $rm "$lobj" "$output_obj"
+
+      $show "$command"
+      if $run eval "$command"; then :
+      else
+	test -n "$output_obj" && $run $rm $removelist
+	exit $EXIT_FAILURE
+      fi
+
+      if test "$need_locks" = warn &&
+	 test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+	$echo "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together.  If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+	$run $rm $removelist
+	exit $EXIT_FAILURE
+      fi
+
+      # Just move the object if needed, then go on to compile the next one
+      if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then
+	$show "$mv $output_obj $lobj"
+	if $run $mv $output_obj $lobj; then :
+	else
+	  error=$?
+	  $run $rm $removelist
+	  exit $error
+	fi
+      fi
+
+      # Append the name of the PIC object to the libtool object file.
+      test -z "$run" && cat >> ${libobj}T <<EOF
+pic_object='$objdir/$objname'
+
+EOF
+
+      # Allow error messages only from the first compilation.
+      if test "$suppress_opt" = yes; then
+        suppress_output=' >/dev/null 2>&1'
+      fi
+    else
+      # No PIC object so indicate it doesn't exist in the libtool
+      # object file.
+      test -z "$run" && cat >> ${libobj}T <<EOF
+pic_object=none
+
+EOF
+    fi
+
+    # Only build a position-dependent object if we build old libraries.
+    if test "$build_old_libs" = yes; then
+      if test "$pic_mode" != yes; then
+	# Don't build PIC code
+	command="$base_compile $qsrcfile"
+      else
+	command="$base_compile $qsrcfile $pic_flag"
+      fi
+      if test "$compiler_c_o" = yes; then
+	command="$command -o $obj"
+      fi
+
+      # Suppress compiler output if we already did a PIC compilation.
+      command="$command$suppress_output"
+      $run $rm "$obj" "$output_obj"
+      $show "$command"
+      if $run eval "$command"; then :
+      else
+	$run $rm $removelist
+	exit $EXIT_FAILURE
+      fi
+
+      if test "$need_locks" = warn &&
+	 test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+	$echo "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together.  If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+	$run $rm $removelist
+	exit $EXIT_FAILURE
+      fi
+
+      # Just move the object if needed
+      if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then
+	$show "$mv $output_obj $obj"
+	if $run $mv $output_obj $obj; then :
+	else
+	  error=$?
+	  $run $rm $removelist
+	  exit $error
+	fi
+      fi
+
+      # Append the name of the non-PIC object the libtool object file.
+      # Only append if the libtool object file exists.
+      test -z "$run" && cat >> ${libobj}T <<EOF
+# Name of the non-PIC object.
+non_pic_object='$objname'
+
+EOF
+    else
+      # Append the name of the non-PIC object the libtool object file.
+      # Only append if the libtool object file exists.
+      test -z "$run" && cat >> ${libobj}T <<EOF
+# Name of the non-PIC object.
+non_pic_object=none
+
+EOF
+    fi
+
+    $run $mv "${libobj}T" "${libobj}"
+
+    # Unlock the critical section if it was locked
+    if test "$need_locks" != no; then
+      $run $rm "$lockfile"
+    fi
+
+    exit $EXIT_SUCCESS
+    ;;
+
+  # libtool link mode
+  link | relink)
+    modename="$modename: link"
+    case $host in
+    *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+      # It is impossible to link a dll without this setting, and
+      # we shouldn't force the makefile maintainer to figure out
+      # which system we are compiling for in order to pass an extra
+      # flag for every libtool invocation.
+      # allow_undefined=no
+
+      # FIXME: Unfortunately, there are problems with the above when trying
+      # to make a dll which has undefined symbols, in which case not
+      # even a static library is built.  For now, we need to specify
+      # -no-undefined on the libtool link line when we can be certain
+      # that all symbols are satisfied, otherwise we get a static library.
+      allow_undefined=yes
+      ;;
+    *)
+      allow_undefined=yes
+      ;;
+    esac
+    libtool_args="$nonopt"
+    base_compile="$nonopt $@"
+    compile_command="$nonopt"
+    finalize_command="$nonopt"
+
+    compile_rpath=
+    finalize_rpath=
+    compile_shlibpath=
+    finalize_shlibpath=
+    convenience=
+    old_convenience=
+    deplibs=
+    old_deplibs=
+    compiler_flags=
+    linker_flags=
+    dllsearchpath=
+    lib_search_path=`pwd`
+    inst_prefix_dir=
+
+    avoid_version=no
+    dlfiles=
+    dlprefiles=
+    dlself=no
+    export_dynamic=no
+    export_symbols=
+    export_symbols_regex=
+    generated=
+    libobjs=
+    ltlibs=
+    module=no
+    no_install=no
+    objs=
+    non_pic_objects=
+    notinst_path= # paths that contain not-installed libtool libraries
+    precious_files_regex=
+    prefer_static_libs=no
+    preload=no
+    prev=
+    prevarg=
+    release=
+    rpath=
+    xrpath=
+    perm_rpath=
+    temp_rpath=
+    thread_safe=no
+    vinfo=
+    vinfo_number=no
+
+    func_infer_tag $base_compile
+
+    # We need to know -static, to get the right output filenames.
+    for arg
+    do
+      case $arg in
+      -all-static | -static)
+	if test "X$arg" = "X-all-static"; then
+	  if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then
+	    $echo "$modename: warning: complete static linking is impossible in this configuration" 1>&2
+	  fi
+	  if test -n "$link_static_flag"; then
+	    dlopen_self=$dlopen_self_static
+	  fi
+	  prefer_static_libs=yes
+	else
+	  if test -z "$pic_flag" && test -n "$link_static_flag"; then
+	    dlopen_self=$dlopen_self_static
+	  fi
+	  prefer_static_libs=built
+	fi
+	build_libtool_libs=no
+	build_old_libs=yes
+	break
+	;;
+      esac
+    done
+
+    # See if our shared archives depend on static archives.
+    test -n "$old_archive_from_new_cmds" && build_old_libs=yes
+
+    # Go through the arguments, transforming them on the way.
+    while test "$#" -gt 0; do
+      arg="$1"
+      shift
+      case $arg in
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+	qarg=\"`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`\" ### testsuite: skip nested quoting test
+	;;
+      *) qarg=$arg ;;
+      esac
+      libtool_args="$libtool_args $qarg"
+
+      # If the previous option needs an argument, assign it.
+      if test -n "$prev"; then
+	case $prev in
+	output)
+	  compile_command="$compile_command @OUTPUT@"
+	  finalize_command="$finalize_command @OUTPUT@"
+	  ;;
+	esac
+
+	case $prev in
+	dlfiles|dlprefiles)
+	  if test "$preload" = no; then
+	    # Add the symbol object into the linking commands.
+	    compile_command="$compile_command @SYMFILE@"
+	    finalize_command="$finalize_command @SYMFILE@"
+	    preload=yes
+	  fi
+	  case $arg in
+	  *.la | *.lo) ;;  # We handle these cases below.
+	  force)
+	    if test "$dlself" = no; then
+	      dlself=needless
+	      export_dynamic=yes
+	    fi
+	    prev=
+	    continue
+	    ;;
+	  self)
+	    if test "$prev" = dlprefiles; then
+	      dlself=yes
+	    elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then
+	      dlself=yes
+	    else
+	      dlself=needless
+	      export_dynamic=yes
+	    fi
+	    prev=
+	    continue
+	    ;;
+	  *)
+	    if test "$prev" = dlfiles; then
+	      dlfiles="$dlfiles $arg"
+	    else
+	      dlprefiles="$dlprefiles $arg"
+	    fi
+	    prev=
+	    continue
+	    ;;
+	  esac
+	  ;;
+	expsyms)
+	  export_symbols="$arg"
+	  if test ! -f "$arg"; then
+	    $echo "$modename: symbol file \`$arg' does not exist"
+	    exit $EXIT_FAILURE
+	  fi
+	  prev=
+	  continue
+	  ;;
+	expsyms_regex)
+	  export_symbols_regex="$arg"
+	  prev=
+	  continue
+	  ;;
+	inst_prefix)
+	  inst_prefix_dir="$arg"
+	  prev=
+	  continue
+	  ;;
+	precious_regex)
+	  precious_files_regex="$arg"
+	  prev=
+	  continue
+	  ;;
+	release)
+	  release="-$arg"
+	  prev=
+	  continue
+	  ;;
+	objectlist)
+	  if test -f "$arg"; then
+	    save_arg=$arg
+	    moreargs=
+	    for fil in `cat $save_arg`
+	    do
+#	      moreargs="$moreargs $fil"
+	      arg=$fil
+	      # A libtool-controlled object.
+
+	      # Check to see that this really is a libtool object.
+	      if (${SED} -e '2q' $arg | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+		pic_object=
+		non_pic_object=
+
+		# Read the .lo file
+		# If there is no directory component, then add one.
+		case $arg in
+		*/* | *\\*) . $arg ;;
+		*) . ./$arg ;;
+		esac
+
+		if test -z "$pic_object" || \
+		   test -z "$non_pic_object" ||
+		   test "$pic_object" = none && \
+		   test "$non_pic_object" = none; then
+		  $echo "$modename: cannot find name of object for \`$arg'" 1>&2
+		  exit $EXIT_FAILURE
+		fi
+
+		# Extract subdirectory from the argument.
+		xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+		if test "X$xdir" = "X$arg"; then
+		  xdir=
+		else
+		  xdir="$xdir/"
+		fi
+
+		if test "$pic_object" != none; then
+		  # Prepend the subdirectory the object is found in.
+		  pic_object="$xdir$pic_object"
+
+		  if test "$prev" = dlfiles; then
+		    if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+		      dlfiles="$dlfiles $pic_object"
+		      prev=
+		      continue
+		    else
+		      # If libtool objects are unsupported, then we need to preload.
+		      prev=dlprefiles
+		    fi
+		  fi
+
+		  # CHECK ME:  I think I busted this.  -Ossama
+		  if test "$prev" = dlprefiles; then
+		    # Preload the old-style object.
+		    dlprefiles="$dlprefiles $pic_object"
+		    prev=
+		  fi
+
+		  # A PIC object.
+		  libobjs="$libobjs $pic_object"
+		  arg="$pic_object"
+		fi
+
+		# Non-PIC object.
+		if test "$non_pic_object" != none; then
+		  # Prepend the subdirectory the object is found in.
+		  non_pic_object="$xdir$non_pic_object"
+
+		  # A standard non-PIC object
+		  non_pic_objects="$non_pic_objects $non_pic_object"
+		  if test -z "$pic_object" || test "$pic_object" = none ; then
+		    arg="$non_pic_object"
+		  fi
+		else
+		  # If the PIC object exists, use it instead.
+		  # $xdir was prepended to $pic_object above.
+		  non_pic_object="$pic_object"
+		  non_pic_objects="$non_pic_objects $non_pic_object"
+		fi
+	      else
+		# Only an error if not doing a dry-run.
+		if test -z "$run"; then
+		  $echo "$modename: \`$arg' is not a valid libtool object" 1>&2
+		  exit $EXIT_FAILURE
+		else
+		  # Dry-run case.
+
+		  # Extract subdirectory from the argument.
+		  xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+		  if test "X$xdir" = "X$arg"; then
+		    xdir=
+		  else
+		    xdir="$xdir/"
+		  fi
+
+		  pic_object=`$echo "X${xdir}${objdir}/${arg}" | $Xsed -e "$lo2o"`
+		  non_pic_object=`$echo "X${xdir}${arg}" | $Xsed -e "$lo2o"`
+		  libobjs="$libobjs $pic_object"
+		  non_pic_objects="$non_pic_objects $non_pic_object"
+		fi
+	      fi
+	    done
+	  else
+	    $echo "$modename: link input file \`$save_arg' does not exist"
+	    exit $EXIT_FAILURE
+	  fi
+	  arg=$save_arg
+	  prev=
+	  continue
+	  ;;
+	rpath | xrpath)
+	  # We need an absolute path.
+	  case $arg in
+	  [\\/]* | [A-Za-z]:[\\/]*) ;;
+	  *)
+	    $echo "$modename: only absolute run-paths are allowed" 1>&2
+	    exit $EXIT_FAILURE
+	    ;;
+	  esac
+	  if test "$prev" = rpath; then
+	    case "$rpath " in
+	    *" $arg "*) ;;
+	    *) rpath="$rpath $arg" ;;
+	    esac
+	  else
+	    case "$xrpath " in
+	    *" $arg "*) ;;
+	    *) xrpath="$xrpath $arg" ;;
+	    esac
+	  fi
+	  prev=
+	  continue
+	  ;;
+	xcompiler)
+	  compiler_flags="$compiler_flags $qarg"
+	  prev=
+	  compile_command="$compile_command $qarg"
+	  finalize_command="$finalize_command $qarg"
+	  continue
+	  ;;
+	xlinker)
+	  linker_flags="$linker_flags $qarg"
+	  compiler_flags="$compiler_flags $wl$qarg"
+	  prev=
+	  compile_command="$compile_command $wl$qarg"
+	  finalize_command="$finalize_command $wl$qarg"
+	  continue
+	  ;;
+	xcclinker)
+	  linker_flags="$linker_flags $qarg"
+	  compiler_flags="$compiler_flags $qarg"
+	  prev=
+	  compile_command="$compile_command $qarg"
+	  finalize_command="$finalize_command $qarg"
+	  continue
+	  ;;
+	shrext)
+  	  shrext_cmds="$arg"
+	  prev=
+	  continue
+	  ;;
+	darwin_framework|darwin_framework_skip)
+	  test "$prev" = "darwin_framework" && compiler_flags="$compiler_flags $arg"
+	  compile_command="$compile_command $arg"
+	  finalize_command="$finalize_command $arg"
+	  prev=
+	  continue
+	  ;;
+	*)
+	  eval "$prev=\"\$arg\""
+	  prev=
+	  continue
+	  ;;
+	esac
+      fi # test -n "$prev"
+
+      prevarg="$arg"
+
+      case $arg in
+      -all-static)
+	if test -n "$link_static_flag"; then
+	  compile_command="$compile_command $link_static_flag"
+	  finalize_command="$finalize_command $link_static_flag"
+	fi
+	continue
+	;;
+
+      -allow-undefined)
+	# FIXME: remove this flag sometime in the future.
+	$echo "$modename: \`-allow-undefined' is deprecated because it is the default" 1>&2
+	continue
+	;;
+
+      -avoid-version)
+	avoid_version=yes
+	continue
+	;;
+
+      -dlopen)
+	prev=dlfiles
+	continue
+	;;
+
+      -dlpreopen)
+	prev=dlprefiles
+	continue
+	;;
+
+      -export-dynamic)
+	export_dynamic=yes
+	continue
+	;;
+
+      -export-symbols | -export-symbols-regex)
+	if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
+	  $echo "$modename: more than one -exported-symbols argument is not allowed"
+	  exit $EXIT_FAILURE
+	fi
+	if test "X$arg" = "X-export-symbols"; then
+	  prev=expsyms
+	else
+	  prev=expsyms_regex
+	fi
+	continue
+	;;
+
+      -framework|-arch|-isysroot)
+	case " $CC " in
+	  *" ${arg} ${1} "* | *" ${arg}	${1} "*) 
+		prev=darwin_framework_skip ;;
+	  *) compiler_flags="$compiler_flags $arg"
+	     prev=darwin_framework ;;
+	esac
+	compile_command="$compile_command $arg"
+	finalize_command="$finalize_command $arg"
+	continue
+	;;
+
+      -inst-prefix-dir)
+	prev=inst_prefix
+	continue
+	;;
+
+      # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:*
+      # so, if we see these flags be careful not to treat them like -L
+      -L[A-Z][A-Z]*:*)
+	case $with_gcc/$host in
+	no/*-*-irix* | /*-*-irix*)
+	  compile_command="$compile_command $arg"
+	  finalize_command="$finalize_command $arg"
+	  ;;
+	esac
+	continue
+	;;
+
+      -L*)
+	dir=`$echo "X$arg" | $Xsed -e 's/^-L//'`
+	# We need an absolute path.
+	case $dir in
+	[\\/]* | [A-Za-z]:[\\/]*) ;;
+	*)
+	  absdir=`cd "$dir" && pwd`
+	  if test -z "$absdir"; then
+	    $echo "$modename: cannot determine absolute directory name of \`$dir'" 1>&2
+	    absdir="$dir"
+	    notinst_path="$notinst_path $dir"
+	  fi
+	  dir="$absdir"
+	  ;;
+	esac
+	case "$deplibs " in
+	*" -L$dir "*) ;;
+	*)
+	  deplibs="$deplibs -L$dir"
+	  lib_search_path="$lib_search_path $dir"
+	  ;;
+	esac
+	case $host in
+	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+	  testbindir=`$echo "X$dir" | $Xsed -e 's*/lib$*/bin*'`
+	  case :$dllsearchpath: in
+	  *":$dir:"*) ;;
+	  *) dllsearchpath="$dllsearchpath:$dir";;
+	  esac
+	  case :$dllsearchpath: in
+	  *":$testbindir:"*) ;;
+	  *) dllsearchpath="$dllsearchpath:$testbindir";;
+	  esac
+	  ;;
+	esac
+	continue
+	;;
+
+      -l*)
+	if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then
+	  case $host in
+	  *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos*)
+	    # These systems don't actually have a C or math library (as such)
+	    continue
+	    ;;
+	  *-*-os2*)
+	    # These systems don't actually have a C library (as such)
+	    test "X$arg" = "X-lc" && continue
+	    ;;
+	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+	    # Do not include libc due to us having libc/libc_r.
+	    test "X$arg" = "X-lc" && continue
+	    ;;
+	  *-*-rhapsody* | *-*-darwin1.[012])
+	    # Rhapsody C and math libraries are in the System framework
+	    deplibs="$deplibs -framework System"
+	    continue
+	    ;;
+	  *-*-sco3.2v5* | *-*-sco5v6*)
+	    # Causes problems with __ctype
+	    test "X$arg" = "X-lc" && continue
+	    ;;
+	  *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+	    # Compiler inserts libc in the correct place for threads to work
+	    test "X$arg" = "X-lc" && continue
+	    ;;
+	  esac
+	elif test "X$arg" = "X-lc_r"; then
+	 case $host in
+	 *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+	   # Do not include libc_r directly, use -pthread flag.
+	   continue
+	   ;;
+	 esac
+	fi
+	deplibs="$deplibs $arg"
+	continue
+	;;
+
+      # Tru64 UNIX uses -model [arg] to determine the layout of C++
+      # classes, name mangling, and exception handling.
+      -model)
+	compile_command="$compile_command $arg"
+	compiler_flags="$compiler_flags $arg"
+	finalize_command="$finalize_command $arg"
+	prev=xcompiler
+	continue
+	;;
+
+     -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe)
+	compiler_flags="$compiler_flags $arg"
+	compile_command="$compile_command $arg"
+	finalize_command="$finalize_command $arg"
+	continue
+	;;
+
+      -module)
+	module=yes
+	continue
+	;;
+
+      # -64, -mips[0-9] enable 64-bit mode on the SGI compiler
+      # -r[0-9][0-9]* specifies the processor on the SGI compiler
+      # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler
+      # +DA*, +DD* enable 64-bit mode on the HP compiler
+      # -q* pass through compiler args for the IBM compiler
+      # -m* pass through architecture-specific compiler args for GCC
+      # -m*, -t[45]*, -txscale* pass through architecture-specific
+      # compiler args for GCC
+      # -pg pass through profiling flag for GCC
+      # @file GCC response files
+      -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*|-pg| \
+      -t[45]*|-txscale*|@*)
+
+	# Unknown arguments in both finalize_command and compile_command need
+	# to be aesthetically quoted because they are evaled later.
+	arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+	case $arg in
+	*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+	  arg="\"$arg\""
+	  ;;
+	esac
+        compile_command="$compile_command $arg"
+        finalize_command="$finalize_command $arg"
+        compiler_flags="$compiler_flags $arg"
+        continue
+        ;;
+
+      -shrext)
+	prev=shrext
+	continue
+	;;
+
+      -no-fast-install)
+	fast_install=no
+	continue
+	;;
+
+      -no-install)
+	case $host in
+	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+	  # The PATH hackery in wrapper scripts is required on Windows
+	  # in order for the loader to find any dlls it needs.
+	  $echo "$modename: warning: \`-no-install' is ignored for $host" 1>&2
+	  $echo "$modename: warning: assuming \`-no-fast-install' instead" 1>&2
+	  fast_install=no
+	  ;;
+	*) no_install=yes ;;
+	esac
+	continue
+	;;
+
+      -no-undefined)
+	allow_undefined=no
+	continue
+	;;
+
+      -objectlist)
+	prev=objectlist
+	continue
+	;;
+
+      -o) prev=output ;;
+
+      -precious-files-regex)
+	prev=precious_regex
+	continue
+	;;
+
+      -release)
+	prev=release
+	continue
+	;;
+
+      -rpath)
+	prev=rpath
+	continue
+	;;
+
+      -R)
+	prev=xrpath
+	continue
+	;;
+
+      -R*)
+	dir=`$echo "X$arg" | $Xsed -e 's/^-R//'`
+	# We need an absolute path.
+	case $dir in
+	[\\/]* | [A-Za-z]:[\\/]*) ;;
+	*)
+	  $echo "$modename: only absolute run-paths are allowed" 1>&2
+	  exit $EXIT_FAILURE
+	  ;;
+	esac
+	case "$xrpath " in
+	*" $dir "*) ;;
+	*) xrpath="$xrpath $dir" ;;
+	esac
+	continue
+	;;
+
+      -static)
+	# The effects of -static are defined in a previous loop.
+	# We used to do the same as -all-static on platforms that
+	# didn't have a PIC flag, but the assumption that the effects
+	# would be equivalent was wrong.  It would break on at least
+	# Digital Unix and AIX.
+	continue
+	;;
+
+      -thread-safe)
+	thread_safe=yes
+	continue
+	;;
+
+      -version-info)
+	prev=vinfo
+	continue
+	;;
+      -version-number)
+	prev=vinfo
+	vinfo_number=yes
+	continue
+	;;
+
+      -Wc,*)
+	args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wc,//'`
+	arg=
+	save_ifs="$IFS"; IFS=','
+	for flag in $args; do
+	  IFS="$save_ifs"
+	  case $flag in
+	    *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+	    flag="\"$flag\""
+	    ;;
+	  esac
+	  arg="$arg $wl$flag"
+	  compiler_flags="$compiler_flags $flag"
+	done
+	IFS="$save_ifs"
+	arg=`$echo "X$arg" | $Xsed -e "s/^ //"`
+	;;
+
+      -Wl,*)
+	args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wl,//'`
+	arg=
+	save_ifs="$IFS"; IFS=','
+	for flag in $args; do
+	  IFS="$save_ifs"
+	  case $flag in
+	    *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+	    flag="\"$flag\""
+	    ;;
+	  esac
+	  arg="$arg $wl$flag"
+	  compiler_flags="$compiler_flags $wl$flag"
+	  linker_flags="$linker_flags $flag"
+	done
+	IFS="$save_ifs"
+	arg=`$echo "X$arg" | $Xsed -e "s/^ //"`
+	;;
+
+      -Xcompiler)
+	prev=xcompiler
+	continue
+	;;
+
+      -Xlinker)
+	prev=xlinker
+	continue
+	;;
+
+      -XCClinker)
+	prev=xcclinker
+	continue
+	;;
+
+      # Some other compiler flag.
+      -* | +*)
+	# Unknown arguments in both finalize_command and compile_command need
+	# to be aesthetically quoted because they are evaled later.
+	arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+	case $arg in
+	*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+	  arg="\"$arg\""
+	  ;;
+	esac
+	;;
+
+      *.$objext)
+	# A standard object.
+	objs="$objs $arg"
+	;;
+
+      *.lo)
+	# A libtool-controlled object.
+
+	# Check to see that this really is a libtool object.
+	if (${SED} -e '2q' $arg | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+	  pic_object=
+	  non_pic_object=
+
+	  # Read the .lo file
+	  # If there is no directory component, then add one.
+	  case $arg in
+	  */* | *\\*) . $arg ;;
+	  *) . ./$arg ;;
+	  esac
+
+	  if test -z "$pic_object" || \
+	     test -z "$non_pic_object" ||
+	     test "$pic_object" = none && \
+	     test "$non_pic_object" = none; then
+	    $echo "$modename: cannot find name of object for \`$arg'" 1>&2
+	    exit $EXIT_FAILURE
+	  fi
+
+	  # Extract subdirectory from the argument.
+	  xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+	  if test "X$xdir" = "X$arg"; then
+	    xdir=
+ 	  else
+	    xdir="$xdir/"
+	  fi
+
+	  if test "$pic_object" != none; then
+	    # Prepend the subdirectory the object is found in.
+	    pic_object="$xdir$pic_object"
+
+	    if test "$prev" = dlfiles; then
+	      if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+		dlfiles="$dlfiles $pic_object"
+		prev=
+		continue
+	      else
+		# If libtool objects are unsupported, then we need to preload.
+		prev=dlprefiles
+	      fi
+	    fi
+
+	    # CHECK ME:  I think I busted this.  -Ossama
+	    if test "$prev" = dlprefiles; then
+	      # Preload the old-style object.
+	      dlprefiles="$dlprefiles $pic_object"
+	      prev=
+	    fi
+
+	    # A PIC object.
+	    libobjs="$libobjs $pic_object"
+	    arg="$pic_object"
+	  fi
+
+	  # Non-PIC object.
+	  if test "$non_pic_object" != none; then
+	    # Prepend the subdirectory the object is found in.
+	    non_pic_object="$xdir$non_pic_object"
+
+	    # A standard non-PIC object
+	    non_pic_objects="$non_pic_objects $non_pic_object"
+	    if test -z "$pic_object" || test "$pic_object" = none ; then
+	      arg="$non_pic_object"
+	    fi
+	  else
+	    # If the PIC object exists, use it instead.
+	    # $xdir was prepended to $pic_object above.
+	    non_pic_object="$pic_object"
+	    non_pic_objects="$non_pic_objects $non_pic_object"
+	  fi
+	else
+	  # Only an error if not doing a dry-run.
+	  if test -z "$run"; then
+	    $echo "$modename: \`$arg' is not a valid libtool object" 1>&2
+	    exit $EXIT_FAILURE
+	  else
+	    # Dry-run case.
+
+	    # Extract subdirectory from the argument.
+	    xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'`
+	    if test "X$xdir" = "X$arg"; then
+	      xdir=
+	    else
+	      xdir="$xdir/"
+	    fi
+
+	    pic_object=`$echo "X${xdir}${objdir}/${arg}" | $Xsed -e "$lo2o"`
+	    non_pic_object=`$echo "X${xdir}${arg}" | $Xsed -e "$lo2o"`
+	    libobjs="$libobjs $pic_object"
+	    non_pic_objects="$non_pic_objects $non_pic_object"
+	  fi
+	fi
+	;;
+
+      *.$libext)
+	# An archive.
+	deplibs="$deplibs $arg"
+	old_deplibs="$old_deplibs $arg"
+	continue
+	;;
+
+      *.la)
+	# A libtool-controlled library.
+
+	if test "$prev" = dlfiles; then
+	  # This library was specified with -dlopen.
+	  dlfiles="$dlfiles $arg"
+	  prev=
+	elif test "$prev" = dlprefiles; then
+	  # The library was specified with -dlpreopen.
+	  dlprefiles="$dlprefiles $arg"
+	  prev=
+	else
+	  deplibs="$deplibs $arg"
+	fi
+	continue
+	;;
+
+      # Some other compiler argument.
+      *)
+	# Unknown arguments in both finalize_command and compile_command need
+	# to be aesthetically quoted because they are evaled later.
+	arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+	case $arg in
+	*[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+	  arg="\"$arg\""
+	  ;;
+	esac
+	;;
+      esac # arg
+
+      # Now actually substitute the argument into the commands.
+      if test -n "$arg"; then
+	compile_command="$compile_command $arg"
+	finalize_command="$finalize_command $arg"
+      fi
+    done # argument parsing loop
+
+    if test -n "$prev"; then
+      $echo "$modename: the \`$prevarg' option requires an argument" 1>&2
+      $echo "$help" 1>&2
+      exit $EXIT_FAILURE
+    fi
+
+    if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then
+      eval arg=\"$export_dynamic_flag_spec\"
+      compile_command="$compile_command $arg"
+      finalize_command="$finalize_command $arg"
+    fi
+
+    oldlibs=
+    # calculate the name of the file, without its directory
+    outputname=`$echo "X$output" | $Xsed -e 's%^.*/%%'`
+    libobjs_save="$libobjs"
+
+    if test -n "$shlibpath_var"; then
+      # get the directories listed in $shlibpath_var
+      eval shlib_search_path=\`\$echo \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\`
+    else
+      shlib_search_path=
+    fi
+    eval sys_lib_search_path=\"$sys_lib_search_path_spec\"
+    eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
+
+    output_objdir=`$echo "X$output" | $Xsed -e 's%/[^/]*$%%'`
+    if test "X$output_objdir" = "X$output"; then
+      output_objdir="$objdir"
+    else
+      output_objdir="$output_objdir/$objdir"
+    fi
+    # Create the object directory.
+    if test ! -d "$output_objdir"; then
+      $show "$mkdir $output_objdir"
+      $run $mkdir $output_objdir
+      exit_status=$?
+      if test "$exit_status" -ne 0 && test ! -d "$output_objdir"; then
+	exit $exit_status
+      fi
+    fi
+
+    # Determine the type of output
+    case $output in
+    "")
+      $echo "$modename: you must specify an output file" 1>&2
+      $echo "$help" 1>&2
+      exit $EXIT_FAILURE
+      ;;
+    *.$libext) linkmode=oldlib ;;
+    *.lo | *.$objext) linkmode=obj ;;
+    *.la) linkmode=lib ;;
+    *) linkmode=prog ;; # Anything else should be a program.
+    esac
+
+    case $host in
+    *cygwin* | *mingw* | *pw32*)
+      # don't eliminate duplications in $postdeps and $predeps
+      duplicate_compiler_generated_deps=yes
+      ;;
+    *)
+      duplicate_compiler_generated_deps=$duplicate_deps
+      ;;
+    esac
+    specialdeplibs=
+
+    libs=
+    # Find all interdependent deplibs by searching for libraries
+    # that are linked more than once (e.g. -la -lb -la)
+    for deplib in $deplibs; do
+      if test "X$duplicate_deps" = "Xyes" ; then
+	case "$libs " in
+	*" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+	esac
+      fi
+      libs="$libs $deplib"
+    done
+
+    if test "$linkmode" = lib; then
+      libs="$predeps $libs $compiler_lib_search_path $postdeps"
+
+      # Compute libraries that are listed more than once in $predeps
+      # $postdeps and mark them as special (i.e., whose duplicates are
+      # not to be eliminated).
+      pre_post_deps=
+      if test "X$duplicate_compiler_generated_deps" = "Xyes" ; then
+	for pre_post_dep in $predeps $postdeps; do
+	  case "$pre_post_deps " in
+	  *" $pre_post_dep "*) specialdeplibs="$specialdeplibs $pre_post_deps" ;;
+	  esac
+	  pre_post_deps="$pre_post_deps $pre_post_dep"
+	done
+      fi
+      pre_post_deps=
+    fi
+
+    deplibs=
+    newdependency_libs=
+    newlib_search_path=
+    need_relink=no # whether we're linking any uninstalled libtool libraries
+    notinst_deplibs= # not-installed libtool libraries
+    case $linkmode in
+    lib)
+	passes="conv link"
+	for file in $dlfiles $dlprefiles; do
+	  case $file in
+	  *.la) ;;
+	  *)
+	    $echo "$modename: libraries can \`-dlopen' only libtool libraries: $file" 1>&2
+	    exit $EXIT_FAILURE
+	    ;;
+	  esac
+	done
+	;;
+    prog)
+	compile_deplibs=
+	finalize_deplibs=
+	alldeplibs=no
+	newdlfiles=
+	newdlprefiles=
+	passes="conv scan dlopen dlpreopen link"
+	;;
+    *)  passes="conv"
+	;;
+    esac
+    for pass in $passes; do
+      if test "$linkmode,$pass" = "lib,link" ||
+	 test "$linkmode,$pass" = "prog,scan"; then
+	libs="$deplibs"
+	deplibs=
+      fi
+      if test "$linkmode" = prog; then
+	case $pass in
+	dlopen) libs="$dlfiles" ;;
+	dlpreopen) libs="$dlprefiles" ;;
+	link) libs="$deplibs %DEPLIBS% $dependency_libs" ;;
+	esac
+      fi
+      if test "$pass" = dlopen; then
+	# Collect dlpreopened libraries
+	save_deplibs="$deplibs"
+	deplibs=
+      fi
+      for deplib in $libs; do
+	lib=
+	found=no
+	case $deplib in
+	-mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe)
+	  if test "$linkmode,$pass" = "prog,link"; then
+	    compile_deplibs="$deplib $compile_deplibs"
+	    finalize_deplibs="$deplib $finalize_deplibs"
+	  else
+	    compiler_flags="$compiler_flags $deplib"
+	  fi
+	  continue
+	  ;;
+	-l*)
+	  if test "$linkmode" != lib && test "$linkmode" != prog; then
+	    $echo "$modename: warning: \`-l' is ignored for archives/objects" 1>&2
+	    continue
+	  fi
+	  name=`$echo "X$deplib" | $Xsed -e 's/^-l//'`
+	  for searchdir in $newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path; do
+	    for search_ext in .la $std_shrext .so .a; do
+	      # Search the libtool library
+	      lib="$searchdir/lib${name}${search_ext}"
+	      if test -f "$lib"; then
+		if test "$search_ext" = ".la"; then
+		  found=yes
+		else
+		  found=no
+		fi
+		break 2
+	      fi
+	    done
+	  done
+	  if test "$found" != yes; then
+	    # deplib doesn't seem to be a libtool library
+	    if test "$linkmode,$pass" = "prog,link"; then
+	      compile_deplibs="$deplib $compile_deplibs"
+	      finalize_deplibs="$deplib $finalize_deplibs"
+	    else
+	      deplibs="$deplib $deplibs"
+	      test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+	    fi
+	    continue
+	  else # deplib is a libtool library
+	    # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib,
+	    # We need to do some special things here, and not later.
+	    if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+	      case " $predeps $postdeps " in
+	      *" $deplib "*)
+		if (${SED} -e '2q' $lib |
+                    grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+		  library_names=
+		  old_library=
+		  case $lib in
+		  */* | *\\*) . $lib ;;
+		  *) . ./$lib ;;
+		  esac
+		  for l in $old_library $library_names; do
+		    ll="$l"
+		  done
+		  if test "X$ll" = "X$old_library" ; then # only static version available
+		    found=no
+		    ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'`
+		    test "X$ladir" = "X$lib" && ladir="."
+		    lib=$ladir/$old_library
+		    if test "$linkmode,$pass" = "prog,link"; then
+		      compile_deplibs="$deplib $compile_deplibs"
+		      finalize_deplibs="$deplib $finalize_deplibs"
+		    else
+		      deplibs="$deplib $deplibs"
+		      test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+		    fi
+		    continue
+		  fi
+		fi
+	        ;;
+	      *) ;;
+	      esac
+	    fi
+	  fi
+	  ;; # -l
+	-L*)
+	  case $linkmode in
+	  lib)
+	    deplibs="$deplib $deplibs"
+	    test "$pass" = conv && continue
+	    newdependency_libs="$deplib $newdependency_libs"
+	    newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`
+	    ;;
+	  prog)
+	    if test "$pass" = conv; then
+	      deplibs="$deplib $deplibs"
+	      continue
+	    fi
+	    if test "$pass" = scan; then
+	      deplibs="$deplib $deplibs"
+	    else
+	      compile_deplibs="$deplib $compile_deplibs"
+	      finalize_deplibs="$deplib $finalize_deplibs"
+	    fi
+	    newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`
+	    ;;
+	  *)
+	    $echo "$modename: warning: \`-L' is ignored for archives/objects" 1>&2
+	    ;;
+	  esac # linkmode
+	  continue
+	  ;; # -L
+	-R*)
+	  if test "$pass" = link; then
+	    dir=`$echo "X$deplib" | $Xsed -e 's/^-R//'`
+	    # Make sure the xrpath contains only unique directories.
+	    case "$xrpath " in
+	    *" $dir "*) ;;
+	    *) xrpath="$xrpath $dir" ;;
+	    esac
+	  fi
+	  deplibs="$deplib $deplibs"
+	  continue
+	  ;;
+	*.la) lib="$deplib" ;;
+	*.$libext)
+	  if test "$pass" = conv; then
+	    deplibs="$deplib $deplibs"
+	    continue
+	  fi
+	  case $linkmode in
+	  lib)
+	    valid_a_lib=no
+	    case $deplibs_check_method in
+	      match_pattern*)
+		set dummy $deplibs_check_method
+	        match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
+		if eval $echo \"$deplib\" 2>/dev/null \
+		    | $SED 10q \
+		    | $EGREP "$match_pattern_regex" > /dev/null; then
+		  valid_a_lib=yes
+		fi
+		;;
+	      pass_all)
+		valid_a_lib=yes
+		;;
+            esac
+	    if test "$valid_a_lib" != yes; then
+	      $echo
+	      $echo "*** Warning: Trying to link with static lib archive $deplib."
+	      $echo "*** I have the capability to make that library automatically link in when"
+	      $echo "*** you link to this library.  But I can only do this if you have a"
+	      $echo "*** shared version of the library, which you do not appear to have"
+	      $echo "*** because the file extensions .$libext of this argument makes me believe"
+	      $echo "*** that it is just a static archive that I should not used here."
+	    else
+	      $echo
+	      $echo "*** Warning: Linking the shared library $output against the"
+	      $echo "*** static library $deplib is not portable!"
+	      deplibs="$deplib $deplibs"
+	    fi
+	    continue
+	    ;;
+	  prog)
+	    if test "$pass" != link; then
+	      deplibs="$deplib $deplibs"
+	    else
+	      compile_deplibs="$deplib $compile_deplibs"
+	      finalize_deplibs="$deplib $finalize_deplibs"
+	    fi
+	    continue
+	    ;;
+	  esac # linkmode
+	  ;; # *.$libext
+	*.lo | *.$objext)
+	  if test "$pass" = conv; then
+	    deplibs="$deplib $deplibs"
+	  elif test "$linkmode" = prog; then
+	    if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then
+	      # If there is no dlopen support or we're linking statically,
+	      # we need to preload.
+	      newdlprefiles="$newdlprefiles $deplib"
+	      compile_deplibs="$deplib $compile_deplibs"
+	      finalize_deplibs="$deplib $finalize_deplibs"
+	    else
+	      newdlfiles="$newdlfiles $deplib"
+	    fi
+	  fi
+	  continue
+	  ;;
+	%DEPLIBS%)
+	  alldeplibs=yes
+	  continue
+	  ;;
+	esac # case $deplib
+	if test "$found" = yes || test -f "$lib"; then :
+	else
+	  $echo "$modename: cannot find the library \`$lib' or unhandled argument \`$deplib'" 1>&2
+	  exit $EXIT_FAILURE
+	fi
+
+	# Check to see that this really is a libtool archive.
+	if (${SED} -e '2q' $lib | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
+	else
+	  $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
+	  exit $EXIT_FAILURE
+	fi
+
+	ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'`
+	test "X$ladir" = "X$lib" && ladir="."
+
+	dlname=
+	dlopen=
+	dlpreopen=
+	libdir=
+	library_names=
+	old_library=
+	# If the library was installed with an old release of libtool,
+	# it will not redefine variables installed, or shouldnotlink
+	installed=yes
+	shouldnotlink=no
+	avoidtemprpath=
+
+
+	# Read the .la file
+	case $lib in
+	*/* | *\\*) . $lib ;;
+	*) . ./$lib ;;
+	esac
+
+	if test "$linkmode,$pass" = "lib,link" ||
+	   test "$linkmode,$pass" = "prog,scan" ||
+	   { test "$linkmode" != prog && test "$linkmode" != lib; }; then
+	  test -n "$dlopen" && dlfiles="$dlfiles $dlopen"
+	  test -n "$dlpreopen" && dlprefiles="$dlprefiles $dlpreopen"
+	fi
+
+	if test "$pass" = conv; then
+	  # Only check for convenience libraries
+	  deplibs="$lib $deplibs"
+	  if test -z "$libdir"; then
+	    if test -z "$old_library"; then
+	      $echo "$modename: cannot find name of link library for \`$lib'" 1>&2
+	      exit $EXIT_FAILURE
+	    fi
+	    # It is a libtool convenience library, so add in its objects.
+	    convenience="$convenience $ladir/$objdir/$old_library"
+	    old_convenience="$old_convenience $ladir/$objdir/$old_library"
+	    tmp_libs=
+	    for deplib in $dependency_libs; do
+	      deplibs="$deplib $deplibs"
+              if test "X$duplicate_deps" = "Xyes" ; then
+	        case "$tmp_libs " in
+	        *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+	        esac
+              fi
+	      tmp_libs="$tmp_libs $deplib"
+	    done
+	  elif test "$linkmode" != prog && test "$linkmode" != lib; then
+	    $echo "$modename: \`$lib' is not a convenience library" 1>&2
+	    exit $EXIT_FAILURE
+	  fi
+	  continue
+	fi # $pass = conv
+
+
+	# Get the name of the library we link against.
+	linklib=
+	for l in $old_library $library_names; do
+	  linklib="$l"
+	done
+	if test -z "$linklib"; then
+	  $echo "$modename: cannot find name of link library for \`$lib'" 1>&2
+	  exit $EXIT_FAILURE
+	fi
+
+	# This library was specified with -dlopen.
+	if test "$pass" = dlopen; then
+	  if test -z "$libdir"; then
+	    $echo "$modename: cannot -dlopen a convenience library: \`$lib'" 1>&2
+	    exit $EXIT_FAILURE
+	  fi
+	  if test -z "$dlname" ||
+	     test "$dlopen_support" != yes ||
+	     test "$build_libtool_libs" = no; then
+	    # If there is no dlname, no dlopen support or we're linking
+	    # statically, we need to preload.  We also need to preload any
+	    # dependent libraries so libltdl's deplib preloader doesn't
+	    # bomb out in the load deplibs phase.
+	    dlprefiles="$dlprefiles $lib $dependency_libs"
+	  else
+	    newdlfiles="$newdlfiles $lib"
+	  fi
+	  continue
+	fi # $pass = dlopen
+
+	# We need an absolute path.
+	case $ladir in
+	[\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;;
+	*)
+	  abs_ladir=`cd "$ladir" && pwd`
+	  if test -z "$abs_ladir"; then
+	    $echo "$modename: warning: cannot determine absolute directory name of \`$ladir'" 1>&2
+	    $echo "$modename: passing it literally to the linker, although it might fail" 1>&2
+	    abs_ladir="$ladir"
+	  fi
+	  ;;
+	esac
+	laname=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
+
+	# Find the relevant object directory and library name.
+	if test "X$installed" = Xyes; then
+	  if test ! -f "$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+	    $echo "$modename: warning: library \`$lib' was moved." 1>&2
+	    dir="$ladir"
+	    absdir="$abs_ladir"
+	    libdir="$abs_ladir"
+	  else
+	    dir="$libdir"
+	    absdir="$libdir"
+	  fi
+	  test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes
+	else
+	  if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+	    dir="$ladir"
+	    absdir="$abs_ladir"
+	    # Remove this search path later
+	    notinst_path="$notinst_path $abs_ladir"
+	  else
+	    dir="$ladir/$objdir"
+	    absdir="$abs_ladir/$objdir"
+	    # Remove this search path later
+	    notinst_path="$notinst_path $abs_ladir"
+	  fi
+	fi # $installed = yes
+	name=`$echo "X$laname" | $Xsed -e 's/\.la$//' -e 's/^lib//'`
+
+	# This library was specified with -dlpreopen.
+	if test "$pass" = dlpreopen; then
+	  if test -z "$libdir"; then
+	    $echo "$modename: cannot -dlpreopen a convenience library: \`$lib'" 1>&2
+	    exit $EXIT_FAILURE
+	  fi
+	  # Prefer using a static library (so that no silly _DYNAMIC symbols
+	  # are required to link).
+	  if test -n "$old_library"; then
+	    newdlprefiles="$newdlprefiles $dir/$old_library"
+	  # Otherwise, use the dlname, so that lt_dlopen finds it.
+	  elif test -n "$dlname"; then
+	    newdlprefiles="$newdlprefiles $dir/$dlname"
+	  else
+	    newdlprefiles="$newdlprefiles $dir/$linklib"
+	  fi
+	fi # $pass = dlpreopen
+
+	if test -z "$libdir"; then
+	  # Link the convenience library
+	  if test "$linkmode" = lib; then
+	    deplibs="$dir/$old_library $deplibs"
+	  elif test "$linkmode,$pass" = "prog,link"; then
+	    compile_deplibs="$dir/$old_library $compile_deplibs"
+	    finalize_deplibs="$dir/$old_library $finalize_deplibs"
+	  else
+	    deplibs="$lib $deplibs" # used for prog,scan pass
+	  fi
+	  continue
+	fi
+
+
+	if test "$linkmode" = prog && test "$pass" != link; then
+	  newlib_search_path="$newlib_search_path $ladir"
+	  deplibs="$lib $deplibs"
+
+	  linkalldeplibs=no
+	  if test "$link_all_deplibs" != no || test -z "$library_names" ||
+	     test "$build_libtool_libs" = no; then
+	    linkalldeplibs=yes
+	  fi
+
+	  tmp_libs=
+	  for deplib in $dependency_libs; do
+	    case $deplib in
+	    -L*) newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`;; ### testsuite: skip nested quoting test
+	    esac
+	    # Need to link against all dependency_libs?
+	    if test "$linkalldeplibs" = yes; then
+	      deplibs="$deplib $deplibs"
+	    else
+	      # Need to hardcode shared library paths
+	      # or/and link against static libraries
+	      newdependency_libs="$deplib $newdependency_libs"
+	    fi
+	    if test "X$duplicate_deps" = "Xyes" ; then
+	      case "$tmp_libs " in
+	      *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+	      esac
+	    fi
+	    tmp_libs="$tmp_libs $deplib"
+	  done # for deplib
+	  continue
+	fi # $linkmode = prog...
+
+	if test "$linkmode,$pass" = "prog,link"; then
+	  if test -n "$library_names" &&
+	     { test "$prefer_static_libs" = no || test -z "$old_library"; }; then
+	    # We need to hardcode the library path
+	    if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then
+	      # Make sure the rpath contains only unique directories.
+	      case "$temp_rpath " in
+	      *" $dir "*) ;;
+	      *" $absdir "*) ;;
+	      *) temp_rpath="$temp_rpath $absdir" ;;
+	      esac
+	    fi
+
+	    # Hardcode the library path.
+	    # Skip directories that are in the system default run-time
+	    # search path.
+	    case " $sys_lib_dlsearch_path " in
+	    *" $absdir "*) ;;
+	    *)
+	      case "$compile_rpath " in
+	      *" $absdir "*) ;;
+	      *) compile_rpath="$compile_rpath $absdir"
+	      esac
+	      ;;
+	    esac
+	    case " $sys_lib_dlsearch_path " in
+	    *" $libdir "*) ;;
+	    *)
+	      case "$finalize_rpath " in
+	      *" $libdir "*) ;;
+	      *) finalize_rpath="$finalize_rpath $libdir"
+	      esac
+	      ;;
+	    esac
+	  fi # $linkmode,$pass = prog,link...
+
+	  if test "$alldeplibs" = yes &&
+	     { test "$deplibs_check_method" = pass_all ||
+	       { test "$build_libtool_libs" = yes &&
+		 test -n "$library_names"; }; }; then
+	    # We only need to search for static libraries
+	    continue
+	  fi
+	fi
+
+	link_static=no # Whether the deplib will be linked statically
+	use_static_libs=$prefer_static_libs
+	if test "$use_static_libs" = built && test "$installed" = yes ; then
+	  use_static_libs=no
+	fi
+	if test -n "$library_names" &&
+	   { test "$use_static_libs" = no || test -z "$old_library"; }; then
+	  if test "$installed" = no; then
+	    notinst_deplibs="$notinst_deplibs $lib"
+	    need_relink=yes
+	  fi
+	  # This is a shared library
+
+	  # Warn about portability, can't link against -module's on
+	  # some systems (darwin)
+	  if test "$shouldnotlink" = yes && test "$pass" = link ; then
+	    $echo
+	    if test "$linkmode" = prog; then
+	      $echo "*** Warning: Linking the executable $output against the loadable module"
+	    else
+	      $echo "*** Warning: Linking the shared library $output against the loadable module"
+	    fi
+	    $echo "*** $linklib is not portable!"
+	  fi
+	  if test "$linkmode" = lib &&
+	     test "$hardcode_into_libs" = yes; then
+	    # Hardcode the library path.
+	    # Skip directories that are in the system default run-time
+	    # search path.
+	    case " $sys_lib_dlsearch_path " in
+	    *" $absdir "*) ;;
+	    *)
+	      case "$compile_rpath " in
+	      *" $absdir "*) ;;
+	      *) compile_rpath="$compile_rpath $absdir"
+	      esac
+	      ;;
+	    esac
+	    case " $sys_lib_dlsearch_path " in
+	    *" $libdir "*) ;;
+	    *)
+	      case "$finalize_rpath " in
+	      *" $libdir "*) ;;
+	      *) finalize_rpath="$finalize_rpath $libdir"
+	      esac
+	      ;;
+	    esac
+	  fi
+
+	  if test -n "$old_archive_from_expsyms_cmds"; then
+	    # figure out the soname
+	    set dummy $library_names
+	    realname="$2"
+	    shift; shift
+	    libname=`eval \\$echo \"$libname_spec\"`
+	    # use dlname if we got it. it's perfectly good, no?
+	    if test -n "$dlname"; then
+	      soname="$dlname"
+	    elif test -n "$soname_spec"; then
+	      # bleh windows
+	      case $host in
+	      *cygwin* | mingw*)
+		major=`expr $current - $age`
+		versuffix="-$major"
+		;;
+	      esac
+	      eval soname=\"$soname_spec\"
+	    else
+	      soname="$realname"
+	    fi
+
+	    # Make a new name for the extract_expsyms_cmds to use
+	    soroot="$soname"
+	    soname=`$echo $soroot | ${SED} -e 's/^.*\///'`
+	    newlib="libimp-`$echo $soname | ${SED} 's/^lib//;s/\.dll$//'`.a"
+
+	    # If the library has no export list, then create one now
+	    if test -f "$output_objdir/$soname-def"; then :
+	    else
+	      $show "extracting exported symbol list from \`$soname'"
+	      save_ifs="$IFS"; IFS='~'
+	      cmds=$extract_expsyms_cmds
+	      for cmd in $cmds; do
+		IFS="$save_ifs"
+		eval cmd=\"$cmd\"
+		$show "$cmd"
+		$run eval "$cmd" || exit $?
+	      done
+	      IFS="$save_ifs"
+	    fi
+
+	    # Create $newlib
+	    if test -f "$output_objdir/$newlib"; then :; else
+	      $show "generating import library for \`$soname'"
+	      save_ifs="$IFS"; IFS='~'
+	      cmds=$old_archive_from_expsyms_cmds
+	      for cmd in $cmds; do
+		IFS="$save_ifs"
+		eval cmd=\"$cmd\"
+		$show "$cmd"
+		$run eval "$cmd" || exit $?
+	      done
+	      IFS="$save_ifs"
+	    fi
+	    # make sure the library variables are pointing to the new library
+	    dir=$output_objdir
+	    linklib=$newlib
+	  fi # test -n "$old_archive_from_expsyms_cmds"
+
+	  if test "$linkmode" = prog || test "$mode" != relink; then
+	    add_shlibpath=
+	    add_dir=
+	    add=
+	    lib_linked=yes
+	    case $hardcode_action in
+	    immediate | unsupported)
+	      if test "$hardcode_direct" = no; then
+		add="$dir/$linklib"
+		case $host in
+		  *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;;
+		  *-*-sysv4*uw2*) add_dir="-L$dir" ;;
+		  *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \
+		    *-*-unixware7*) add_dir="-L$dir" ;;
+		  *-*-darwin* )
+		    # if the lib is a module then we can not link against
+		    # it, someone is ignoring the new warnings I added
+		    if /usr/bin/file -L $add 2> /dev/null |
+                      $EGREP ": [^:]* bundle" >/dev/null ; then
+		      $echo "** Warning, lib $linklib is a module, not a shared library"
+		      if test -z "$old_library" ; then
+		        $echo
+		        $echo "** And there doesn't seem to be a static archive available"
+		        $echo "** The link will probably fail, sorry"
+		      else
+		        add="$dir/$old_library"
+		      fi
+		    fi
+		esac
+	      elif test "$hardcode_minus_L" = no; then
+		case $host in
+		*-*-sunos*) add_shlibpath="$dir" ;;
+		esac
+		add_dir="-L$dir"
+		add="-l$name"
+	      elif test "$hardcode_shlibpath_var" = no; then
+		add_shlibpath="$dir"
+		add="-l$name"
+	      else
+		lib_linked=no
+	      fi
+	      ;;
+	    relink)
+	      if test "$hardcode_direct" = yes; then
+		add="$dir/$linklib"
+	      elif test "$hardcode_minus_L" = yes; then
+		add_dir="-L$dir"
+		# Try looking first in the location we're being installed to.
+		if test -n "$inst_prefix_dir"; then
+		  case $libdir in
+		    [\\/]*)
+		      add_dir="$add_dir -L$inst_prefix_dir$libdir"
+		      ;;
+		  esac
+		fi
+		add="-l$name"
+	      elif test "$hardcode_shlibpath_var" = yes; then
+		add_shlibpath="$dir"
+		add="-l$name"
+	      else
+		lib_linked=no
+	      fi
+	      ;;
+	    *) lib_linked=no ;;
+	    esac
+
+	    if test "$lib_linked" != yes; then
+	      $echo "$modename: configuration error: unsupported hardcode properties"
+	      exit $EXIT_FAILURE
+	    fi
+
+	    if test -n "$add_shlibpath"; then
+	      case :$compile_shlibpath: in
+	      *":$add_shlibpath:"*) ;;
+	      *) compile_shlibpath="$compile_shlibpath$add_shlibpath:" ;;
+	      esac
+	    fi
+	    if test "$linkmode" = prog; then
+	      test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs"
+	      test -n "$add" && compile_deplibs="$add $compile_deplibs"
+	    else
+	      test -n "$add_dir" && deplibs="$add_dir $deplibs"
+	      test -n "$add" && deplibs="$add $deplibs"
+	      if test "$hardcode_direct" != yes && \
+		 test "$hardcode_minus_L" != yes && \
+		 test "$hardcode_shlibpath_var" = yes; then
+		case :$finalize_shlibpath: in
+		*":$libdir:"*) ;;
+		*) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+		esac
+	      fi
+	    fi
+	  fi
+
+	  if test "$linkmode" = prog || test "$mode" = relink; then
+	    add_shlibpath=
+	    add_dir=
+	    add=
+	    # Finalize command for both is simple: just hardcode it.
+	    if test "$hardcode_direct" = yes; then
+	      add="$libdir/$linklib"
+	    elif test "$hardcode_minus_L" = yes; then
+	      add_dir="-L$libdir"
+	      add="-l$name"
+	    elif test "$hardcode_shlibpath_var" = yes; then
+	      case :$finalize_shlibpath: in
+	      *":$libdir:"*) ;;
+	      *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+	      esac
+	      add="-l$name"
+	    elif test "$hardcode_automatic" = yes; then
+	      if test -n "$inst_prefix_dir" &&
+		 test -f "$inst_prefix_dir$libdir/$linklib" ; then
+	        add="$inst_prefix_dir$libdir/$linklib"
+	      else
+	        add="$libdir/$linklib"
+	      fi
+	    else
+	      # We cannot seem to hardcode it, guess we'll fake it.
+	      add_dir="-L$libdir"
+	      # Try looking first in the location we're being installed to.
+	      if test -n "$inst_prefix_dir"; then
+		case $libdir in
+		  [\\/]*)
+		    add_dir="$add_dir -L$inst_prefix_dir$libdir"
+		    ;;
+		esac
+	      fi
+	      add="-l$name"
+	    fi
+
+	    if test "$linkmode" = prog; then
+	      test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs"
+	      test -n "$add" && finalize_deplibs="$add $finalize_deplibs"
+	    else
+	      test -n "$add_dir" && deplibs="$add_dir $deplibs"
+	      test -n "$add" && deplibs="$add $deplibs"
+	    fi
+	  fi
+	elif test "$linkmode" = prog; then
+	  # Here we assume that one of hardcode_direct or hardcode_minus_L
+	  # is not unsupported.  This is valid on all known static and
+	  # shared platforms.
+	  if test "$hardcode_direct" != unsupported; then
+	    test -n "$old_library" && linklib="$old_library"
+	    compile_deplibs="$dir/$linklib $compile_deplibs"
+	    finalize_deplibs="$dir/$linklib $finalize_deplibs"
+	  else
+	    compile_deplibs="-l$name -L$dir $compile_deplibs"
+	    finalize_deplibs="-l$name -L$dir $finalize_deplibs"
+	  fi
+	elif test "$build_libtool_libs" = yes; then
+	  # Not a shared library
+	  if test "$deplibs_check_method" != pass_all; then
+	    # We're trying link a shared library against a static one
+	    # but the system doesn't support it.
+
+	    # Just print a warning and add the library to dependency_libs so
+	    # that the program can be linked against the static library.
+	    $echo
+	    $echo "*** Warning: This system can not link to static lib archive $lib."
+	    $echo "*** I have the capability to make that library automatically link in when"
+	    $echo "*** you link to this library.  But I can only do this if you have a"
+	    $echo "*** shared version of the library, which you do not appear to have."
+	    if test "$module" = yes; then
+	      $echo "*** But as you try to build a module library, libtool will still create "
+	      $echo "*** a static module, that should work as long as the dlopening application"
+	      $echo "*** is linked with the -dlopen flag to resolve symbols at runtime."
+	      if test -z "$global_symbol_pipe"; then
+		$echo
+		$echo "*** However, this would only work if libtool was able to extract symbol"
+		$echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
+		$echo "*** not find such a program.  So, this module is probably useless."
+		$echo "*** \`nm' from GNU binutils and a full rebuild may help."
+	      fi
+	      if test "$build_old_libs" = no; then
+		build_libtool_libs=module
+		build_old_libs=yes
+	      else
+		build_libtool_libs=no
+	      fi
+	    fi
+	  else
+	    deplibs="$dir/$old_library $deplibs"
+	    link_static=yes
+	  fi
+	fi # link shared/static library?
+
+	if test "$linkmode" = lib; then
+	  if test -n "$dependency_libs" &&
+	     { test "$hardcode_into_libs" != yes ||
+	       test "$build_old_libs" = yes ||
+	       test "$link_static" = yes; }; then
+	    # Extract -R from dependency_libs
+	    temp_deplibs=
+	    for libdir in $dependency_libs; do
+	      case $libdir in
+	      -R*) temp_xrpath=`$echo "X$libdir" | $Xsed -e 's/^-R//'`
+		   case " $xrpath " in
+		   *" $temp_xrpath "*) ;;
+		   *) xrpath="$xrpath $temp_xrpath";;
+		   esac;;
+	      *) temp_deplibs="$temp_deplibs $libdir";;
+	      esac
+	    done
+	    dependency_libs="$temp_deplibs"
+	  fi
+
+	  newlib_search_path="$newlib_search_path $absdir"
+	  # Link against this library
+	  test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs"
+	  # ... and its dependency_libs
+	  tmp_libs=
+	  for deplib in $dependency_libs; do
+	    newdependency_libs="$deplib $newdependency_libs"
+	    if test "X$duplicate_deps" = "Xyes" ; then
+	      case "$tmp_libs " in
+	      *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+	      esac
+	    fi
+	    tmp_libs="$tmp_libs $deplib"
+	  done
+
+	  if test "$link_all_deplibs" != no; then
+	    # Add the search paths of all dependency libraries
+	    for deplib in $dependency_libs; do
+	      case $deplib in
+	      -L*) path="$deplib" ;;
+	      *.la)
+		dir=`$echo "X$deplib" | $Xsed -e 's%/[^/]*$%%'`
+		test "X$dir" = "X$deplib" && dir="."
+		# We need an absolute path.
+		case $dir in
+		[\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;;
+		*)
+		  absdir=`cd "$dir" && pwd`
+		  if test -z "$absdir"; then
+		    $echo "$modename: warning: cannot determine absolute directory name of \`$dir'" 1>&2
+		    absdir="$dir"
+		  fi
+		  ;;
+		esac
+		if grep "^installed=no" $deplib > /dev/null; then
+		  path="$absdir/$objdir"
+		else
+		  eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+		  if test -z "$libdir"; then
+		    $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2
+		    exit $EXIT_FAILURE
+		  fi
+		  if test "$absdir" != "$libdir"; then
+		    $echo "$modename: warning: \`$deplib' seems to be moved" 1>&2
+		  fi
+		  path="$absdir"
+		fi
+		depdepl=
+		case $host in
+		*-*-darwin*)
+		  # we do not want to link against static libs,
+		  # but need to link against shared
+		  eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib`
+		  if test -n "$deplibrary_names" ; then
+		    for tmp in $deplibrary_names ; do
+		      depdepl=$tmp
+		    done
+		    if test -f "$path/$depdepl" ; then
+		      depdepl="$path/$depdepl"
+		    fi
+		    # do not add paths which are already there
+		    case " $newlib_search_path " in
+		    *" $path "*) ;;
+		    *) newlib_search_path="$newlib_search_path $path";;
+		    esac
+		  fi
+		  path=""
+		  ;;
+		*)
+		  path="-L$path"
+		  ;;
+		esac
+		;;
+	      -l*)
+		case $host in
+		*-*-darwin*)
+		  # Again, we only want to link against shared libraries
+		  eval tmp_libs=`$echo "X$deplib" | $Xsed -e "s,^\-l,,"`
+		  for tmp in $newlib_search_path ; do
+		    if test -f "$tmp/lib$tmp_libs.dylib" ; then
+		      eval depdepl="$tmp/lib$tmp_libs.dylib"
+		      break
+		    fi
+		  done
+		  path=""
+		  ;;
+		*) continue ;;
+		esac
+		;;
+	      *) continue ;;
+	      esac
+	      case " $deplibs " in
+	      *" $path "*) ;;
+	      *) deplibs="$path $deplibs" ;;
+	      esac
+	      case " $deplibs " in
+	      *" $depdepl "*) ;;
+	      *) deplibs="$depdepl $deplibs" ;;
+	      esac
+	    done
+	  fi # link_all_deplibs != no
+	fi # linkmode = lib
+      done # for deplib in $libs
+      dependency_libs="$newdependency_libs"
+      if test "$pass" = dlpreopen; then
+	# Link the dlpreopened libraries before other libraries
+	for deplib in $save_deplibs; do
+	  deplibs="$deplib $deplibs"
+	done
+      fi
+      if test "$pass" != dlopen; then
+	if test "$pass" != conv; then
+	  # Make sure lib_search_path contains only unique directories.
+	  lib_search_path=
+	  for dir in $newlib_search_path; do
+	    case "$lib_search_path " in
+	    *" $dir "*) ;;
+	    *) lib_search_path="$lib_search_path $dir" ;;
+	    esac
+	  done
+	  newlib_search_path=
+	fi
+
+	if test "$linkmode,$pass" != "prog,link"; then
+	  vars="deplibs"
+	else
+	  vars="compile_deplibs finalize_deplibs"
+	fi
+	for var in $vars dependency_libs; do
+	  # Add libraries to $var in reverse order
+	  eval tmp_libs=\"\$$var\"
+	  new_libs=
+	  for deplib in $tmp_libs; do
+	    # FIXME: Pedantically, this is the right thing to do, so
+	    #        that some nasty dependency loop isn't accidentally
+	    #        broken:
+	    #new_libs="$deplib $new_libs"
+	    # Pragmatically, this seems to cause very few problems in
+	    # practice:
+	    case $deplib in
+	    -L*) new_libs="$deplib $new_libs" ;;
+	    -R*) ;;
+	    *)
+	      # And here is the reason: when a library appears more
+	      # than once as an explicit dependence of a library, or
+	      # is implicitly linked in more than once by the
+	      # compiler, it is considered special, and multiple
+	      # occurrences thereof are not removed.  Compare this
+	      # with having the same library being listed as a
+	      # dependency of multiple other libraries: in this case,
+	      # we know (pedantically, we assume) the library does not
+	      # need to be listed more than once, so we keep only the
+	      # last copy.  This is not always right, but it is rare
+	      # enough that we require users that really mean to play
+	      # such unportable linking tricks to link the library
+	      # using -Wl,-lname, so that libtool does not consider it
+	      # for duplicate removal.
+	      case " $specialdeplibs " in
+	      *" $deplib "*) new_libs="$deplib $new_libs" ;;
+	      *)
+		case " $new_libs " in
+		*" $deplib "*) ;;
+		*) new_libs="$deplib $new_libs" ;;
+		esac
+		;;
+	      esac
+	      ;;
+	    esac
+	  done
+	  tmp_libs=
+	  for deplib in $new_libs; do
+	    case $deplib in
+	    -L*)
+	      case " $tmp_libs " in
+	      *" $deplib "*) ;;
+	      *) tmp_libs="$tmp_libs $deplib" ;;
+	      esac
+	      ;;
+	    *) tmp_libs="$tmp_libs $deplib" ;;
+	    esac
+	  done
+	  eval $var=\"$tmp_libs\"
+	done # for var
+      fi
+      # Last step: remove runtime libs from dependency_libs
+      # (they stay in deplibs)
+      tmp_libs=
+      for i in $dependency_libs ; do
+	case " $predeps $postdeps $compiler_lib_search_path " in
+	*" $i "*)
+	  i=""
+	  ;;
+	esac
+	if test -n "$i" ; then
+	  tmp_libs="$tmp_libs $i"
+	fi
+      done
+      dependency_libs=$tmp_libs
+    done # for pass
+    if test "$linkmode" = prog; then
+      dlfiles="$newdlfiles"
+      dlprefiles="$newdlprefiles"
+    fi
+
+    case $linkmode in
+    oldlib)
+      if test -n "$deplibs"; then
+	$echo "$modename: warning: \`-l' and \`-L' are ignored for archives" 1>&2
+      fi
+
+      if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+	$echo "$modename: warning: \`-dlopen' is ignored for archives" 1>&2
+      fi
+
+      if test -n "$rpath"; then
+	$echo "$modename: warning: \`-rpath' is ignored for archives" 1>&2
+      fi
+
+      if test -n "$xrpath"; then
+	$echo "$modename: warning: \`-R' is ignored for archives" 1>&2
+      fi
+
+      if test -n "$vinfo"; then
+	$echo "$modename: warning: \`-version-info/-version-number' is ignored for archives" 1>&2
+      fi
+
+      if test -n "$release"; then
+	$echo "$modename: warning: \`-release' is ignored for archives" 1>&2
+      fi
+
+      if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
+	$echo "$modename: warning: \`-export-symbols' is ignored for archives" 1>&2
+      fi
+
+      # Now set the variables for building old libraries.
+      build_libtool_libs=no
+      oldlibs="$output"
+      objs="$objs$old_deplibs"
+      ;;
+
+    lib)
+      # Make sure we only generate libraries of the form `libNAME.la'.
+      case $outputname in
+      lib*)
+	name=`$echo "X$outputname" | $Xsed -e 's/\.la$//' -e 's/^lib//'`
+	eval shared_ext=\"$shrext_cmds\"
+	eval libname=\"$libname_spec\"
+	;;
+      *)
+	if test "$module" = no; then
+	  $echo "$modename: libtool library \`$output' must begin with \`lib'" 1>&2
+	  $echo "$help" 1>&2
+	  exit $EXIT_FAILURE
+	fi
+	if test "$need_lib_prefix" != no; then
+	  # Add the "lib" prefix for modules if required
+	  name=`$echo "X$outputname" | $Xsed -e 's/\.la$//'`
+	  eval shared_ext=\"$shrext_cmds\"
+	  eval libname=\"$libname_spec\"
+	else
+	  libname=`$echo "X$outputname" | $Xsed -e 's/\.la$//'`
+	fi
+	;;
+      esac
+
+      if test -n "$objs"; then
+	if test "$deplibs_check_method" != pass_all; then
+	  $echo "$modename: cannot build libtool library \`$output' from non-libtool objects on this host:$objs" 2>&1
+	  exit $EXIT_FAILURE
+	else
+	  $echo
+	  $echo "*** Warning: Linking the shared library $output against the non-libtool"
+	  $echo "*** objects $objs is not portable!"
+	  libobjs="$libobjs $objs"
+	fi
+      fi
+
+      if test "$dlself" != no; then
+	$echo "$modename: warning: \`-dlopen self' is ignored for libtool libraries" 1>&2
+      fi
+
+      set dummy $rpath
+      if test "$#" -gt 2; then
+	$echo "$modename: warning: ignoring multiple \`-rpath's for a libtool library" 1>&2
+      fi
+      install_libdir="$2"
+
+      oldlibs=
+      if test -z "$rpath"; then
+	if test "$build_libtool_libs" = yes; then
+	  # Building a libtool convenience library.
+	  # Some compilers have problems with a `.al' extension so
+	  # convenience libraries should have the same extension an
+	  # archive normally would.
+	  oldlibs="$output_objdir/$libname.$libext $oldlibs"
+	  build_libtool_libs=convenience
+	  build_old_libs=yes
+	fi
+
+	if test -n "$vinfo"; then
+	  $echo "$modename: warning: \`-version-info/-version-number' is ignored for convenience libraries" 1>&2
+	fi
+
+	if test -n "$release"; then
+	  $echo "$modename: warning: \`-release' is ignored for convenience libraries" 1>&2
+	fi
+      else
+
+	# Parse the version information argument.
+	save_ifs="$IFS"; IFS=':'
+	set dummy $vinfo 0 0 0
+	IFS="$save_ifs"
+
+	if test -n "$8"; then
+	  $echo "$modename: too many parameters to \`-version-info'" 1>&2
+	  $echo "$help" 1>&2
+	  exit $EXIT_FAILURE
+	fi
+
+	# convert absolute version numbers to libtool ages
+	# this retains compatibility with .la files and attempts
+	# to make the code below a bit more comprehensible
+
+	case $vinfo_number in
+	yes)
+	  number_major="$2"
+	  number_minor="$3"
+	  number_revision="$4"
+	  #
+	  # There are really only two kinds -- those that
+	  # use the current revision as the major version
+	  # and those that subtract age and use age as
+	  # a minor version.  But, then there is irix
+	  # which has an extra 1 added just for fun
+	  #
+	  case $version_type in
+	  darwin|linux|osf|windows)
+	    current=`expr $number_major + $number_minor`
+	    age="$number_minor"
+	    revision="$number_revision"
+	    ;;
+	  freebsd-aout|freebsd-elf|sunos)
+	    current="$number_major"
+	    revision="$number_minor"
+	    age="0"
+	    ;;
+	  irix|nonstopux)
+	    current=`expr $number_major + $number_minor - 1`
+	    age="$number_minor"
+	    revision="$number_minor"
+	    ;;
+	  esac
+	  ;;
+	no)
+	  current="$2"
+	  revision="$3"
+	  age="$4"
+	  ;;
+	esac
+
+	# Check that each of the things are valid numbers.
+	case $current in
+	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+	*)
+	  $echo "$modename: CURRENT \`$current' must be a nonnegative integer" 1>&2
+	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
+	  exit $EXIT_FAILURE
+	  ;;
+	esac
+
+	case $revision in
+	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+	*)
+	  $echo "$modename: REVISION \`$revision' must be a nonnegative integer" 1>&2
+	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
+	  exit $EXIT_FAILURE
+	  ;;
+	esac
+
+	case $age in
+	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+	*)
+	  $echo "$modename: AGE \`$age' must be a nonnegative integer" 1>&2
+	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
+	  exit $EXIT_FAILURE
+	  ;;
+	esac
+
+	if test "$age" -gt "$current"; then
+	  $echo "$modename: AGE \`$age' is greater than the current interface number \`$current'" 1>&2
+	  $echo "$modename: \`$vinfo' is not valid version information" 1>&2
+	  exit $EXIT_FAILURE
+	fi
+
+	# Calculate the version variables.
+	major=
+	versuffix=
+	verstring=
+	case $version_type in
+	none) ;;
+
+	darwin)
+	  # Like Linux, but with the current version available in
+	  # verstring for coding it into the library header
+	  major=.`expr $current - $age`
+	  versuffix="$major.$age.$revision"
+	  # Darwin ld doesn't like 0 for these options...
+	  minor_current=`expr $current + 1`
+	  verstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision"
+	  ;;
+
+	freebsd-aout)
+	  major=".$current"
+	  versuffix=".$current.$revision";
+	  ;;
+
+	freebsd-elf)
+	  major=".$current"
+	  versuffix=".$current";
+	  ;;
+
+	irix | nonstopux)
+	  major=`expr $current - $age + 1`
+
+	  case $version_type in
+	    nonstopux) verstring_prefix=nonstopux ;;
+	    *)         verstring_prefix=sgi ;;
+	  esac
+	  verstring="$verstring_prefix$major.$revision"
+
+	  # Add in all the interfaces that we are compatible with.
+	  loop=$revision
+	  while test "$loop" -ne 0; do
+	    iface=`expr $revision - $loop`
+	    loop=`expr $loop - 1`
+	    verstring="$verstring_prefix$major.$iface:$verstring"
+	  done
+
+	  # Before this point, $major must not contain `.'.
+	  major=.$major
+	  versuffix="$major.$revision"
+	  ;;
+
+	linux)
+	  major=.`expr $current - $age`
+	  versuffix="$major.$age.$revision"
+	  ;;
+
+	osf)
+	  major=.`expr $current - $age`
+	  versuffix=".$current.$age.$revision"
+	  verstring="$current.$age.$revision"
+
+	  # Add in all the interfaces that we are compatible with.
+	  loop=$age
+	  while test "$loop" -ne 0; do
+	    iface=`expr $current - $loop`
+	    loop=`expr $loop - 1`
+	    verstring="$verstring:${iface}.0"
+	  done
+
+	  # Make executables depend on our current version.
+	  verstring="$verstring:${current}.0"
+	  ;;
+
+	sunos)
+	  major=".$current"
+	  versuffix=".$current.$revision"
+	  ;;
+
+	windows)
+	  # Use '-' rather than '.', since we only want one
+	  # extension on DOS 8.3 filesystems.
+	  major=`expr $current - $age`
+	  versuffix="-$major"
+	  ;;
+
+	*)
+	  $echo "$modename: unknown library version type \`$version_type'" 1>&2
+	  $echo "Fatal configuration error.  See the $PACKAGE docs for more information." 1>&2
+	  exit $EXIT_FAILURE
+	  ;;
+	esac
+
+	# Clear the version info if we defaulted, and they specified a release.
+	if test -z "$vinfo" && test -n "$release"; then
+	  major=
+	  case $version_type in
+	  darwin)
+	    # we can't check for "0.0" in archive_cmds due to quoting
+	    # problems, so we reset it completely
+	    verstring=
+	    ;;
+	  *)
+	    verstring="0.0"
+	    ;;
+	  esac
+	  if test "$need_version" = no; then
+	    versuffix=
+	  else
+	    versuffix=".0.0"
+	  fi
+	fi
+
+	# Remove version info from name if versioning should be avoided
+	if test "$avoid_version" = yes && test "$need_version" = no; then
+	  major=
+	  versuffix=
+	  verstring=""
+	fi
+
+	# Check to see if the archive will have undefined symbols.
+	if test "$allow_undefined" = yes; then
+	  if test "$allow_undefined_flag" = unsupported; then
+	    $echo "$modename: warning: undefined symbols not allowed in $host shared libraries" 1>&2
+	    build_libtool_libs=no
+	    build_old_libs=yes
+	  fi
+	else
+	  # Don't allow undefined symbols.
+	  allow_undefined_flag="$no_undefined_flag"
+	fi
+      fi
+
+      if test "$mode" != relink; then
+	# Remove our outputs, but don't remove object files since they
+	# may have been created when compiling PIC objects.
+	removelist=
+	tempremovelist=`$echo "$output_objdir/*"`
+	for p in $tempremovelist; do
+	  case $p in
+	    *.$objext)
+	       ;;
+	    $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*)
+	       if test "X$precious_files_regex" != "X"; then
+	         if echo $p | $EGREP -e "$precious_files_regex" >/dev/null 2>&1
+	         then
+		   continue
+		 fi
+	       fi
+	       removelist="$removelist $p"
+	       ;;
+	    *) ;;
+	  esac
+	done
+	if test -n "$removelist"; then
+	  $show "${rm}r $removelist"
+	  $run ${rm}r $removelist
+	fi
+      fi
+
+      # Now set the variables for building old libraries.
+      if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then
+	oldlibs="$oldlibs $output_objdir/$libname.$libext"
+
+	# Transform .lo files to .o files.
+	oldobjs="$objs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP`
+      fi
+
+      # Eliminate all temporary directories.
+      for path in $notinst_path; do
+	lib_search_path=`$echo "$lib_search_path " | ${SED} -e "s% $path % %g"`
+	deplibs=`$echo "$deplibs " | ${SED} -e "s% -L$path % %g"`
+	dependency_libs=`$echo "$dependency_libs " | ${SED} -e "s% -L$path % %g"`
+      done
+
+      if test -n "$xrpath"; then
+	# If the user specified any rpath flags, then add them.
+	temp_xrpath=
+	for libdir in $xrpath; do
+	  temp_xrpath="$temp_xrpath -R$libdir"
+	  case "$finalize_rpath " in
+	  *" $libdir "*) ;;
+	  *) finalize_rpath="$finalize_rpath $libdir" ;;
+	  esac
+	done
+	if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then
+	  dependency_libs="$temp_xrpath $dependency_libs"
+	fi
+      fi
+
+      # Make sure dlfiles contains only unique files that won't be dlpreopened
+      old_dlfiles="$dlfiles"
+      dlfiles=
+      for lib in $old_dlfiles; do
+	case " $dlprefiles $dlfiles " in
+	*" $lib "*) ;;
+	*) dlfiles="$dlfiles $lib" ;;
+	esac
+      done
+
+      # Make sure dlprefiles contains only unique files
+      old_dlprefiles="$dlprefiles"
+      dlprefiles=
+      for lib in $old_dlprefiles; do
+	case "$dlprefiles " in
+	*" $lib "*) ;;
+	*) dlprefiles="$dlprefiles $lib" ;;
+	esac
+      done
+
+      if test "$build_libtool_libs" = yes; then
+	if test -n "$rpath"; then
+	  case $host in
+	  *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos*)
+	    # these systems don't actually have a c library (as such)!
+	    ;;
+	  *-*-rhapsody* | *-*-darwin1.[012])
+	    # Rhapsody C library is in the System framework
+	    deplibs="$deplibs -framework System"
+	    ;;
+	  *-*-netbsd*)
+	    # Don't link with libc until the a.out ld.so is fixed.
+	    ;;
+	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+	    # Do not include libc due to us having libc/libc_r.
+	    ;;
+	  *-*-sco3.2v5* | *-*-sco5v6*)
+	    # Causes problems with __ctype
+	    ;;
+	  *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+	    # Compiler inserts libc in the correct place for threads to work
+	    ;;
+ 	  *)
+	    # Add libc to deplibs on all other systems if necessary.
+	    if test "$build_libtool_need_lc" = "yes"; then
+	      deplibs="$deplibs -lc"
+	    fi
+	    ;;
+	  esac
+	fi
+
+	# Transform deplibs into only deplibs that can be linked in shared.
+	name_save=$name
+	libname_save=$libname
+	release_save=$release
+	versuffix_save=$versuffix
+	major_save=$major
+	# I'm not sure if I'm treating the release correctly.  I think
+	# release should show up in the -l (ie -lgmp5) so we don't want to
+	# add it in twice.  Is that correct?
+	release=""
+	versuffix=""
+	major=""
+	newdeplibs=
+	droppeddeps=no
+	case $deplibs_check_method in
+	pass_all)
+	  # Don't check for shared/static.  Everything works.
+	  # This might be a little naive.  We might want to check
+	  # whether the library exists or not.  But this is on
+	  # osf3 & osf4 and I'm not really sure... Just
+	  # implementing what was already the behavior.
+	  newdeplibs=$deplibs
+	  ;;
+	test_compile)
+	  # This code stresses the "libraries are programs" paradigm to its
+	  # limits. Maybe even breaks it.  We compile a program, linking it
+	  # against the deplibs as a proxy for the library.  Then we can check
+	  # whether they linked in statically or dynamically with ldd.
+	  $rm conftest.c
+	  cat > conftest.c <<EOF
+	  int main() { return 0; }
+EOF
+	  $rm conftest
+	  $LTCC $LTCFLAGS -o conftest conftest.c $deplibs
+	  if test "$?" -eq 0 ; then
+	    ldd_output=`ldd conftest`
+	    for i in $deplibs; do
+	      name=`expr $i : '-l\(.*\)'`
+	      # If $name is empty we are operating on a -L argument.
+              if test "$name" != "" && test "$name" -ne "0"; then
+		if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+		  case " $predeps $postdeps " in
+		  *" $i "*)
+		    newdeplibs="$newdeplibs $i"
+		    i=""
+		    ;;
+		  esac
+	        fi
+		if test -n "$i" ; then
+		  libname=`eval \\$echo \"$libname_spec\"`
+		  deplib_matches=`eval \\$echo \"$library_names_spec\"`
+		  set dummy $deplib_matches
+		  deplib_match=$2
+		  if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+		    newdeplibs="$newdeplibs $i"
+		  else
+		    droppeddeps=yes
+		    $echo
+		    $echo "*** Warning: dynamic linker does not accept needed library $i."
+		    $echo "*** I have the capability to make that library automatically link in when"
+		    $echo "*** you link to this library.  But I can only do this if you have a"
+		    $echo "*** shared version of the library, which I believe you do not have"
+		    $echo "*** because a test_compile did reveal that the linker did not use it for"
+		    $echo "*** its dynamic dependency list that programs get resolved with at runtime."
+		  fi
+		fi
+	      else
+		newdeplibs="$newdeplibs $i"
+	      fi
+	    done
+	  else
+	    # Error occurred in the first compile.  Let's try to salvage
+	    # the situation: Compile a separate program for each library.
+	    for i in $deplibs; do
+	      name=`expr $i : '-l\(.*\)'`
+	      # If $name is empty we are operating on a -L argument.
+              if test "$name" != "" && test "$name" != "0"; then
+		$rm conftest
+		$LTCC $LTCFLAGS -o conftest conftest.c $i
+		# Did it work?
+		if test "$?" -eq 0 ; then
+		  ldd_output=`ldd conftest`
+		  if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+		    case " $predeps $postdeps " in
+		    *" $i "*)
+		      newdeplibs="$newdeplibs $i"
+		      i=""
+		      ;;
+		    esac
+		  fi
+		  if test -n "$i" ; then
+		    libname=`eval \\$echo \"$libname_spec\"`
+		    deplib_matches=`eval \\$echo \"$library_names_spec\"`
+		    set dummy $deplib_matches
+		    deplib_match=$2
+		    if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+		      newdeplibs="$newdeplibs $i"
+		    else
+		      droppeddeps=yes
+		      $echo
+		      $echo "*** Warning: dynamic linker does not accept needed library $i."
+		      $echo "*** I have the capability to make that library automatically link in when"
+		      $echo "*** you link to this library.  But I can only do this if you have a"
+		      $echo "*** shared version of the library, which you do not appear to have"
+		      $echo "*** because a test_compile did reveal that the linker did not use this one"
+		      $echo "*** as a dynamic dependency that programs can get resolved with at runtime."
+		    fi
+		  fi
+		else
+		  droppeddeps=yes
+		  $echo
+		  $echo "*** Warning!  Library $i is needed by this library but I was not able to"
+		  $echo "***  make it link in!  You will probably need to install it or some"
+		  $echo "*** library that it depends on before this library will be fully"
+		  $echo "*** functional.  Installing it before continuing would be even better."
+		fi
+	      else
+		newdeplibs="$newdeplibs $i"
+	      fi
+	    done
+	  fi
+	  ;;
+	file_magic*)
+	  set dummy $deplibs_check_method
+	  file_magic_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
+	  for a_deplib in $deplibs; do
+	    name=`expr $a_deplib : '-l\(.*\)'`
+	    # If $name is empty we are operating on a -L argument.
+            if test "$name" != "" && test  "$name" != "0"; then
+	      if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+		case " $predeps $postdeps " in
+		*" $a_deplib "*)
+		  newdeplibs="$newdeplibs $a_deplib"
+		  a_deplib=""
+		  ;;
+		esac
+	      fi
+	      if test -n "$a_deplib" ; then
+		libname=`eval \\$echo \"$libname_spec\"`
+		for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+		  potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+		  for potent_lib in $potential_libs; do
+		      # Follow soft links.
+		      if ls -lLd "$potent_lib" 2>/dev/null \
+			 | grep " -> " >/dev/null; then
+			continue
+		      fi
+		      # The statement above tries to avoid entering an
+		      # endless loop below, in case of cyclic links.
+		      # We might still enter an endless loop, since a link
+		      # loop can be closed while we follow links,
+		      # but so what?
+		      potlib="$potent_lib"
+		      while test -h "$potlib" 2>/dev/null; do
+			potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'`
+			case $potliblink in
+			[\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";;
+			*) potlib=`$echo "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";;
+			esac
+		      done
+		      if eval $file_magic_cmd \"\$potlib\" 2>/dev/null \
+			 | ${SED} 10q \
+			 | $EGREP "$file_magic_regex" > /dev/null; then
+			newdeplibs="$newdeplibs $a_deplib"
+			a_deplib=""
+			break 2
+		      fi
+		  done
+		done
+	      fi
+	      if test -n "$a_deplib" ; then
+		droppeddeps=yes
+		$echo
+		$echo "*** Warning: linker path does not have real file for library $a_deplib."
+		$echo "*** I have the capability to make that library automatically link in when"
+		$echo "*** you link to this library.  But I can only do this if you have a"
+		$echo "*** shared version of the library, which you do not appear to have"
+		$echo "*** because I did check the linker path looking for a file starting"
+		if test -z "$potlib" ; then
+		  $echo "*** with $libname but no candidates were found. (...for file magic test)"
+		else
+		  $echo "*** with $libname and none of the candidates passed a file format test"
+		  $echo "*** using a file magic. Last file checked: $potlib"
+		fi
+	      fi
+	    else
+	      # Add a -L argument.
+	      newdeplibs="$newdeplibs $a_deplib"
+	    fi
+	  done # Gone through all deplibs.
+	  ;;
+	match_pattern*)
+	  set dummy $deplibs_check_method
+	  match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"`
+	  for a_deplib in $deplibs; do
+	    name=`expr $a_deplib : '-l\(.*\)'`
+	    # If $name is empty we are operating on a -L argument.
+	    if test -n "$name" && test "$name" != "0"; then
+	      if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+		case " $predeps $postdeps " in
+		*" $a_deplib "*)
+		  newdeplibs="$newdeplibs $a_deplib"
+		  a_deplib=""
+		  ;;
+		esac
+	      fi
+	      if test -n "$a_deplib" ; then
+		libname=`eval \\$echo \"$libname_spec\"`
+		for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+		  potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+		  for potent_lib in $potential_libs; do
+		    potlib="$potent_lib" # see symlink-check above in file_magic test
+		    if eval $echo \"$potent_lib\" 2>/dev/null \
+		        | ${SED} 10q \
+		        | $EGREP "$match_pattern_regex" > /dev/null; then
+		      newdeplibs="$newdeplibs $a_deplib"
+		      a_deplib=""
+		      break 2
+		    fi
+		  done
+		done
+	      fi
+	      if test -n "$a_deplib" ; then
+		droppeddeps=yes
+		$echo
+		$echo "*** Warning: linker path does not have real file for library $a_deplib."
+		$echo "*** I have the capability to make that library automatically link in when"
+		$echo "*** you link to this library.  But I can only do this if you have a"
+		$echo "*** shared version of the library, which you do not appear to have"
+		$echo "*** because I did check the linker path looking for a file starting"
+		if test -z "$potlib" ; then
+		  $echo "*** with $libname but no candidates were found. (...for regex pattern test)"
+		else
+		  $echo "*** with $libname and none of the candidates passed a file format test"
+		  $echo "*** using a regex pattern. Last file checked: $potlib"
+		fi
+	      fi
+	    else
+	      # Add a -L argument.
+	      newdeplibs="$newdeplibs $a_deplib"
+	    fi
+	  done # Gone through all deplibs.
+	  ;;
+	none | unknown | *)
+	  newdeplibs=""
+	  tmp_deplibs=`$echo "X $deplibs" | $Xsed -e 's/ -lc$//' \
+	    -e 's/ -[LR][^ ]*//g'`
+	  if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+	    for i in $predeps $postdeps ; do
+	      # can't use Xsed below, because $i might contain '/'
+	      tmp_deplibs=`$echo "X $tmp_deplibs" | ${SED} -e "1s,^X,," -e "s,$i,,"`
+	    done
+	  fi
+	  if $echo "X $tmp_deplibs" | $Xsed -e 's/[ 	]//g' \
+	    | grep . >/dev/null; then
+	    $echo
+	    if test "X$deplibs_check_method" = "Xnone"; then
+	      $echo "*** Warning: inter-library dependencies are not supported in this platform."
+	    else
+	      $echo "*** Warning: inter-library dependencies are not known to be supported."
+	    fi
+	    $echo "*** All declared inter-library dependencies are being dropped."
+	    droppeddeps=yes
+	  fi
+	  ;;
+	esac
+	versuffix=$versuffix_save
+	major=$major_save
+	release=$release_save
+	libname=$libname_save
+	name=$name_save
+
+	case $host in
+	*-*-rhapsody* | *-*-darwin1.[012])
+	  # On Rhapsody replace the C library is the System framework
+	  newdeplibs=`$echo "X $newdeplibs" | $Xsed -e 's/ -lc / -framework System /'`
+	  ;;
+	esac
+
+	if test "$droppeddeps" = yes; then
+	  if test "$module" = yes; then
+	    $echo
+	    $echo "*** Warning: libtool could not satisfy all declared inter-library"
+	    $echo "*** dependencies of module $libname.  Therefore, libtool will create"
+	    $echo "*** a static module, that should work as long as the dlopening"
+	    $echo "*** application is linked with the -dlopen flag."
+	    if test -z "$global_symbol_pipe"; then
+	      $echo
+	      $echo "*** However, this would only work if libtool was able to extract symbol"
+	      $echo "*** lists from a program, using \`nm' or equivalent, but libtool could"
+	      $echo "*** not find such a program.  So, this module is probably useless."
+	      $echo "*** \`nm' from GNU binutils and a full rebuild may help."
+	    fi
+	    if test "$build_old_libs" = no; then
+	      oldlibs="$output_objdir/$libname.$libext"
+	      build_libtool_libs=module
+	      build_old_libs=yes
+	    else
+	      build_libtool_libs=no
+	    fi
+	  else
+	    $echo "*** The inter-library dependencies that have been dropped here will be"
+	    $echo "*** automatically added whenever a program is linked with this library"
+	    $echo "*** or is declared to -dlopen it."
+
+	    if test "$allow_undefined" = no; then
+	      $echo
+	      $echo "*** Since this library must not contain undefined symbols,"
+	      $echo "*** because either the platform does not support them or"
+	      $echo "*** it was explicitly requested with -no-undefined,"
+	      $echo "*** libtool will only create a static version of it."
+	      if test "$build_old_libs" = no; then
+		oldlibs="$output_objdir/$libname.$libext"
+		build_libtool_libs=module
+		build_old_libs=yes
+	      else
+		build_libtool_libs=no
+	      fi
+	    fi
+	  fi
+	fi
+	# Done checking deplibs!
+	deplibs=$newdeplibs
+      fi
+
+
+      # move library search paths that coincide with paths to not yet
+      # installed libraries to the beginning of the library search list
+      new_libs=
+      for path in $notinst_path; do
+	case " $new_libs " in
+	*" -L$path/$objdir "*) ;;
+	*)
+	  case " $deplibs " in
+	  *" -L$path/$objdir "*)
+	    new_libs="$new_libs -L$path/$objdir" ;;
+	  esac
+	  ;;
+	esac
+      done
+      for deplib in $deplibs; do
+	case $deplib in
+	-L*)
+	  case " $new_libs " in
+	  *" $deplib "*) ;;
+	  *) new_libs="$new_libs $deplib" ;;
+	  esac
+	  ;;
+	*) new_libs="$new_libs $deplib" ;;
+	esac
+      done
+      deplibs="$new_libs"
+
+
+      # All the library-specific variables (install_libdir is set above).
+      library_names=
+      old_library=
+      dlname=
+
+      # Test again, we may have decided not to build it any more
+      if test "$build_libtool_libs" = yes; then
+	if test "$hardcode_into_libs" = yes; then
+	  # Hardcode the library paths
+	  hardcode_libdirs=
+	  dep_rpath=
+	  rpath="$finalize_rpath"
+	  test "$mode" != relink && rpath="$compile_rpath$rpath"
+	  for libdir in $rpath; do
+	    if test -n "$hardcode_libdir_flag_spec"; then
+	      if test -n "$hardcode_libdir_separator"; then
+		if test -z "$hardcode_libdirs"; then
+		  hardcode_libdirs="$libdir"
+		else
+		  # Just accumulate the unique libdirs.
+		  case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+		  *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+		    ;;
+		  *)
+		    hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+		    ;;
+		  esac
+		fi
+	      else
+		eval flag=\"$hardcode_libdir_flag_spec\"
+		dep_rpath="$dep_rpath $flag"
+	      fi
+	    elif test -n "$runpath_var"; then
+	      case "$perm_rpath " in
+	      *" $libdir "*) ;;
+	      *) perm_rpath="$perm_rpath $libdir" ;;
+	      esac
+	    fi
+	  done
+	  # Substitute the hardcoded libdirs into the rpath.
+	  if test -n "$hardcode_libdir_separator" &&
+	     test -n "$hardcode_libdirs"; then
+	    libdir="$hardcode_libdirs"
+	    if test -n "$hardcode_libdir_flag_spec_ld"; then
+	      eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\"
+	    else
+	      eval dep_rpath=\"$hardcode_libdir_flag_spec\"
+	    fi
+	  fi
+	  if test -n "$runpath_var" && test -n "$perm_rpath"; then
+	    # We should set the runpath_var.
+	    rpath=
+	    for dir in $perm_rpath; do
+	      rpath="$rpath$dir:"
+	    done
+	    eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var"
+	  fi
+	  test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs"
+	fi
+
+	shlibpath="$finalize_shlibpath"
+	test "$mode" != relink && shlibpath="$compile_shlibpath$shlibpath"
+	if test -n "$shlibpath"; then
+	  eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var"
+	fi
+
+	# Get the real and link names of the library.
+	eval shared_ext=\"$shrext_cmds\"
+	eval library_names=\"$library_names_spec\"
+	set dummy $library_names
+	realname="$2"
+	shift; shift
+
+	if test -n "$soname_spec"; then
+	  eval soname=\"$soname_spec\"
+	else
+	  soname="$realname"
+	fi
+	if test -z "$dlname"; then
+	  dlname=$soname
+	fi
+
+	lib="$output_objdir/$realname"
+	linknames=
+	for link
+	do
+	  linknames="$linknames $link"
+	done
+
+	# Use standard objects if they are pic
+	test -z "$pic_flag" && libobjs=`$echo "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+
+	# Prepare the list of exported symbols
+	if test -z "$export_symbols"; then
+	  if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then
+	    $show "generating symbol list for \`$libname.la'"
+	    export_symbols="$output_objdir/$libname.exp"
+	    $run $rm $export_symbols
+	    cmds=$export_symbols_cmds
+	    save_ifs="$IFS"; IFS='~'
+	    for cmd in $cmds; do
+	      IFS="$save_ifs"
+	      eval cmd=\"$cmd\"
+	      if len=`expr "X$cmd" : ".*"` &&
+	       test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+	        $show "$cmd"
+	        $run eval "$cmd" || exit $?
+	        skipped_export=false
+	      else
+	        # The command line is too long to execute in one step.
+	        $show "using reloadable object file for export list..."
+	        skipped_export=:
+		# Break out early, otherwise skipped_export may be
+		# set to false by a later but shorter cmd.
+		break
+	      fi
+	    done
+	    IFS="$save_ifs"
+	    if test -n "$export_symbols_regex"; then
+	      $show "$EGREP -e \"$export_symbols_regex\" \"$export_symbols\" > \"${export_symbols}T\""
+	      $run eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
+	      $show "$mv \"${export_symbols}T\" \"$export_symbols\""
+	      $run eval '$mv "${export_symbols}T" "$export_symbols"'
+	    fi
+	  fi
+	fi
+
+	if test -n "$export_symbols" && test -n "$include_expsyms"; then
+	  $run eval '$echo "X$include_expsyms" | $SP2NL >> "$export_symbols"'
+	fi
+
+	tmp_deplibs=
+	for test_deplib in $deplibs; do
+		case " $convenience " in
+		*" $test_deplib "*) ;;
+		*)
+			tmp_deplibs="$tmp_deplibs $test_deplib"
+			;;
+		esac
+	done
+	deplibs="$tmp_deplibs"
+
+	if test -n "$convenience"; then
+	  if test -n "$whole_archive_flag_spec"; then
+	    save_libobjs=$libobjs
+	    eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+	  else
+	    gentop="$output_objdir/${outputname}x"
+	    generated="$generated $gentop"
+
+	    func_extract_archives $gentop $convenience
+	    libobjs="$libobjs $func_extract_archives_result"
+	  fi
+	fi
+	
+	if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then
+	  eval flag=\"$thread_safe_flag_spec\"
+	  linker_flags="$linker_flags $flag"
+	fi
+
+	# Make a backup of the uninstalled library when relinking
+	if test "$mode" = relink; then
+	  $run eval '(cd $output_objdir && $rm ${realname}U && $mv $realname ${realname}U)' || exit $?
+	fi
+
+	# Do each of the archive commands.
+	if test "$module" = yes && test -n "$module_cmds" ; then
+	  if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+	    eval test_cmds=\"$module_expsym_cmds\"
+	    cmds=$module_expsym_cmds
+	  else
+	    eval test_cmds=\"$module_cmds\"
+	    cmds=$module_cmds
+	  fi
+	else
+	if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+	  eval test_cmds=\"$archive_expsym_cmds\"
+	  cmds=$archive_expsym_cmds
+	else
+	  eval test_cmds=\"$archive_cmds\"
+	  cmds=$archive_cmds
+	  fi
+	fi
+
+	if test "X$skipped_export" != "X:" &&
+	   len=`expr "X$test_cmds" : ".*" 2>/dev/null` &&
+	   test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+	  :
+	else
+	  # The command line is too long to link in one step, link piecewise.
+	  $echo "creating reloadable object files..."
+
+	  # Save the value of $output and $libobjs because we want to
+	  # use them later.  If we have whole_archive_flag_spec, we
+	  # want to use save_libobjs as it was before
+	  # whole_archive_flag_spec was expanded, because we can't
+	  # assume the linker understands whole_archive_flag_spec.
+	  # This may have to be revisited, in case too many
+	  # convenience libraries get linked in and end up exceeding
+	  # the spec.
+	  if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then
+	    save_libobjs=$libobjs
+	  fi
+	  save_output=$output
+	  output_la=`$echo "X$output" | $Xsed -e "$basename"`
+
+	  # Clear the reloadable object creation command queue and
+	  # initialize k to one.
+	  test_cmds=
+	  concat_cmds=
+	  objlist=
+	  delfiles=
+	  last_robj=
+	  k=1
+	  output=$output_objdir/$output_la-${k}.$objext
+	  # Loop over the list of objects to be linked.
+	  for obj in $save_libobjs
+	  do
+	    eval test_cmds=\"$reload_cmds $objlist $last_robj\"
+	    if test "X$objlist" = X ||
+	       { len=`expr "X$test_cmds" : ".*" 2>/dev/null` &&
+		 test "$len" -le "$max_cmd_len"; }; then
+	      objlist="$objlist $obj"
+	    else
+	      # The command $test_cmds is almost too long, add a
+	      # command to the queue.
+	      if test "$k" -eq 1 ; then
+		# The first file doesn't have a previous command to add.
+		eval concat_cmds=\"$reload_cmds $objlist $last_robj\"
+	      else
+		# All subsequent reloadable object files will link in
+		# the last one created.
+		eval concat_cmds=\"\$concat_cmds~$reload_cmds $objlist $last_robj\"
+	      fi
+	      last_robj=$output_objdir/$output_la-${k}.$objext
+	      k=`expr $k + 1`
+	      output=$output_objdir/$output_la-${k}.$objext
+	      objlist=$obj
+	      len=1
+	    fi
+	  done
+	  # Handle the remaining objects by creating one last
+	  # reloadable object file.  All subsequent reloadable object
+	  # files will link in the last one created.
+	  test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+	  eval concat_cmds=\"\${concat_cmds}$reload_cmds $objlist $last_robj\"
+
+	  if ${skipped_export-false}; then
+	    $show "generating symbol list for \`$libname.la'"
+	    export_symbols="$output_objdir/$libname.exp"
+	    $run $rm $export_symbols
+	    libobjs=$output
+	    # Append the command to create the export file.
+	    eval concat_cmds=\"\$concat_cmds~$export_symbols_cmds\"
+          fi
+
+	  # Set up a command to remove the reloadable object files
+	  # after they are used.
+	  i=0
+	  while test "$i" -lt "$k"
+	  do
+	    i=`expr $i + 1`
+	    delfiles="$delfiles $output_objdir/$output_la-${i}.$objext"
+	  done
+
+	  $echo "creating a temporary reloadable object file: $output"
+
+	  # Loop through the commands generated above and execute them.
+	  save_ifs="$IFS"; IFS='~'
+	  for cmd in $concat_cmds; do
+	    IFS="$save_ifs"
+	    $show "$cmd"
+	    $run eval "$cmd" || exit $?
+	  done
+	  IFS="$save_ifs"
+
+	  libobjs=$output
+	  # Restore the value of output.
+	  output=$save_output
+
+	  if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then
+	    eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+	  fi
+	  # Expand the library linking commands again to reset the
+	  # value of $libobjs for piecewise linking.
+
+	  # Do each of the archive commands.
+	  if test "$module" = yes && test -n "$module_cmds" ; then
+	    if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+	      cmds=$module_expsym_cmds
+	    else
+	      cmds=$module_cmds
+	    fi
+	  else
+	  if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+	    cmds=$archive_expsym_cmds
+	  else
+	    cmds=$archive_cmds
+	    fi
+	  fi
+
+	  # Append the command to remove the reloadable object files
+	  # to the just-reset $cmds.
+	  eval cmds=\"\$cmds~\$rm $delfiles\"
+	fi
+	save_ifs="$IFS"; IFS='~'
+	for cmd in $cmds; do
+	  IFS="$save_ifs"
+	  eval cmd=\"$cmd\"
+	  $show "$cmd"
+	  $run eval "$cmd" || {
+	    lt_exit=$?
+
+	    # Restore the uninstalled library and exit
+	    if test "$mode" = relink; then
+	      $run eval '(cd $output_objdir && $rm ${realname}T && $mv ${realname}U $realname)'
+	    fi
+
+	    exit $lt_exit
+	  }
+	done
+	IFS="$save_ifs"
+
+	# Restore the uninstalled library and exit
+	if test "$mode" = relink; then
+	  $run eval '(cd $output_objdir && $rm ${realname}T && $mv $realname ${realname}T && $mv "$realname"U $realname)' || exit $?
+
+	  if test -n "$convenience"; then
+	    if test -z "$whole_archive_flag_spec"; then
+	      $show "${rm}r $gentop"
+	      $run ${rm}r "$gentop"
+	    fi
+	  fi
+
+	  exit $EXIT_SUCCESS
+	fi
+
+	# Create links to the real library.
+	for linkname in $linknames; do
+	  if test "$realname" != "$linkname"; then
+	    $show "(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)"
+	    $run eval '(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)' || exit $?
+	  fi
+	done
+
+	# If -module or -export-dynamic was specified, set the dlname.
+	if test "$module" = yes || test "$export_dynamic" = yes; then
+	  # On all known operating systems, these are identical.
+	  dlname="$soname"
+	fi
+      fi
+      ;;
+
+    obj)
+      if test -n "$deplibs"; then
+	$echo "$modename: warning: \`-l' and \`-L' are ignored for objects" 1>&2
+      fi
+
+      if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+	$echo "$modename: warning: \`-dlopen' is ignored for objects" 1>&2
+      fi
+
+      if test -n "$rpath"; then
+	$echo "$modename: warning: \`-rpath' is ignored for objects" 1>&2
+      fi
+
+      if test -n "$xrpath"; then
+	$echo "$modename: warning: \`-R' is ignored for objects" 1>&2
+      fi
+
+      if test -n "$vinfo"; then
+	$echo "$modename: warning: \`-version-info' is ignored for objects" 1>&2
+      fi
+
+      if test -n "$release"; then
+	$echo "$modename: warning: \`-release' is ignored for objects" 1>&2
+      fi
+
+      case $output in
+      *.lo)
+	if test -n "$objs$old_deplibs"; then
+	  $echo "$modename: cannot build library object \`$output' from non-libtool objects" 1>&2
+	  exit $EXIT_FAILURE
+	fi
+	libobj="$output"
+	obj=`$echo "X$output" | $Xsed -e "$lo2o"`
+	;;
+      *)
+	libobj=
+	obj="$output"
+	;;
+      esac
+
+      # Delete the old objects.
+      $run $rm $obj $libobj
+
+      # Objects from convenience libraries.  This assumes
+      # single-version convenience libraries.  Whenever we create
+      # different ones for PIC/non-PIC, this we'll have to duplicate
+      # the extraction.
+      reload_conv_objs=
+      gentop=
+      # reload_cmds runs $LD directly, so let us get rid of
+      # -Wl from whole_archive_flag_spec
+      wl=
+
+      if test -n "$convenience"; then
+	if test -n "$whole_archive_flag_spec"; then
+	  eval reload_conv_objs=\"\$reload_objs $whole_archive_flag_spec\"
+	else
+	  gentop="$output_objdir/${obj}x"
+	  generated="$generated $gentop"
+
+	  func_extract_archives $gentop $convenience
+	  reload_conv_objs="$reload_objs $func_extract_archives_result"
+	fi
+      fi
+
+      # Create the old-style object.
+      reload_objs="$objs$old_deplibs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test
+
+      output="$obj"
+      cmds=$reload_cmds
+      save_ifs="$IFS"; IFS='~'
+      for cmd in $cmds; do
+	IFS="$save_ifs"
+	eval cmd=\"$cmd\"
+	$show "$cmd"
+	$run eval "$cmd" || exit $?
+      done
+      IFS="$save_ifs"
+
+      # Exit if we aren't doing a library object file.
+      if test -z "$libobj"; then
+	if test -n "$gentop"; then
+	  $show "${rm}r $gentop"
+	  $run ${rm}r $gentop
+	fi
+
+	exit $EXIT_SUCCESS
+      fi
+
+      if test "$build_libtool_libs" != yes; then
+	if test -n "$gentop"; then
+	  $show "${rm}r $gentop"
+	  $run ${rm}r $gentop
+	fi
+
+	# Create an invalid libtool object if no PIC, so that we don't
+	# accidentally link it into a program.
+	# $show "echo timestamp > $libobj"
+	# $run eval "echo timestamp > $libobj" || exit $?
+	exit $EXIT_SUCCESS
+      fi
+
+      if test -n "$pic_flag" || test "$pic_mode" != default; then
+	# Only do commands if we really have different PIC objects.
+	reload_objs="$libobjs $reload_conv_objs"
+	output="$libobj"
+	cmds=$reload_cmds
+	save_ifs="$IFS"; IFS='~'
+	for cmd in $cmds; do
+	  IFS="$save_ifs"
+	  eval cmd=\"$cmd\"
+	  $show "$cmd"
+	  $run eval "$cmd" || exit $?
+	done
+	IFS="$save_ifs"
+      fi
+
+      if test -n "$gentop"; then
+	$show "${rm}r $gentop"
+	$run ${rm}r $gentop
+      fi
+
+      exit $EXIT_SUCCESS
+      ;;
+
+    prog)
+      case $host in
+	*cygwin*) output=`$echo $output | ${SED} -e 's,.exe$,,;s,$,.exe,'` ;;
+      esac
+      if test -n "$vinfo"; then
+	$echo "$modename: warning: \`-version-info' is ignored for programs" 1>&2
+      fi
+
+      if test -n "$release"; then
+	$echo "$modename: warning: \`-release' is ignored for programs" 1>&2
+      fi
+
+      if test "$preload" = yes; then
+	if test "$dlopen_support" = unknown && test "$dlopen_self" = unknown &&
+	   test "$dlopen_self_static" = unknown; then
+	  $echo "$modename: warning: \`AC_LIBTOOL_DLOPEN' not used. Assuming no dlopen support."
+	fi
+      fi
+
+      case $host in
+      *-*-rhapsody* | *-*-darwin1.[012])
+	# On Rhapsody replace the C library is the System framework
+	compile_deplibs=`$echo "X $compile_deplibs" | $Xsed -e 's/ -lc / -framework System /'`
+	finalize_deplibs=`$echo "X $finalize_deplibs" | $Xsed -e 's/ -lc / -framework System /'`
+	;;
+      esac
+
+      case $host in
+      *darwin*)
+        # Don't allow lazy linking, it breaks C++ global constructors
+        if test "$tagname" = CXX ; then
+        compile_command="$compile_command ${wl}-bind_at_load"
+        finalize_command="$finalize_command ${wl}-bind_at_load"
+        fi
+        ;;
+      esac
+
+
+      # move library search paths that coincide with paths to not yet
+      # installed libraries to the beginning of the library search list
+      new_libs=
+      for path in $notinst_path; do
+	case " $new_libs " in
+	*" -L$path/$objdir "*) ;;
+	*)
+	  case " $compile_deplibs " in
+	  *" -L$path/$objdir "*)
+	    new_libs="$new_libs -L$path/$objdir" ;;
+	  esac
+	  ;;
+	esac
+      done
+      for deplib in $compile_deplibs; do
+	case $deplib in
+	-L*)
+	  case " $new_libs " in
+	  *" $deplib "*) ;;
+	  *) new_libs="$new_libs $deplib" ;;
+	  esac
+	  ;;
+	*) new_libs="$new_libs $deplib" ;;
+	esac
+      done
+      compile_deplibs="$new_libs"
+
+
+      compile_command="$compile_command $compile_deplibs"
+      finalize_command="$finalize_command $finalize_deplibs"
+
+      if test -n "$rpath$xrpath"; then
+	# If the user specified any rpath flags, then add them.
+	for libdir in $rpath $xrpath; do
+	  # This is the magic to use -rpath.
+	  case "$finalize_rpath " in
+	  *" $libdir "*) ;;
+	  *) finalize_rpath="$finalize_rpath $libdir" ;;
+	  esac
+	done
+      fi
+
+      # Now hardcode the library paths
+      rpath=
+      hardcode_libdirs=
+      for libdir in $compile_rpath $finalize_rpath; do
+	if test -n "$hardcode_libdir_flag_spec"; then
+	  if test -n "$hardcode_libdir_separator"; then
+	    if test -z "$hardcode_libdirs"; then
+	      hardcode_libdirs="$libdir"
+	    else
+	      # Just accumulate the unique libdirs.
+	      case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+	      *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+		;;
+	      *)
+		hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+		;;
+	      esac
+	    fi
+	  else
+	    eval flag=\"$hardcode_libdir_flag_spec\"
+	    rpath="$rpath $flag"
+	  fi
+	elif test -n "$runpath_var"; then
+	  case "$perm_rpath " in
+	  *" $libdir "*) ;;
+	  *) perm_rpath="$perm_rpath $libdir" ;;
+	  esac
+	fi
+	case $host in
+	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
+	  testbindir=`$echo "X$libdir" | $Xsed -e 's*/lib$*/bin*'`
+	  case :$dllsearchpath: in
+	  *":$libdir:"*) ;;
+	  *) dllsearchpath="$dllsearchpath:$libdir";;
+	  esac
+	  case :$dllsearchpath: in
+	  *":$testbindir:"*) ;;
+	  *) dllsearchpath="$dllsearchpath:$testbindir";;
+	  esac
+	  ;;
+	esac
+      done
+      # Substitute the hardcoded libdirs into the rpath.
+      if test -n "$hardcode_libdir_separator" &&
+	 test -n "$hardcode_libdirs"; then
+	libdir="$hardcode_libdirs"
+	eval rpath=\" $hardcode_libdir_flag_spec\"
+      fi
+      compile_rpath="$rpath"
+
+      rpath=
+      hardcode_libdirs=
+      for libdir in $finalize_rpath; do
+	if test -n "$hardcode_libdir_flag_spec"; then
+	  if test -n "$hardcode_libdir_separator"; then
+	    if test -z "$hardcode_libdirs"; then
+	      hardcode_libdirs="$libdir"
+	    else
+	      # Just accumulate the unique libdirs.
+	      case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+	      *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+		;;
+	      *)
+		hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+		;;
+	      esac
+	    fi
+	  else
+	    eval flag=\"$hardcode_libdir_flag_spec\"
+	    rpath="$rpath $flag"
+	  fi
+	elif test -n "$runpath_var"; then
+	  case "$finalize_perm_rpath " in
+	  *" $libdir "*) ;;
+	  *) finalize_perm_rpath="$finalize_perm_rpath $libdir" ;;
+	  esac
+	fi
+      done
+      # Substitute the hardcoded libdirs into the rpath.
+      if test -n "$hardcode_libdir_separator" &&
+	 test -n "$hardcode_libdirs"; then
+	libdir="$hardcode_libdirs"
+	eval rpath=\" $hardcode_libdir_flag_spec\"
+      fi
+      finalize_rpath="$rpath"
+
+      if test -n "$libobjs" && test "$build_old_libs" = yes; then
+	# Transform all the library objects into standard objects.
+	compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+	finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+      fi
+
+      dlsyms=
+      if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+	if test -n "$NM" && test -n "$global_symbol_pipe"; then
+	  dlsyms="${outputname}S.c"
+	else
+	  $echo "$modename: not configured to extract global symbols from dlpreopened files" 1>&2
+	fi
+      fi
+
+      if test -n "$dlsyms"; then
+	case $dlsyms in
+	"") ;;
+	*.c)
+	  # Discover the nlist of each of the dlfiles.
+	  nlist="$output_objdir/${outputname}.nm"
+
+	  $show "$rm $nlist ${nlist}S ${nlist}T"
+	  $run $rm "$nlist" "${nlist}S" "${nlist}T"
+
+	  # Parse the name list into a source file.
+	  $show "creating $output_objdir/$dlsyms"
+
+	  test -z "$run" && $echo > "$output_objdir/$dlsyms" "\
+/* $dlsyms - symbol resolution table for \`$outputname' dlsym emulation. */
+/* Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP */
+
+#ifdef __cplusplus
+extern \"C\" {
+#endif
+
+/* Prevent the only kind of declaration conflicts we can make. */
+#define lt_preloaded_symbols some_other_symbol
+
+/* External symbol declarations for the compiler. */\
+"
+
+	  if test "$dlself" = yes; then
+	    $show "generating symbol list for \`$output'"
+
+	    test -z "$run" && $echo ': @PROGRAM@ ' > "$nlist"
+
+	    # Add our own program objects to the symbol list.
+	    progfiles=`$echo "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+	    for arg in $progfiles; do
+	      $show "extracting global C symbols from \`$arg'"
+	      $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'"
+	    done
+
+	    if test -n "$exclude_expsyms"; then
+	      $run eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T'
+	      $run eval '$mv "$nlist"T "$nlist"'
+	    fi
+
+	    if test -n "$export_symbols_regex"; then
+	      $run eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T'
+	      $run eval '$mv "$nlist"T "$nlist"'
+	    fi
+
+	    # Prepare the list of exported symbols
+	    if test -z "$export_symbols"; then
+	      export_symbols="$output_objdir/$outputname.exp"
+	      $run $rm $export_symbols
+	      $run eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
+              case $host in
+              *cygwin* | *mingw* )
+	        $run eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+		$run eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"'
+                ;;
+              esac
+	    else
+	      $run eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"'
+	      $run eval 'grep -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T'
+	      $run eval 'mv "$nlist"T "$nlist"'
+              case $host in
+              *cygwin* | *mingw* )
+	        $run eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+		$run eval 'cat "$nlist" >> "$output_objdir/$outputname.def"'
+                ;;
+              esac
+	    fi
+	  fi
+
+	  for arg in $dlprefiles; do
+	    $show "extracting global C symbols from \`$arg'"
+	    name=`$echo "$arg" | ${SED} -e 's%^.*/%%'`
+	    $run eval '$echo ": $name " >> "$nlist"'
+	    $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'"
+	  done
+
+	  if test -z "$run"; then
+	    # Make sure we have at least an empty file.
+	    test -f "$nlist" || : > "$nlist"
+
+	    if test -n "$exclude_expsyms"; then
+	      $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T
+	      $mv "$nlist"T "$nlist"
+	    fi
+
+	    # Try sorting and uniquifying the output.
+	    if grep -v "^: " < "$nlist" |
+		if sort -k 3 </dev/null >/dev/null 2>&1; then
+		  sort -k 3
+		else
+		  sort +2
+		fi |
+		uniq > "$nlist"S; then
+	      :
+	    else
+	      grep -v "^: " < "$nlist" > "$nlist"S
+	    fi
+
+	    if test -f "$nlist"S; then
+	      eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$dlsyms"'
+	    else
+	      $echo '/* NONE */' >> "$output_objdir/$dlsyms"
+	    fi
+
+	    $echo >> "$output_objdir/$dlsyms" "\
+
+#undef lt_preloaded_symbols
+
+#if defined (__STDC__) && __STDC__
+# define lt_ptr void *
+#else
+# define lt_ptr char *
+# define const
+#endif
+
+/* The mapping between symbol names and symbols. */
+"
+
+	    case $host in
+	    *cygwin* | *mingw* )
+	  $echo >> "$output_objdir/$dlsyms" "\
+/* DATA imports from DLLs on WIN32 can't be const, because
+   runtime relocations are performed -- see ld's documentation
+   on pseudo-relocs */
+struct {
+"
+	      ;;
+	    * )
+	  $echo >> "$output_objdir/$dlsyms" "\
+const struct {
+"
+	      ;;
+	    esac
+
+
+	  $echo >> "$output_objdir/$dlsyms" "\
+  const char *name;
+  lt_ptr address;
+}
+lt_preloaded_symbols[] =
+{\
+"
+
+	    eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$dlsyms"
+
+	    $echo >> "$output_objdir/$dlsyms" "\
+  {0, (lt_ptr) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+  return lt_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif\
+"
+	  fi
+
+	  pic_flag_for_symtable=
+	  case $host in
+	  # compiling the symbol table file with pic_flag works around
+	  # a FreeBSD bug that causes programs to crash when -lm is
+	  # linked before any other PIC object.  But we must not use
+	  # pic_flag when linking with -static.  The problem exists in
+	  # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
+	  *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
+	    case "$compile_command " in
+	    *" -static "*) ;;
+	    *) pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND";;
+	    esac;;
+	  *-*-hpux*)
+	    case "$compile_command " in
+	    *" -static "*) ;;
+	    *) pic_flag_for_symtable=" $pic_flag";;
+	    esac
+	  esac
+
+	  # Now compile the dynamic symbol file.
+	  $show "(cd $output_objdir && $LTCC  $LTCFLAGS -c$no_builtin_flag$pic_flag_for_symtable \"$dlsyms\")"
+	  $run eval '(cd $output_objdir && $LTCC  $LTCFLAGS -c$no_builtin_flag$pic_flag_for_symtable "$dlsyms")' || exit $?
+
+	  # Clean up the generated files.
+	  $show "$rm $output_objdir/$dlsyms $nlist ${nlist}S ${nlist}T"
+	  $run $rm "$output_objdir/$dlsyms" "$nlist" "${nlist}S" "${nlist}T"
+
+	  # Transform the symbol file into the correct name.
+          case $host in
+          *cygwin* | *mingw* )
+            if test -f "$output_objdir/${outputname}.def" ; then
+              compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"`
+              finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"`
+            else
+              compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
+              finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
+             fi
+            ;;
+          * )
+            compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
+            finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"`
+            ;;
+          esac
+	  ;;
+	*)
+	  $echo "$modename: unknown suffix for \`$dlsyms'" 1>&2
+	  exit $EXIT_FAILURE
+	  ;;
+	esac
+      else
+	# We keep going just in case the user didn't refer to
+	# lt_preloaded_symbols.  The linker will fail if global_symbol_pipe
+	# really was required.
+
+	# Nullify the symbol file.
+	compile_command=`$echo "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"`
+	finalize_command=`$echo "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"`
+      fi
+
+      if test "$need_relink" = no || test "$build_libtool_libs" != yes; then
+	# Replace the output file specification.
+	compile_command=`$echo "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+	link_command="$compile_command$compile_rpath"
+
+	# We have no uninstalled library dependencies, so finalize right now.
+	$show "$link_command"
+	$run eval "$link_command"
+	exit_status=$?
+
+	# Delete the generated files.
+	if test -n "$dlsyms"; then
+	  $show "$rm $output_objdir/${outputname}S.${objext}"
+	  $run $rm "$output_objdir/${outputname}S.${objext}"
+	fi
+
+	exit $exit_status
+      fi
+
+      if test -n "$shlibpath_var"; then
+	# We should set the shlibpath_var
+	rpath=
+	for dir in $temp_rpath; do
+	  case $dir in
+	  [\\/]* | [A-Za-z]:[\\/]*)
+	    # Absolute path.
+	    rpath="$rpath$dir:"
+	    ;;
+	  *)
+	    # Relative path: add a thisdir entry.
+	    rpath="$rpath\$thisdir/$dir:"
+	    ;;
+	  esac
+	done
+	temp_rpath="$rpath"
+      fi
+
+      if test -n "$compile_shlibpath$finalize_shlibpath"; then
+	compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command"
+      fi
+      if test -n "$finalize_shlibpath"; then
+	finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command"
+      fi
+
+      compile_var=
+      finalize_var=
+      if test -n "$runpath_var"; then
+	if test -n "$perm_rpath"; then
+	  # We should set the runpath_var.
+	  rpath=
+	  for dir in $perm_rpath; do
+	    rpath="$rpath$dir:"
+	  done
+	  compile_var="$runpath_var=\"$rpath\$$runpath_var\" "
+	fi
+	if test -n "$finalize_perm_rpath"; then
+	  # We should set the runpath_var.
+	  rpath=
+	  for dir in $finalize_perm_rpath; do
+	    rpath="$rpath$dir:"
+	  done
+	  finalize_var="$runpath_var=\"$rpath\$$runpath_var\" "
+	fi
+      fi
+
+      if test "$no_install" = yes; then
+	# We don't need to create a wrapper script.
+	link_command="$compile_var$compile_command$compile_rpath"
+	# Replace the output file specification.
+	link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+	# Delete the old output file.
+	$run $rm $output
+	# Link the executable and exit
+	$show "$link_command"
+	$run eval "$link_command" || exit $?
+	exit $EXIT_SUCCESS
+      fi
+
+      if test "$hardcode_action" = relink; then
+	# Fast installation is not supported
+	link_command="$compile_var$compile_command$compile_rpath"
+	relink_command="$finalize_var$finalize_command$finalize_rpath"
+
+	$echo "$modename: warning: this platform does not like uninstalled shared libraries" 1>&2
+	$echo "$modename: \`$output' will be relinked during installation" 1>&2
+      else
+	if test "$fast_install" != no; then
+	  link_command="$finalize_var$compile_command$finalize_rpath"
+	  if test "$fast_install" = yes; then
+	    relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'`
+	  else
+	    # fast_install is set to needless
+	    relink_command=
+	  fi
+	else
+	  link_command="$compile_var$compile_command$compile_rpath"
+	  relink_command="$finalize_var$finalize_command$finalize_rpath"
+	fi
+      fi
+
+      # Replace the output file specification.
+      link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'`
+
+      # Delete the old output files.
+      $run $rm $output $output_objdir/$outputname $output_objdir/lt-$outputname
+
+      $show "$link_command"
+      $run eval "$link_command" || exit $?
+
+      # Now create the wrapper script.
+      $show "creating $output"
+
+      # Quote the relink command for shipping.
+      if test -n "$relink_command"; then
+	# Preserve any variables that may affect compiler behavior
+	for var in $variables_saved_for_relink; do
+	  if eval test -z \"\${$var+set}\"; then
+	    relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command"
+	  elif eval var_value=\$$var; test -z "$var_value"; then
+	    relink_command="$var=; export $var; $relink_command"
+	  else
+	    var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"`
+	    relink_command="$var=\"$var_value\"; export $var; $relink_command"
+	  fi
+	done
+	relink_command="(cd `pwd`; $relink_command)"
+	relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+      fi
+
+      # Quote $echo for shipping.
+      if test "X$echo" = "X$SHELL $progpath --fallback-echo"; then
+	case $progpath in
+	[\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $progpath --fallback-echo";;
+	*) qecho="$SHELL `pwd`/$progpath --fallback-echo";;
+	esac
+	qecho=`$echo "X$qecho" | $Xsed -e "$sed_quote_subst"`
+      else
+	qecho=`$echo "X$echo" | $Xsed -e "$sed_quote_subst"`
+      fi
+
+      # Only actually do things if our run command is non-null.
+      if test -z "$run"; then
+	# win32 will think the script is a binary if it has
+	# a .exe suffix, so we strip it off here.
+	case $output in
+	  *.exe) output=`$echo $output|${SED} 's,.exe$,,'` ;;
+	esac
+	# test for cygwin because mv fails w/o .exe extensions
+	case $host in
+	  *cygwin*)
+	    exeext=.exe
+	    outputname=`$echo $outputname|${SED} 's,.exe$,,'` ;;
+	  *) exeext= ;;
+	esac
+	case $host in
+	  *cygwin* | *mingw* )
+            output_name=`basename $output`
+            output_path=`dirname $output`
+            cwrappersource="$output_path/$objdir/lt-$output_name.c"
+            cwrapper="$output_path/$output_name.exe"
+            $rm $cwrappersource $cwrapper
+            trap "$rm $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15
+
+	    cat > $cwrappersource <<EOF
+
+/* $cwrappersource - temporary wrapper executable for $objdir/$outputname
+   Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
+
+   The $output program cannot be directly executed until all the libtool
+   libraries that it depends on are installed.
+
+   This wrapper executable should never be moved out of the build directory.
+   If it is, it will not operate correctly.
+
+   Currently, it simply execs the wrapper *script* "/bin/sh $output",
+   but could eventually absorb all of the scripts functionality and
+   exec $objdir/$outputname directly.
+*/
+EOF
+	    cat >> $cwrappersource<<"EOF"
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <malloc.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <string.h>
+#include <ctype.h>
+#include <sys/stat.h>
+
+#if defined(PATH_MAX)
+# define LT_PATHMAX PATH_MAX
+#elif defined(MAXPATHLEN)
+# define LT_PATHMAX MAXPATHLEN
+#else
+# define LT_PATHMAX 1024
+#endif
+
+#ifndef DIR_SEPARATOR
+# define DIR_SEPARATOR '/'
+# define PATH_SEPARATOR ':'
+#endif
+
+#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \
+  defined (__OS2__)
+# define HAVE_DOS_BASED_FILE_SYSTEM
+# ifndef DIR_SEPARATOR_2
+#  define DIR_SEPARATOR_2 '\\'
+# endif
+# ifndef PATH_SEPARATOR_2
+#  define PATH_SEPARATOR_2 ';'
+# endif
+#endif
+
+#ifndef DIR_SEPARATOR_2
+# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR)
+#else /* DIR_SEPARATOR_2 */
+# define IS_DIR_SEPARATOR(ch) \
+        (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2))
+#endif /* DIR_SEPARATOR_2 */
+
+#ifndef PATH_SEPARATOR_2
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR)
+#else /* PATH_SEPARATOR_2 */
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2)
+#endif /* PATH_SEPARATOR_2 */
+
+#define XMALLOC(type, num)      ((type *) xmalloc ((num) * sizeof(type)))
+#define XFREE(stale) do { \
+  if (stale) { free ((void *) stale); stale = 0; } \
+} while (0)
+
+/* -DDEBUG is fairly common in CFLAGS.  */
+#undef DEBUG
+#if defined DEBUGWRAPPER
+# define DEBUG(format, ...) fprintf(stderr, format, __VA_ARGS__)
+#else
+# define DEBUG(format, ...)
+#endif
+
+const char *program_name = NULL;
+
+void * xmalloc (size_t num);
+char * xstrdup (const char *string);
+const char * base_name (const char *name);
+char * find_executable(const char *wrapper);
+int    check_executable(const char *path);
+char * strendzap(char *str, const char *pat);
+void lt_fatal (const char *message, ...);
+
+int
+main (int argc, char *argv[])
+{
+  char **newargz;
+  int i;
+
+  program_name = (char *) xstrdup (base_name (argv[0]));
+  DEBUG("(main) argv[0]      : %s\n",argv[0]);
+  DEBUG("(main) program_name : %s\n",program_name);
+  newargz = XMALLOC(char *, argc+2);
+EOF
+
+            cat >> $cwrappersource <<EOF
+  newargz[0] = (char *) xstrdup("$SHELL");
+EOF
+
+            cat >> $cwrappersource <<"EOF"
+  newargz[1] = find_executable(argv[0]);
+  if (newargz[1] == NULL)
+    lt_fatal("Couldn't find %s", argv[0]);
+  DEBUG("(main) found exe at : %s\n",newargz[1]);
+  /* we know the script has the same name, without the .exe */
+  /* so make sure newargz[1] doesn't end in .exe */
+  strendzap(newargz[1],".exe");
+  for (i = 1; i < argc; i++)
+    newargz[i+1] = xstrdup(argv[i]);
+  newargz[argc+1] = NULL;
+
+  for (i=0; i<argc+1; i++)
+  {
+    DEBUG("(main) newargz[%d]   : %s\n",i,newargz[i]);
+    ;
+  }
+
+EOF
+
+            case $host_os in
+              mingw*)
+                cat >> $cwrappersource <<EOF
+  execv("$SHELL",(char const **)newargz);
+EOF
+              ;;
+              *)
+                cat >> $cwrappersource <<EOF
+  execv("$SHELL",newargz);
+EOF
+              ;;
+            esac
+
+            cat >> $cwrappersource <<"EOF"
+  return 127;
+}
+
+void *
+xmalloc (size_t num)
+{
+  void * p = (void *) malloc (num);
+  if (!p)
+    lt_fatal ("Memory exhausted");
+
+  return p;
+}
+
+char *
+xstrdup (const char *string)
+{
+  return string ? strcpy ((char *) xmalloc (strlen (string) + 1), string) : NULL
+;
+}
+
+const char *
+base_name (const char *name)
+{
+  const char *base;
+
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+  /* Skip over the disk name in MSDOS pathnames. */
+  if (isalpha ((unsigned char)name[0]) && name[1] == ':')
+    name += 2;
+#endif
+
+  for (base = name; *name; name++)
+    if (IS_DIR_SEPARATOR (*name))
+      base = name + 1;
+  return base;
+}
+
+int
+check_executable(const char * path)
+{
+  struct stat st;
+
+  DEBUG("(check_executable)  : %s\n", path ? (*path ? path : "EMPTY!") : "NULL!");
+  if ((!path) || (!*path))
+    return 0;
+
+  if ((stat (path, &st) >= 0) &&
+      (
+        /* MinGW & native WIN32 do not support S_IXOTH or S_IXGRP */
+#if defined (S_IXOTH)
+       ((st.st_mode & S_IXOTH) == S_IXOTH) ||
+#endif
+#if defined (S_IXGRP)
+       ((st.st_mode & S_IXGRP) == S_IXGRP) ||
+#endif
+       ((st.st_mode & S_IXUSR) == S_IXUSR))
+      )
+    return 1;
+  else
+    return 0;
+}
+
+/* Searches for the full path of the wrapper.  Returns
+   newly allocated full path name if found, NULL otherwise */
+char *
+find_executable (const char* wrapper)
+{
+  int has_slash = 0;
+  const char* p;
+  const char* p_next;
+  /* static buffer for getcwd */
+  char tmp[LT_PATHMAX + 1];
+  int tmp_len;
+  char* concat_name;
+
+  DEBUG("(find_executable)  : %s\n", wrapper ? (*wrapper ? wrapper : "EMPTY!") : "NULL!");
+
+  if ((wrapper == NULL) || (*wrapper == '\0'))
+    return NULL;
+
+  /* Absolute path? */
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+  if (isalpha ((unsigned char)wrapper[0]) && wrapper[1] == ':')
+  {
+    concat_name = xstrdup (wrapper);
+    if (check_executable(concat_name))
+      return concat_name;
+    XFREE(concat_name);
+  }
+  else
+  {
+#endif
+    if (IS_DIR_SEPARATOR (wrapper[0]))
+    {
+      concat_name = xstrdup (wrapper);
+      if (check_executable(concat_name))
+        return concat_name;
+      XFREE(concat_name);
+    }
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+  }
+#endif
+
+  for (p = wrapper; *p; p++)
+    if (*p == '/')
+    {
+      has_slash = 1;
+      break;
+    }
+  if (!has_slash)
+  {
+    /* no slashes; search PATH */
+    const char* path = getenv ("PATH");
+    if (path != NULL)
+    {
+      for (p = path; *p; p = p_next)
+      {
+        const char* q;
+        size_t p_len;
+        for (q = p; *q; q++)
+          if (IS_PATH_SEPARATOR(*q))
+            break;
+        p_len = q - p;
+        p_next = (*q == '\0' ? q : q + 1);
+        if (p_len == 0)
+        {
+          /* empty path: current directory */
+          if (getcwd (tmp, LT_PATHMAX) == NULL)
+            lt_fatal ("getcwd failed");
+          tmp_len = strlen(tmp);
+          concat_name = XMALLOC(char, tmp_len + 1 + strlen(wrapper) + 1);
+          memcpy (concat_name, tmp, tmp_len);
+          concat_name[tmp_len] = '/';
+          strcpy (concat_name + tmp_len + 1, wrapper);
+        }
+        else
+        {
+          concat_name = XMALLOC(char, p_len + 1 + strlen(wrapper) + 1);
+          memcpy (concat_name, p, p_len);
+          concat_name[p_len] = '/';
+          strcpy (concat_name + p_len + 1, wrapper);
+        }
+        if (check_executable(concat_name))
+          return concat_name;
+        XFREE(concat_name);
+      }
+    }
+    /* not found in PATH; assume curdir */
+  }
+  /* Relative path | not found in path: prepend cwd */
+  if (getcwd (tmp, LT_PATHMAX) == NULL)
+    lt_fatal ("getcwd failed");
+  tmp_len = strlen(tmp);
+  concat_name = XMALLOC(char, tmp_len + 1 + strlen(wrapper) + 1);
+  memcpy (concat_name, tmp, tmp_len);
+  concat_name[tmp_len] = '/';
+  strcpy (concat_name + tmp_len + 1, wrapper);
+
+  if (check_executable(concat_name))
+    return concat_name;
+  XFREE(concat_name);
+  return NULL;
+}
+
+char *
+strendzap(char *str, const char *pat)
+{
+  size_t len, patlen;
+
+  assert(str != NULL);
+  assert(pat != NULL);
+
+  len = strlen(str);
+  patlen = strlen(pat);
+
+  if (patlen <= len)
+  {
+    str += len - patlen;
+    if (strcmp(str, pat) == 0)
+      *str = '\0';
+  }
+  return str;
+}
+
+static void
+lt_error_core (int exit_status, const char * mode,
+          const char * message, va_list ap)
+{
+  fprintf (stderr, "%s: %s: ", program_name, mode);
+  vfprintf (stderr, message, ap);
+  fprintf (stderr, ".\n");
+
+  if (exit_status >= 0)
+    exit (exit_status);
+}
+
+void
+lt_fatal (const char *message, ...)
+{
+  va_list ap;
+  va_start (ap, message);
+  lt_error_core (EXIT_FAILURE, "FATAL", message, ap);
+  va_end (ap);
+}
+EOF
+          # we should really use a build-platform specific compiler
+          # here, but OTOH, the wrappers (shell script and this C one)
+          # are only useful if you want to execute the "real" binary.
+          # Since the "real" binary is built for $host, then this
+          # wrapper might as well be built for $host, too.
+          $run $LTCC $LTCFLAGS -s -o $cwrapper $cwrappersource
+          ;;
+        esac
+        $rm $output
+        trap "$rm $output; exit $EXIT_FAILURE" 1 2 15
+
+	$echo > $output "\
+#! $SHELL
+
+# $output - temporary wrapper script for $objdir/$outputname
+# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
+#
+# The $output program cannot be directly executed until all the libtool
+# libraries that it depends on are installed.
+#
+# This wrapper script should never be moved out of the build directory.
+# If it is, it will not operate correctly.
+
+# Sed substitution that helps us do robust quoting.  It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed='${SED} -e 1s/^X//'
+sed_quote_subst='$sed_quote_subst'
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+relink_command=\"$relink_command\"
+
+# This environment variable determines our operation mode.
+if test \"\$libtool_install_magic\" = \"$magic\"; then
+  # install mode needs the following variable:
+  notinst_deplibs='$notinst_deplibs'
+else
+  # When we are sourced in execute mode, \$file and \$echo are already set.
+  if test \"\$libtool_execute_magic\" != \"$magic\"; then
+    echo=\"$qecho\"
+    file=\"\$0\"
+    # Make sure echo works.
+    if test \"X\$1\" = X--no-reexec; then
+      # Discard the --no-reexec flag, and continue.
+      shift
+    elif test \"X\`(\$echo '\t') 2>/dev/null\`\" = 'X\t'; then
+      # Yippee, \$echo works!
+      :
+    else
+      # Restart under the correct shell, and then maybe \$echo will work.
+      exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"}
+    fi
+  fi\
+"
+	$echo >> $output "\
+
+  # Find the directory that this script lives in.
+  thisdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\`
+  test \"x\$thisdir\" = \"x\$file\" && thisdir=.
+
+  # Follow symbolic links until we get to the real thisdir.
+  file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\`
+  while test -n \"\$file\"; do
+    destdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\`
+
+    # If there was a directory component, then change thisdir.
+    if test \"x\$destdir\" != \"x\$file\"; then
+      case \"\$destdir\" in
+      [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;;
+      *) thisdir=\"\$thisdir/\$destdir\" ;;
+      esac
+    fi
+
+    file=\`\$echo \"X\$file\" | \$Xsed -e 's%^.*/%%'\`
+    file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\`
+  done
+
+  # Try to get the absolute directory name.
+  absdir=\`cd \"\$thisdir\" && pwd\`
+  test -n \"\$absdir\" && thisdir=\"\$absdir\"
+"
+
+	if test "$fast_install" = yes; then
+	  $echo >> $output "\
+  program=lt-'$outputname'$exeext
+  progdir=\"\$thisdir/$objdir\"
+
+  if test ! -f \"\$progdir/\$program\" || \\
+     { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\
+       test \"X\$file\" != \"X\$progdir/\$program\"; }; then
+
+    file=\"\$\$-\$program\"
+
+    if test ! -d \"\$progdir\"; then
+      $mkdir \"\$progdir\"
+    else
+      $rm \"\$progdir/\$file\"
+    fi"
+
+	  $echo >> $output "\
+
+    # relink executable if necessary
+    if test -n \"\$relink_command\"; then
+      if relink_command_output=\`eval \$relink_command 2>&1\`; then :
+      else
+	$echo \"\$relink_command_output\" >&2
+	$rm \"\$progdir/\$file\"
+	exit $EXIT_FAILURE
+      fi
+    fi
+
+    $mv \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null ||
+    { $rm \"\$progdir/\$program\";
+      $mv \"\$progdir/\$file\" \"\$progdir/\$program\"; }
+    $rm \"\$progdir/\$file\"
+  fi"
+	else
+	  $echo >> $output "\
+  program='$outputname'
+  progdir=\"\$thisdir/$objdir\"
+"
+	fi
+
+	$echo >> $output "\
+
+  if test -f \"\$progdir/\$program\"; then"
+
+	# Export our shlibpath_var if we have one.
+	if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+	  $echo >> $output "\
+    # Add our own library path to $shlibpath_var
+    $shlibpath_var=\"$temp_rpath\$$shlibpath_var\"
+
+    # Some systems cannot cope with colon-terminated $shlibpath_var
+    # The second colon is a workaround for a bug in BeOS R4 sed
+    $shlibpath_var=\`\$echo \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\`
+
+    export $shlibpath_var
+"
+	fi
+
+	# fixup the dll searchpath if we need to.
+	if test -n "$dllsearchpath"; then
+	  $echo >> $output "\
+    # Add the dll search path components to the executable PATH
+    PATH=$dllsearchpath:\$PATH
+"
+	fi
+
+	$echo >> $output "\
+    if test \"\$libtool_execute_magic\" != \"$magic\"; then
+      # Run the actual program with our arguments.
+"
+	case $host in
+	# Backslashes separate directories on plain windows
+	*-*-mingw | *-*-os2*)
+	  $echo >> $output "\
+      exec \"\$progdir\\\\\$program\" \${1+\"\$@\"}
+"
+	  ;;
+
+	*)
+	  $echo >> $output "\
+      exec \"\$progdir/\$program\" \${1+\"\$@\"}
+"
+	  ;;
+	esac
+	$echo >> $output "\
+      \$echo \"\$0: cannot exec \$program \${1+\"\$@\"}\"
+      exit $EXIT_FAILURE
+    fi
+  else
+    # The program doesn't exist.
+    \$echo \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2
+    \$echo \"This script is just a wrapper for \$program.\" 1>&2
+    $echo \"See the $PACKAGE documentation for more information.\" 1>&2
+    exit $EXIT_FAILURE
+  fi
+fi\
+"
+	chmod +x $output
+      fi
+      exit $EXIT_SUCCESS
+      ;;
+    esac
+
+    # See if we need to build an old-fashioned archive.
+    for oldlib in $oldlibs; do
+
+      if test "$build_libtool_libs" = convenience; then
+	oldobjs="$libobjs_save"
+	addlibs="$convenience"
+	build_libtool_libs=no
+      else
+	if test "$build_libtool_libs" = module; then
+	  oldobjs="$libobjs_save"
+	  build_libtool_libs=no
+	else
+	  oldobjs="$old_deplibs $non_pic_objects"
+	fi
+	addlibs="$old_convenience"
+      fi
+
+      if test -n "$addlibs"; then
+	gentop="$output_objdir/${outputname}x"
+	generated="$generated $gentop"
+
+	func_extract_archives $gentop $addlibs
+	oldobjs="$oldobjs $func_extract_archives_result"
+      fi
+
+      # Do each command in the archive commands.
+      if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then
+       cmds=$old_archive_from_new_cmds
+      else
+	# POSIX demands no paths to be encoded in archives.  We have
+	# to avoid creating archives with duplicate basenames if we
+	# might have to extract them afterwards, e.g., when creating a
+	# static archive out of a convenience library, or when linking
+	# the entirety of a libtool archive into another (currently
+	# not supported by libtool).
+	if (for obj in $oldobjs
+	    do
+	      $echo "X$obj" | $Xsed -e 's%^.*/%%'
+	    done | sort | sort -uc >/dev/null 2>&1); then
+	  :
+	else
+	  $echo "copying selected object files to avoid basename conflicts..."
+
+	  if test -z "$gentop"; then
+	    gentop="$output_objdir/${outputname}x"
+	    generated="$generated $gentop"
+
+	    $show "${rm}r $gentop"
+	    $run ${rm}r "$gentop"
+	    $show "$mkdir $gentop"
+	    $run $mkdir "$gentop"
+	    exit_status=$?
+	    if test "$exit_status" -ne 0 && test ! -d "$gentop"; then
+	      exit $exit_status
+	    fi
+	  fi
+
+	  save_oldobjs=$oldobjs
+	  oldobjs=
+	  counter=1
+	  for obj in $save_oldobjs
+	  do
+	    objbase=`$echo "X$obj" | $Xsed -e 's%^.*/%%'`
+	    case " $oldobjs " in
+	    " ") oldobjs=$obj ;;
+	    *[\ /]"$objbase "*)
+	      while :; do
+		# Make sure we don't pick an alternate name that also
+		# overlaps.
+		newobj=lt$counter-$objbase
+		counter=`expr $counter + 1`
+		case " $oldobjs " in
+		*[\ /]"$newobj "*) ;;
+		*) if test ! -f "$gentop/$newobj"; then break; fi ;;
+		esac
+	      done
+	      $show "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj"
+	      $run ln "$obj" "$gentop/$newobj" ||
+	      $run cp "$obj" "$gentop/$newobj"
+	      oldobjs="$oldobjs $gentop/$newobj"
+	      ;;
+	    *) oldobjs="$oldobjs $obj" ;;
+	    esac
+	  done
+	fi
+
+	eval cmds=\"$old_archive_cmds\"
+
+	if len=`expr "X$cmds" : ".*"` &&
+	     test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+	  cmds=$old_archive_cmds
+	else
+	  # the command line is too long to link in one step, link in parts
+	  $echo "using piecewise archive linking..."
+	  save_RANLIB=$RANLIB
+	  RANLIB=:
+	  objlist=
+	  concat_cmds=
+	  save_oldobjs=$oldobjs
+
+	  # Is there a better way of finding the last object in the list?
+	  for obj in $save_oldobjs
+	  do
+	    last_oldobj=$obj
+	  done
+	  for obj in $save_oldobjs
+	  do
+	    oldobjs="$objlist $obj"
+	    objlist="$objlist $obj"
+	    eval test_cmds=\"$old_archive_cmds\"
+	    if len=`expr "X$test_cmds" : ".*" 2>/dev/null` &&
+	       test "$len" -le "$max_cmd_len"; then
+	      :
+	    else
+	      # the above command should be used before it gets too long
+	      oldobjs=$objlist
+	      if test "$obj" = "$last_oldobj" ; then
+	        RANLIB=$save_RANLIB
+	      fi
+	      test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+	      eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\"
+	      objlist=
+	    fi
+	  done
+	  RANLIB=$save_RANLIB
+	  oldobjs=$objlist
+	  if test "X$oldobjs" = "X" ; then
+	    eval cmds=\"\$concat_cmds\"
+	  else
+	    eval cmds=\"\$concat_cmds~\$old_archive_cmds\"
+	  fi
+	fi
+      fi
+      save_ifs="$IFS"; IFS='~'
+      for cmd in $cmds; do
+        eval cmd=\"$cmd\"
+	IFS="$save_ifs"
+	$show "$cmd"
+	$run eval "$cmd" || exit $?
+      done
+      IFS="$save_ifs"
+    done
+
+    if test -n "$generated"; then
+      $show "${rm}r$generated"
+      $run ${rm}r$generated
+    fi
+
+    # Now create the libtool archive.
+    case $output in
+    *.la)
+      old_library=
+      test "$build_old_libs" = yes && old_library="$libname.$libext"
+      $show "creating $output"
+
+      # Preserve any variables that may affect compiler behavior
+      for var in $variables_saved_for_relink; do
+	if eval test -z \"\${$var+set}\"; then
+	  relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command"
+	elif eval var_value=\$$var; test -z "$var_value"; then
+	  relink_command="$var=; export $var; $relink_command"
+	else
+	  var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"`
+	  relink_command="$var=\"$var_value\"; export $var; $relink_command"
+	fi
+      done
+      # Quote the link command for shipping.
+      relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
+      relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+      if test "$hardcode_automatic" = yes ; then
+	relink_command=
+      fi
+
+
+      # Only create the output if not a dry run.
+      if test -z "$run"; then
+	for installed in no yes; do
+	  if test "$installed" = yes; then
+	    if test -z "$install_libdir"; then
+	      break
+	    fi
+	    output="$output_objdir/$outputname"i
+	    # Replace all uninstalled libtool libraries with the installed ones
+	    newdependency_libs=
+	    for deplib in $dependency_libs; do
+	      case $deplib in
+	      *.la)
+		name=`$echo "X$deplib" | $Xsed -e 's%^.*/%%'`
+		eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+		if test -z "$libdir"; then
+		  $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2
+		  exit $EXIT_FAILURE
+		fi
+		newdependency_libs="$newdependency_libs $libdir/$name"
+		;;
+	      *) newdependency_libs="$newdependency_libs $deplib" ;;
+	      esac
+	    done
+	    dependency_libs="$newdependency_libs"
+	    newdlfiles=
+	    for lib in $dlfiles; do
+	      name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
+	      eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+	      if test -z "$libdir"; then
+		$echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
+		exit $EXIT_FAILURE
+	      fi
+	      newdlfiles="$newdlfiles $libdir/$name"
+	    done
+	    dlfiles="$newdlfiles"
+	    newdlprefiles=
+	    for lib in $dlprefiles; do
+	      name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'`
+	      eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+	      if test -z "$libdir"; then
+		$echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
+		exit $EXIT_FAILURE
+	      fi
+	      newdlprefiles="$newdlprefiles $libdir/$name"
+	    done
+	    dlprefiles="$newdlprefiles"
+	  else
+	    newdlfiles=
+	    for lib in $dlfiles; do
+	      case $lib in
+		[\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+		*) abs=`pwd`"/$lib" ;;
+	      esac
+	      newdlfiles="$newdlfiles $abs"
+	    done
+	    dlfiles="$newdlfiles"
+	    newdlprefiles=
+	    for lib in $dlprefiles; do
+	      case $lib in
+		[\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+		*) abs=`pwd`"/$lib" ;;
+	      esac
+	      newdlprefiles="$newdlprefiles $abs"
+	    done
+	    dlprefiles="$newdlprefiles"
+	  fi
+	  $rm $output
+	  # place dlname in correct position for cygwin
+	  tdlname=$dlname
+	  case $host,$output,$installed,$module,$dlname in
+	    *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;;
+	  esac
+	  $echo > $output "\
+# $outputname - a libtool library file
+# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname='$tdlname'
+
+# Names of this library.
+library_names='$library_names'
+
+# The name of the static archive.
+old_library='$old_library'
+
+# Libraries that this one depends upon.
+dependency_libs='$dependency_libs'
+
+# Version information for $libname.
+current=$current
+age=$age
+revision=$revision
+
+# Is this an already installed library?
+installed=$installed
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=$module
+
+# Files to dlopen/dlpreopen
+dlopen='$dlfiles'
+dlpreopen='$dlprefiles'
+
+# Directory that this library needs to be installed in:
+libdir='$install_libdir'"
+	  if test "$installed" = no && test "$need_relink" = yes; then
+	    $echo >> $output "\
+relink_command=\"$relink_command\""
+	  fi
+	done
+      fi
+
+      # Do a symbolic link so that the libtool archive can be found in
+      # LD_LIBRARY_PATH before the program is installed.
+      $show "(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)"
+      $run eval '(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)' || exit $?
+      ;;
+    esac
+    exit $EXIT_SUCCESS
+    ;;
+
+  # libtool install mode
+  install)
+    modename="$modename: install"
+
+    # There may be an optional sh(1) argument at the beginning of
+    # install_prog (especially on Windows NT).
+    if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh ||
+       # Allow the use of GNU shtool's install command.
+       $echo "X$nonopt" | grep shtool > /dev/null; then
+      # Aesthetically quote it.
+      arg=`$echo "X$nonopt" | $Xsed -e "$sed_quote_subst"`
+      case $arg in
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+	arg="\"$arg\""
+	;;
+      esac
+      install_prog="$arg "
+      arg="$1"
+      shift
+    else
+      install_prog=
+      arg=$nonopt
+    fi
+
+    # The real first argument should be the name of the installation program.
+    # Aesthetically quote it.
+    arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+    case $arg in
+    *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+      arg="\"$arg\""
+      ;;
+    esac
+    install_prog="$install_prog$arg"
+
+    # We need to accept at least all the BSD install flags.
+    dest=
+    files=
+    opts=
+    prev=
+    install_type=
+    isdir=no
+    stripme=
+    for arg
+    do
+      if test -n "$dest"; then
+	files="$files $dest"
+	dest=$arg
+	continue
+      fi
+
+      case $arg in
+      -d) isdir=yes ;;
+      -f) 
+      	case " $install_prog " in
+	*[\\\ /]cp\ *) ;;
+	*) prev=$arg ;;
+	esac
+	;;
+      -g | -m | -o) prev=$arg ;;
+      -s)
+	stripme=" -s"
+	continue
+	;;
+      -*)
+	;;
+      *)
+	# If the previous option needed an argument, then skip it.
+	if test -n "$prev"; then
+	  prev=
+	else
+	  dest=$arg
+	  continue
+	fi
+	;;
+      esac
+
+      # Aesthetically quote the argument.
+      arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`
+      case $arg in
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+	arg="\"$arg\""
+	;;
+      esac
+      install_prog="$install_prog $arg"
+    done
+
+    if test -z "$install_prog"; then
+      $echo "$modename: you must specify an install program" 1>&2
+      $echo "$help" 1>&2
+      exit $EXIT_FAILURE
+    fi
+
+    if test -n "$prev"; then
+      $echo "$modename: the \`$prev' option requires an argument" 1>&2
+      $echo "$help" 1>&2
+      exit $EXIT_FAILURE
+    fi
+
+    if test -z "$files"; then
+      if test -z "$dest"; then
+	$echo "$modename: no file or destination specified" 1>&2
+      else
+	$echo "$modename: you must specify a destination" 1>&2
+      fi
+      $echo "$help" 1>&2
+      exit $EXIT_FAILURE
+    fi
+
+    # Strip any trailing slash from the destination.
+    dest=`$echo "X$dest" | $Xsed -e 's%/$%%'`
+
+    # Check to see that the destination is a directory.
+    test -d "$dest" && isdir=yes
+    if test "$isdir" = yes; then
+      destdir="$dest"
+      destname=
+    else
+      destdir=`$echo "X$dest" | $Xsed -e 's%/[^/]*$%%'`
+      test "X$destdir" = "X$dest" && destdir=.
+      destname=`$echo "X$dest" | $Xsed -e 's%^.*/%%'`
+
+      # Not a directory, so check to see that there is only one file specified.
+      set dummy $files
+      if test "$#" -gt 2; then
+	$echo "$modename: \`$dest' is not a directory" 1>&2
+	$echo "$help" 1>&2
+	exit $EXIT_FAILURE
+      fi
+    fi
+    case $destdir in
+    [\\/]* | [A-Za-z]:[\\/]*) ;;
+    *)
+      for file in $files; do
+	case $file in
+	*.lo) ;;
+	*)
+	  $echo "$modename: \`$destdir' must be an absolute directory name" 1>&2
+	  $echo "$help" 1>&2
+	  exit $EXIT_FAILURE
+	  ;;
+	esac
+      done
+      ;;
+    esac
+
+    # This variable tells wrapper scripts just to set variables rather
+    # than running their programs.
+    libtool_install_magic="$magic"
+
+    staticlibs=
+    future_libdirs=
+    current_libdirs=
+    for file in $files; do
+
+      # Do each installation.
+      case $file in
+      *.$libext)
+	# Do the static libraries later.
+	staticlibs="$staticlibs $file"
+	;;
+
+      *.la)
+	# Check to see that this really is a libtool archive.
+	if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
+	else
+	  $echo "$modename: \`$file' is not a valid libtool archive" 1>&2
+	  $echo "$help" 1>&2
+	  exit $EXIT_FAILURE
+	fi
+
+	library_names=
+	old_library=
+	relink_command=
+	# If there is no directory component, then add one.
+	case $file in
+	*/* | *\\*) . $file ;;
+	*) . ./$file ;;
+	esac
+
+	# Add the libdir to current_libdirs if it is the destination.
+	if test "X$destdir" = "X$libdir"; then
+	  case "$current_libdirs " in
+	  *" $libdir "*) ;;
+	  *) current_libdirs="$current_libdirs $libdir" ;;
+	  esac
+	else
+	  # Note the libdir as a future libdir.
+	  case "$future_libdirs " in
+	  *" $libdir "*) ;;
+	  *) future_libdirs="$future_libdirs $libdir" ;;
+	  esac
+	fi
+
+	dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`/
+	test "X$dir" = "X$file/" && dir=
+	dir="$dir$objdir"
+
+	if test -n "$relink_command"; then
+	  # Determine the prefix the user has applied to our future dir.
+	  inst_prefix_dir=`$echo "$destdir" | $SED "s%$libdir\$%%"`
+
+	  # Don't allow the user to place us outside of our expected
+	  # location b/c this prevents finding dependent libraries that
+	  # are installed to the same prefix.
+	  # At present, this check doesn't affect windows .dll's that
+	  # are installed into $libdir/../bin (currently, that works fine)
+	  # but it's something to keep an eye on.
+	  if test "$inst_prefix_dir" = "$destdir"; then
+	    $echo "$modename: error: cannot install \`$file' to a directory not ending in $libdir" 1>&2
+	    exit $EXIT_FAILURE
+	  fi
+
+	  if test -n "$inst_prefix_dir"; then
+	    # Stick the inst_prefix_dir data into the link command.
+	    relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"`
+	  else
+	    relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%%"`
+	  fi
+
+	  $echo "$modename: warning: relinking \`$file'" 1>&2
+	  $show "$relink_command"
+	  if $run eval "$relink_command"; then :
+	  else
+	    $echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2
+	    exit $EXIT_FAILURE
+	  fi
+	fi
+
+	# See the names of the shared library.
+	set dummy $library_names
+	if test -n "$2"; then
+	  realname="$2"
+	  shift
+	  shift
+
+	  srcname="$realname"
+	  test -n "$relink_command" && srcname="$realname"T
+
+	  # Install the shared library and build the symlinks.
+	  $show "$install_prog $dir/$srcname $destdir/$realname"
+	  $run eval "$install_prog $dir/$srcname $destdir/$realname" || exit $?
+	  if test -n "$stripme" && test -n "$striplib"; then
+	    $show "$striplib $destdir/$realname"
+	    $run eval "$striplib $destdir/$realname" || exit $?
+	  fi
+
+	  if test "$#" -gt 0; then
+	    # Delete the old symlinks, and create new ones.
+	    # Try `ln -sf' first, because the `ln' binary might depend on
+	    # the symlink we replace!  Solaris /bin/ln does not understand -f,
+	    # so we also need to try rm && ln -s.
+	    for linkname
+	    do
+	      if test "$linkname" != "$realname"; then
+                $show "(cd $destdir && { $LN_S -f $realname $linkname || { $rm $linkname && $LN_S $realname $linkname; }; })"
+                $run eval "(cd $destdir && { $LN_S -f $realname $linkname || { $rm $linkname && $LN_S $realname $linkname; }; })"
+	      fi
+	    done
+	  fi
+
+	  # Do each command in the postinstall commands.
+	  lib="$destdir/$realname"
+	  cmds=$postinstall_cmds
+	  save_ifs="$IFS"; IFS='~'
+	  for cmd in $cmds; do
+	    IFS="$save_ifs"
+	    eval cmd=\"$cmd\"
+	    $show "$cmd"
+	    $run eval "$cmd" || {
+	      lt_exit=$?
+
+	      # Restore the uninstalled library and exit
+	      if test "$mode" = relink; then
+		$run eval '(cd $output_objdir && $rm ${realname}T && $mv ${realname}U $realname)'
+	      fi
+
+	      exit $lt_exit
+	    }
+	  done
+	  IFS="$save_ifs"
+	fi
+
+	# Install the pseudo-library for information purposes.
+	name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+	instname="$dir/$name"i
+	$show "$install_prog $instname $destdir/$name"
+	$run eval "$install_prog $instname $destdir/$name" || exit $?
+
+	# Maybe install the static library, too.
+	test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library"
+	;;
+
+      *.lo)
+	# Install (i.e. copy) a libtool object.
+
+	# Figure out destination file name, if it wasn't already specified.
+	if test -n "$destname"; then
+	  destfile="$destdir/$destname"
+	else
+	  destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+	  destfile="$destdir/$destfile"
+	fi
+
+	# Deduce the name of the destination old-style object file.
+	case $destfile in
+	*.lo)
+	  staticdest=`$echo "X$destfile" | $Xsed -e "$lo2o"`
+	  ;;
+	*.$objext)
+	  staticdest="$destfile"
+	  destfile=
+	  ;;
+	*)
+	  $echo "$modename: cannot copy a libtool object to \`$destfile'" 1>&2
+	  $echo "$help" 1>&2
+	  exit $EXIT_FAILURE
+	  ;;
+	esac
+
+	# Install the libtool object if requested.
+	if test -n "$destfile"; then
+	  $show "$install_prog $file $destfile"
+	  $run eval "$install_prog $file $destfile" || exit $?
+	fi
+
+	# Install the old object if enabled.
+	if test "$build_old_libs" = yes; then
+	  # Deduce the name of the old-style object file.
+	  staticobj=`$echo "X$file" | $Xsed -e "$lo2o"`
+
+	  $show "$install_prog $staticobj $staticdest"
+	  $run eval "$install_prog \$staticobj \$staticdest" || exit $?
+	fi
+	exit $EXIT_SUCCESS
+	;;
+
+      *)
+	# Figure out destination file name, if it wasn't already specified.
+	if test -n "$destname"; then
+	  destfile="$destdir/$destname"
+	else
+	  destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+	  destfile="$destdir/$destfile"
+	fi
+
+	# If the file is missing, and there is a .exe on the end, strip it
+	# because it is most likely a libtool script we actually want to
+	# install
+	stripped_ext=""
+	case $file in
+	  *.exe)
+	    if test ! -f "$file"; then
+	      file=`$echo $file|${SED} 's,.exe$,,'`
+	      stripped_ext=".exe"
+	    fi
+	    ;;
+	esac
+
+	# Do a test to see if this is really a libtool program.
+	case $host in
+	*cygwin*|*mingw*)
+	    wrapper=`$echo $file | ${SED} -e 's,.exe$,,'`
+	    ;;
+	*)
+	    wrapper=$file
+	    ;;
+	esac
+	if (${SED} -e '4q' $wrapper | grep "^# Generated by .*$PACKAGE")>/dev/null 2>&1; then
+	  notinst_deplibs=
+	  relink_command=
+
+	  # Note that it is not necessary on cygwin/mingw to append a dot to
+	  # foo even if both foo and FILE.exe exist: automatic-append-.exe
+	  # behavior happens only for exec(3), not for open(2)!  Also, sourcing
+	  # `FILE.' does not work on cygwin managed mounts.
+	  #
+	  # If there is no directory component, then add one.
+	  case $wrapper in
+	  */* | *\\*) . ${wrapper} ;;
+	  *) . ./${wrapper} ;;
+	  esac
+
+	  # Check the variables that should have been set.
+	  if test -z "$notinst_deplibs"; then
+	    $echo "$modename: invalid libtool wrapper script \`$wrapper'" 1>&2
+	    exit $EXIT_FAILURE
+	  fi
+
+	  finalize=yes
+	  for lib in $notinst_deplibs; do
+	    # Check to see that each library is installed.
+	    libdir=
+	    if test -f "$lib"; then
+	      # If there is no directory component, then add one.
+	      case $lib in
+	      */* | *\\*) . $lib ;;
+	      *) . ./$lib ;;
+	      esac
+	    fi
+	    libfile="$libdir/"`$echo "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test
+	    if test -n "$libdir" && test ! -f "$libfile"; then
+	      $echo "$modename: warning: \`$lib' has not been installed in \`$libdir'" 1>&2
+	      finalize=no
+	    fi
+	  done
+
+	  relink_command=
+	  # Note that it is not necessary on cygwin/mingw to append a dot to
+	  # foo even if both foo and FILE.exe exist: automatic-append-.exe
+	  # behavior happens only for exec(3), not for open(2)!  Also, sourcing
+	  # `FILE.' does not work on cygwin managed mounts.
+	  #
+	  # If there is no directory component, then add one.
+	  case $wrapper in
+	  */* | *\\*) . ${wrapper} ;;
+	  *) . ./${wrapper} ;;
+	  esac
+
+	  outputname=
+	  if test "$fast_install" = no && test -n "$relink_command"; then
+	    if test "$finalize" = yes && test -z "$run"; then
+	      tmpdir=`func_mktempdir`
+	      file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'`
+	      outputname="$tmpdir/$file"
+	      # Replace the output file specification.
+	      relink_command=`$echo "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'`
+
+	      $show "$relink_command"
+	      if $run eval "$relink_command"; then :
+	      else
+		$echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2
+		${rm}r "$tmpdir"
+		continue
+	      fi
+	      file="$outputname"
+	    else
+	      $echo "$modename: warning: cannot relink \`$file'" 1>&2
+	    fi
+	  else
+	    # Install the binary that we compiled earlier.
+	    file=`$echo "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"`
+	  fi
+	fi
+
+	# remove .exe since cygwin /usr/bin/install will append another
+	# one anyway 
+	case $install_prog,$host in
+	*/usr/bin/install*,*cygwin*)
+	  case $file:$destfile in
+	  *.exe:*.exe)
+	    # this is ok
+	    ;;
+	  *.exe:*)
+	    destfile=$destfile.exe
+	    ;;
+	  *:*.exe)
+	    destfile=`$echo $destfile | ${SED} -e 's,.exe$,,'`
+	    ;;
+	  esac
+	  ;;
+	esac
+	$show "$install_prog$stripme $file $destfile"
+	$run eval "$install_prog\$stripme \$file \$destfile" || exit $?
+	test -n "$outputname" && ${rm}r "$tmpdir"
+	;;
+      esac
+    done
+
+    for file in $staticlibs; do
+      name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+
+      # Set up the ranlib parameters.
+      oldlib="$destdir/$name"
+
+      $show "$install_prog $file $oldlib"
+      $run eval "$install_prog \$file \$oldlib" || exit $?
+
+      if test -n "$stripme" && test -n "$old_striplib"; then
+	$show "$old_striplib $oldlib"
+	$run eval "$old_striplib $oldlib" || exit $?
+      fi
+
+      # Do each command in the postinstall commands.
+      cmds=$old_postinstall_cmds
+      save_ifs="$IFS"; IFS='~'
+      for cmd in $cmds; do
+	IFS="$save_ifs"
+	eval cmd=\"$cmd\"
+	$show "$cmd"
+	$run eval "$cmd" || exit $?
+      done
+      IFS="$save_ifs"
+    done
+
+    if test -n "$future_libdirs"; then
+      $echo "$modename: warning: remember to run \`$progname --finish$future_libdirs'" 1>&2
+    fi
+
+    if test -n "$current_libdirs"; then
+      # Maybe just do a dry run.
+      test -n "$run" && current_libdirs=" -n$current_libdirs"
+      exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs'
+    else
+      exit $EXIT_SUCCESS
+    fi
+    ;;
+
+  # libtool finish mode
+  finish)
+    modename="$modename: finish"
+    libdirs="$nonopt"
+    admincmds=
+
+    if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
+      for dir
+      do
+	libdirs="$libdirs $dir"
+      done
+
+      for libdir in $libdirs; do
+	if test -n "$finish_cmds"; then
+	  # Do each command in the finish commands.
+	  cmds=$finish_cmds
+	  save_ifs="$IFS"; IFS='~'
+	  for cmd in $cmds; do
+	    IFS="$save_ifs"
+	    eval cmd=\"$cmd\"
+	    $show "$cmd"
+	    $run eval "$cmd" || admincmds="$admincmds
+       $cmd"
+	  done
+	  IFS="$save_ifs"
+	fi
+	if test -n "$finish_eval"; then
+	  # Do the single finish_eval.
+	  eval cmds=\"$finish_eval\"
+	  $run eval "$cmds" || admincmds="$admincmds
+       $cmds"
+	fi
+      done
+    fi
+
+    # Exit here if they wanted silent mode.
+    test "$show" = : && exit $EXIT_SUCCESS
+
+    $echo "X----------------------------------------------------------------------" | $Xsed
+    $echo "Libraries have been installed in:"
+    for libdir in $libdirs; do
+      $echo "   $libdir"
+    done
+    $echo
+    $echo "If you ever happen to want to link against installed libraries"
+    $echo "in a given directory, LIBDIR, you must either use libtool, and"
+    $echo "specify the full pathname of the library, or use the \`-LLIBDIR'"
+    $echo "flag during linking and do at least one of the following:"
+    if test -n "$shlibpath_var"; then
+      $echo "   - add LIBDIR to the \`$shlibpath_var' environment variable"
+      $echo "     during execution"
+    fi
+    if test -n "$runpath_var"; then
+      $echo "   - add LIBDIR to the \`$runpath_var' environment variable"
+      $echo "     during linking"
+    fi
+    if test -n "$hardcode_libdir_flag_spec"; then
+      libdir=LIBDIR
+      eval flag=\"$hardcode_libdir_flag_spec\"
+
+      $echo "   - use the \`$flag' linker flag"
+    fi
+    if test -n "$admincmds"; then
+      $echo "   - have your system administrator run these commands:$admincmds"
+    fi
+    if test -f /etc/ld.so.conf; then
+      $echo "   - have your system administrator add LIBDIR to \`/etc/ld.so.conf'"
+    fi
+    $echo
+    $echo "See any operating system documentation about shared libraries for"
+    $echo "more information, such as the ld(1) and ld.so(8) manual pages."
+    $echo "X----------------------------------------------------------------------" | $Xsed
+    exit $EXIT_SUCCESS
+    ;;
+
+  # libtool execute mode
+  execute)
+    modename="$modename: execute"
+
+    # The first argument is the command name.
+    cmd="$nonopt"
+    if test -z "$cmd"; then
+      $echo "$modename: you must specify a COMMAND" 1>&2
+      $echo "$help"
+      exit $EXIT_FAILURE
+    fi
+
+    # Handle -dlopen flags immediately.
+    for file in $execute_dlfiles; do
+      if test ! -f "$file"; then
+	$echo "$modename: \`$file' is not a file" 1>&2
+	$echo "$help" 1>&2
+	exit $EXIT_FAILURE
+      fi
+
+      dir=
+      case $file in
+      *.la)
+	# Check to see that this really is a libtool archive.
+	if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then :
+	else
+	  $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2
+	  $echo "$help" 1>&2
+	  exit $EXIT_FAILURE
+	fi
+
+	# Read the libtool library.
+	dlname=
+	library_names=
+
+	# If there is no directory component, then add one.
+	case $file in
+	*/* | *\\*) . $file ;;
+	*) . ./$file ;;
+	esac
+
+	# Skip this library if it cannot be dlopened.
+	if test -z "$dlname"; then
+	  # Warn if it was a shared library.
+	  test -n "$library_names" && $echo "$modename: warning: \`$file' was not linked with \`-export-dynamic'"
+	  continue
+	fi
+
+	dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
+	test "X$dir" = "X$file" && dir=.
+
+	if test -f "$dir/$objdir/$dlname"; then
+	  dir="$dir/$objdir"
+	else
+	  $echo "$modename: cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" 1>&2
+	  exit $EXIT_FAILURE
+	fi
+	;;
+
+      *.lo)
+	# Just add the directory containing the .lo file.
+	dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
+	test "X$dir" = "X$file" && dir=.
+	;;
+
+      *)
+	$echo "$modename: warning \`-dlopen' is ignored for non-libtool libraries and objects" 1>&2
+	continue
+	;;
+      esac
+
+      # Get the absolute pathname.
+      absdir=`cd "$dir" && pwd`
+      test -n "$absdir" && dir="$absdir"
+
+      # Now add the directory to shlibpath_var.
+      if eval "test -z \"\$$shlibpath_var\""; then
+	eval "$shlibpath_var=\"\$dir\""
+      else
+	eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\""
+      fi
+    done
+
+    # This variable tells wrapper scripts just to set shlibpath_var
+    # rather than running their programs.
+    libtool_execute_magic="$magic"
+
+    # Check if any of the arguments is a wrapper script.
+    args=
+    for file
+    do
+      case $file in
+      -*) ;;
+      *)
+	# Do a test to see if this is really a libtool program.
+	if (${SED} -e '4q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+	  # If there is no directory component, then add one.
+	  case $file in
+	  */* | *\\*) . $file ;;
+	  *) . ./$file ;;
+	  esac
+
+	  # Transform arg to wrapped name.
+	  file="$progdir/$program"
+	fi
+	;;
+      esac
+      # Quote arguments (to preserve shell metacharacters).
+      file=`$echo "X$file" | $Xsed -e "$sed_quote_subst"`
+      args="$args \"$file\""
+    done
+
+    if test -z "$run"; then
+      if test -n "$shlibpath_var"; then
+	# Export the shlibpath_var.
+	eval "export $shlibpath_var"
+      fi
+
+      # Restore saved environment variables
+      if test "${save_LC_ALL+set}" = set; then
+	LC_ALL="$save_LC_ALL"; export LC_ALL
+      fi
+      if test "${save_LANG+set}" = set; then
+	LANG="$save_LANG"; export LANG
+      fi
+
+      # Now prepare to actually exec the command.
+      exec_cmd="\$cmd$args"
+    else
+      # Display what would be done.
+      if test -n "$shlibpath_var"; then
+	eval "\$echo \"\$shlibpath_var=\$$shlibpath_var\""
+	$echo "export $shlibpath_var"
+      fi
+      $echo "$cmd$args"
+      exit $EXIT_SUCCESS
+    fi
+    ;;
+
+  # libtool clean and uninstall mode
+  clean | uninstall)
+    modename="$modename: $mode"
+    rm="$nonopt"
+    files=
+    rmforce=
+    exit_status=0
+
+    # This variable tells wrapper scripts just to set variables rather
+    # than running their programs.
+    libtool_install_magic="$magic"
+
+    for arg
+    do
+      case $arg in
+      -f) rm="$rm $arg"; rmforce=yes ;;
+      -*) rm="$rm $arg" ;;
+      *) files="$files $arg" ;;
+      esac
+    done
+
+    if test -z "$rm"; then
+      $echo "$modename: you must specify an RM program" 1>&2
+      $echo "$help" 1>&2
+      exit $EXIT_FAILURE
+    fi
+
+    rmdirs=
+
+    origobjdir="$objdir"
+    for file in $files; do
+      dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`
+      if test "X$dir" = "X$file"; then
+	dir=.
+	objdir="$origobjdir"
+      else
+	objdir="$dir/$origobjdir"
+      fi
+      name=`$echo "X$file" | $Xsed -e 's%^.*/%%'`
+      test "$mode" = uninstall && objdir="$dir"
+
+      # Remember objdir for removal later, being careful to avoid duplicates
+      if test "$mode" = clean; then
+	case " $rmdirs " in
+	  *" $objdir "*) ;;
+	  *) rmdirs="$rmdirs $objdir" ;;
+	esac
+      fi
+
+      # Don't error if the file doesn't exist and rm -f was used.
+      if (test -L "$file") >/dev/null 2>&1 \
+	|| (test -h "$file") >/dev/null 2>&1 \
+	|| test -f "$file"; then
+	:
+      elif test -d "$file"; then
+	exit_status=1
+	continue
+      elif test "$rmforce" = yes; then
+	continue
+      fi
+
+      rmfiles="$file"
+
+      case $name in
+      *.la)
+	# Possibly a libtool archive, so verify it.
+	if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+	  . $dir/$name
+
+	  # Delete the libtool libraries and symlinks.
+	  for n in $library_names; do
+	    rmfiles="$rmfiles $objdir/$n"
+	  done
+	  test -n "$old_library" && rmfiles="$rmfiles $objdir/$old_library"
+
+	  case "$mode" in
+	  clean)
+	    case "  $library_names " in
+	    # "  " in the beginning catches empty $dlname
+	    *" $dlname "*) ;;
+	    *) rmfiles="$rmfiles $objdir/$dlname" ;;
+	    esac
+	     test -n "$libdir" && rmfiles="$rmfiles $objdir/$name $objdir/${name}i"
+	    ;;
+	  uninstall)
+	    if test -n "$library_names"; then
+	      # Do each command in the postuninstall commands.
+	      cmds=$postuninstall_cmds
+	      save_ifs="$IFS"; IFS='~'
+	      for cmd in $cmds; do
+		IFS="$save_ifs"
+		eval cmd=\"$cmd\"
+		$show "$cmd"
+		$run eval "$cmd"
+		if test "$?" -ne 0 && test "$rmforce" != yes; then
+		  exit_status=1
+		fi
+	      done
+	      IFS="$save_ifs"
+	    fi
+
+	    if test -n "$old_library"; then
+	      # Do each command in the old_postuninstall commands.
+	      cmds=$old_postuninstall_cmds
+	      save_ifs="$IFS"; IFS='~'
+	      for cmd in $cmds; do
+		IFS="$save_ifs"
+		eval cmd=\"$cmd\"
+		$show "$cmd"
+		$run eval "$cmd"
+		if test "$?" -ne 0 && test "$rmforce" != yes; then
+		  exit_status=1
+		fi
+	      done
+	      IFS="$save_ifs"
+	    fi
+	    # FIXME: should reinstall the best remaining shared library.
+	    ;;
+	  esac
+	fi
+	;;
+
+      *.lo)
+	# Possibly a libtool object, so verify it.
+	if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+
+	  # Read the .lo file
+	  . $dir/$name
+
+	  # Add PIC object to the list of files to remove.
+	  if test -n "$pic_object" \
+	     && test "$pic_object" != none; then
+	    rmfiles="$rmfiles $dir/$pic_object"
+	  fi
+
+	  # Add non-PIC object to the list of files to remove.
+	  if test -n "$non_pic_object" \
+	     && test "$non_pic_object" != none; then
+	    rmfiles="$rmfiles $dir/$non_pic_object"
+	  fi
+	fi
+	;;
+
+      *)
+	if test "$mode" = clean ; then
+	  noexename=$name
+	  case $file in
+	  *.exe)
+	    file=`$echo $file|${SED} 's,.exe$,,'`
+	    noexename=`$echo $name|${SED} 's,.exe$,,'`
+	    # $file with .exe has already been added to rmfiles,
+	    # add $file without .exe
+	    rmfiles="$rmfiles $file"
+	    ;;
+	  esac
+	  # Do a test to see if this is a libtool program.
+	  if (${SED} -e '4q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then
+	    relink_command=
+	    . $dir/$noexename
+
+	    # note $name still contains .exe if it was in $file originally
+	    # as does the version of $file that was added into $rmfiles
+	    rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}"
+	    if test "$fast_install" = yes && test -n "$relink_command"; then
+	      rmfiles="$rmfiles $objdir/lt-$name"
+	    fi
+	    if test "X$noexename" != "X$name" ; then
+	      rmfiles="$rmfiles $objdir/lt-${noexename}.c"
+	    fi
+	  fi
+	fi
+	;;
+      esac
+      $show "$rm $rmfiles"
+      $run $rm $rmfiles || exit_status=1
+    done
+    objdir="$origobjdir"
+
+    # Try to remove the ${objdir}s in the directories where we deleted files
+    for dir in $rmdirs; do
+      if test -d "$dir"; then
+	$show "rmdir $dir"
+	$run rmdir $dir >/dev/null 2>&1
+      fi
+    done
+
+    exit $exit_status
+    ;;
+
+  "")
+    $echo "$modename: you must specify a MODE" 1>&2
+    $echo "$generic_help" 1>&2
+    exit $EXIT_FAILURE
+    ;;
+  esac
+
+  if test -z "$exec_cmd"; then
+    $echo "$modename: invalid operation mode \`$mode'" 1>&2
+    $echo "$generic_help" 1>&2
+    exit $EXIT_FAILURE
+  fi
+fi # test -z "$show_help"
+
+if test -n "$exec_cmd"; then
+  eval exec $exec_cmd
+  exit $EXIT_FAILURE
+fi
+
+# We need to display help for each of the modes.
+case $mode in
+"") $echo \
+"Usage: $modename [OPTION]... [MODE-ARG]...
+
+Provide generalized library-building support services.
+
+    --config          show all configuration variables
+    --debug           enable verbose shell tracing
+-n, --dry-run         display commands without modifying any files
+    --features        display basic configuration information and exit
+    --finish          same as \`--mode=finish'
+    --help            display this help message and exit
+    --mode=MODE       use operation mode MODE [default=inferred from MODE-ARGS]
+    --quiet           same as \`--silent'
+    --silent          don't print informational messages
+    --tag=TAG         use configuration variables from tag TAG
+    --version         print version information
+
+MODE must be one of the following:
+
+      clean           remove files from the build directory
+      compile         compile a source file into a libtool object
+      execute         automatically set library path, then run a program
+      finish          complete the installation of libtool libraries
+      install         install libraries or executables
+      link            create a library or an executable
+      uninstall       remove libraries from an installed directory
+
+MODE-ARGS vary depending on the MODE.  Try \`$modename --help --mode=MODE' for
+a more detailed description of MODE.
+
+Report bugs to <bug-libtool@gnu.org>."
+  exit $EXIT_SUCCESS
+  ;;
+
+clean)
+  $echo \
+"Usage: $modename [OPTION]... --mode=clean RM [RM-OPTION]... FILE...
+
+Remove files from the build directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm').  RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, object or program, all the files associated
+with it are deleted. Otherwise, only FILE itself is deleted using RM."
+  ;;
+
+compile)
+  $echo \
+"Usage: $modename [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE
+
+Compile a source file into a libtool library object.
+
+This mode accepts the following additional options:
+
+  -o OUTPUT-FILE    set the output file name to OUTPUT-FILE
+  -prefer-pic       try to building PIC objects only
+  -prefer-non-pic   try to building non-PIC objects only
+  -static           always build a \`.o' file suitable for static linking
+
+COMPILE-COMMAND is a command to be used in creating a \`standard' object file
+from the given SOURCEFILE.
+
+The output file name is determined by removing the directory component from
+SOURCEFILE, then substituting the C source code suffix \`.c' with the
+library object suffix, \`.lo'."
+  ;;
+
+execute)
+  $echo \
+"Usage: $modename [OPTION]... --mode=execute COMMAND [ARGS]...
+
+Automatically set library path, then run a program.
+
+This mode accepts the following additional options:
+
+  -dlopen FILE      add the directory containing FILE to the library path
+
+This mode sets the library path environment variable according to \`-dlopen'
+flags.
+
+If any of the ARGS are libtool executable wrappers, then they are translated
+into their corresponding uninstalled binary, and any of their required library
+directories are added to the library path.
+
+Then, COMMAND is executed, with ARGS as arguments."
+  ;;
+
+finish)
+  $echo \
+"Usage: $modename [OPTION]... --mode=finish [LIBDIR]...
+
+Complete the installation of libtool libraries.
+
+Each LIBDIR is a directory that contains libtool libraries.
+
+The commands that this mode executes may require superuser privileges.  Use
+the \`--dry-run' option if you just want to see what would be executed."
+  ;;
+
+install)
+  $echo \
+"Usage: $modename [OPTION]... --mode=install INSTALL-COMMAND...
+
+Install executables or libraries.
+
+INSTALL-COMMAND is the installation command.  The first component should be
+either the \`install' or \`cp' program.
+
+The rest of the components are interpreted as arguments to that command (only
+BSD-compatible install options are recognized)."
+  ;;
+
+link)
+  $echo \
+"Usage: $modename [OPTION]... --mode=link LINK-COMMAND...
+
+Link object files or libraries together to form another library, or to
+create an executable program.
+
+LINK-COMMAND is a command using the C compiler that you would use to create
+a program from several object files.
+
+The following components of LINK-COMMAND are treated specially:
+
+  -all-static       do not do any dynamic linking at all
+  -avoid-version    do not add a version suffix if possible
+  -dlopen FILE      \`-dlpreopen' FILE if it cannot be dlopened at runtime
+  -dlpreopen FILE   link in FILE and add its symbols to lt_preloaded_symbols
+  -export-dynamic   allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
+  -export-symbols SYMFILE
+		    try to export only the symbols listed in SYMFILE
+  -export-symbols-regex REGEX
+		    try to export only the symbols matching REGEX
+  -LLIBDIR          search LIBDIR for required installed libraries
+  -lNAME            OUTPUT-FILE requires the installed library libNAME
+  -module           build a library that can dlopened
+  -no-fast-install  disable the fast-install mode
+  -no-install       link a not-installable executable
+  -no-undefined     declare that a library does not refer to external symbols
+  -o OUTPUT-FILE    create OUTPUT-FILE from the specified objects
+  -objectlist FILE  Use a list of object files found in FILE to specify objects
+  -precious-files-regex REGEX
+                    don't remove output files matching REGEX
+  -release RELEASE  specify package release information
+  -rpath LIBDIR     the created library will eventually be installed in LIBDIR
+  -R[ ]LIBDIR       add LIBDIR to the runtime path of programs and libraries
+  -static           do not do any dynamic linking of libtool libraries
+  -version-info CURRENT[:REVISION[:AGE]]
+		    specify library version info [each variable defaults to 0]
+
+All other options (arguments beginning with \`-') are ignored.
+
+Every other argument is treated as a filename.  Files ending in \`.la' are
+treated as uninstalled libtool libraries, other files are standard or library
+object files.
+
+If the OUTPUT-FILE ends in \`.la', then a libtool library is created,
+only library objects (\`.lo' files) may be specified, and \`-rpath' is
+required, except when creating a convenience library.
+
+If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created
+using \`ar' and \`ranlib', or on Windows using \`lib'.
+
+If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file
+is created, otherwise an executable program is created."
+  ;;
+
+uninstall)
+  $echo \
+"Usage: $modename [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE...
+
+Remove libraries from an installation directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm').  RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, all the files associated with it are deleted.
+Otherwise, only FILE itself is deleted using RM."
+  ;;
+
+*)
+  $echo "$modename: invalid operation mode \`$mode'" 1>&2
+  $echo "$help" 1>&2
+  exit $EXIT_FAILURE
+  ;;
+esac
+
+$echo
+$echo "Try \`$modename --help' for more information about other modes."
+
+exit $?
+
+# The TAGs below are defined such that we never get into a situation
+# in which we disable both kinds of libraries.  Given conflicting
+# choices, we go for a static library, that is the most portable,
+# since we can't tell whether shared libraries were disabled because
+# the user asked for that or because the platform doesn't support
+# them.  This is particularly important on AIX, because we don't
+# support having both static and shared libraries enabled at the same
+# time on that platform, so we default to a shared-only configuration.
+# If a disable-shared tag is given, we'll fallback to a static-only
+# configuration.  But we'll never go from static-only to shared-only.
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-shared
+disable_libs=shared
+# ### END LIBTOOL TAG CONFIG: disable-shared
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-static
+disable_libs=static
+# ### END LIBTOOL TAG CONFIG: disable-static
+
+# Local Variables:
+# mode:shell-script
+# sh-indentation:2
+# End:
diff --git a/pki/base/tps/m4/apache.m4 b/pki/base/tps/m4/apache.m4
new file mode 100644
index 000000000..dba7716ca
--- /dev/null
+++ b/pki/base/tps/m4/apache.m4
@@ -0,0 +1,336 @@
+dnl BEGIN COPYRIGHT BLOCK
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation;
+dnl version 2.1 of the License.
+dnl 
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+dnl Lesser General Public License for more details.
+dnl 
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library; if not, write to the Free Software
+dnl Foundation, Inc., 51 Franklin Street, Fifth Floor,
+dnl Boston, MA  02110-1301  USA 
+dnl 
+dnl Copyright (C) 2007 Red Hat, Inc.
+dnl All rights reserved.
+dnl END COPYRIGHT BLOCK
+
+AC_CHECKING(for Apache)
+
+# check for --with-apache
+AC_MSG_CHECKING(for --with-apache)
+AC_ARG_WITH(apache, [  --with-apache=PATH        Apache directory],
+[
+  if test -e "$withval"/include/httpd/httpd.h -a -d "$withval"/lib -a -d "$withval"/sbin
+  then
+    AC_MSG_RESULT([using $withval])
+    APACHEDIR=$withval
+    apache_inc="-I$APACHEDIR/include -I$APACHEDIR/include/httpd"
+    case $host in
+      *-*-linux*)
+        if test -n "$USE_64"
+        then
+          apache_lib="-L$APACHEDIR/lib64"
+          apache_libdir="$APACHEDIR/lib64"
+          db_lib="-L$APACHEDIR/lib64"
+          db_libdir="$APACHEDIR/lib64"
+        else
+          apache_lib="-L$APACHEDIR/lib"
+          apache_libdir="$APACHEDIR/lib"
+          db_lib="-L$APACHEDIR/lib"
+          db_libdir="$APACHEDIR/lib"
+        fi
+        apache_bindir="$APACHEDIR/sbin"
+        ;;
+      sparc-sun-solaris*)
+        if test -n "$USE_64"
+        then
+          apache_lib="-L$APACHEDIR/lib/sparcv9"
+          apache_libdir="$APACHEDIR/lib/sparcv9"
+          db_lib="-L$APACHEDIR/lib/sparcv9"
+          db_libdir="$APACHEDIR/lib/sparcv9"
+          apache_bindir="$APACHEDIR/sbin/sparcv9"
+        else
+          apache_lib="-L$APACHEDIR/lib"
+          apache_libdir="$APACHEDIR/lib"
+          db_lib="-L$APACHEDIR/lib"
+          db_libdir="$APACHEDIR/lib"
+          apache_bindir="$APACHEDIR/sbin"
+        fi
+        ;;
+      *)
+        AC_MSG_ERROR([unconfigured platform $host])
+        ;;
+    esac
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-apache-inc
+AC_MSG_CHECKING(for --with-apache-inc)
+AC_ARG_WITH(apache-inc, [  --with-apache-inc=PATH        Apache include file directory],
+[
+  if test -e "$withval"/httpd.h
+  then
+    AC_MSG_RESULT([using $withval])
+    apache_inc="-I$withval/.. -I$withval"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-apache-lib
+AC_MSG_CHECKING(for --with-apache-lib)
+AC_ARG_WITH(apache-lib, [  --with-apache-lib=PATH        Apache library directory],
+[
+  if test -d "$withval"
+  then
+    AC_MSG_RESULT([using $withval])
+    apache_lib="-L$withval"
+    apache_libdir="$withval"
+    db_lib="-L$withval"
+    db_libdir="$withval"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-apache-bin
+AC_MSG_CHECKING(for --with-apache-bin)
+AC_ARG_WITH(apache-bin, [  --with-apache-bin=PATH        Apache executables directory],
+[
+  if test -d "$withval"
+  then
+    AC_MSG_RESULT([using $withval])
+    apache_bindir="$withval"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for Apache in well-known locations
+# e. g. - on certain platforms, check for the presence
+#         of a "Fortitude"-enabled web-server first
+AC_MSG_CHECKING(for Apache in well-known locations)
+case $host in
+  *-*-linux*)
+    if test -f /usr/include/httpd/httpd.h
+    then
+      apache_inc="-I/usr/include -I/usr/include/httpd"
+    else
+      AC_MSG_ERROR([/usr/include/httpd/httpd.h not found])
+    fi
+    if test -n "$USE_64"
+    then
+      if test -e /usr/lib64/libaprutil-0.so
+      then
+        apache_lib="-L/usr/lib64"
+        apache_libdir="/usr/lib64"
+        db_lib="-L/usr/lib64"
+        db_libdir="/usr/lib64"
+        apr_libutil_version="aprutil-0"
+      elif test -e /usr/lib64/libaprutil-1.so
+      then
+        apache_lib="-L/usr/lib64"
+        apache_libdir="/usr/lib64"
+        db_lib="-L/usr/lib64"
+        db_libdir="/usr/lib64"
+        apr_libutil_version="aprutil-1"
+      else
+        AC_MSG_ERROR([libaprutil not found])
+      fi
+    else
+      if test -e /usr/lib/libaprutil-0.so
+      then
+        apache_lib="-L/usr/lib"
+        apache_libdir="/usr/lib"
+        db_lib="-L/usr/lib"
+        db_libdir="/usr/lib"
+        apr_libutil_version="aprutil-0"
+      elif test -e /usr/lib/libaprutil-1.so
+      then
+        apache_lib="-L/usr/lib"
+        apache_libdir="/usr/lib"
+        db_lib="-L/usr/lib"
+        db_libdir="/usr/lib"
+        apr_libutil_version="aprutil-1"
+      else
+        AC_MSG_ERROR([libaprutil not found])
+      fi
+    fi
+    if test -x /usr/sbin/httpd
+    then
+      apache_bindir="/usr/sbin"
+    else
+      AC_MSG_ERROR([/usr/sbin/httpd not found])
+    fi
+    AC_MSG_RESULT([using system Apache in /usr])
+    ;;
+  sparc-sun-solaris*)
+    if test -d /opt/fortitude
+    then
+      if test -f /opt/fortitude/include/httpd/httpd.h
+      then
+        apache_inc="-I/opt/fortitude/include -I/opt/fortitude/include/httpd"
+      else
+        AC_MSG_ERROR([/opt/fortitude/include/httpd/httpd.h not found])
+      fi
+      if test -n "$USE_64"
+      then
+        #############################################################
+        ###  NOTE:  The 64-bit Fortitude "sparcv9" libraries and  ###
+        ###         programs are now under "/opt/fortitude/lib"   ###
+        ###         and "/opt/fortitude/sbin" rather than         ###
+        ###         "/opt/fortitude/lib/sparcv9" and              ###
+        ###         "/opt/fortitude/sbin/sparcv9"!!!              ###
+        ###                                                       ###
+        ###         The exception to this are the -ldb and the    ###
+        ###         -ldb_cxx libraries which are still located    ###
+        ###         under the "/opt/fortitude/lib/sparcv9"        ###
+        ###         directory.                                    ###
+        ###                                                       ###
+        ###         To help guard against any future movement     ###
+        ###         of any of these libraries and/or programs,    ###
+        ###         this m4 file will first check under the       ###
+        ###         "sparcv9" directory, and then the directory   ###
+        ###         immediately above the "sparcv9" directory.    ###
+        #############################################################
+        if test -e /opt/fortitude/lib/sparcv9/libaprutil-0.so
+        then
+          apache_lib="-L/opt/fortitude/lib/sparcv9"
+          apache_libdir="/opt/fortitude/lib/sparcv9"
+          apr_libutil_version="aprutil-0"
+        else
+          if test -e /opt/fortitude/lib/libaprutil-0.so
+          then
+            apache_lib="-L/opt/fortitude/lib"
+            apache_libdir="/opt/fortitude/lib"
+            apr_libutil_version="aprutil-0"
+          else
+            AC_MSG_ERROR([Fortitude-enabled libaprutil-0.so not found])
+          fi
+        fi
+        if test -e /opt/fortitude/lib/sparcv9/libdb-4.2.so
+        then
+          db_lib="-L/opt/fortitude/lib/sparcv9"
+          db_libdir="/opt/fortitude/lib/sparcv9"
+        else
+          if test -e /opt/fortitude/lib/libdb-4.2.so
+          then
+            db_lib="-L/opt/fortitude/lib"
+            db_libdir="/opt/fortitude/lib"
+          else
+            AC_MSG_ERROR([Fortitude-enabled libdb-4.2.so not found])
+          fi
+        fi
+        if test -x /opt/fortitude/sbin/sparcv9/httpd
+        then
+          apache_bindir="/opt/fortitude/sbin/sparcv9"
+        else
+          if test -x /opt/fortitude/sbin/httpd
+          then
+            apache_bindir="/opt/fortitude/sbin"
+          else
+            AC_MSG_ERROR([Fortitude-enabled httpd not found])
+          fi
+        fi
+      else
+        if test -e /opt/fortitude/lib/libaprutil-0.so
+        then
+          apache_lib="-L/opt/fortitude/lib"
+          apache_libdir="/opt/fortitude/lib"
+          apr_libutil_version="aprutil-0"
+        else
+          AC_MSG_ERROR([/opt/fortitude/lib/libaprutil-0.so not found])
+        fi
+        if test -e /opt/fortitude/lib/libdb-4.2.so
+        then
+          db_lib="-L/opt/fortitude/lib"
+          db_libdir="/opt/fortitude/lib"
+        else
+          AC_MSG_ERROR([/opt/fortitude/lib/libdb-4.2.so not found])
+        fi
+        if test -x /opt/fortitude/sbin/httpd
+        then
+          apache_bindir="/opt/fortitude/sbin"
+        else
+          AC_MSG_ERROR([/opt/fortitude/sbin/httpd not found])
+        fi
+      fi
+      AC_MSG_RESULT([using Fortitude-enabled Apache in /opt/fortitude])
+    else
+      if test -f /usr/local/include/httpd/httpd.h
+      then
+        apache_inc="-I/usr/local/include -I/usr/local/include/httpd"
+      else
+        AC_MSG_ERROR([/usr/local/include/httpd/httpd.h not found])
+      fi
+      if test -n "$USE_64"
+      then
+        if test -e /usr/local/lib/sparcv9/libaprutil-0.so
+        then
+          apache_lib="-L/usr/local/lib/sparcv9"
+          apache_libdir="/usr/local/lib/sparcv9"
+          db_lib="-L/usr/local/lib/sparcv9"
+          db_libdir="/usr/local/lib/sparcv9"
+          apr_libutil_version="aprutil-0"
+        else
+          AC_MSG_ERROR([/usr/local/lib/sparcv9/libaprutil-0.so not found])
+        fi
+        if test -x /usr/local/sbin/sparcv9/httpd
+        then
+          apache_bindir="/usr/local/sbin/sparcv9"
+        else
+          AC_MSG_ERROR([/usr/local/sbin/sparcv9/httpd not found])
+        fi
+      else
+        if test -e /usr/local/lib/libaprutil-0.so
+        then
+          apache_lib="-L/usr/local/lib"
+          apache_libdir="/usr/local/lib"
+          db_lib="-L/usr/local/lib"
+          db_libdir="/usr/local/lib"
+          apr_libutil_version="aprutil-0"
+        else
+          AC_MSG_ERROR([/usr/local/lib/libaprutil-0.so not found])
+        fi
+        if test -x /usr/local/sbin/httpd
+        then
+          apache_bindir="/usr/local/sbin"
+        else
+          AC_MSG_ERROR([/usr/local/sbin/httpd not found])
+        fi
+      fi
+    fi
+    AC_MSG_RESULT([using system Apache in /usr/local])
+    ;;
+  *)
+    AC_MSG_ERROR([unconfigured platform $host])
+    ;;
+esac
+
+# if Apache has not been found, print an error and exit
+if test -z "$apache_inc"
+then
+  AC_MSG_ERROR([Apache include file directory not found, specify with --with-apache.])
+fi
+if test -z "$apache_lib" -o -z "$apache_libdir" -o -z "$db_lib" -o -z "db_libdir" -o -z "$apr_libutil_version"
+then
+  AC_MSG_ERROR([Apache library directory not found, specify with --with-apache.])
+fi
+if test -z "$apache_bindir"
+then
+  AC_MSG_ERROR([Apache executables directory not found, specify with --with-apache.])
+fi
diff --git a/pki/base/tps/m4/apr.m4 b/pki/base/tps/m4/apr.m4
new file mode 100644
index 000000000..88c177b02
--- /dev/null
+++ b/pki/base/tps/m4/apr.m4
@@ -0,0 +1,345 @@
+dnl BEGIN COPYRIGHT BLOCK
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation;
+dnl version 2.1 of the License.
+dnl 
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+dnl Lesser General Public License for more details.
+dnl 
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library; if not, write to the Free Software
+dnl Foundation, Inc., 51 Franklin Street, Fifth Floor,
+dnl Boston, MA  02110-1301  USA 
+dnl 
+dnl Copyright (C) 2007 Red Hat, Inc.
+dnl All rights reserved.
+dnl END COPYRIGHT BLOCK
+
+AC_CHECKING(for Apr)
+
+# check for --with-apr
+AC_MSG_CHECKING(for --with-apr)
+AC_ARG_WITH(apr, [  --with-apr=PATH        Apr directory],
+[
+  if test -e "$withval"/include/apr-0/apr.h -a -d "$withval"/lib -a -d "$withval"/bin
+  then
+    AC_MSG_RESULT([using $withval])
+    APRDIR=$withval
+    apr_inc="-DAPRDIR -I$APRDIR/include -I$APRDIR/include/apr-0"
+    apr_lib_version="apr-0"
+    case $host in
+      *-*-linux*)
+        if test -n "$USE_64"
+        then
+          apr_lib="-L$APRDIR/lib64"
+          apr_libdir="$APRDIR/lib64"
+        else
+          apr_lib="-L$APRDIR/lib"
+          apr_libdir="$APRDIR/lib"
+        fi
+        apr_bindir="$APRDIR/bin"
+        ;;
+      sparc-sun-solaris*)
+        if test -n "$USE_64"
+        then
+          apr_lib="-L$APRDIR/lib/sparcv9"
+          apr_libdir="$APRDIR/lib/sparcv9"
+          apr_bindir="$APRDIR/bin/sparcv9"
+        else
+          apr_lib="-L$APRDIR/lib"
+          apr_libdir="$APRDIR/lib"
+          apr_bindir="$APRDIR/bin"
+        fi
+        ;;
+      *)
+        AC_MSG_ERROR([unconfigured platform $host])
+        ;;
+    esac
+  elif test -e "$withval"/include/apr-1/apr.h -a -d "$withval"/lib -a -d "$withval"/bin
+  then
+    AC_MSG_RESULT([using $withval])
+    APRDIR=$withval
+    apr_inc="-DAPRDIR -I$APRDIR/include -I$APRDIR/include/apr-1"
+    apr_lib_version="apr-1"
+    case $host in
+      *-*-linux*)
+        if test -n "$USE_64"
+        then
+          apr_lib="-L$APRDIR/lib64"
+          apr_libdir="$APRDIR/lib64"
+        else
+          apr_lib="-L$APRDIR/lib"
+          apr_libdir="$APRDIR/lib"
+        fi
+        apr_bindir="$APRDIR/bin"
+        ;;
+      sparc-sun-solaris*)
+        if test -n "$USE_64"
+        then
+          apr_lib="-L$APRDIR/lib/sparcv9"
+          apr_libdir="$APRDIR/lib/sparcv9"
+          apr_bindir="$APRDIR/bin/sparcv9"
+        else
+          apr_lib="-L$APRDIR/lib"
+          apr_libdir="$APRDIR/lib"
+          apr_bindir="$APRDIR/bin"
+        fi
+        ;;
+      *)
+        AC_MSG_ERROR([unconfigured platform $host])
+        ;;
+    esac
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-apr-inc
+AC_MSG_CHECKING(for --with-apr-inc)
+AC_ARG_WITH(apr-inc, [  --with-apr-inc=PATH        Apr include file directory],
+[
+  if test -e "$withval"/apr.h
+  then
+    AC_MSG_RESULT([using $withval])
+    APRDIR=$withval/..
+    apr_inc="-DAPRDIR -I$withval/.. -I$withval"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-apr-lib
+AC_MSG_CHECKING(for --with-apr-lib)
+AC_ARG_WITH(apr-lib, [  --with-apr-lib=PATH        Apr library directory],
+[
+  if test -d "$withval"
+  then
+    AC_MSG_RESULT([using $withval])
+    apr_lib="-L$withval"
+    apr_libdir="$withval"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+  if test -e "$withval/libapr-0.so"
+  then
+    apr_lib_version="apr-0"
+  elif test -e "$withval/libapr-1.so"
+  then
+    apr_lib_version="apr-1"
+  else
+    AC_MSG_ERROR([libapr in $withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-apr-bin
+AC_MSG_CHECKING(for --with-apr-bin)
+AC_ARG_WITH(apr-bin, [  --with-apr-bin=PATH        Apr executables directory],
+[
+  if test -d "$withval"
+  then
+    AC_MSG_RESULT([using $withval])
+    apr_bindir="$withval"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for Apr in well-known locations
+# e. g. - on certain platforms, check for the presence
+#         of a "Fortitude"-enabled web-server first
+AC_MSG_CHECKING(for APR in well-known locations)
+case $host in
+  *-*-linux*)
+    if test -f /usr/include/apr-0/apr.h
+    then
+      apr_inc="-DAPRDIR -I/usr/include -I/usr/include/apr-0"
+    elif test -f /usr/include/apr-1/apr.h
+    then
+      apr_inc="-DAPRDIR -I/usr/include -I/usr/include/apr-1"
+    else
+      AC_MSG_ERROR([apr.h not found])
+    fi
+    if test -n "$USE_64"
+    then
+      if test -e /usr/lib64/libapr-0.so
+      then
+        apr_lib="-L/usr/lib64"
+        apr_libdir="/usr/lib64"
+        apr_lib_version="apr-0"
+      elif test -e /usr/lib64/libapr-1.so
+      then
+        apr_lib="-L/usr/lib64"
+        apr_libdir="/usr/lib64"
+        apr_lib_version="apr-1"
+      else
+        AC_MSG_ERROR([libapr not found])
+      fi
+    else
+      if test -e /usr/lib/libapr-0.so
+      then
+        apr_lib="-L/usr/lib"
+        apr_libdir="/usr/lib"
+        apr_lib_version="apr-0"
+      elif test -e /usr/lib/libapr-1.so
+      then
+        apr_lib="-L/usr/lib"
+        apr_libdir="/usr/lib"
+        apr_lib_version="apr-1"
+      else
+        AC_MSG_ERROR([libapr not found])
+      fi
+    fi
+    if test -x /usr/bin/apr-config
+    then
+      apr_bindir="/usr/bin"
+    elif test -x /usr/bin/apr-1-config
+    then
+      apr_bindir="/usr/bin"
+    else
+      AC_MSG_ERROR([apr-config or apr-1-config not found])
+    fi
+    AC_MSG_RESULT([using system Apr in /usr])
+    ;;
+  sparc-sun-solaris*)
+    if test -d /opt/fortitude
+    then
+      if test -f /opt/fortitude/include/apr-0/apr.h
+      then
+        apr_inc="-DAPRDIR -I/opt/fortitude/include -I/opt/fortitude/include/apr-0"
+      else
+        AC_MSG_ERROR([/opt/fortitude/include/apr-0/apr.h not found])
+      fi
+      if test -n "$USE_64"
+      then
+        #############################################################
+        ###  NOTE:  The 64-bit Fortitude "sparcv9" libraries and  ###
+        ###         programs are now under "/opt/fortitude/lib"   ###
+        ###         and "/opt/fortitude/bin" rather than          ###
+        ###         "/opt/fortitude/lib/sparcv9" and              ###
+        ###         "/opt/fortitude/bin/sparcv9"!!!               ###
+        ###                                                       ###
+        ###         To help guard against any future movement     ###
+        ###         of any of these libraries and/or programs,    ###
+        ###         this m4 file will first check under the       ###
+        ###         "sparcv9" directory, and then the directory   ###
+        ###         immediately above the "sparcv9" directory.    ###
+        #############################################################
+        if test -e /opt/fortitude/lib/sparcv9/libapr-0.so
+        then
+          apr_lib="-L/opt/fortitude/lib/sparcv9"
+          apr_libdir="/opt/fortitude/lib/sparcv9"
+          apr_lib_version="apr-0"
+        else
+          if test -e /opt/fortitude/lib/libapr-0.so
+          then
+            apr_lib="-L/opt/fortitude/lib"
+            apr_libdir="/opt/fortitude/lib"
+            apr_lib_version="apr-0"
+          else
+            AC_MSG_ERROR([Fortitude-enabled libapr-0.so not found])
+          fi
+        fi
+        if test -x /opt/fortitude/bin/sparcv9/apr-config
+        then
+          apr_bindir="/opt/fortitude/bin/sparcv9"
+        else
+          if test -x /opt/fortitude/bin/apr-config
+          then
+            apr_bindir="/opt/fortitude/bin"
+          else
+            AC_MSG_ERROR([Fortitude-enabled apr-config not found])
+          fi
+        fi
+      else
+        if test -e /opt/fortitude/lib/libapr-0.so
+        then
+          apr_lib="-L/opt/fortitude/lib"
+          apr_libdir="/opt/fortitude/lib"
+          apr_lib_version="apr-0"
+        else
+          AC_MSG_ERROR([/opt/fortitude/lib/libapr-0.so not found])
+        fi
+        if test -x /opt/fortitude/bin/apr-config
+        then
+          apr_bindir="/opt/fortitude/bin"
+        else
+          AC_MSG_ERROR([/opt/fortitude/bin/apr-config not found])
+        fi
+      fi
+      AC_MSG_RESULT([using Fortitude-enabled Apr in /opt/fortitude])
+    else
+      if test -f /usr/local/include/apr-0/apr.h
+      then
+        apr_inc="-DAPRDIR -I/usr/local/include -I/usr/local/include/apr-0"
+      else
+        AC_MSG_ERROR([/usr/local/include/apr-0/apr.h not found])
+      fi
+      if test -n "$USE_64"
+      then
+        if test -e /usr/local/lib/sparcv9/libapr-0.so
+        then
+          apr_lib="-L/usr/local/lib/sparcv9"
+          apr_libdir="/usr/local/lib/sparcv9"
+          apr_lib_version="apr-0"
+        else
+          AC_MSG_ERROR([/usr/local/lib/sparcv9/libapr-0.so not found])
+        fi
+        if test -x /usr/local/bin/sparcv9/apr-config
+        then
+          apr_bindir="/usr/local/bin/sparcv9"
+        else
+          AC_MSG_ERROR([/usr/local/bin/sparcv9/apr-config not found])
+        fi
+      else
+        if test -e /usr/local/lib/libapr-0.so
+        then
+          apr_lib="-L/usr/local/lib"
+          apr_libdir="/usr/local/lib"
+          apr_lib_version="apr-0"
+        else
+          AC_MSG_ERROR([/usr/local/lib/libapr-0.so not found])
+        fi
+        if test -x /usr/local/bin/apr-config
+        then
+          apr_bindir="/usr/local/bin"
+        else
+          AC_MSG_ERROR([/usr/local/bin/apr-config not found])
+        fi
+      fi
+    fi
+    AC_MSG_RESULT([using system Apr in /usr/local])
+    ;;
+  *)
+    AC_MSG_ERROR([unconfigured platform $host])
+    ;;
+esac
+
+# if Apr has not been found, print an error and exit
+if test -z "$apr_inc"
+then
+  AC_MSG_ERROR([Apr include file directory not found, specify with --with-apr.])
+fi
+if test -z "$apr_lib" -o -z "$apr_libdir"
+then
+  AC_MSG_ERROR([Apr library directory not found, specify with --with-apr.])
+fi
+if test -z "$apr_bindir"
+then
+  AC_MSG_ERROR([Apr executables directory not found, specify with --with-apr.])
+fi
+if test -z "$apr_lib_version"
+then
+  AC_MSG_ERROR([Apr library version not found, specify with --with-apr.])
+fi
+
diff --git a/pki/base/tps/m4/mozldap.m4 b/pki/base/tps/m4/mozldap.m4
new file mode 100644
index 000000000..1038b8abb
--- /dev/null
+++ b/pki/base/tps/m4/mozldap.m4
@@ -0,0 +1,121 @@
+dnl BEGIN COPYRIGHT BLOCK
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation;
+dnl version 2.1 of the License.
+dnl 
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+dnl Lesser General Public License for more details.
+dnl 
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library; if not, write to the Free Software
+dnl Foundation, Inc., 51 Franklin Street, Fifth Floor,
+dnl Boston, MA  02110-1301  USA 
+dnl 
+dnl Copyright (C) 2007 Red Hat, Inc.
+dnl All rights reserved.
+dnl END COPYRIGHT BLOCK
+
+AC_CHECKING(for LDAPSDK)
+
+# check for --with-ldapsdk
+AC_MSG_CHECKING(for --with-ldapsdk)
+AC_ARG_WITH(ldapsdk, [  --with-ldapsdk=PATH     Mozilla LDAP SDK directory],
+[
+  if test -e "$withval"/include/ldap.h -a -d "$withval"/lib
+  then
+    AC_MSG_RESULT([using $withval])
+    LDAPSDKDIR=$withval
+    ldapsdk_inc="-I$LDAPSDKDIR/include"
+    ldapsdk_lib="-L$LDAPSDKDIR/lib"
+    ldapsdk_libdir="$LDAPSDKDIR/lib"
+    ldapsdk_bindir="$LDAPSDKDIR/bin"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-ldapsdk-inc
+AC_MSG_CHECKING(for --with-ldapsdk-inc)
+AC_ARG_WITH(ldapsdk-inc, [  --with-ldapsdk-inc=PATH     Mozilla LDAP SDK include directory],
+[
+  if test -e "$withval"/ldap.h
+  then
+    AC_MSG_RESULT([using $withval])
+    ldapsdk_inc="-I$withval"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-ldapsdk-lib
+AC_MSG_CHECKING(for --with-ldapsdk-lib)
+AC_ARG_WITH(ldapsdk-lib, [  --with-ldapsdk-lib=PATH     Mozilla LDAP SDK library directory],
+[
+  if test -d "$withval"
+  then
+    AC_MSG_RESULT([using $withval])
+    ldapsdk_lib="-L$withval"
+    ldapsdk_libdir="$withval"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# if LDAPSDK is not found yet, try pkg-config
+
+# last resort
+if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib" -o -z "$ldapsdk_libdir" -o -z "$ldapsdk_bindir"; then
+  AC_PATH_PROG(PKG_CONFIG, pkg-config)
+  AC_MSG_CHECKING(for mozldap with pkg-config)
+  if test -n "$PKG_CONFIG"; then
+    if $PKG_CONFIG --exists mozldap6; then
+	mozldappkg=mozldap6
+    elif $PKG_CONFIG --exists mozldap; then
+	mozldappkg=mozldap
+    else
+      AC_MSG_ERROR([LDAPSDK not found, specify with --with-ldapsdk[-inc|-lib].])
+    fi
+    ldapsdk_inc=`$PKG_CONFIG --cflags-only-I $mozldappkg`
+    ldapsdk_lib=`$PKG_CONFIG --libs-only-L $mozldappkg`
+    ldapsdk_libdir=`$PKG_CONFIG --libs-only-L $mozldappkg | sed -e s/-L// | sed -e s/\ *$//`
+    ldapsdk_bindir=`$PKG_CONFIG --variable=bindir $mozldappkg`
+    AC_MSG_RESULT([using system $mozldappkg])
+  fi
+fi
+if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib"; then
+  AC_MSG_ERROR([LDAPSDK not found, specify with --with-ldapsdk[-inc|-lib].])
+fi
+dnl default path for the ldap c sdk tools (see [210947] for more details)
+if test -z "$ldapsdk_bindir" ; then
+  if [ -d $libdir/mozldap6 ] ; then
+    ldapsdk_bindir=$libdir/mozldap6
+  else
+    ldapsdk_bindir=$libdir/mozldap
+  fi
+fi
+
+dnl make sure the ldap sdk version is 6 or greater - we do not support
+dnl the old 5.x or prior versions - the ldap server code expects the new
+dnl ber types and other code used with version 6
+save_cppflags="$CPPFLAGS"
+CPPFLAGS="$ldapsdk_inc $nss_inc $nspr_inc"
+AC_CHECK_HEADER([ldap.h], [isversion6=1], [isversion6=],
+[#include <ldap-standard.h>
+#if LDAP_VENDOR_VERSION < 600
+#error The LDAP C SDK version is not supported
+#endif
+])
+CPPFLAGS="$save_cppflags"
+
+if test -z "$isversion6" ; then
+  AC_MSG_ERROR([The LDAPSDK version in $ldapsdk_inc/ldap-standard.h is not supported])
+fi
diff --git a/pki/base/tps/m4/nspr.m4 b/pki/base/tps/m4/nspr.m4
new file mode 100644
index 000000000..c6d0694f9
--- /dev/null
+++ b/pki/base/tps/m4/nspr.m4
@@ -0,0 +1,93 @@
+dnl BEGIN COPYRIGHT BLOCK
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation;
+dnl version 2.1 of the License.
+dnl 
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+dnl Lesser General Public License for more details.
+dnl 
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library; if not, write to the Free Software
+dnl Foundation, Inc., 51 Franklin Street, Fifth Floor,
+dnl Boston, MA  02110-1301  USA 
+dnl 
+dnl Copyright (C) 2007 Red Hat, Inc.
+dnl All rights reserved.
+dnl END COPYRIGHT BLOCK
+
+AC_CHECKING(for NSPR)
+
+# check for --with-nspr
+AC_MSG_CHECKING(for --with-nspr)
+AC_ARG_WITH(nspr, [  --with-nspr=PATH        Netscape Portable Runtime (NSPR) directory],
+[
+  if test -e "$withval"/include/nspr.h -a -d "$withval"/lib
+  then
+    AC_MSG_RESULT([using $withval])
+    NSPRDIR=$withval
+    nspr_inc="-I$NSPRDIR/include"
+    nspr_lib="-L$NSPRDIR/lib"
+    nspr_libdir="$NSPRDIR/lib"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-nspr-inc
+AC_MSG_CHECKING(for --with-nspr-inc)
+AC_ARG_WITH(nspr-inc, [  --with-nspr-inc=PATH        Netscape Portable Runtime (NSPR) include file directory],
+[
+  if test -e "$withval"/nspr.h
+  then
+    AC_MSG_RESULT([using $withval])
+    nspr_inc="-I$withval"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-nspr-lib
+AC_MSG_CHECKING(for --with-nspr-lib)
+AC_ARG_WITH(nspr-lib, [  --with-nspr-lib=PATH        Netscape Portable Runtime (NSPR) library directory],
+[
+  if test -d "$withval"
+  then
+    AC_MSG_RESULT([using $withval])
+    nspr_lib="-L$withval"
+    nspr_libdir="$withval"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# if NSPR is not found yet, try pkg-config
+
+# last resort
+if test -z "$nspr_inc" -o -z "$nspr_lib" -o -z "$nspr_libdir"; then
+  AC_PATH_PROG(PKG_CONFIG, pkg-config)
+  AC_MSG_CHECKING(for nspr with pkg-config)
+  if test -n "$PKG_CONFIG"; then
+    if $PKG_CONFIG --exists nspr; then
+      nspr_inc=`$PKG_CONFIG --cflags-only-I nspr`
+      nspr_lib=`$PKG_CONFIG --libs-only-L nspr`
+      nspr_libdir=`$PKG_CONFIG --libs-only-L nspr | sed -e s/-L// | sed -e s/\ *$//`
+      AC_MSG_RESULT([using system NSPR])
+    elif $PKG_CONFIG --exists dirsec-nspr; then
+      nspr_inc=`$PKG_CONFIG --cflags-only-I dirsec-nspr`
+      nspr_lib=`$PKG_CONFIG --libs-only-L dirsec-nspr`
+      nspr_libdir=`$PKG_CONFIG --libs-only-L dirsec-nspr | sed -e s/-L// | sed -e s/\ *$//`
+      AC_MSG_RESULT([using system dirsec NSPR])
+    else
+      AC_MSG_ERROR([NSPR not found, specify with --with-nspr.])
+    fi
+  fi
+fi
diff --git a/pki/base/tps/m4/nss.m4 b/pki/base/tps/m4/nss.m4
new file mode 100644
index 000000000..46e74cdb1
--- /dev/null
+++ b/pki/base/tps/m4/nss.m4
@@ -0,0 +1,93 @@
+dnl BEGIN COPYRIGHT BLOCK
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation;
+dnl version 2.1 of the License.
+dnl 
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+dnl Lesser General Public License for more details.
+dnl 
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library; if not, write to the Free Software
+dnl Foundation, Inc., 51 Franklin Street, Fifth Floor,
+dnl Boston, MA  02110-1301  USA 
+dnl 
+dnl Copyright (C) 2007 Red Hat, Inc.
+dnl All rights reserved.
+dnl END COPYRIGHT BLOCK
+
+AC_CHECKING(for NSS)
+
+# check for --with-nss
+AC_MSG_CHECKING(for --with-nss)
+AC_ARG_WITH(nss, [  --with-nss=PATH         Network Security Services (NSS) directory],
+[
+  if test -e "$withval"/include/nss.h -a -d "$withval"/lib
+  then
+    AC_MSG_RESULT([using $withval])
+    NSSDIR=$withval
+    nss_inc="-I$NSSDIR/include"
+    nss_lib="-L$NSSDIR/lib"
+    nss_libdir="$NSSDIR/lib"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-nss-inc
+AC_MSG_CHECKING(for --with-nss-inc)
+AC_ARG_WITH(nss-inc, [  --with-nss-inc=PATH         Network Security Services (NSS) include directory],
+[
+  if test -e "$withval"/nss.h
+  then
+    AC_MSG_RESULT([using $withval])
+    nss_inc="-I$withval"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-nss-lib
+AC_MSG_CHECKING(for --with-nss-lib)
+AC_ARG_WITH(nss-lib, [  --with-nss-lib=PATH         Network Security Services (NSS) library directory],
+[
+  if test -d "$withval"
+  then
+    AC_MSG_RESULT([using $withval])
+    nss_lib="-L$withval"
+    nss_libdir="$withval"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# if NSS is not found yet, try pkg-config
+
+# last resort
+if test -z "$nss_inc" -o -z "$nss_lib" -o -z "$nss_libdir"; then
+  AC_PATH_PROG(PKG_CONFIG, pkg-config)
+  AC_MSG_CHECKING(for nss with pkg-config)
+  if test -n "$PKG_CONFIG"; then
+    if $PKG_CONFIG --exists nss; then
+      nss_inc=`$PKG_CONFIG --cflags-only-I nss`
+      nss_lib=`$PKG_CONFIG --libs-only-L nss`
+      nss_libdir=`$PKG_CONFIG --libs-only-L nss | sed -e s/-L// | sed -e s/\ *$//`
+      AC_MSG_RESULT([using system NSS])
+    elif $PKG_CONFIG --exists dirsec-nss; then
+      nss_inc=`$PKG_CONFIG --cflags-only-I dirsec-nss`
+      nss_lib=`$PKG_CONFIG --libs-only-L dirsec-nss`
+      nss_libdir=`$PKG_CONFIG --libs-only-L dirsec-nss | sed -e s/-L// | sed -e s/\ *$//`
+      AC_MSG_RESULT([using system dirsec NSS])
+    else
+      AC_MSG_ERROR([NSS not found, specify with --with-nss.])
+    fi
+  fi
+fi
diff --git a/pki/base/tps/m4/sasl.m4 b/pki/base/tps/m4/sasl.m4
new file mode 100644
index 000000000..fb46c1ad6
--- /dev/null
+++ b/pki/base/tps/m4/sasl.m4
@@ -0,0 +1,112 @@
+dnl BEGIN COPYRIGHT BLOCK
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation;
+dnl version 2.1 of the License.
+dnl 
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+dnl Lesser General Public License for more details.
+dnl 
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library; if not, write to the Free Software
+dnl Foundation, Inc., 51 Franklin Street, Fifth Floor,
+dnl Boston, MA  02110-1301  USA 
+dnl 
+dnl Copyright (C) 2007 Red Hat, Inc.
+dnl All rights reserved.
+dnl END COPYRIGHT BLOCK
+
+# Configure paths for SASL
+
+dnl ========================================================
+dnl = sasl is used to support various authentication mechanisms
+dnl = such as DIGEST-MD5 and GSSAPI.
+dnl ========================================================
+dnl ========================================================
+dnl = Use the sasl libraries on the system (assuming it exists)
+dnl ========================================================
+AC_CHECKING(for sasl)
+
+AC_MSG_CHECKING(for --with-sasl)
+AC_ARG_WITH(sasl,
+    [[  --with-sasl=PATH   Use sasl from supplied path]],
+    dnl = Look in the standard system locations
+    [
+      if test "$withval" = "yes"; then
+        AC_MSG_RESULT(yes)
+
+        dnl = Check for sasl.h in the normal locations
+        if test -f /usr/include/sasl/sasl.h; then
+          sasl_inc="-I/usr/include/sasl"
+        elif test -f /usr/include/sasl.h; then
+          sasl_inc="-I/usr/include"
+        else
+          AC_MSG_ERROR(sasl.h not found)
+        fi
+
+      dnl = Check the user provided location
+      elif test -d "$withval" -a -d "$withval/lib" -a -d "$withval/include" ; then
+        AC_MSG_RESULT([using $withval])
+
+        if test -f "$withval/include/sasl/sasl.h"; then
+          sasl_inc="-I$withval/include/sasl"
+        elif test -f "$withval/include/sasl.h"; then
+          sasl_inc="-I$withval/include"
+        else
+          AC_MSG_ERROR(sasl.h not found)
+        fi
+
+        sasl_lib="-L$withval/lib"
+        sasl_libdir="$withval/lib"
+      else
+          AC_MSG_RESULT(yes)
+          AC_MSG_ERROR([sasl not found in $withval])
+      fi
+    ],
+    AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(for --with-sasl-inc)
+AC_ARG_WITH(sasl-inc,
+    [[  --with-sasl-inc=PATH   SASL include file directory]],
+    [
+      if test -f "$withval"/sasl.h; then
+        AC_MSG_RESULT([using $withval])
+        sasl_inc="-I$withval"
+      else
+        echo
+        AC_MSG_ERROR([$withval/sasl.h not found])
+      fi
+    ],
+    AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(for --with-sasl-lib)
+AC_ARG_WITH(sasl-lib,
+    [[  --with-sasl-lib=PATH   SASL library directory]],
+    [
+      if test -d "$withval"; then
+        AC_MSG_RESULT([using $withval])
+        sasl_lib="-L$withval"
+        sasl_libdir="$withval"
+      else
+        echo
+        AC_MSG_ERROR([$withval not found])
+      fi
+    ],
+    AC_MSG_RESULT(no))
+
+if test -z "$sasl_inc"; then
+  AC_MSG_CHECKING(for sasl.h)
+  dnl - Check for sasl in standard system locations
+  if test -f /usr/include/sasl/sasl.h; then
+    AC_MSG_RESULT([using /usr/include/sasl/sasl.h])
+    sasl_inc="-I/usr/include/sasl"
+  elif test -f /usr/include/sasl.h; then
+    AC_MSG_RESULT([using /usr/include/sasl.h])
+    sasl_inc="-I/usr/include"
+  else
+    AC_MSG_RESULT(no)
+    AC_MSG_ERROR([sasl not found, specify with --with-sasl.])
+  fi
+fi
diff --git a/pki/base/tps/m4/svrcore.m4 b/pki/base/tps/m4/svrcore.m4
new file mode 100644
index 000000000..14a5d387a
--- /dev/null
+++ b/pki/base/tps/m4/svrcore.m4
@@ -0,0 +1,113 @@
+dnl BEGIN COPYRIGHT BLOCK
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation;
+dnl version 2.1 of the License.
+dnl 
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+dnl Lesser General Public License for more details.
+dnl 
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library; if not, write to the Free Software
+dnl Foundation, Inc., 51 Franklin Street, Fifth Floor,
+dnl Boston, MA  02110-1301  USA 
+dnl 
+dnl Copyright (C) 2007 Red Hat, Inc.
+dnl All rights reserved.
+dnl END COPYRIGHT BLOCK
+
+# Configure paths for SVRCORE
+AC_CHECKING(for svrcore)
+
+AC_MSG_CHECKING(for --with-svrcore)
+AC_ARG_WITH(svrcore,
+    [[  --with-svrcore[=PATH]   Use system installed svrcore - optional path for svrcore]],
+    dnl = Look in the standard system locations
+    [
+      if test "$withval" = "yes"; then
+        AC_MSG_RESULT(yes)
+
+        dnl = Check for svrcore.h in the normal locations
+        if test -f /usr/include/svrcore.h; then
+          svrcore_inc="-I/usr/include"
+        else
+          AC_MSG_ERROR(svrcore.h not found)
+        fi
+
+      dnl = Check the user provided location
+      elif test -d "$withval" -a -d "$withval/lib" -a -d "$withval/include" ; then
+        AC_MSG_RESULT([using $withval])
+
+        if test -f "$withval/include/svrcore.h"; then
+          svrcore_inc="-I$withval/include"
+        else
+          AC_MSG_ERROR(svrcore.h not found)
+        fi
+
+        svrcore_lib="-L$withval/lib"
+      else
+        AC_MSG_RESULT(yes)
+        AC_MSG_ERROR([svrcore not found in $withval])
+      fi
+    ],
+    AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(for --with-svrcore-inc)
+AC_ARG_WITH(svrcore-inc,
+    [[  --with-svrcore-inc=PATH   SVRCORE include file directory]],
+    [
+      if test -f "$withval"/svrcore.h; then
+        AC_MSG_RESULT([using $withval])
+        svrcore_inc="-I$withval"
+      else
+        echo
+        AC_MSG_ERROR([$withval/svrcore.h not found])
+      fi
+    ],
+    AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(for --with-svrcore-lib)
+AC_ARG_WITH(svrcore-lib,
+    [[  --with-svrcore-lib=PATH   SVRCORE library directory]],
+    [
+      if test -d "$withval"; then
+        AC_MSG_RESULT([using $withval])
+        svrcore_lib="-L$withval"
+      else
+        echo
+        AC_MSG_ERROR([$withval not found])
+      fi
+    ],
+    AC_MSG_RESULT(no))
+
+dnl svrcore not given - look for pkg-config
+if test -z "$svrcore_inc" -o -z "$svrcore_lib"; then
+  AC_PATH_PROG(PKG_CONFIG, pkg-config)
+  AC_MSG_CHECKING(for svrcore with pkg-config)
+  if test -n "$PKG_CONFIG"; then
+    if $PKG_CONFIG --exists svrcore; then
+      svrcore_inc=`$PKG_CONFIG --cflags-only-I svrcore`
+      svrcore_lib=`$PKG_CONFIG --libs-only-L svrcore`
+      AC_MSG_RESULT([using system svrcore])
+    fi
+  fi
+fi
+
+if test -z "$svrcore_inc" -o -z "$svrcore_lib"; then
+dnl just see if svrcore is already a system library
+  AC_CHECK_LIB([svrcore], [SVRCORE_GetRegisteredPinObj], [havesvrcore=1],
+	       [], [$nss_inc $nspr_inc $nss_lib -lnss3 -lsoftokn3 $nspr_lib -lplds4 -lplc4 -lnspr4])
+  if test -n "$havesvrcore" ; then
+dnl just see if svrcore is already a system header file
+    save_cppflags="$CPPFLAGS"
+    CPPFLAGS="$nss_inc $nspr_inc"
+    AC_CHECK_HEADER([svrcore.h], [havesvrcore=1], [havesvrcore=])
+    CPPFLAGS="$save_cppflags"
+  fi
+dnl for svrcore to be present, both the library and the header must exist
+  if test -z "$havesvrcore" ; then
+    AC_MSG_ERROR([svrcore not found, specify with --with-svrcore.])
+  fi
+fi
diff --git a/pki/base/tps/missing b/pki/base/tps/missing
new file mode 100755
index 000000000..8ff017831
--- /dev/null
+++ b/pki/base/tps/missing
@@ -0,0 +1,360 @@
+#! /bin/sh
+# Common stub for a few missing GNU programs while installing.
+
+scriptversion=2005-06-08.21
+
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005
+#   Free Software Foundation, Inc.
+# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301, USA.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+if test $# -eq 0; then
+  echo 1>&2 "Try \`$0 --help' for more information"
+  exit 1
+fi
+
+run=:
+
+# In the cases where this matters, `missing' is being run in the
+# srcdir already.
+if test -f configure.ac; then
+  configure_ac=configure.ac
+else
+  configure_ac=configure.in
+fi
+
+msg="missing on your system"
+
+case "$1" in
+--run)
+  # Try to run requested program, and just exit if it succeeds.
+  run=
+  shift
+  "$@" && exit 0
+  # Exit code 63 means version mismatch.  This often happens
+  # when the user try to use an ancient version of a tool on
+  # a file that requires a minimum version.  In this case we
+  # we should proceed has if the program had been absent, or
+  # if --run hadn't been passed.
+  if test $? = 63; then
+    run=:
+    msg="probably too old"
+  fi
+  ;;
+
+  -h|--h|--he|--hel|--help)
+    echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
+error status if there is no known handling for PROGRAM.
+
+Options:
+  -h, --help      display this help and exit
+  -v, --version   output version information and exit
+  --run           try to run the given command, and emulate it if it fails
+
+Supported PROGRAM values:
+  aclocal      touch file \`aclocal.m4'
+  autoconf     touch file \`configure'
+  autoheader   touch file \`config.h.in'
+  automake     touch all \`Makefile.in' files
+  bison        create \`y.tab.[ch]', if possible, from existing .[ch]
+  flex         create \`lex.yy.c', if possible, from existing .c
+  help2man     touch the output file
+  lex          create \`lex.yy.c', if possible, from existing .c
+  makeinfo     touch the output file
+  tar          try tar, gnutar, gtar, then tar without non-portable flags
+  yacc         create \`y.tab.[ch]', if possible, from existing .[ch]
+
+Send bug reports to <bug-automake@gnu.org>."
+    exit $?
+    ;;
+
+  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+    echo "missing $scriptversion (GNU Automake)"
+    exit $?
+    ;;
+
+  -*)
+    echo 1>&2 "$0: Unknown \`$1' option"
+    echo 1>&2 "Try \`$0 --help' for more information"
+    exit 1
+    ;;
+
+esac
+
+# Now exit if we have it, but it failed.  Also exit now if we
+# don't have it and --version was passed (most likely to detect
+# the program).
+case "$1" in
+  lex|yacc)
+    # Not GNU programs, they don't have --version.
+    ;;
+
+  tar)
+    if test -n "$run"; then
+       echo 1>&2 "ERROR: \`tar' requires --run"
+       exit 1
+    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+       exit 1
+    fi
+    ;;
+
+  *)
+    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+       # We have it, but it failed.
+       exit 1
+    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+       # Could not run --version or --help.  This is probably someone
+       # running `$TOOL --version' or `$TOOL --help' to check whether
+       # $TOOL exists and not knowing $TOOL uses missing.
+       exit 1
+    fi
+    ;;
+esac
+
+# If it does not exist, or fails to run (possibly an outdated version),
+# try to emulate it.
+case "$1" in
+  aclocal*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acinclude.m4' or \`${configure_ac}'.  You might want
+         to install the \`Automake' and \`Perl' packages.  Grab them from
+         any GNU archive site."
+    touch aclocal.m4
+    ;;
+
+  autoconf)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`${configure_ac}'.  You might want to install the
+         \`Autoconf' and \`GNU m4' packages.  Grab them from any GNU
+         archive site."
+    touch configure
+    ;;
+
+  autoheader)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acconfig.h' or \`${configure_ac}'.  You might want
+         to install the \`Autoconf' and \`GNU m4' packages.  Grab them
+         from any GNU archive site."
+    files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
+    test -z "$files" && files="config.h"
+    touch_files=
+    for f in $files; do
+      case "$f" in
+      *:*) touch_files="$touch_files "`echo "$f" |
+				       sed -e 's/^[^:]*://' -e 's/:.*//'`;;
+      *) touch_files="$touch_files $f.in";;
+      esac
+    done
+    touch $touch_files
+    ;;
+
+  automake*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
+         You might want to install the \`Automake' and \`Perl' packages.
+         Grab them from any GNU archive site."
+    find . -type f -name Makefile.am -print |
+	   sed 's/\.am$/.in/' |
+	   while read f; do touch "$f"; done
+    ;;
+
+  autom4te)
+    echo 1>&2 "\
+WARNING: \`$1' is needed, but is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.
+         You can get \`$1' as part of \`Autoconf' from any GNU
+         archive site."
+
+    file=`echo "$*" | sed -n 's/.*--output[ =]*\([^ ]*\).*/\1/p'`
+    test -z "$file" && file=`echo "$*" | sed -n 's/.*-o[ ]*\([^ ]*\).*/\1/p'`
+    if test -f "$file"; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo "#! /bin/sh"
+	echo "# Created by GNU Automake missing as a replacement of"
+	echo "#  $ $@"
+	echo "exit 0"
+	chmod +x $file
+	exit 1
+    fi
+    ;;
+
+  bison|yacc)
+    echo 1>&2 "\
+WARNING: \`$1' $msg.  You should only need it if
+         you modified a \`.y' file.  You may need the \`Bison' package
+         in order for those modifications to take effect.  You can get
+         \`Bison' from any GNU archive site."
+    rm -f y.tab.c y.tab.h
+    if [ $# -ne 1 ]; then
+        eval LASTARG="\${$#}"
+	case "$LASTARG" in
+	*.y)
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
+	    if [ -f "$SRCFILE" ]; then
+	         cp "$SRCFILE" y.tab.c
+	    fi
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
+	    if [ -f "$SRCFILE" ]; then
+	         cp "$SRCFILE" y.tab.h
+	    fi
+	  ;;
+	esac
+    fi
+    if [ ! -f y.tab.h ]; then
+	echo >y.tab.h
+    fi
+    if [ ! -f y.tab.c ]; then
+	echo 'main() { return 0; }' >y.tab.c
+    fi
+    ;;
+
+  lex|flex)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.l' file.  You may need the \`Flex' package
+         in order for those modifications to take effect.  You can get
+         \`Flex' from any GNU archive site."
+    rm -f lex.yy.c
+    if [ $# -ne 1 ]; then
+        eval LASTARG="\${$#}"
+	case "$LASTARG" in
+	*.l)
+	    SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
+	    if [ -f "$SRCFILE" ]; then
+	         cp "$SRCFILE" lex.yy.c
+	    fi
+	  ;;
+	esac
+    fi
+    if [ ! -f lex.yy.c ]; then
+	echo 'main() { return 0; }' >lex.yy.c
+    fi
+    ;;
+
+  help2man)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+	 you modified a dependency of a manual page.  You may need the
+	 \`Help2man' package in order for those modifications to take
+	 effect.  You can get \`Help2man' from any GNU archive site."
+
+    file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
+    if test -z "$file"; then
+	file=`echo "$*" | sed -n 's/.*--output=\([^ ]*\).*/\1/p'`
+    fi
+    if [ -f "$file" ]; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo ".ab help2man is required to generate this page"
+	exit 1
+    fi
+    ;;
+
+  makeinfo)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.texi' or \`.texinfo' file, or any other file
+         indirectly affecting the aspect of the manual.  The spurious
+         call might also be the consequence of using a buggy \`make' (AIX,
+         DU, IRIX).  You might want to install the \`Texinfo' package or
+         the \`GNU make' package.  Grab either from any GNU archive site."
+    # The file to touch is that specified with -o ...
+    file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
+    if test -z "$file"; then
+      # ... or it is the one specified with @setfilename ...
+      infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
+      file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $infile`
+      # ... or it is derived from the source name (dir/f.texi becomes f.info)
+      test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
+    fi
+    # If the file does not exist, the user really needs makeinfo;
+    # let's fail without touching anything.
+    test -f $file || exit 1
+    touch $file
+    ;;
+
+  tar)
+    shift
+
+    # We have already tried tar in the generic part.
+    # Look for gnutar/gtar before invocation to avoid ugly error
+    # messages.
+    if (gnutar --version > /dev/null 2>&1); then
+       gnutar "$@" && exit 0
+    fi
+    if (gtar --version > /dev/null 2>&1); then
+       gtar "$@" && exit 0
+    fi
+    firstarg="$1"
+    if shift; then
+	case "$firstarg" in
+	*o*)
+	    firstarg=`echo "$firstarg" | sed s/o//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+	case "$firstarg" in
+	*h*)
+	    firstarg=`echo "$firstarg" | sed s/h//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+    fi
+
+    echo 1>&2 "\
+WARNING: I can't seem to be able to run \`tar' with the given arguments.
+         You may want to install GNU tar or Free paxutils, or check the
+         command line arguments."
+    exit 1
+    ;;
+
+  *)
+    echo 1>&2 "\
+WARNING: \`$1' is needed, and is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.  Check the \`README' file,
+         it often tells you about the needed prerequisites for installing
+         this package.  You may also peek at any GNU archive site, in case
+         some other package would contain this missing \`$1' program."
+    exit 1
+    ;;
+esac
+
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/pki/base/tps/scripts/addAgents.ldif b/pki/base/tps/scripts/addAgents.ldif
new file mode 100644
index 000000000..709e9525d
--- /dev/null
+++ b/pki/base/tps/scripts/addAgents.ldif
@@ -0,0 +1,51 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+dn: uid=admin,ou=People,$TOKENDB_ROOT
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+uid: admin
+userPassword: $TOKENDB_AGENT_PWD
+sn: TUS Administrator
+cn: TUS Administrator
+userCertificate:: $TOKENDB_AGENT_CERT
+
+dn: cn=TUS Agents,ou=Groups,$TOKENDB_ROOT
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: TUS Agents
+uniqueMember: uid=admin,ou=People,$TOKENDB_ROOT
+description: Agents for TUS
+
+dn: cn=TUS Officers,ou=Groups,$TOKENDB_ROOT
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: TUS Administrators
+uniqueMember: uid=admin,ou=People,$TOKENDB_ROOT
+description: Administrators for TUS
+
+dn: cn=TUS Adminstrators,ou=Groups,$TOKENDB_ROOT
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: TUS Administrators
+uniqueMember: uid=admin,ou=People,$TOKENDB_ROOT
+description: Administrators for TUS
diff --git a/pki/base/tps/scripts/addIndexes.ldif b/pki/base/tps/scripts/addIndexes.ldif
new file mode 100644
index 000000000..7a910be3e
--- /dev/null
+++ b/pki/base/tps/scripts/addIndexes.ldif
@@ -0,0 +1,76 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+dn: cn=tokenUserID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: tokenUserID
+nsindextype: eq
+nsindextype: pres
+nsindextype: sub
+nssystemindex: false
+
+dn: cn=tokenID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: tokenID
+nsindextype: eq
+nsindextype: pres
+nsindextype: sub
+nssystemindex: false
+
+dn: cn=dateOfCreate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: dateOfCreate
+nsindextype: eq
+nsindextype: pres
+nsindextype: sub
+nssystemindex: false
+
+dn: cn=dateOfModify,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: dateOfModify
+nsindextype: eq
+nsindextype: pres
+nsindextype: sub
+nssystemindex: false
+
+dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: userCertificate
+nsindextype: eq
+nssystemindex: false
+
+dn: cn=tokenSerial,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: tokenSerial
+nsindextype: eq
+nssystemindex: false
+
+dn: cn=tokenKeyType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: tokenKeyType
+nsindextype: eq
+nssystemindex: false
diff --git a/pki/base/tps/scripts/addTokens.ldif b/pki/base/tps/scripts/addTokens.ldif
new file mode 100644
index 000000000..9b8a99e27
--- /dev/null
+++ b/pki/base/tps/scripts/addTokens.ldif
@@ -0,0 +1,44 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+dn: ou=Tokens,$TOKENDB_ROOT
+objectclass: top
+objectclass: organizationalunit
+ou: Tokens
+
+dn: ou=Activities,$TOKENDB_ROOT
+objectclass: top
+objectclass: organizationalunit
+ou: Activities
+
+dn: ou=Certificates,$TOKENDB_ROOT
+objectclass: top
+objectclass: organizationalunit
+ou: Certificates
+
+dn: ou=People,$TOKENDB_ROOT
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: ou=Groups,$TOKENDB_ROOT
+objectclass: top
+objectclass: organizationalunit
+ou: Groups
diff --git a/pki/base/tps/scripts/addVLVIndexes.ldif b/pki/base/tps/scripts/addVLVIndexes.ldif
new file mode 100644
index 000000000..e54688c17
--- /dev/null
+++ b/pki/base/tps/scripts/addVLVIndexes.ldif
@@ -0,0 +1,51 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+dn: cn=tus-listTokens-vlv,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+cn: tus-listtokens-vlv
+objectClass: top
+objectClass: vlvsearch
+vlvBase: ou=Tokens,{rootSuffix}
+vlvFilter: (&(cn=*)(tokenUserID=*))
+vlvScope: 2
+
+dn: cn=tus-listActivities-vlv,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+cn: tus-listActivities-vlv
+objectClass: top
+objectClass: vlvsearch
+vlvBase: ou=Activities,{rootSuffix}
+vlvFilter: (tokenID=*)
+vlvScope: 2
+
+dn: cn=listTokensIndex,cn=tus-listTokens-vlv,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+cn: listTokensIndex
+objectClass: top
+objectClass: vlvindex
+vlvSort: -dateOfModify
+vlvEnabled: 1
+vlvUses: 0
+
+dn: cn=listActivitiesIndex,cn=tus-listActivities-vlv,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+cn: listActivitiesIndex
+objectClass: top
+objectClass: vlvindex
+vlvSort: -dateOfCreate
+vlvEnabled: 1
+vlvUses: 0
diff --git a/pki/base/tps/scripts/database.ldif b/pki/base/tps/scripts/database.ldif
new file mode 100644
index 000000000..706a3327e
--- /dev/null
+++ b/pki/base/tps/scripts/database.ldif
@@ -0,0 +1,39 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+dn: cn=$DATABASE, cn=ldbm database, cn=plugins, cn=config
+objectClass: top
+objectClass: extensibleObject
+objectClass: nsBackendInstance
+cn: $DATABASE
+nsslapd-suffix: $BASEDN
+
+dn: cn=$BASEDN, cn=mapping tree, cn=config
+objectClass: top
+objectClass: extensibleObject
+objectClass: nsMappingTree
+cn: $BASEDN
+nsslapd-backend: $DATABASE
+nsslapd-state: Backend
+
+dn: $BASEDN
+objectClass: top
+objectClass: $OBJECTCLASS
+$TYPE: $VALUE
diff --git a/pki/base/tps/scripts/nss_pcache b/pki/base/tps/scripts/nss_pcache
new file mode 100755
index 000000000..7877d2073
--- /dev/null
+++ b/pki/base/tps/scripts/nss_pcache
@@ -0,0 +1,57 @@
+#!/bin/bash
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+# Check to insure that this script's original invocation directory
+# has not been deleted!
+CWD=`/bin/pwd > /dev/null 2>&1`
+if [ $? -ne 0 ] ; then
+	echo "Cannot invoke '$0' from non-existent directory!"
+	exit 255
+fi
+
+PLATFORM=`pkiarch`
+
+if [ $PLATFORM = "i386" ]; then
+	# 32-bit Linux
+	LD_LIBRARY_PATH=/usr/lib/dirsec:/usr/lib:$LD_LIBRARY_PATH
+elif [ $PLATFORM = "x86_64" ]; then
+	# 64-bit Linux
+	LD_LIBRARY_PATH=/usr/lib64/dirsec:/usr/lib64:/usr/lib:$LD_LIBRARY_PATH
+elif [ $PLATFORM = "sparc" ]; then
+	# 32-bit Solaris
+	LD_LIBRARY_PATH=/usr/lib/dirsec:/usr/lib:$LD_LIBRARY_PATH
+elif [ $PLATFORM = "sparcv9" ]; then
+	# 64-bit Solaris
+	LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:/usr/lib/sparcv9:/usr/lib/dirsec:/usr/lib:$LD_LIBRARY_PATH
+fi 
+export LD_LIBRARY_PATH
+
+DIST=`pkidist`
+FORTITUDE_DIR=/usr/sbin
+if [ $DIST = "el4" ]; then
+  FORTITUDE_DIR=/opt/fortitude/bin
+elif [ $DIST = "sol9" ]; then
+  FORTITUDE_DIR=/opt/fortitude/bin
+fi
+
+$FORTITUDE_DIR/nss_pcache $@
diff --git a/pki/base/tps/scripts/schemaMods.ldif b/pki/base/tps/scripts/schemaMods.ldif
new file mode 100644
index 000000000..526ee155c
--- /dev/null
+++ b/pki/base/tps/scripts/schemaMods.ldif
@@ -0,0 +1,56 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( dateOfCreate-oid NAME 'dateOfCreate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( dateOfModify-oid NAME 'dateOfModify' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( modified-oid NAME 'modified' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenUserID-oid NAME 'tokenUserID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenStatus-oid NAME 'tokenStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenAppletID-oid NAME 'tokenAppletID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( keyInfo-oid NAME 'keyInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( numberOfResets-oid NAME 'numberOfResets' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' )
+attributeTypes: ( numberOfEnrollments-oid NAME 'numberOfEnrollments' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' )
+attributeTypes: ( numberOfRenewals-oid NAME 'numberOfRenewals' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' )
+attributeTypes: ( numberOfRecoveries-oid NAME 'numberOfRecoveries' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' )
+attributeTypes: ( allowPinReset-oid NAME 'allowPinReset' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( extensions-oid NAME 'extensions' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenOp-oid NAME 'tokenOp' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenID-oid NAME 'tokenID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenMsg-oid NAME 'tokenMsg' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenResult-oid NAME 'tokenResult' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenIP-oid NAME 'tokenIP' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenPolicy-oid NAME 'tokenPolicy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenIssuer-oid NAME 'tokenIssuer' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenSubject-oid NAME 'tokenSubject' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenSerial-oid NAME 'tokenSerial' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenOrigin-oid NAME 'tokenOrigin' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenType-oid NAME 'tokenType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenKeyType-oid NAME 'tokenKeyType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenReason-oid NAME 'tokenReason' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenNotBefore-oid NAME 'tokenNotBefore' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenNotAfter-oid NAME 'tokenNotAfter' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+-
+add: objectClasses
+objectClasses: ( tokenRecord-oid NAME 'tokenRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ modified $ tokenReason $ tokenUserID $ tokenStatus $ tokenAppletID $ keyInfo $ tokenPolicy $ extensions $ numberOfResets $ numberOfEnrollments $ numberOfRenewals $ numberOfRecoveries $ userCertificate ) X-ORIGIN 'user defined' )
+objectClasses: ( tokenActivity-oid NAME 'tokenActivity' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ tokenOp $ tokenIP $ tokenResult $ tokenID $ tokenUserID $ tokenMsg $ extensions ) X-ORIGIN 'user defined' )
+objectClasses: ( tokenCert-oid NAME 'tokenCert' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ userCertificate $ tokenUserID $ tokenID $ tokenIssuer $ tokenOrigin $ tokenSubject $ tokenSerial $ tokenStatus $ tokenType $ tokenKeyType $ tokenNotBefore $ tokenNotAfter $ extensions ) X-ORIGIN 'user defined' )
diff --git a/pki/base/tps/scripts/vlvtasks.ldif b/pki/base/tps/scripts/vlvtasks.ldif
new file mode 100644
index 000000000..b6b4bb762
--- /dev/null
+++ b/pki/base/tps/scripts/vlvtasks.ldif
@@ -0,0 +1,28 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+dn: cn=index1160528734, cn=index, cn=tasks, cn=config
+objectclass: top
+objectclass: extensibleObject
+cn: index1160528734
+ttl: 4
+nsInstance: userRoot
+nsIndexVLVAttribute: listTokensIndex
+nsIndexVLVAttribute: listActivitiesIndex
diff --git a/pki/base/tps/setup/config.desktop b/pki/base/tps/setup/config.desktop
new file mode 100644
index 000000000..f84fadac2
--- /dev/null
+++ b/pki/base/tps/setup/config.desktop
@@ -0,0 +1,33 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+[Desktop Entry]
+Version=1.0.0
+Encoding=UTF-8
+Name=Token Processing System Configuration - [INSTANCE_ID]
+GenericName=Token Processing System Configuration
+Comment=Configure Token Processing System
+Exec=firefox https://[SERVER_NAME]:[SECURE_PORT]/tps/admin/console/config/login?pin=[PKI_RANDOM_NUMBER]
+Icon=firefox.png
+Terminal=false
+Type=Application
+MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;text/mml;
+X-Desktop-File-Install-Version=0.9
+Categories=Application;CertServer;
diff --git a/pki/base/tps/setup/create.pl b/pki/base/tps/setup/create.pl
new file mode 100755
index 000000000..54c23be9c
--- /dev/null
+++ b/pki/base/tps/setup/create.pl
@@ -0,0 +1,972 @@
+##############################################################
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+# This script is to create a new instance of Token Processing
+# Service within CS installation.
+#
+# To execute:
+#   perl create.pl
+#
+##############################################################
+
+use FindBin;
+
+##############################################################
+# Advance Options
+##############################################################
+
+my $hsm = "";                       # hardware token label (i.e. 'nFast')
+my $hsm_ca = "";                    # hardware token label for CA certificate (i.e. 'nFast')
+my $nickName = "Server-Cert";       # nickname
+
+##############################################################
+# Private
+##############################################################
+my $hsmLabel;
+my $serverRoot;
+my $instanceID;
+my $serverID;
+my $serverName;
+my $port;
+my $securePort;
+my $uid;
+my $gid;
+my $tmpDir;
+my $tpsDir;
+my $tusHost;
+my $tusPort;
+my $tusRoot;
+my $tusSuffix;
+my $tusAgentCert;
+my $caHost;
+my $caPort;
+my $drmHost;
+my $drmPort;
+my $serverKeyGen;
+my $tksHost;
+my $tksPort;
+my $ldapHost;
+my $ldapPort;
+my $ldapRoot;
+my $pathSep;
+my $objExt;
+my $libPrefix;
+
+my $defaultUID = "root";
+my $defaultServerRoot = "$FindBin::Bin";
+$defaultServerRoot =~ s/\/bin\/cert\/tps\/setup//;
+$defaultServerRoot =~ s/\/$//;
+my $defaultServerID = "machine";
+my $defaultServerName = "machine.fedora.com";
+my $defaultInstanceID = "tps-machine";
+my $defaultSuffix = "dc=machine,dc=fedora,dc=com";
+
+sub PromptUser
+{
+  print ("************************************************\n");
+  print ("Token Processing Service (TPS) Setup\n");
+  print ("************************************************\n");
+  print ("This script will assist you in setting up TPS.\n");
+  print ("Before running this script, you should already \n");
+  print ("install a certificate authority (CA), a token key \n");
+  print ("service (TKS), an authentication directory and a token \n");
+  print ("database.\n");
+  print ("\n");
+  print ("CA is responsible for issuing certificates while TKS \n");
+  print ("ensures a secure channel between the client and \n");
+  print ("the backend. User requests are authenticated against \n");
+  print ("the authentication directory which contains user \n");
+  print ("information. The token database collects statistics \n");
+  print ("on token activities.\n");
+  print ("\n");
+  print ("The authentication database and the token database are \n");
+  print ("regular directory server instances that can be created \n");
+  print ("via Console.\n");
+  print ("\n");
+  print ("If you need other advanced options such as hardware \n");
+  print ("token support, you need to modify the advanced option \n");
+  print ("section of this script manually.\n");
+  print ("\n");
+  print ("************************************************\n");
+  print ("GENERAL SETUP SECTION \n");
+  print ("\n");
+  print ("This script is about to create your TPS instance in your \n");
+  print ("existing CS installation.\n");
+  print ("************************************************\n");
+  print ("\n");
+
+ASK_SERVER_ROOT:
+  print ("Enter the path to the server root [$defaultServerRoot]: ");
+  chomp ($serverRoot = <STDIN>);
+  if ($serverRoot eq "") {
+    $serverRoot = "$defaultServerRoot";
+  }
+  if ($serverRoot =~ /\/$/) {
+    print ("Error: '$serverRoot' cannot end with '/'.\n");
+    goto ASK_SERVER_ROOT;
+  }
+  if (!(-d $serverRoot)) {
+    print ("Error: '$serverRoot' directory does not exit.\n");
+    goto ASK_SERVER_ROOT;
+  }
+  if (!(-f "$serverRoot/admin-serv/config/adm.conf")) {
+    print ("Error: '$serverRoot' directory does not contain $serverRoot/admin-serv/config/adm.conf.\n");
+    goto ASK_SERVER_ROOT;
+  }
+
+  # read some good parameters from adm.conf
+  open(F, "$serverRoot/admin-serv/config/adm.conf");
+  while (<F>) {
+    if (/ldapHost:\s*(\S+)/) {
+      $defaultServerName = $1;
+    }
+    if (/ldapStart:\s*slapd-(\S+)\//) {
+      $defaultServerID = $1;
+    }
+  }
+  close(F);
+
+  open(F, "$serverRoot/admin-serv/config/magnus.conf");
+  while (<F>) {
+    if (/User (\S+)/) {
+      $defaultUID = $1;
+    }
+  }
+  close(F);
+
+  $defaultSuffix = $defaultServerName;
+  $defaultSuffix =~ s/\./,dc=/g;
+  $defaultSuffix =~ s/^[^,]+,//;
+
+ASK_TPS_ROOT:
+  print ("Enter the path to the TPS release [$serverRoot/bin/cert/tps]: ");
+  chomp ($tpsDir = <STDIN>);
+  if ($tpsDir eq "") {
+    $tpsDir = "$serverRoot/bin/cert/tps";
+  }
+  if (!(-d $tpsDir)) {
+    print ("Error: '$tpsDir' directory does not exit.\n");
+    goto ASK_TPS_ROOT;
+  }
+  if (!(-d "$tpsDir/config")) {
+    print ("Error: '$tpsDir/config' directory does not exit.\n");
+    goto ASK_TPS_ROOT;
+  }
+
+  print ("Enter the hostname of this machine [$defaultServerID]: ");
+  chomp ($serverID = <STDIN>);
+  if ($serverID eq "") {
+    $serverID = "$defaultServerID";
+  }
+  print ("Enter the fully-qualified hostname of this machine [$defaultServerName]: ");
+  chomp ($serverName = <STDIN>);
+  if ($serverName eq "") {
+    $serverName = "$defaultServerName";
+  }
+
+ASK_INSTANCE_ID:
+  print ("Enter the instance ID of your new TPS instance [tps-$defaultServerID]: ");
+  chomp ($instanceID = <STDIN>);
+  if ($instanceID eq "") {
+    $instanceID = "tps-$defaultServerID";
+  }
+  if (-d "$serverRoot/$instanceID") {
+    print ("Error: '$serverRoot/$instanceID' directory already exist.\n");
+    goto ASK_INSTANCE_ID;
+  }
+
+  # update nickName
+  $nickName = "$nickName $instanceID";
+
+  print ("\n");
+  print ("************************************************\n");
+  print ("SERVICE PORTS SECTION \n");
+  print ("\n");
+  print ("TPS listens on the following ports. Please make \n");
+  print ("sure you specify unused ports.\n");
+  print ("************************************************\n");
+  print ("\n");
+
+  print ("Enter the UID that TPS should be running as [$defaultUID]: ");
+  chomp ($uid = <STDIN>);
+  if ($uid eq "") {
+    $uid = "$defaultUID";
+  }
+
+  my $defaultGID = $defaultUID;
+  print ("Enter the GID that TPS should be running as [$defaultGID]: ");
+  chomp ($gid = <STDIN>);
+  if ($gid eq "") {
+    $gid = "$defaultGID";
+  }
+
+ASK_EE_PORT:
+  print ("Enter the end entity port number of your TPS [7888]: ");
+  chomp ($port = <STDIN>);
+  if ($port eq "") {
+    $port = "7888";
+  }
+  if ($port eq "") {
+    goto ASK_EE_PORT;
+  }
+
+ASK_AGENT_PORT:
+  print ("Enter the agent port number of your TPS [7889]: ");
+  chomp ($securePort = <STDIN>);
+  if ($securePort eq "") {
+    $securePort = "7889";
+  }
+  if ($securePort eq "") {
+    goto ASK_AGENT_PORT;
+  }
+
+  print ("\n");
+  print ("************************************************\n");
+  print ("AUTHENTICATION (LDAP) DIRECTORY SECTION \n");
+  print ("\n");
+  print ("TPS verifies the user IDs and \n");
+  print ("passwords against this LDAP database before executing \n");
+  print ("requests from users.\n");
+  print ("************************************************\n");
+  print ("\n");
+
+ASK_AUTH_HOST:
+  print ("Enter the hostname of the authentication directory [$defaultServerName]: ");
+  chomp ($ldapHost = <STDIN>);
+  if ($ldapHost eq "") {
+    $ldapHost = "$defaultServerName";
+  }
+  if ($ldapHost eq "") {
+    goto ASK_AUTH_HOST;
+  }
+
+ASK_AUTH_PORT:
+  print ("Enter the port number of the authentication directory [389]: ");
+  chomp ($ldapPort = <STDIN>);
+  if ($ldapPort eq "") {
+    $ldapPort = "389";
+  }
+  if ($ldapPort eq "") {
+    goto ASK_AUTH_PORT;
+  }
+
+ASK_AUTH_ROOT:
+  print ("Enter the root suffix of the authentication directory [$defaultSuffix]: ");
+  chomp ($ldapRoot = <STDIN>);
+  if ($ldapRoot eq "") {
+    $ldapRoot = "$defaultSuffix";
+  }
+  if ($ldapRoot eq "") {
+    goto ASK_AUTH_ROOT;
+  }
+
+  print ("\n");
+  print ("************************************************\n");
+  print ("CA CONNECTION SECTION \n");
+  print ("\n");
+  print ("TPS submits certificate requests \n");
+  print ("to CA for signing.\n");
+  print ("************************************************\n");
+  print ("\n");
+
+ASK_CA_HOST:
+  print ("Enter the hostname of the CA [$defaultServerName]: ");
+  chomp ($caHost = <STDIN>);
+  if ($caHost eq "") {
+    $caHost = "$defaultServerName";
+  }
+  if ($caHost eq "") {
+    goto ASK_CA_HOST;
+  }
+
+ASK_CA_PORT:
+  print ("Enter the secure end entity port number of the CA [443]: ");
+  chomp ($caPort = <STDIN>);
+  if ($caPort eq "") {
+    $caPort = "443";
+  }
+  if ($caPort eq "") {
+    goto ASK_CA_PORT;
+  }
+
+  print ("\n");
+  print ("************************************************\n");
+  print ("TKS CONNECTION SECTION \n");
+  print ("\n");
+  print ("TPS obtains session keys from TKS \n");
+  print ("for establishing secure channels.\n");
+  print ("************************************************\n");
+  print ("\n");
+
+ASK_TKS_HOST:
+  print ("Enter the hostname of the TKS [$defaultServerName]: ");
+  chomp ($tksHost = <STDIN>);
+  if ($tksHost eq "") {
+    $tksHost = "$defaultServerName";
+  }
+  if ($tksHost eq "") {
+    goto ASK_TKS_HOST;
+  }
+
+ASK_TKS_PORT:
+  print ("Enter the secure agent port number of the TKS [8100]: ");
+  chomp ($tksPort = <STDIN>);
+  if ($tksPort eq "") {
+    $tksPort = "8100";
+  }
+  if ($tksPort eq "") {
+    goto ASK_TKS_PORT;
+  }
+
+  print ("\n");
+  print ("Do you want to perform server-side key generation optionally [yes]: \n");
+  chomp ($continue = <STDIN>);
+  print ("\n");
+
+  if ($continue eq "") {
+    $continue = "yes";
+  }
+  if ($continue eq "yes") {
+    $serverKeyGen = "true";
+
+    print ("************************************************\n");
+    print ("DRM CONNECTION SECTION \n");
+    print ("\n");
+    print ("TPS submits archival and recovery requests \n");
+    print ("to DRM.\n");
+    print ("************************************************\n");
+    print ("\n");
+
+ASK_DRM_HOST:
+    print ("Enter the hostname of the DRM [$defaultServerName]: ");
+    chomp ($drmHost = <STDIN>);
+    if ($drmHost eq "") {
+      $drmHost = "$defaultServerName";
+    }
+    if ($drmHost eq "") {
+      goto ASK_DRM_HOST;
+    }
+
+ASK_DRM_PORT:
+    print ("Enter the secure agent port number of the DRM [8100]: ");
+    chomp ($drmPort = <STDIN>);
+    if ($drmPort eq "") {
+      $drmPort = "8100";
+    }
+    if ($drmPort eq "") {
+      goto ASK_DRM_PORT;
+    }
+    print ("\n");
+  } else {
+    $serverKeyGen = "false";
+  }
+
+  print ("************************************************\n");
+  print ("TOKEN DATABASE (LDAP) CONNECTION SECTION \n");
+  print ("\n");
+  print ("TPS sends statistics information to the database \n");
+  print ("for auditing purposes.\n");
+  print ("************************************************\n");
+  print ("\n");
+
+ASK_TUS_HOST:
+  print ("Enter the hostname of the token database [$defaultServerName]: ");
+  chomp ($tusHost = <STDIN>);
+  if ($tusHost eq "") {
+    $tusHost = "$defaultServerName";
+  }
+  if ($tusHost eq "") {
+    goto ASK_TUS_HOST;
+  }
+
+ASK_TUS_PORT:
+  print ("Enter the port number of the token database [3890]: ");
+  chomp ($tusPort = <STDIN>);
+  if ($tusPort eq "") {
+    $tusPort = "3890";
+  }
+  if ($tusPort eq "") {
+    goto ASK_TUS_PORT;
+  }
+
+ASK_TUS_ROOT:
+  print ("Enter the root suffix of the token database [$defaultSuffix]: ");
+  chomp ($tusRoot = <STDIN>);
+  if ($tusRoot eq "") {
+    $tusRoot = "$defaultSuffix";
+  }
+  if ($tusRoot eq "") {
+    goto ASK_TUS_ROOT;
+  }
+
+ASK_TUS_PWD:
+  print ("Enter the password of the directory manager: ");
+  if (!&IsWindows()) {
+    system("stty -echo");
+  }
+  chomp ($tusPass = <STDIN>);
+  if (!&IsWindows()) {
+    system("stty echo");
+  }
+  if ($tusPass eq "") {
+    goto ASK_TUS_PWD;
+  }
+        
+  if (&IsWindows()) {
+    $tmpDir = "c:\\temp";
+  } else {
+    $tmpDir = "/tmp";
+  }
+  print ("\n");
+}
+
+sub ToContinue
+{
+  do {
+    print ("Please enter 'proceed' to continue.\n");
+    chomp ($continue = <STDIN>);
+  } while ($continue ne "proceed");
+}
+
+sub CreateSecurityDatabase
+{
+  print ("This program is about to create the NSS certificate DB.\n");
+  &ToContinue();
+  print ("\n");
+
+  &CertUtil_CreateDatabase($serverRoot, "$instanceID-$serverID-");
+  print ("\n");
+
+  print ("This program is about to generate the certificate request.\n");
+  &ToContinue();
+  print ("\n");
+
+ASK_SERVER_CERT:
+  &CertUtil_GenerateCSR($serverRoot, "$instanceID-$serverID-", 
+     $hsm, "CN=" . $serverName);
+  print ("\n");
+
+  print ("Please submit the certificate request to the CA's Manual TPS Server Certificate Enrollment profile for signing.\n");
+  print ("Note that correct OIDs (i.e. 1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2 and 1.3.6.1.5.5.7.3.4) must be populated in the\n");
+  print ("extended key usage extension of the certificate.\n");
+  print ("In addition, this certificate must be added to \n");
+  print ("CA and TKS as trusted agent.\n");
+  print ("\n");
+  print ("This program is about to import the TPS system certificate.\n");
+  print ("Please paste in your certificate (including header and footer).\n");
+  print ("\n");
+  my $serverCert = &PromptCertificate();
+  &CertUtil_ImportServerCert($serverRoot, "$instanceID-$serverID-", 
+    $hsm, $nickName, $serverCert);
+  print ("\n");
+
+  &CertUtil_Print($serverRoot, "$instanceID-$serverID-", $hsm, $nickName);
+  print ("\n");
+  print ("Is the server certificate correct [yes]: \n");
+  chomp ($continue = <STDIN>);
+  print ("\n");
+  if ($continue eq "") {
+    $continue = "yes";
+  }
+  if ($continue eq "no") {
+    goto ASK_SERVER_CERT;
+  }
+
+  $i = 0;
+  print ("This program is about to import one or more CA certificates.\n");
+  while (1) {
+ASK_AGAIN:
+    print ("Do you have CA certificate to import [yes]: \n");
+    chomp ($continue = <STDIN>);
+    print ("\n");
+    if ($continue eq "") {
+      $continue = "yes";
+    }
+    if ($continue eq "no") {
+      goto DONE;
+    }
+    print ("Please paste in your CA certificate (including header and footer).\n");
+    print ("\n");
+    my $caCert = &PromptCertificate();
+    &CertUtil_ImportCACert($serverRoot, "$instanceID-$serverID-", 
+        $hsm_ca, "caCert$i $instanceID", "$caCert");
+    print ("\n");
+
+    &CertUtil_Print($serverRoot, "$instanceID-$serverID-", $hsm_ca, "caCert$i $instanceID");
+    print ("\n");
+    print ("Is the CA certificate correct [yes]: \n");
+    chomp ($continue = <STDIN>);
+    print ("\n");
+    if ($continue eq "") {
+      $continue = "yes";
+    }
+    if ($continue eq "no") {
+      &CertUtil_Delete($serverRoot, "$instanceID-$serverID-", $hsm, "caCert$i $instanceID");
+      goto ASK_AGAIN;
+    }
+    $i++;
+  }
+
+DONE:
+
+  print ("The following shows all imported certificates.\n");
+  &CertUtil_List($serverRoot, "$instanceID-$serverID-", $hsm);
+  print ("\n");
+  &ToContinue();
+}
+
+sub PromptCertificate
+{
+  my $startCert = 0;
+  my $cert;
+  while (1) {
+    chomp ($continue = <STDIN>);
+    if ($continue eq "-----END CERTIFICATE-----") {
+      $cert .= $continue . "\n";
+      goto DONE;
+    }
+    if ($startCert == 1) {
+      $cert .= $continue . "\n";
+    }
+    if ($continue eq "-----BEGIN CERTIFICATE-----") {
+      $startCert = 1;
+      $cert .= $continue . "\n";
+    }
+  }
+DONE:
+  return $cert;
+}
+
+sub Main
+{
+  if (&IsWindows()) {
+    $pathSep = ";";
+    $objExt = ".dll";
+    $libPrefix = "";
+  } else {
+    $pathSep = ":";
+    $objExt = ".so";
+    $libPrefix = "lib";
+  }
+
+  if ($hsm eq "") {
+    $hsmLabel = "";
+  } else {
+    $hsmLabel = $hsm . ":";
+  }
+
+  &PromptUser();
+
+  print ("************************************************\n");
+  print ("TPS INSTANCE CREATION \n");
+  print ("************************************************\n");
+  print ("This program is about to create the TPS instance.\n");
+  print ("If there is any error, please ctrl-C to exit and ");
+  print ("restart the process.\n");
+  print ("\n");
+  &ToContinue();
+  print ("\n");
+
+  &CreateInstanceDir();
+  &CopyTemplates();
+  &PopulateTPSTemplates();
+  print ("\n");
+
+  print ("************************************************\n");
+  print ("SECURITY DATABASE CREATION (OPTIONAL) \n");
+  print ("\n");
+  print ("Keys and certificates will be stored in the security\n");
+  print ("databases.\n");
+  print ("************************************************\n");
+
+  print ("This program is about to create the security databases.\n");
+
+ASK_AGAIN:
+  print ("Do you want to create the security databases automatically [yes]: \n");
+  chomp ($continue = <STDIN>);
+  print ("\n");
+
+  if ($continue eq "") {
+    $continue = "yes";
+  }
+  if ($continue eq "no") {
+    print ("Please place your own security databases ");
+    print ("in $serverRoot/alias/$instanceID-$serverID-*.db\n");
+    print ("\n");
+  } elsif ($continue eq "yes") {
+    &CreateSecurityDatabase();
+  } else {
+    goto ASK_AGAIN;
+  }
+
+  print ("************************************************\n");
+  print ("TOKEN DATABASE POPULATION (OPTIONAL) \n");
+  print ("\n");
+  print ("Token database's Schema and default structure will be setup.\n");
+  print ("Your first authorized agent certificate will be \n");
+  print ("imported into the database. TPS agent port can \n");
+  print ("be accessed by browser that contain the authorized \n");
+  print ("agent certificate.\n");
+  print ("************************************************\n");
+  print ("This program is about to populate the token database.\n");
+
+ASK_AGAIN2:
+  print ("Do you want to populate the token database automatically [yes]: \n");
+  chomp ($continue = <STDIN>);
+  print ("\n");
+  if ($continue eq "") {
+    $continue = "yes";
+  }
+  if ($continue eq "no") {
+    print ("Please populate the token database manually.\n");
+  } elsif ($continue eq "yes") {
+    &PopulateTUS();
+  } else {
+    goto ASK_AGAIN2;
+  }
+
+  print ("\n");
+  print ("************************************************\n");
+  print ("SETUP IS DONE \n");
+  print ("************************************************\n");
+  print ("You should manually start your TPS by \n");
+  print ("running the start script in the TPS instance.\n");
+  print ("\n");
+  print ("  $serverRoot/$instanceID/start\n");
+  print ("\n");
+  print ("You can use your ESC client to access TPS's \n");
+  print ("end entity port.\n");
+  print ("\n");
+  print ("  http://$serverName:$port/nk_service\n");
+  print ("\n");
+  print ("You can use your browser to access TPS's \n");
+  print ("agent port for agent/administrator operations.\n");
+  print ("\n");
+  print ("  https://$serverName:$securePort/tus\n");
+  print ("\n");
+  print ("\n");
+}
+
+sub CopyTemplate
+{
+  my ($from, $to) = @_;
+
+  print "Copying $from to $to ...\n";
+  open(IN, "<$from");
+  open(OUT, ">$to");
+  while (<IN>) {
+    s/\[SERVER_ROOT\]/$serverRoot/g;
+    s/\[INSTANCE_ID\]/$instanceID/g;
+    s/\[SERVER_NAME\]/$serverName/g;
+    s/\[PORT\]/$port/g;
+    s/\[SECURE_PORT\]/$securePort/g;
+    s/\[NICKNAME\]/$nickName/g;
+    s/\[USERID\]/$uid/g;
+    s/\[GROUPID\]/$gid/g;
+    s/\[TMP_DIR\]/$tmpDir/g;
+    s/\[TPS_DIR\]/$tpsDir/g;
+    s/\[LIB_PREFIX\]/$libPrefix/g;
+    s/\[OBJ_EXT\]/$objExt/g;
+    s/\[HSM_LABEL\]/$hsmLabel/g;
+    s/\[TUS_AGENT_CERT\]/$tusAgentCert/g;
+    s/\[TUS_HOST\]/$tusHost/g;
+    s/\[TUS_PORT\]/$tusPort/g;
+    s/\[TUS_ROOT\]/$tusRoot/g;
+    s/\[TUS_PASS\]/$tusPass/g;
+    s/\[CA_HOST\]/$caHost/g;
+    s/\[CA_PORT\]/$caPort/g;
+    s/\[DRM_HOST\]/$drmHost/g;
+    s/\[DRM_PORT\]/$drmPort/g;
+    s/\[SERVER_KEYGEN\]/$serverKeyGen/g;
+    s/\[TKS_HOST\]/$tksHost/g;
+    s/\[TKS_PORT\]/$tksPort/g;
+    s/\[LDAP_HOST\]/$ldapHost/g;
+    s/\[LDAP_PORT\]/$ldapPort/g;
+    s/\[LDAP_ROOT\]/$ldapRoot/g;
+    s/\[PROCESS_ID\]/$$/g;
+    print OUT $_;
+  }
+  close(OUT);
+  close(IN);
+}
+
+sub IsWindows
+{
+  if ($^O eq "MSWin32") {
+    return 1;
+  } else {
+    return 0;
+  }
+}
+
+sub CopyFiles
+{
+  my ($from, $to) = @_;
+
+  print("Copying files from $from to $to ...\n");
+  if (&IsWindows()) {
+    system("xcopy /E /I /Q $from $to");
+  } else {
+    system("cp -R $from $to");
+  }
+}
+
+sub PopulateTPSTemplates
+{
+  &CopyTemplate("$tpsDir/config/CS.cfg", 
+    "$serverRoot/$instanceID/config/CS.cfg");
+
+  print "Creating $serverRoot/cgi-bin ...\n";
+  mkdir ("$serverRoot/cgi-bin", 0755);
+
+  &CopyFiles("$tpsDir/forms/esc", "$serverRoot/cgi-bin");
+  &CopyFiles("$tpsDir/forms/tus", "$serverRoot/cgi-bin");
+}
+
+sub PopulateTUS
+{
+  print ("Please paste in your TPS Agent certificate (including header and footer).\n");
+  print ("\n");
+  my $cert = &PromptCertificate();
+  $cert =~ s/-----BEGIN CERTIFICATE-----\s*//g;
+  $cert =~ s/-----END CERTIFICATE-----\s*//g;
+  $cert =~ s/\s*//g;
+
+  $tusAgentCert = $cert;
+
+  print ("\n");
+  &ToContinue();
+  print ("\n");
+
+  open(F1, "$tpsDir/scripts/addVLVIndexes.ldif");
+  open(F2, ">$serverRoot/$instanceID/config/addVLVIndexes.ldif");
+  while (<F1>) {
+    s/{rootSuffix}/$tusRoot/;
+    print F2 $_;
+  }
+
+  close(F1);
+  close(F2);
+  &LDAPAdd("$serverRoot/$instanceID/config/addVLVIndexes.ldif");
+
+  &CopyTemplate("$tpsDir/scripts/schemaMods.ldif", 
+    "$serverRoot/$instanceID/config/schemaMods.ldif");
+  &CopyTemplate("$tpsDir/scripts/addTokens.ldif", 
+    "$serverRoot/$instanceID/config/addTokens.ldif");
+  &CopyTemplate("$tpsDir/scripts/addIndexes.ldif", 
+    "$serverRoot/$instanceID/config/addIndexes.ldif");
+  &CopyTemplate("$tpsDir/scripts/addAgents.ldif", 
+    "$serverRoot/$instanceID/config/addAgents.ldif");
+
+  &LDAPModify("$serverRoot/$instanceID/config/schemaMods.ldif");
+  &LDAPAdd("$serverRoot/$instanceID/config/addIndexes.ldif");
+  &LDAPAdd("$serverRoot/$instanceID/config/addTokens.ldif");
+  &LDAPAdd("$serverRoot/$instanceID/config/addAgents.ldif");
+}
+
+sub CopyTemplates
+{
+  &CopyTemplate("./templates/start", "$serverRoot/$instanceID/start");
+  chmod(0755, "$serverRoot/$instanceID/start");
+  &CopyTemplate("./templates/stop", "$serverRoot/$instanceID/stop");
+  chmod(0755, "$serverRoot/$instanceID/stop");
+  &CopyTemplate("./templates/config/contexts.properties", 
+    "$serverRoot/$instanceID/config/contexts.properties");
+  &CopyTemplate("./templates/config/jvm12.conf", 
+    "$serverRoot/$instanceID/config/jvm12.conf");
+  &CopyTemplate("./templates/config/magnus.conf", 
+    "$serverRoot/$instanceID/config/magnus.conf");
+  &CopyTemplate("./templates/config/magnus.conf.clfilter", 
+    "$serverRoot/$instanceID/config/magnus.conf.clfilter");
+  &CopyTemplate("./templates/config/mime.types", 
+    "$serverRoot/$instanceID/config/mime.types");
+  &CopyTemplate("./templates/config/obj.conf", 
+    "$serverRoot/$instanceID/config/obj.conf");
+  &CopyTemplate("./templates/config/obj.conf.clfilter", 
+    "$serverRoot/$instanceID/config/obj.conf.clfilter");
+  &CopyTemplate("./templates/config/rules.properties", 
+    "$serverRoot/$instanceID/config/rules.properties");
+  &CopyTemplate("./templates/config/server.dtd", 
+    "$serverRoot/$instanceID/config/server.dtd");
+  &CopyTemplate("./templates/config/server.xml", 
+    "$serverRoot/$instanceID/config/server.xml");
+  &CopyTemplate("./templates/config/server.xml.clfilter", 
+    "$serverRoot/$instanceID/config/server.xml.clfilter");
+  &CopyTemplate("./templates/config/servlets.properties", 
+    "$serverRoot/$instanceID/config/servlets.properties");
+  &CopyTemplate("./templates/config/web-apps.xml", 
+    "$serverRoot/$instanceID/config/web-apps.xml");
+  &CopyTemplate("./templates/config/web-apps.xml.clfilter", 
+    "$serverRoot/$instanceID/config/web-apps.xml.clfilter");
+}
+
+sub CreateInstanceDir
+{
+  print "Creating $serverRoot/$instanceID ...\n";
+  mkdir ("$serverRoot/$instanceID", 0755);
+
+  print "Creating $serverRoot/$instanceID/config ...\n";
+  mkdir ("$serverRoot/$instanceID/config", 0755);
+
+  print "Creating $serverRoot/$instanceID/logs ...\n";
+  mkdir ("$serverRoot/$instanceID/logs", 0755);
+}
+
+sub getPath
+{
+  if (&IsWindows()) {
+    return $ENV{PATH};
+  } else {
+    return $ENV{LD_LIBRARY_PATH};
+  }
+}
+
+sub setPath
+{
+  my ($path) = @_;
+
+  if (&IsWindows()) {
+    $ENV{PATH} = $path;
+  } else {
+    $ENV{LD_LIBRARY_PATH} = $path;
+  }
+}
+
+sub CertUtil_CreateDatabase
+{
+  my ($serverRoot, $prefix) = @_;
+	
+  $OrgPath = &getPath();
+  &setPath($serverRoot . "/bin/cert/lib"  . $pathSep . $OrgPath);
+
+  system("$serverRoot/bin/cert/tools/certutil -N -d $serverRoot/alias -P $prefix");
+
+  &setPath($OrgPath);
+}
+
+sub CertUtil_GenerateCSR
+{
+  my ($serverRoot, $prefix, $token, $subject) = @_;
+
+  $OrgPath = &getPath();
+  &setPath($serverRoot . "/bin/cert/lib" . $pathSep . $OrgPath);
+
+  system("$serverRoot/bin/cert/tools/certutil -R -d $serverRoot/alias -P $prefix -h '$token' -s '$subject' -a");
+
+  &setPath($OrgPath);
+}
+
+sub CertUtil_List
+{
+  my ($serverRoot, $prefix, $token) = @_;
+
+  $OrgPath = &getPath();
+  &setPath($serverRoot . "/bin/cert/lib" . $pathSep . $OrgPath);
+
+  system("$serverRoot/bin/cert/tools/certutil -L -d $serverRoot/alias -P $prefix -h '$token'");
+
+  &setPath($OrgPath);
+}
+
+sub CertUtil_Print
+{
+  my ($serverRoot, $prefix, $token, $nickName) = @_;
+
+  $OrgPath = &getPath();
+  &setPath($serverRoot . "/bin/cert/lib" . $pathSep . $OrgPath);
+
+  if ($token ne "") {
+    #57616 - certutil is not being consistent, nickname 
+    #        requires token name for no reason.
+    system("$serverRoot/bin/cert/tools/certutil -L -d $serverRoot/alias -P $prefix -h '$token' -n '$token:$nickName'");
+  } else {
+    system("$serverRoot/bin/cert/tools/certutil -L -d $serverRoot/alias -P $prefix -h '$token' -n '$nickName'");
+  }
+
+  &setPath($OrgPath);
+}
+
+sub CertUtil_Delete
+{
+  my ($serverRoot, $prefix, $token, $nickName) = @_;
+
+  $OrgPath = &getPath();
+  &setPath($serverRoot . "/bin/cert/lib" . $pathSep . $OrgPath);
+
+  system("$serverRoot/bin/cert/tools/certutil -D -d $serverRoot/alias -P $prefix -h '$token' -n '$nickName'");
+
+  &setPath($OrgPath);
+}
+
+sub CertUtil_ImportServerCert
+{
+  my ($serverRoot, $prefix, $token, $nickName, $cert) = @_;
+
+  $OrgPath = &getPath();
+  &setPath($serverRoot . "/bin/cert/lib" . $pathSep . $OrgPath);
+
+  open(F, "|$serverRoot/bin/cert/tools/certutil -A -d $serverRoot/alias -P $prefix -h '$token' -n '$nickName' -t 'u,u,u' -a");
+  print F $cert;
+  close(F);
+
+  &setPath($OrgPath);
+}
+
+sub CertUtil_ImportCACert
+{
+  my ($serverRoot, $prefix, $token, $nickName, $cert) = @_;
+
+  $OrgPath = &getPath();
+  &setPath($serverRoot . "/bin/cert/lib" . $pathSep . $OrgPath);
+
+  open(F, "|$serverRoot/bin/cert/tools/certutil -A -d $serverRoot/alias -P $prefix -h '$token' -n '$nickName' -t 'CT,CT,CT' -a");
+  print F $cert;
+  close(F);
+
+  &setPath($OrgPath);
+}
+
+sub LDAPModify
+{
+  my ($file) = @_;
+
+  $OrgPath = &getPath();
+  &setPath($serverRoot . "/shared/lib" . $pathSep . $OrgPath);
+
+  system("$serverRoot/shared/bin/ldapmodify -h '$tusHost' -p '$tusPort' -D 'cn=directory manager' -w '$tusPass' -f '$file'");
+
+  &setPath($OrgPath);
+}
+
+sub LDAPAdd
+{
+  my ($file) = @_;
+
+  $OrgPath = &getPath();
+  &setPath($serverRoot . "/shared/lib" . $pathSep . $OrgPath);
+
+  system("$serverRoot/shared/bin/ldapmodify -h '$tusHost' -p '$tusPort' -D 'cn=directory manager' -w '$tusPass' -a -f '$file'");
+
+  &setPath($OrgPath);
+}
+
+&Main();
diff --git a/pki/base/tps/setup/postinstall b/pki/base/tps/setup/postinstall
new file mode 100755
index 000000000..4ee7969a2
--- /dev/null
+++ b/pki/base/tps/setup/postinstall
@@ -0,0 +1,67 @@
+#!/bin/bash
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+###############################################################################
+##  (1)  Check command line arguments to see how many were passed in.        ##
+###############################################################################
+                                                                                
+if [ $# -eq 4 ]
+then
+	PKI_PRODUCT_NAME=$1
+	PKI_SUBSYSTEM_NAME=$2
+	VERSION=$3
+	RELEASE=$4
+else
+	echo
+	echo "Usage:  $0 PKI_product_name PKI_subsystem_name version release"
+	echo
+
+	exit 255
+fi
+
+
+###############################################################################
+##  (2)  Specify variables used by this script.                              ##
+###############################################################################
+
+PKI_INSTANCE_NAME="${PKI_PRODUCT_NAME}-${PKI_SUBSYSTEM_NAME}"
+SECURE_PORT=7889
+UNSECURE_PORT=7888
+
+
+###############################################################################
+##  (3)  Create the first instance of a Token Processing System (TPS).       ##
+###############################################################################
+
+if [ ! -e "/var/lib/${PKI_INSTANCE_NAME}" ]
+then
+	/usr/bin/pkicreate -pki_instance_root=/var/lib -pki_instance_name=${PKI_INSTANCE_NAME} -subsystem_type=${PKI_SUBSYSTEM_NAME} -secure_port=${SECURE_PORT} -unsecure_port=${UNSECURE_PORT} -redirect conf=/etc/${PKI_INSTANCE_NAME} -redirect logs=/var/log/${PKI_INSTANCE_NAME}
+fi
+
+
+###############################################################################
+##  (4)  Successfully exit from this postinstallation script.                ##
+###############################################################################
+
+exit 0
+
diff --git a/pki/base/tps/setup_package b/pki/base/tps/setup_package
new file mode 100755
index 000000000..52e90fb40
--- /dev/null
+++ b/pki/base/tps/setup_package
@@ -0,0 +1,361 @@
+#!/bin/bash
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+###############################################################################
+##  (1)  Check command line arguments to see how many were passed in.        ##
+###############################################################################
+
+if [ $# -eq 7 ]
+then
+	PKI_BUILD_PREFIX=$1
+	PKI_PRODUCT_NAME=$2
+	PKI_SUBSYSTEM_NAME=$3
+	VERSION=$4
+	RELEASE=$5
+	ARCHITECTURE=$6
+	PKI_STAGING_PATH=$7
+else
+	echo
+	echo "Usage:  $0 PKI_build_prefix PKI_product_name PKI_subsystem_name"
+	echo "        version release architecture pki_staging_path"
+	echo
+
+	exit 255
+fi
+
+
+###############################################################################
+##  (2)  Specify variables used by this script.                              ##
+###############################################################################
+
+# specify generic helper functions
+usage() {
+	if [ $# -gt 0 ] ; then
+		echo
+		echo "$1"
+	fi
+	echo
+	echo "Usage:  $0 PKI_build_prefix PKI_product_name PKI_subsystem_name"
+	echo "        version release architecture"
+	echo
+	echo "        where architecture MUST be 'intel',"
+	echo "                                   'sparc', or"
+	echo "                                   'sparcv9'."
+	echo
+	echo "        NOTE:  For 'intel' architectures, only the 'i386' and"
+	echo "               the 'x86_64' architectures are currently supported."
+	echo
+}
+
+# specify generic helper variables
+OS=`uname`
+if   [ ${OS} = "Linux" ] ; then
+	if   [ -e /etc/fedora-release ] ; then
+		USE_OPT_FORTITUDE="FALSE"
+	elif [ -e /etc/redhat-release ] ; then
+		RHEL_VERSION=`rpm -qf --qf='%{VERSION}' /etc/redhat-release | tr -d [A-Za-z]`
+		if [ ${RHEL_VERSION} = "4" ]; then
+			USE_OPT_FORTITUDE="TRUE"
+		else
+			USE_OPT_FORTITUDE="FALSE"
+		fi
+	else
+		usage "ERROR:  Only Fedora and Red Hat '${OS}' are supported!"
+		exit 255
+	fi
+elif [ ${OS} = "SunOS" ] ; then
+	USE_OPT_FORTITUDE="TRUE"
+else
+	usage "ERROR:  Unsupported operating system '${OS}'!"
+	exit 255
+fi
+
+if  [ ${ARCHITECTURE} = "intel" ] ; then
+	# Since "rpmbuild" fails to process "%ifarch" macros inside the
+	# "%install" section of a spec file, the actual hardware
+	# architecture will be determined at this point in time.
+	ARCHITECTURE=`uname -i`
+	if   [ ${ARCHITECTURE} = "i386" ] ; then
+		LIB_DIR="lib"
+		WRAPPER_DIR="bin"
+	elif [ ${ARCHITECTURE} = "x86_64" ] ; then
+		LIB_DIR="lib64"
+		WRAPPER_DIR="bin"
+	else
+		usage "ERROR:  Unsupported intel architecture '${ARCHITECTURE}'!"
+		exit 255
+	fi
+elif [ ${ARCHITECTURE} = "sparc" ] ; then
+	# Note that "pkgbuild" successfully processes "%ifarch" macros
+	# inside the "%install" section of a spec file.
+	LIB_DIR="lib"
+	WRAPPER_DIR="bin"
+elif [ ${ARCHITECTURE} = "sparcv9" ] ; then
+	# Note that "pkgbuild" successfully processes "%ifarch" macros
+	# inside the "%install" section of a spec file.
+	LIB_DIR="lib/sparcv9"
+	WRAPPER_DIR="bin"
+else
+	usage "ERROR:  Unsupported architecture '${ARCHITECTURE}'!"
+	exit 255
+fi
+
+# break the VERSION number into its various components
+MAJOR_VERSION=`echo ${VERSION} | awk -F. '{ print $1 }'`
+MINOR_VERSION=`echo ${VERSION} | awk -F. '{ print $2 }'`
+PATCH_VERSION=`echo ${VERSION} | awk -F. '{ print $3 }'`
+
+PRODUCT_VERSION=${MAJOR_VERSION}.${MINOR_VERSION}
+
+
+# comply with standard FHS 2.3 binary locations (executables)
+PKI_EXECUTABLES=${PKI_BUILD_PREFIX}/usr/${LIB_DIR}/${PKI_PRODUCT_NAME}/${PKI_SUBSYSTEM_NAME}
+
+# comply with standard FHS 2.3 library locations
+SYSTEM_LIBRARIES=${PKI_BUILD_PREFIX}/usr/${LIB_DIR}
+
+# comply with standard Apache 2.0 module locations
+if [ "${USE_OPT_FORTITUDE}" = "TRUE" ] ; then
+	APACHE_MODULES=${PKI_BUILD_PREFIX}/opt/fortitude/modules.local
+else
+	APACHE_MODULES=${PKI_BUILD_PREFIX}/etc/httpd/modules
+fi
+
+# comply with standard JPackage 1.6.0 jar locations
+
+# comply with standard FHS 2.3 binary locations (wrappers)
+PKI_WRAPPERS=${PKI_BUILD_PREFIX}/usr/${WRAPPER_DIR}
+
+# comply with standard FHS 2.3 shared data locations (templates)
+PKI_SHARED_DATA=${PKI_BUILD_PREFIX}/usr/share/${PKI_PRODUCT_NAME}
+PKI_SUBSYSTEM_SHARED_DATA=${PKI_SHARED_DATA}/${PKI_SUBSYSTEM_NAME}
+PKI_SUBSYSTEM_SHARED_DOCROOT_DATA=${PKI_SHARED_DATA}/${PKI_SUBSYSTEM_NAME}/docroot
+PKI_SUBSYSTEM_SHARED_PERL_MODULES=${PKI_SUBSYSTEM_SHARED_DATA}/lib/perl/PKI/TPS
+PKI_SUBSYSTEM_SHARED_PERL_TEMPLATES=${PKI_SUBSYSTEM_SHARED_DATA}/lib/perl/Template
+
+# comply with standard FHS 2.3 start/stop script locations
+
+# comply with standard FHS 2.3 configuration file locations
+
+# comply with standard FHS 2.3 documentation locations
+PKI_DOCUMENTATION=${PKI_BUILD_PREFIX}/usr/share/doc/${PKI_PRODUCT_NAME}-${PKI_SUBSYSTEM_NAME}-${VERSION}
+
+# comply with standard FHS 2.3 log file locations
+
+# comply with default FHS 2.3 instance locations
+
+
+###############################################################################
+##  (3)  Create the appropriate subdirectories.                              ##
+###############################################################################
+
+##
+## System
+##
+
+mkdir -p ${PKI_WRAPPERS}
+
+
+##
+## Product
+##
+
+mkdir -p ${SYSTEM_LIBRARIES}
+mkdir -p ${APACHE_MODULES}
+
+
+##
+## Subsystem
+##
+
+mkdir -p ${PKI_DOCUMENTATION}
+mkdir -p ${PKI_EXECUTABLES}
+mkdir -p ${PKI_SHARED_DATA}
+mkdir -p ${PKI_SUBSYSTEM_SHARED_DATA}
+mkdir -p ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}
+mkdir -p ${PKI_SUBSYSTEM_SHARED_PERL_MODULES}
+mkdir -p ${PKI_SUBSYSTEM_SHARED_PERL_TEMPLATES}
+
+
+##
+## Initial Instance
+##
+
+
+###############################################################################
+##  (4)  Unpack the package contents to the appropriate subdirectories.      ##
+###############################################################################
+
+##
+## Executables
+##
+
+cp -p ${PKI_STAGING_PATH}/libexec/apachectl* ${PKI_EXECUTABLES}
+cp -p ${PKI_STAGING_PATH}/libexec/tpsclient* ${PKI_EXECUTABLES}
+
+
+##
+## Libraries
+##
+
+cp -p ${PKI_STAGING_PATH}/${LIB_DIR}/*.so     ${SYSTEM_LIBRARIES}
+cp -p ${PKI_STAGING_PATH}/apache/modules/*.so ${APACHE_MODULES}
+
+
+##
+## Jars
+##
+
+
+##
+## Wrappers
+##
+
+
+##
+## Shared Data
+##
+
+cp -rp ${PKI_STAGING_PATH}/doc/LICENSE         ${PKI_DOCUMENTATION}
+
+cp -rp ${PKI_STAGING_PATH}/templates*          ${PKI_SHARED_DATA}
+
+cp -rp ${PKI_STAGING_PATH}/alias*              ${PKI_SUBSYSTEM_SHARED_DATA}
+cp -rp ${PKI_STAGING_PATH}/applets*            ${PKI_SUBSYSTEM_SHARED_DATA}
+cp -rp ${PKI_STAGING_PATH}/cgi-bin*            ${PKI_SUBSYSTEM_SHARED_DATA}
+cp -rp ${PKI_STAGING_PATH}/conf*               ${PKI_SUBSYSTEM_SHARED_DATA}
+cp -p  ${PKI_STAGING_PATH}/docroot/index.html  ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}
+cp -rp ${PKI_STAGING_PATH}/docroot/demo*       ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}
+cp -rp ${PKI_STAGING_PATH}/docroot/home*       ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}
+cp -rp ${PKI_STAGING_PATH}/docroot/so*         ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}
+cp -rp ${PKI_STAGING_PATH}/docroot/sow*        ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}
+cp -rp ${PKI_STAGING_PATH}/docroot/tokendb*    ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}
+cp -rp ${PKI_STAGING_PATH}/docroot/tps*        ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}
+cp -rp ${PKI_STAGING_PATH}/etc*                ${PKI_SUBSYSTEM_SHARED_DATA}
+cp -rp ${PKI_STAGING_PATH}/logs*               ${PKI_SUBSYSTEM_SHARED_DATA}
+
+cp -rp ${PKI_STAGING_PATH}/perl/modules/*      ${PKI_SUBSYSTEM_SHARED_PERL_MODULES}
+cp -rp ${PKI_STAGING_PATH}/perl/templates/*    ${PKI_SUBSYSTEM_SHARED_PERL_TEMPLATES}
+cp -rp ${PKI_STAGING_PATH}/samples*            ${PKI_SUBSYSTEM_SHARED_DATA}
+cp -rp ${PKI_STAGING_PATH}/scripts*            ${PKI_SUBSYSTEM_SHARED_DATA}
+cp -rp ${PKI_STAGING_PATH}/setup*              ${PKI_SUBSYSTEM_SHARED_DATA}
+
+
+###############################################################################
+##  (5)  Unpack the package contents to the initial instance directories.    ##
+###############################################################################
+
+##
+## Start/Stop Script
+##
+
+
+##
+## Configuration
+##
+
+
+##
+## Logs
+##
+
+
+##
+## Default Instance
+##
+
+
+###############################################################################
+##  (6)  Rename the extracted contents following appropriate naming rules.   ##
+###############################################################################
+
+# comply with standard Linux/UNIX shared library naming conventions
+cd ${SYSTEM_LIBRARIES}                      ;
+mv libldapauth.so libldapauth.so.${VERSION} ;
+mv libtokendb.so libtokendb.so.${VERSION}   ;
+mv libtps.so libtps.so.${VERSION}
+
+# comply with standard JPackage 1.6.0 jar naming conventions
+
+
+###############################################################################
+##  (7)  Create a command wrapper for each specified command.                ##
+###############################################################################
+
+COMMANDS="tpsclient"
+
+create_wrapper()
+{
+	PRODUCT=$1
+	SUBSYSTEM=$2
+	COMMAND=$3
+
+	TEMPLATE=pki_subsystem_command_wrapper
+
+	WRAPPER=${PKI_WRAPPERS}/${COMMAND}
+
+	sed	-e "s|\[PKI_PRODUCT\]|${PRODUCT}|g"     \
+		-e "s|\[PKI_SUBSYSTEM\]|${SUBSYSTEM}|g" \
+		-e "s|\[PKI_COMMAND\]|${COMMAND}|g"     \
+		${PKI_SHARED_DATA}/templates/${TEMPLATE} > ${WRAPPER} ;
+}
+
+
+for cmd in ${COMMANDS}
+do
+	create_wrapper ${PKI_PRODUCT_NAME} ${PKI_SUBSYSTEM_NAME} ${cmd}
+done
+
+
+rm -rf ${PKI_SHARED_DATA}/templates
+
+
+###############################################################################
+##  (8)  Create useful symbolic links as appropriate.                        ##
+###############################################################################
+
+# create legacy "tus" directory symbolic-link for backwards compatibility
+cd ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}
+ln -s tokendb tus
+
+# create shared library sans version "linker-name" to protect this namespace
+cd ${SYSTEM_LIBRARIES}                                                  ;
+ln -s libldapauth.so.${VERSION} libldapauth.so.${PRODUCT_VERSION}       ;
+ln -s libldapauth.so.${PRODUCT_VERSION} libldapauth.so.${MAJOR_VERSION} ;
+ln -s libldapauth.so.${MAJOR_VERSION} libldapauth.so                    ;
+ln -s libtokendb.so.${VERSION} libtokendb.so.${PRODUCT_VERSION}         ;
+ln -s libtokendb.so.${PRODUCT_VERSION} libtokendb.so.${MAJOR_VERSION}   ;
+ln -s libtokendb.so.${MAJOR_VERSION} libtokendb.so                      ;
+ln -s libtps.so.${VERSION} libtps.so.${PRODUCT_VERSION}                 ;
+ln -s libtps.so.${PRODUCT_VERSION} libtps.so.${MAJOR_VERSION}           ;
+ln -s libtps.so.${MAJOR_VERSION} libtps.so
+
+# create jar sans version to be used by classpath
+
+# create assorted symbolic links to various file dependencies (Tomcat)
+
+
+###############################################################################
+##  (9)  Successfully exit from this setup script.                           ##
+###############################################################################
+
+exit 0
+
diff --git a/pki/base/tps/src/apdu/APDU.cpp b/pki/base/tps/src/apdu/APDU.cpp
new file mode 100644
index 000000000..1ae729cc5
--- /dev/null
+++ b/pki/base/tps/src/apdu/APDU.cpp
@@ -0,0 +1,331 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "engine/RA.h"
+#include "main/Util.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs an APDU.
+ *
+ * ==============
+ * APDU:
+ * APDU are commands that can be sent from an authorized entity
+ * (such as RA) to the token.  It takes the following form:
+ * ---------------------------------------------------
+ * | CLA | INS | P1  | P2  | lc  | data...
+ * ---------------------------------------------------
+ *
+ * The values for the APDU header: CLA, INS, P1, P2 and lc are defined
+ * in each individual APDU class.
+ *
+ * ==============
+ * Status Words (response):
+ * When APDUs are sent to the token, a response is returned.  The following
+ * is a list of all possible Return Codes (Status Words):
+ *
+ * <I'm hoping not having to type this out...waiting for Bob to get back
+ * to me with an electronic copy of his file...>
+ *
+ * ==============
+ * ObjectID:
+ *    byte[0] - an ASCII letter, 
+ *          'c' - An object containing PKCS11 attributes for a certificate
+ *          'k' - An object containing PKCS11 attributes for a public or private key
+ *          'r' - An object containing PKCS11 attributes for a "reader"
+ *          <upper case letters signify objects containing raw data 
+ *           corresponding to lower cases objects above
+ *    byte[1] - an ASCII numeral, in the range '0' - '9'
+ *    byte[2] - binary zero
+ *    byte[3] - binary zero
+ *
+ * ==============
+ * ACLs:
+ *    Each key or object on the card is associated with an ACL.
+ *
+ * ACL for objects:
+ * [2-byte] Read Permissions;
+ * [2-byte] Write Permissions;
+ * [2-byte] Delete Permissions;
+ *
+ * Each permission is a 2-byte word.  A 1 in a bit grants permission
+ * to it's corresponding identity if pass authentication.
+ * permission 2-byte word format:
+ * Bit 15 - reserved
+ * Bit 14 - Identity #14 (strong - Secure Channel required)
+ * Bit 13 - reserved
+ * ...
+ * Bit  7 - Identity #7 (PIN identity)
+ * ...
+ * Bit  1 - Identity #1 (PIN identity)
+ * Bit  0 - Identity #0 (PIN identity)
+ *
+ * All 0 means operation never allowed
+ */
+TPS_PUBLIC APDU::APDU ()
+{
+	m_data = Buffer(0, (BYTE)0);
+	m_mac = Buffer(0, (BYTE)0);
+} /* APDU */
+
+/**
+ * Destroys an APDU.
+ */ 
+TPS_PUBLIC APDU::~APDU ()
+{
+} /* ~APDU */
+
+/**
+ * Copy constructor.
+ */
+TPS_PUBLIC APDU::APDU (const APDU &cpy)
+{
+    *this = cpy;
+} /* APDU */
+
+/**
+ * Operator for simple assignment.
+ */
+TPS_PUBLIC APDU& APDU::operator=(const APDU &cpy)
+{
+    if (this == &cpy) 
+      return *this;
+    m_cla = cpy.m_cla;
+    m_ins = cpy.m_ins;
+    m_p1 = cpy.m_p1;
+    m_p2 = cpy.m_p2;
+    m_data = cpy.m_data;
+    return *this;
+} /* operator= */
+
+TPS_PUBLIC APDU_Type APDU::GetType()
+{
+	return APDU_UNDEFINED;
+}
+
+/**
+ * Sets APDU's CLA parameter.
+ */
+TPS_PUBLIC void APDU::SetCLA(BYTE cla)
+{
+    m_cla = cla;
+} /* SetCLA */
+
+/**
+ * Sets APDU's INS parameter.
+ */
+TPS_PUBLIC void APDU::SetINS(BYTE ins)
+{
+    m_ins = ins;
+} /* SetINS */
+
+/**
+ * Sets APDU's P1 parameter.
+ */
+TPS_PUBLIC void APDU::SetP1(BYTE p1)
+{
+    m_p1 = p1;
+} /* SetP1 */
+
+/**
+ * Sets APDU's P2 parameter.
+ */
+TPS_PUBLIC void APDU::SetP2(BYTE p2)
+{
+    m_p2 = p2;
+} /* SetP2 */
+
+
+TPS_PUBLIC BYTE APDU::GetCLA()
+{
+	return m_cla;
+}
+
+TPS_PUBLIC BYTE APDU::GetINS()
+{
+	return m_ins;
+}
+
+TPS_PUBLIC BYTE APDU::GetP1()
+{
+	return m_p1;
+}
+
+TPS_PUBLIC BYTE APDU::GetP2()
+{
+	return m_p2;
+}
+
+TPS_PUBLIC Buffer &APDU::GetData()
+{
+	return m_data;
+}
+
+TPS_PUBLIC Buffer &APDU::GetMAC()
+{
+	return m_mac;
+}
+
+/**
+ * Sets APDU's data parameter.
+ */
+TPS_PUBLIC void APDU::SetData(Buffer &data)
+{
+    m_data = data;
+} /* SetData */
+
+TPS_PUBLIC void APDU::SetMAC(Buffer &mac)
+{
+    m_mac = mac;
+} /* SetMAC */
+
+/**
+ * populates "data" with data that's to be mac'd.
+ * note: mac is not handled in here
+ *
+ * @param data results buffer
+ */
+TPS_PUBLIC void APDU::GetDataToMAC(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, (BYTE)m_data.size() + 8);
+    data += Buffer(m_data, m_data.size());
+}
+
+/*
+ * pad the message, if needed, and then
+ * encrypt it with the encryption session key
+ * and then set data
+ *
+ */
+TPS_PUBLIC PRStatus APDU::SecureMessage(PK11SymKey *encSessionKey)
+{
+    PRStatus rv = PR_SUCCESS;
+    Buffer data_to_enc;
+    Buffer padding;
+    Buffer data_encrypted;
+    int pad_needed = 0;
+#ifdef ENC_DEBUG
+    m_plainText = m_data;
+    // developer debugging only, not for production
+//    RA::DebugBuffer("APDU::SecureMessage", "plaintext (pre padding) = ", &m_plainText);
+#endif
+
+    if (encSessionKey == NULL) {
+ //     RA::Debug("APDU::SecureMessage", "no encryption session key");
+      rv = PR_FAILURE;
+      goto done;
+    }
+//    RA::Debug(LL_ALL_DATA_IN_PDU, "APDU::SecureMessage", "plaintext data length = %d", m_data.size());
+
+    data_to_enc +=  (BYTE)m_data.size();
+    data_to_enc += m_data;
+
+    if ((data_to_enc.size() % 8) == 0)
+      pad_needed = 0;
+    else if (data_to_enc.size() < 8) {
+      pad_needed = 8 - data_to_enc.size();
+    } else { // data size > 8 and not divisible by 8
+      pad_needed = 8 - (data_to_enc.size() % 8);
+    }
+    if (pad_needed) {
+//      RA::Debug(LL_ALL_DATA_IN_PDU, "APDU::SecureMessage", "padding needed =%d", pad_needed);
+      data_to_enc += Buffer(1, 0x80);
+      pad_needed --;
+
+      if (pad_needed) {
+//	RA::Debug(LL_ALL_DATA_IN_PDU, "APDU::SecureMessage", "padding needed =%d", pad_needed);
+	padding = Buffer(pad_needed, (BYTE)0);
+	for (int i = 0; i < pad_needed; i++) {
+	    ((BYTE*)padding)[i] = 0x00;
+	} /* for */
+      } // pad needed
+
+    } else {
+ //     RA::Debug(LL_ALL_DATA_IN_PDU, "APDU::SecureMessage", "padding not needed");
+    }
+
+    if (padding.size() > 0) {
+        data_to_enc += Buffer(padding, padding.size());
+    }
+
+#ifdef ENC_DEBUG
+//    RA::DebugBuffer("APDU::SecureMessage", "data to encrypt (post padding)= ",&data_to_enc);
+#endif
+
+    // now, encrypt "data_to_enc"
+    rv = Util::EncryptData(encSessionKey, data_to_enc, data_encrypted);
+    if (rv == PR_FAILURE) {
+ //     RA::Error("APDU::SecureMessage", "encryption failed");
+      goto done;
+    } else {
+ //     RA::Debug(LL_PER_PDU, "APDU::SecureMessage", "encryption succeeded");
+ //      RA::Debug(LL_PER_PDU, "APDU::SecureMessage", "encrypted data length = %d",
+//	      data_encrypted.size());
+      // set "m_data"
+      m_data = data_encrypted;
+    }
+
+    // lc should be automatically set correctly when getEncoding is called
+
+ done:
+    return rv;
+
+}
+
+
+/**
+ * Retrieves APDU's encoding. 
+ * The encoding of APDU is as follows:
+ *
+ *   CLA            1 byte
+ *   INS            1 byte
+ *   P1             1 byte
+ *   P2             1 byte
+ *   <Data Size>    1 byte
+ *   <Data>         <Data Size> byte(s)
+ *   0              1 byte
+ * 
+ * @param data the result buffer which will contain the actual data
+ *        including the APDU header, data, and pre-calculated mac.
+ */
+TPS_PUBLIC void APDU::GetEncoding(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, (BYTE)m_data.size() + m_mac.size());
+    data += Buffer(m_data, m_data.size());
+    if (m_mac.size() > 0) {
+      data += Buffer(m_mac, m_mac.size());
+    }
+} /* Encode */
diff --git a/pki/base/tps/src/apdu/APDU_Response.cpp b/pki/base/tps/src/apdu/APDU_Response.cpp
new file mode 100644
index 000000000..fac9b1ff4
--- /dev/null
+++ b/pki/base/tps/src/apdu/APDU_Response.cpp
@@ -0,0 +1,111 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU_Response.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a response object.
+ */
+APDU_Response::APDU_Response ()
+{
+}
+
+TPS_PUBLIC APDU_Response::APDU_Response (Buffer &data)
+{
+    m_data = data;
+}
+
+/**
+ * Destroys a response object.
+ */
+APDU_Response::~APDU_Response ()
+{
+}
+
+/**
+ * Copy constructor.
+ */
+APDU_Response::APDU_Response (const APDU_Response &cpy)
+{   
+    *this = cpy;
+}
+
+/**
+ * Operator for simple assignment.
+ */
+APDU_Response& APDU_Response::operator=(const APDU_Response &cpy)
+{   
+    if (this == &cpy)
+      return *this;
+    m_data = cpy.m_data;
+    return *this;
+}
+
+
+
+/**
+ * Retrieves the byte encoding of the response
+ * object including the last 2 state bytes.
+ */
+TPS_PUBLIC Buffer &APDU_Response::GetData()
+{
+    return m_data;
+}
+
+/**
+ * Retrieves the 1st status byte.
+ */
+BYTE APDU_Response::GetSW1()
+{
+    if (m_data == NULL) {
+        return 0x0;
+    } else {
+	if (m_data.size() < 2) {
+            return 0x0;
+        } else {
+            return ((BYTE*)m_data)[((int)m_data.size())-2];
+	}
+    }
+}
+
+
+/**
+ * Retrieves the 2nd status byte.
+ */
+BYTE APDU_Response::GetSW2()
+{
+    if (m_data == NULL) {
+        return 0x0;
+    } else {
+	if (m_data.size() < 2) {
+            return 0x0;
+	} else {
+            return ((BYTE*)m_data)[((int)m_data.size())-1];
+	}
+    }
+}
diff --git a/pki/base/tps/src/apdu/Create_Object_APDU.cpp b/pki/base/tps/src/apdu/Create_Object_APDU.cpp
new file mode 100644
index 000000000..2da9f20d3
--- /dev/null
+++ b/pki/base/tps/src/apdu/Create_Object_APDU.cpp
@@ -0,0 +1,121 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Create_Object_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a Create Object APDU.  This APDU is usually sent right
+ * before Write_Buffer_APDU is sent.  This APDU only creates an Object
+ * on token, but does not actually writes object content until
+ * Write_Buffer_APDU is sent.
+ *
+ * CreateObject APDU format:
+ * CLA    0x84
+ * INS    0x5a
+ * P1     0x00
+ * P2     0x00
+ * lc     0x0e
+ * DATA   <Object Parameters>
+ *
+ * [DATA] Object Parameters are:
+ *        Long Object ID;
+ *        Long Object Size;
+ *        ObjectACL ObjectACL;
+ *
+ * Connection requirement:
+ *   Secure Channel
+ *
+ * Possible error Status Codes:
+ *  9C 06 - unauthorized
+ *  9C 08 - object already exists
+ *  9C 01 - insufficient memory on card to complete the operation
+ *
+ * NOTE:
+ *     Observe that the PIN identity is hard-coded at n.2 for each
+ *   permission. In Housekey, this is probably a non-issue, however,
+ *   in housekey, do we not allow multiple people (presumably closely
+ *   -related) to share one token with individual certs?  We should
+ *   consider exposing this as an input param.
+ *
+ * @param object_id as defined in APDU
+ * @param len length of object
+ * @see APDU
+ */
+TPS_PUBLIC Create_Object_APDU::Create_Object_APDU (BYTE *object_id, BYTE *permissions, int len)
+{
+    SetCLA(0x84);
+    SetINS(0x5a);
+    SetP1(0x00);
+    SetP2(0x00);
+    Buffer data;
+    data =
+        /* Object ID */
+        Buffer(1, (BYTE)object_id[0]) +
+        Buffer(1, (BYTE)object_id[1]) +
+        Buffer(1, (BYTE)object_id[2]) +
+        Buffer(1, (BYTE)object_id[3]) +
+        /* data length */
+        Buffer(1, (BYTE)(len >> 24)) +
+        Buffer(1, (BYTE)((len >> 16) & 0xff)) +
+        Buffer(1, (BYTE)((len >> 8) & 0xff)) +
+        Buffer(1, (BYTE)(len & 0xff)) +
+        /* ACLs */
+
+      /* should take from caller
+        // read permission
+        Buffer(1, (BYTE)0xFF) +  // means "read"  never allowed
+        Buffer(1, (BYTE)0xFF) +
+
+        // write permission
+        Buffer(1, (BYTE)0x40) +  //means "write" for identity n.2 (PIN required)
+        Buffer(1, (BYTE)0x00) +
+
+        // delete permission
+        Buffer(1, (BYTE)0x40) +  //means "delete" for identity n.2 (PIN) required
+        Buffer(1, (BYTE)0x00);
+      */
+
+      Buffer(1, (BYTE) permissions[0]) +
+      Buffer(1, (BYTE) permissions[1]) +
+      Buffer(1, (BYTE) permissions[2]) +
+      Buffer(1, (BYTE) permissions[3]) +
+      Buffer(1, (BYTE) permissions[4]) +
+      Buffer(1, (BYTE) permissions[5]);
+
+    SetData(data);
+}
+
+TPS_PUBLIC Create_Object_APDU::~Create_Object_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Create_Object_APDU::GetType()
+{
+      return APDU_CREATE_OBJECT;
+}
diff --git a/pki/base/tps/src/apdu/Create_Pin_APDU.cpp b/pki/base/tps/src/apdu/Create_Pin_APDU.cpp
new file mode 100644
index 000000000..db2ad3d0a
--- /dev/null
+++ b/pki/base/tps/src/apdu/Create_Pin_APDU.cpp
@@ -0,0 +1,73 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "apdu/APDU.h"
+#include "apdu/Create_Pin_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs CreatePIN APDU.
+ * CLA    0x80
+ * INS    0x40
+ * P1     <Pin number>
+ * P2     <Max # of allowed attempts>
+ * lc     <data length>
+ * DATA   <Pin Value>
+ *
+ * Connection requirement:
+ *   Secure Channel
+ *
+ * Possible error Status Codes:
+ *  9C 06 - unauthorized
+ *  9C 10 - incorrect p1
+ *  9C 0E - invalid parameter (data)
+ * 
+ * @param p1 Pin number: 0x00 - 0x07
+ * @param p2 Max # of consecutive unsuccessful verifications
+ *           before the PIN blocks.
+ * @param data pin
+ * @see APDU
+ */
+TPS_PUBLIC Create_Pin_APDU::Create_Pin_APDU (BYTE p1, BYTE p2, Buffer &data)
+{
+//    SetCLA(0xB0);
+    SetCLA(0x84);
+    SetINS(0x40);
+    SetP1(p1);
+    SetP2(p2);
+    SetData(data);
+}
+
+TPS_PUBLIC Create_Pin_APDU::~Create_Pin_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Create_Pin_APDU::GetType()
+{
+        return APDU_CREATE_PIN;
+}
diff --git a/pki/base/tps/src/apdu/Delete_File_APDU.cpp b/pki/base/tps/src/apdu/Delete_File_APDU.cpp
new file mode 100644
index 000000000..2306f0255
--- /dev/null
+++ b/pki/base/tps/src/apdu/Delete_File_APDU.cpp
@@ -0,0 +1,59 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Delete_File_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Delete File APDU.
+ */
+TPS_PUBLIC Delete_File_APDU::Delete_File_APDU (Buffer &AID)
+{
+    SetCLA(0x84);
+    SetINS(0xE4);
+    SetP1(0x00);
+    SetP2(0x00);
+
+    Buffer AIDTLV(AID.size() + 2);
+    ((BYTE*)AIDTLV)[0] = 0x4F;
+    ((BYTE*)AIDTLV)[1] = AID.size();
+    for(unsigned int i=0; i < AID.size(); ++i ) {
+        ((BYTE*)AIDTLV)[i+2] = ((BYTE*)AID)[i];
+    }
+
+    SetData(AIDTLV);
+}
+
+TPS_PUBLIC Delete_File_APDU::~Delete_File_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Delete_File_APDU::GetType()
+{
+        return APDU_DELETE_FILE;
+}
diff --git a/pki/base/tps/src/apdu/External_Authenticate_APDU.cpp b/pki/base/tps/src/apdu/External_Authenticate_APDU.cpp
new file mode 100644
index 000000000..32c414584
--- /dev/null
+++ b/pki/base/tps/src/apdu/External_Authenticate_APDU.cpp
@@ -0,0 +1,76 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/External_Authenticate_APDU.h"
+#include "channel/Secure_Channel.h"
+#include "engine/RA.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs External Authenticate APDU. This  allows
+ * setting of the security level.
+ */
+TPS_PUBLIC External_Authenticate_APDU::External_Authenticate_APDU (Buffer &data,
+						SecurityLevel sl)
+{
+    SetCLA(0x84);
+    SetINS(0x82);
+    SetP1(0x01);
+
+    if (sl == SECURE_MSG_MAC_ENC) {
+      SetP1(0x03);
+//     RA::Debug("External_Authenticate_APDU::External_Authenticate_APDU",
+	//	"Security level set to 3 - attempted =%d", (int)sl);
+    } else if (sl == SECURE_MSG_NONE) {
+      SetP1(0x00);
+//     RA::Debug("External_Authenticate_APDU::External_Authenticate_APDU",
+//		"Security level set to 0 - attempted =%d", (int)sl);
+    } else { // default
+      SetP1(0x01);
+ //    RA::Debug("External_Authenticate_APDU::External_Authenticate_APDU",
+//		"Security level set to 1 - attempted =%d", (int)sl);
+    }
+
+    SetP2(0x00);
+    SetData(data);
+}
+
+TPS_PUBLIC External_Authenticate_APDU::~External_Authenticate_APDU ()
+{
+}
+
+TPS_PUBLIC Buffer &External_Authenticate_APDU::GetHostCryptogram()
+{
+    return GetData();
+}
+
+TPS_PUBLIC APDU_Type External_Authenticate_APDU::GetType()
+{
+	        return APDU_EXTERNAL_AUTHENTICATE;
+}
+
diff --git a/pki/base/tps/src/apdu/Format_Muscle_Applet_APDU.cpp b/pki/base/tps/src/apdu/Format_Muscle_Applet_APDU.cpp
new file mode 100644
index 000000000..dff95b8cd
--- /dev/null
+++ b/pki/base/tps/src/apdu/Format_Muscle_Applet_APDU.cpp
@@ -0,0 +1,107 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Format_Muscle_Applet_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Format Muscle Applet APDU.
+ */
+TPS_PUBLIC Format_Muscle_Applet_APDU::Format_Muscle_Applet_APDU (
+		unsigned short memSize, 
+		Buffer &PIN0, BYTE pin0Tries, 
+		Buffer &unblockPIN0, BYTE unblock0Tries, 
+		Buffer &PIN1, BYTE pin1Tries, 
+		Buffer &unblockPIN1, BYTE unblock1Tries, 
+		unsigned short objCreationPermissions, 
+		unsigned short keyCreationPermissions, 
+		unsigned short pinCreationPermissions)
+{
+    SetCLA(0xB0);
+    SetINS(0x2A);
+    SetP1(0x00);
+    SetP2(0x00);
+
+    Buffer data; data.reserve(100);
+    Buffer pin((BYTE *)"Muscle00", 8);
+    data += pin.size();
+    data += pin;
+
+    pin = Buffer((BYTE*) PIN0, PIN0.size());
+    data += pin0Tries; // pin tries
+    data += unblock0Tries; // unblock tries
+    data += pin.size();
+    data += pin;
+
+    pin = Buffer((BYTE*)unblockPIN0, unblockPIN0.size());
+    data += pin.size();
+    data += pin;
+
+    pin = Buffer((BYTE*)PIN1, PIN1.size());
+    data += pin1Tries; // pin tries
+    data += unblock1Tries; // unblock tries
+    data += pin.size();
+    data += pin;
+
+    pin = Buffer((BYTE*)unblockPIN1, unblockPIN1.size());
+    data += pin.size();
+    data += pin;
+
+    data += (BYTE)0; data += (BYTE)0; // fluff
+
+    data += (memSize >> 8) & 0xff;
+    data += memSize & 0xff;
+
+    data += (BYTE)(objCreationPermissions >> 8);
+    data += (BYTE)(objCreationPermissions & 0xFF);
+    data += (BYTE)(keyCreationPermissions >> 8);
+    data += (BYTE)(keyCreationPermissions & 0xFF);
+    data += (BYTE)(pinCreationPermissions >> 8);
+    data += (BYTE)(pinCreationPermissions & 0xFF);
+
+    SetData(data);
+}
+
+TPS_PUBLIC Format_Muscle_Applet_APDU::~Format_Muscle_Applet_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Format_Muscle_Applet_APDU::GetType()
+{
+        return APDU_FORMAT_MUSCLE_APPLET;
+}
+
+TPS_PUBLIC void Format_Muscle_Applet_APDU::GetEncoding(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, (BYTE)m_data.size());
+    data += Buffer(m_data, m_data.size());
+} /* Encode */
diff --git a/pki/base/tps/src/apdu/Generate_Key_APDU.cpp b/pki/base/tps/src/apdu/Generate_Key_APDU.cpp
new file mode 100644
index 000000000..bb3629cd0
--- /dev/null
+++ b/pki/base/tps/src/apdu/Generate_Key_APDU.cpp
@@ -0,0 +1,62 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Generate_Key_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Generate Key APDU.
+ */
+TPS_PUBLIC Generate_Key_APDU::Generate_Key_APDU (BYTE p1, BYTE p2, BYTE alg, int keysize, BYTE option,
+BYTE type, Buffer &wrapped_challenge, Buffer &key_check)
+{
+    SetCLA(0x84);
+    SetINS(0x0C);
+    SetP1(p1);
+    SetP2(p2);
+    Buffer data;
+    data = Buffer(1,alg) +
+        Buffer(1,(BYTE)(keysize/256)) +
+        Buffer(1,(BYTE)(keysize%256)) +
+        Buffer(1,option) +
+        Buffer(1,type) +
+        Buffer(1,(BYTE)wrapped_challenge.size()) +
+        Buffer(wrapped_challenge) +
+        Buffer(1,(BYTE)key_check.size()) +
+        Buffer(key_check);
+    SetData(data);
+}
+
+TPS_PUBLIC Generate_Key_APDU::~Generate_Key_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Generate_Key_APDU::GetType()
+{
+        return APDU_GENERATE_KEY;
+}
diff --git a/pki/base/tps/src/apdu/Get_Data_APDU.cpp b/pki/base/tps/src/apdu/Get_Data_APDU.cpp
new file mode 100644
index 000000000..1cb4d9a5b
--- /dev/null
+++ b/pki/base/tps/src/apdu/Get_Data_APDU.cpp
@@ -0,0 +1,59 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Get_Data_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Get Data APDU.
+ */
+TPS_PUBLIC Get_Data_APDU::Get_Data_APDU ()
+{
+    SetCLA(0x80);
+    SetINS(0xCA);
+    SetP1(0x9F);
+    SetP2(0x7F);
+}
+
+TPS_PUBLIC Get_Data_APDU::~Get_Data_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Get_Data_APDU::GetType()
+{
+        return APDU_GET_DATA;
+}
+
+TPS_PUBLIC void Get_Data_APDU::GetEncoding(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, 0x2D);
+} /* Encode */
diff --git a/pki/base/tps/src/apdu/Get_IssuerInfo_APDU.cpp b/pki/base/tps/src/apdu/Get_IssuerInfo_APDU.cpp
new file mode 100644
index 000000000..c83d920df
--- /dev/null
+++ b/pki/base/tps/src/apdu/Get_IssuerInfo_APDU.cpp
@@ -0,0 +1,80 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "apdu/APDU.h"
+#include "apdu/Get_IssuerInfo_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs GetIssuer APDU.
+ *
+ * SecureGetIssuer APDU format:
+ * CLA    0x84
+ * INS    0xF6
+ * P1     0x00
+ * P2     0x00
+ * lc     0xE0
+ * DATA   <Issuer Info>
+ *
+ * Connection requirement:
+ *   Secure Channel
+ *
+ * Possible error Status Codes:
+ *  9C 06 - unauthorized
+ *
+ * @param p1 always 0x00
+ * @param p2 always 0x00
+ * @param data issuer info
+ * @see APDU
+ */
+TPS_PUBLIC Get_IssuerInfo_APDU::Get_IssuerInfo_APDU ()
+{
+    SetCLA(0x84);
+    SetINS(0xF6);
+    SetP1(0x00);
+    SetP2(0x00);
+}
+
+TPS_PUBLIC Get_IssuerInfo_APDU::~Get_IssuerInfo_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Get_IssuerInfo_APDU::GetType()
+{
+        return APDU_GET_ISSUERINFO;
+}
+
+TPS_PUBLIC void Get_IssuerInfo_APDU::GetEncoding(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, 0xe0);
+} /* Encode */
+
diff --git a/pki/base/tps/src/apdu/Get_Status_APDU.cpp b/pki/base/tps/src/apdu/Get_Status_APDU.cpp
new file mode 100644
index 000000000..dcf7c9fac
--- /dev/null
+++ b/pki/base/tps/src/apdu/Get_Status_APDU.cpp
@@ -0,0 +1,59 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Get_Status_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Get Status APDU.
+ */
+TPS_PUBLIC Get_Status_APDU::Get_Status_APDU ()
+{
+    SetCLA(0xB0);
+    SetINS(0x3C);
+    SetP1(0x00);
+    SetP2(0x00);
+}
+
+TPS_PUBLIC Get_Status_APDU::~Get_Status_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Get_Status_APDU::GetType()
+{
+        return APDU_GET_STATUS;
+}
+
+TPS_PUBLIC void Get_Status_APDU::GetEncoding(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, 16);
+} /* Encode */
diff --git a/pki/base/tps/src/apdu/Get_Version_APDU.cpp b/pki/base/tps/src/apdu/Get_Version_APDU.cpp
new file mode 100644
index 000000000..eb7e53728
--- /dev/null
+++ b/pki/base/tps/src/apdu/Get_Version_APDU.cpp
@@ -0,0 +1,59 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Get_Version_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Get Version APDU.
+ */
+TPS_PUBLIC Get_Version_APDU::Get_Version_APDU ()
+{
+    SetCLA(0xB0);
+    SetINS(0x70);
+    SetP1(0x00);
+    SetP2(0x00);
+}
+
+TPS_PUBLIC Get_Version_APDU::~Get_Version_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Get_Version_APDU::GetType()
+{
+        return APDU_GET_VERSION;
+}
+
+TPS_PUBLIC void Get_Version_APDU::GetEncoding(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, 4);
+} /* Encode */
diff --git a/pki/base/tps/src/apdu/Import_Key_APDU.cpp b/pki/base/tps/src/apdu/Import_Key_APDU.cpp
new file mode 100644
index 000000000..18c6c886f
--- /dev/null
+++ b/pki/base/tps/src/apdu/Import_Key_APDU.cpp
@@ -0,0 +1,79 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+#include "apdu/Import_Key_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Import Key APDU.
+ *
+ * CLA 0x84
+ * INS 0x32
+ * P1 Key Number (0x00 -0x0F) - key slot number defined in CS.cfg
+ * P2 0x00
+ * P3 Import Parameters Length (6 bytes: 3 shorts if just for ACL)
+ * DATA Import Parameters
+ *
+ * This function allows th eimport of a key into the card by (over)-writing the Cardlet memory.  Object ID 0xFFFFFFFE needs to be initialized with a key blob before invocation of this function so tha tit can retrieve the key from this object. The exact key blob contents depend on th ekey's algorithm, type and actual import parameters.  The key's number, algorithm type, and parameters are specified by argumetns P1, P2, P3, and DATA.  Appropriate values for these are specified below:
+
+[DATA]
+Import Parameters:
+KeyACL ACL for the imported key;
+Byte[] Additional parameters; // Optional
+If KeyBlob's Encoding is BLOB_ENC_PLAIN(0x00), there are no additional parameters.
+ */
+TPS_PUBLIC Import_Key_APDU::Import_Key_APDU (BYTE p1)
+{
+    SetCLA(0x84);
+    SetINS(0x32);
+    SetP1(p1);
+    SetP2(0x00);
+    //    SetP3(p3);
+
+    Buffer data;
+    data = 
+      Buffer(1, (BYTE)0xFF) +  // means "read allowed" by anyone
+      Buffer(1, (BYTE) 0xFF) +
+      Buffer(1, (BYTE) 0x40) + // means "write" allowed for RA only
+      Buffer(1, (BYTE) 0x00) +
+      Buffer(1, (BYTE) 0xFF) + // means "use" allowed for everyone
+      Buffer(1, (BYTE) 0xFF);
+
+    SetData(data);
+}
+
+TPS_PUBLIC Import_Key_APDU::~Import_Key_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Import_Key_APDU::GetType()
+{
+        return APDU_IMPORT_KEY;
+}
diff --git a/pki/base/tps/src/apdu/Import_Key_Enc_APDU.cpp b/pki/base/tps/src/apdu/Import_Key_Enc_APDU.cpp
new file mode 100644
index 000000000..6df161157
--- /dev/null
+++ b/pki/base/tps/src/apdu/Import_Key_Enc_APDU.cpp
@@ -0,0 +1,70 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+#include "apdu/Import_Key_Enc_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Import Key Encrypted APDU.
+ *
+ * CLA 0x80
+ * INS 0x0A
+ * P1 private Key Number (0x00 -0x0F) - key slot number defined in CMS.cfg
+ * P2 public Key Number (0x00 -0x0F) - key slot number defined in CMS.cfg
+ * DATA:
+ *   Wrapped Key DesKey
+ *   Byte IV_Length
+ *   Byte IV_Data
+ *
+ * This function allows the import of a key into the card by (over)-writing the Cardlet memory.  Object ID 0xFFFFFFFE needs to be initialized with a key blob before invocation of this function so that it can retrieve the key from this object. The exact key blob contents depend on the key's algorithm, type and actual import parameters.  The key's number, algorithm type, and parameters are specified by argumetns P1, P2, P3, and DATA.  Appropriate values for these are specified below:
+
+[DATA]
+Import Parameters:
+...to be provided
+ */
+TPS_PUBLIC Import_Key_Enc_APDU::Import_Key_Enc_APDU (BYTE p1, BYTE p2,
+							   Buffer& data)
+{
+    SetCLA(0x84);
+    SetINS(0x0A);
+    SetP1(p1);
+    SetP2(p2);
+
+    SetData(data);
+}
+
+TPS_PUBLIC Import_Key_Enc_APDU::~Import_Key_Enc_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Import_Key_Enc_APDU::GetType()
+{
+        return APDU_IMPORT_KEY_ENC;
+}
diff --git a/pki/base/tps/src/apdu/Initialize_Update_APDU.cpp b/pki/base/tps/src/apdu/Initialize_Update_APDU.cpp
new file mode 100644
index 000000000..a87091122
--- /dev/null
+++ b/pki/base/tps/src/apdu/Initialize_Update_APDU.cpp
@@ -0,0 +1,66 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Initialize_Update_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Initialize Update APDU.
+ */
+TPS_PUBLIC Initialize_Update_APDU::Initialize_Update_APDU (BYTE key_version, BYTE key_index, Buffer &data)
+{
+    SetCLA(0x80);
+    SetINS(0x50);
+    SetP1(key_version);
+    SetP2(key_index);
+    SetData(data);
+}
+
+TPS_PUBLIC Initialize_Update_APDU::~Initialize_Update_APDU ()
+{
+}
+
+TPS_PUBLIC Buffer &Initialize_Update_APDU::GetHostChallenge()
+{
+	return GetData();
+}
+
+TPS_PUBLIC APDU_Type Initialize_Update_APDU::GetType()
+{
+        return APDU_INITIALIZE_UPDATE;
+}
+
+TPS_PUBLIC void Initialize_Update_APDU::GetEncoding(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, (BYTE)m_data.size());
+    data += Buffer(m_data, m_data.size());
+} /* Encode */
diff --git a/pki/base/tps/src/apdu/Install_Applet_APDU.cpp b/pki/base/tps/src/apdu/Install_Applet_APDU.cpp
new file mode 100644
index 000000000..63db844d6
--- /dev/null
+++ b/pki/base/tps/src/apdu/Install_Applet_APDU.cpp
@@ -0,0 +1,92 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Install_Applet_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Install Applet APDU.
+ */
+TPS_PUBLIC Install_Applet_APDU::Install_Applet_APDU (Buffer &packageAID, Buffer &appletAID,
+		BYTE appPrivileges, unsigned int instanceSize)
+{
+    SetCLA(0x84);
+    SetINS(0xE6);
+    SetP1(0x0C);
+    SetP2(0x00);
+
+    Buffer data;
+    data.reserve(32); // pre-allocate
+    data += packageAID.size();
+    data += packageAID;
+    data += appletAID.size();
+    data += appletAID;
+    data += appletAID.size();
+    data += appletAID;
+
+    data += 0x01; // length of application privileges byte
+    data += appPrivileges;
+
+    Buffer installParams; installParams.reserve(6);
+    installParams += 0xEF;
+    installParams += 0x04;
+    installParams += 0xC8;
+    installParams += 0x02;
+    installParams += (instanceSize>>8) & 0xff;
+    installParams += instanceSize & 0xff;
+    installParams += 0xC9;
+    installParams += 0x01;
+    installParams += (BYTE)0x00;
+
+    data += installParams.size();
+    data += installParams;
+    data += (BYTE) 0x00; // size of token return data
+
+    SetData(data);
+}
+
+/**
+ * Constructs Install Applet APDU.
+ */
+TPS_PUBLIC Install_Applet_APDU::Install_Applet_APDU (Buffer &data)
+{
+    SetCLA(0x84);
+    SetINS(0xE6);
+    SetP1(0x0C);
+    SetP2(0x00);
+    SetData(data);
+}
+
+TPS_PUBLIC Install_Applet_APDU::~Install_Applet_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Install_Applet_APDU::GetType()
+{
+        return APDU_INSTALL_APPLET;
+}
diff --git a/pki/base/tps/src/apdu/Install_Load_APDU.cpp b/pki/base/tps/src/apdu/Install_Load_APDU.cpp
new file mode 100644
index 000000000..6169538e5
--- /dev/null
+++ b/pki/base/tps/src/apdu/Install_Load_APDU.cpp
@@ -0,0 +1,91 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Install_Load_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Install Load APDU.
+ */
+TPS_PUBLIC Install_Load_APDU::Install_Load_APDU (Buffer& packageAID, Buffer& sdAID, 
+		unsigned int fileLen)
+{
+    SetCLA(0x84);
+    SetINS(0xE6);
+    SetP1(0x02);
+    SetP2(0x00);
+
+    Buffer inputData(packageAID.size() + sdAID.size() + 11);
+
+    unsigned int i = 0; // offset
+    ((BYTE*)inputData)[i++] = packageAID.size();
+    inputData.replace(i, packageAID, packageAID.size());
+    i += packageAID.size();
+
+    ((BYTE*)inputData)[i++] = sdAID.size();
+    inputData.replace(i, sdAID, sdAID.size());
+    i += sdAID.size();
+
+    ((BYTE*)inputData)[i++] = 0;
+
+    ((BYTE*)inputData)[i++] = 6;
+
+    ((BYTE*)inputData)[i++] = 0xEF;
+    ((BYTE*)inputData)[i++] = 0x04;
+    ((BYTE*)inputData)[i++] = 0xC6;
+    ((BYTE*)inputData)[i++] = 0x02;
+    fileLen += 24 + sdAID.size(); // !!! XXX
+
+    ((BYTE*)inputData)[i++] = ((fileLen) >> 8) & 0xff;
+    ((BYTE*)inputData)[i++] = fileLen & 0xff;
+
+    ((BYTE*)inputData)[i++] = 0;
+
+    SetData(inputData);
+}
+
+/**
+ * Constructs Install Load APDU. Used when data was pre-constructed
+ */
+TPS_PUBLIC Install_Load_APDU::Install_Load_APDU (Buffer& data)
+{
+    SetCLA(0x84);
+    SetINS(0xE6);
+    SetP1(0x02);
+    SetP2(0x00);
+    SetData(data);
+}
+
+TPS_PUBLIC Install_Load_APDU::~Install_Load_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Install_Load_APDU::GetType()
+{
+        return APDU_INSTALL_LOAD;
+}
diff --git a/pki/base/tps/src/apdu/Lifecycle_APDU.cpp b/pki/base/tps/src/apdu/Lifecycle_APDU.cpp
new file mode 100644
index 000000000..e7236147e
--- /dev/null
+++ b/pki/base/tps/src/apdu/Lifecycle_APDU.cpp
@@ -0,0 +1,50 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Lifecycle_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Lifecycle APDU.
+ */
+TPS_PUBLIC Lifecycle_APDU::Lifecycle_APDU (BYTE lifecycle)
+{
+    SetCLA(0x84);
+    SetINS(0xf0);
+    SetP1(lifecycle);
+    SetP2(0x00);
+}
+
+TPS_PUBLIC Lifecycle_APDU::~Lifecycle_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Lifecycle_APDU::GetType()
+{
+        return APDU_LIFECYCLE;
+}
diff --git a/pki/base/tps/src/apdu/List_Objects_APDU.cpp b/pki/base/tps/src/apdu/List_Objects_APDU.cpp
new file mode 100644
index 000000000..86ae570d9
--- /dev/null
+++ b/pki/base/tps/src/apdu/List_Objects_APDU.cpp
@@ -0,0 +1,61 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "apdu/APDU.h"
+#include "apdu/List_Objects_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Set Pin APDU.
+ */
+TPS_PUBLIC List_Objects_APDU::List_Objects_APDU (BYTE seq)
+{
+    SetCLA(0xB0);
+    SetINS(0x58);
+    SetP1(seq);
+    SetP2(0x00);
+}
+
+TPS_PUBLIC List_Objects_APDU::~List_Objects_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type List_Objects_APDU::GetType()
+{
+        return APDU_LIST_OBJECTS;
+}
+
+TPS_PUBLIC void List_Objects_APDU::GetEncoding(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, 0x0E);
+} /* Encode */
+
diff --git a/pki/base/tps/src/apdu/List_Pins_APDU.cpp b/pki/base/tps/src/apdu/List_Pins_APDU.cpp
new file mode 100644
index 000000000..218072f21
--- /dev/null
+++ b/pki/base/tps/src/apdu/List_Pins_APDU.cpp
@@ -0,0 +1,63 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "apdu/APDU.h"
+#include "apdu/List_Pins_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Set Pin APDU.
+ */
+TPS_PUBLIC List_Pins_APDU::List_Pins_APDU (BYTE ret_size)
+{
+    SetCLA(0xB0);
+//    SetCLA(0x84);
+    SetINS(0x48);
+    SetP1(0x00);
+    SetP2(0x00);
+    m_ret_size = ret_size;
+}
+
+TPS_PUBLIC List_Pins_APDU::~List_Pins_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type List_Pins_APDU::GetType()
+{
+        return APDU_LIST_PINS;
+}
+
+TPS_PUBLIC void List_Pins_APDU::GetEncoding(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, m_ret_size);
+} /* Encode */
+
diff --git a/pki/base/tps/src/apdu/Load_File_APDU.cpp b/pki/base/tps/src/apdu/Load_File_APDU.cpp
new file mode 100644
index 000000000..c41f0ec73
--- /dev/null
+++ b/pki/base/tps/src/apdu/Load_File_APDU.cpp
@@ -0,0 +1,52 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Load_File_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Load File APDU.
+ */
+TPS_PUBLIC Load_File_APDU::Load_File_APDU (BYTE refControl, BYTE blockNum, Buffer& data)
+{
+    SetCLA(0x84);
+    SetINS(0xE8);
+    SetP1(refControl);
+    SetP2(blockNum);
+
+    SetData(data);
+}
+
+TPS_PUBLIC Load_File_APDU::~Load_File_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Load_File_APDU::GetType()
+{
+        return APDU_LOAD_FILE;
+}
diff --git a/pki/base/tps/src/apdu/Put_Key_APDU.cpp b/pki/base/tps/src/apdu/Put_Key_APDU.cpp
new file mode 100644
index 000000000..0a061394f
--- /dev/null
+++ b/pki/base/tps/src/apdu/Put_Key_APDU.cpp
@@ -0,0 +1,53 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+#include "apdu/Put_Key_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Put Key APDU.
+ */
+TPS_PUBLIC Put_Key_APDU::Put_Key_APDU (BYTE p1, BYTE p2, Buffer &data)
+{
+    SetCLA(0x84);
+    SetINS(0xd8);
+    SetP1(p1);
+    SetP2(p2);
+    SetData(data);
+}
+
+TPS_PUBLIC Put_Key_APDU::~Put_Key_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Put_Key_APDU::GetType()
+{
+        return APDU_PUT_KEY;
+}
diff --git a/pki/base/tps/src/apdu/Read_Buffer_APDU.cpp b/pki/base/tps/src/apdu/Read_Buffer_APDU.cpp
new file mode 100644
index 000000000..22f23fe1f
--- /dev/null
+++ b/pki/base/tps/src/apdu/Read_Buffer_APDU.cpp
@@ -0,0 +1,63 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Read_Buffer_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Read Buffer APDU.
+ */
+TPS_PUBLIC Read_Buffer_APDU::Read_Buffer_APDU (int len, int offset)
+{
+    SetCLA(0x84);
+    SetINS(0x08);
+    SetP1(len);
+    SetP2(0x00);
+    Buffer data;
+    data = Buffer(1,(BYTE)(offset/256)) + Buffer(1,(BYTE)(offset%256));
+    SetData(data);
+}
+
+TPS_PUBLIC Read_Buffer_APDU::~Read_Buffer_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Read_Buffer_APDU::GetType()
+{
+	        return APDU_READ_BUFFER;
+}
+
+TPS_PUBLIC int Read_Buffer_APDU::GetLen()
+{
+        return m_p1;
+}
+
+TPS_PUBLIC int Read_Buffer_APDU::GetOffset()
+{
+        return (((int)((BYTE*)m_data)[0]) << 8) + ((int)((BYTE*)m_data)[1]);
+}
diff --git a/pki/base/tps/src/apdu/Read_Object_APDU.cpp b/pki/base/tps/src/apdu/Read_Object_APDU.cpp
new file mode 100644
index 000000000..21722d331
--- /dev/null
+++ b/pki/base/tps/src/apdu/Read_Object_APDU.cpp
@@ -0,0 +1,88 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Read_Object_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Read Object APDU. 
+ *
+ * ReadObject APDU format:
+ * CLA    0x84
+ * INS    0x56
+ * P1     0x00
+ * P2     0x00
+ * lc     0x09
+ * DATA   <Data Parameters>
+ *
+ * [DATA] Parameters are:
+ *        Long Object ID;
+ *        Long Offset
+ *        Byte Data Size;
+ *
+ * Connection requirement:
+ *   Secure Channel
+ *
+ * Possible error Status Codes:
+ *  9C 06 - unauthorized
+ *  9C 07 - object not found
+ *
+ * @param object_id as defined in APDU
+ * @param offset
+ * @param data
+ * @see APDU
+ */
+TPS_PUBLIC Read_Object_APDU::Read_Object_APDU (BYTE *object_id, int offset, int len)
+{
+    SetCLA(0x84);
+    SetINS(0x56);
+    SetP1(0x00);
+    SetP2(0x00);
+    Buffer data;
+    data = 
+        Buffer(1, (BYTE)object_id[0]) +
+        Buffer(1, (BYTE)object_id[1]) +
+        Buffer(1, (BYTE)object_id[2]) +
+        Buffer(1, (BYTE)object_id[3]) +
+        Buffer(1,(BYTE)((offset>>24) & 0xff)) +
+        Buffer(1,(BYTE)((offset>>16) & 0xff)) +
+        Buffer(1,(BYTE)((offset>>8) & 0xff)) +
+        Buffer(1,(BYTE)(offset & 0xff)) +
+        Buffer(1, (BYTE)len);
+    SetData(data);
+}
+
+TPS_PUBLIC Read_Object_APDU::~Read_Object_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Read_Object_APDU::GetType()
+{
+	        return APDU_READ_OBJECT;
+}
+
diff --git a/pki/base/tps/src/apdu/Select_APDU.cpp b/pki/base/tps/src/apdu/Select_APDU.cpp
new file mode 100644
index 000000000..4f5917b29
--- /dev/null
+++ b/pki/base/tps/src/apdu/Select_APDU.cpp
@@ -0,0 +1,49 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "apdu/APDU.h"
+#include "apdu/Select_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+TPS_PUBLIC Select_APDU::Select_APDU (BYTE p1, BYTE p2, Buffer &data)
+{
+    SetCLA(0x00);
+    SetINS(0xa4);
+    SetP1(p1);
+    SetP2(p2);
+    SetData(data);
+}
+
+TPS_PUBLIC Select_APDU::~Select_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Select_APDU::GetType()
+{
+        return APDU_SELECT;
+}
diff --git a/pki/base/tps/src/apdu/Set_IssuerInfo_APDU.cpp b/pki/base/tps/src/apdu/Set_IssuerInfo_APDU.cpp
new file mode 100644
index 000000000..77b1d0f8d
--- /dev/null
+++ b/pki/base/tps/src/apdu/Set_IssuerInfo_APDU.cpp
@@ -0,0 +1,76 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "apdu/APDU.h"
+#include "apdu/Set_IssuerInfo_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs SetIssuer APDU.
+ *
+ * SecureSetIssuer APDU format:
+ * CLA    0x84
+ * INS    0xF4
+ * P1     0x00
+ * P2     0x00
+ * lc     0xE0
+ * DATA   <Issuer Info>
+ *
+ * Connection requirement:
+ *   Secure Channel
+ *
+ * Possible error Status Codes:
+ *  9C 06 - unauthorized
+ *
+ * @param p1 always 0x00
+ * @param p2 always 0x00
+ * @param data issuer info
+ * @see APDU
+ */
+TPS_PUBLIC Set_IssuerInfo_APDU::Set_IssuerInfo_APDU (BYTE p1, BYTE p2, Buffer &data)
+{
+    SetCLA(0x84);
+    SetINS(0xF4);
+    SetP1(p1);
+    SetP2(p2);
+    SetData(data);
+}
+
+TPS_PUBLIC Set_IssuerInfo_APDU::~Set_IssuerInfo_APDU ()
+{
+}
+
+TPS_PUBLIC Buffer &Set_IssuerInfo_APDU::GetIssuerInfo()
+{
+    return GetData();
+}
+
+TPS_PUBLIC APDU_Type Set_IssuerInfo_APDU::GetType()
+{
+        return APDU_SET_ISSUERINFO;
+}
diff --git a/pki/base/tps/src/apdu/Set_Pin_APDU.cpp b/pki/base/tps/src/apdu/Set_Pin_APDU.cpp
new file mode 100644
index 000000000..3faaa89ed
--- /dev/null
+++ b/pki/base/tps/src/apdu/Set_Pin_APDU.cpp
@@ -0,0 +1,76 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "apdu/APDU.h"
+#include "apdu/Set_Pin_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs SetPin APDU.
+ *
+ * SecureSetPIN APDU format:
+ * CLA    0x80
+ * INS    0x04
+ * P1     <Pin number>
+ * P2     0x00
+ * lc     <data length>
+ * DATA   <New Pin Value>
+ *
+ * Connection requirement:
+ *   Secure Channel
+ *
+ * Possible error Status Codes:
+ *  9C 06 - unauthorized
+ *
+ * @param p1 Pin number: 0x00 - 0x07
+ * @param p2 always 0x00
+ * @param data pin
+ * @see APDU
+ */
+TPS_PUBLIC Set_Pin_APDU::Set_Pin_APDU (BYTE p1, BYTE p2, Buffer &data)
+{
+    SetCLA(0x84);
+    SetINS(0x04);
+    SetP1(p1);
+    SetP2(p2);
+    SetData(data);
+}
+
+TPS_PUBLIC Set_Pin_APDU::~Set_Pin_APDU ()
+{
+}
+
+TPS_PUBLIC Buffer &Set_Pin_APDU::GetNewPIN()
+{
+    return GetData();
+}
+
+TPS_PUBLIC APDU_Type Set_Pin_APDU::GetType()
+{
+        return APDU_SET_PIN;
+}
diff --git a/pki/base/tps/src/apdu/Unblock_Pin_APDU.cpp b/pki/base/tps/src/apdu/Unblock_Pin_APDU.cpp
new file mode 100644
index 000000000..c580dc9f2
--- /dev/null
+++ b/pki/base/tps/src/apdu/Unblock_Pin_APDU.cpp
@@ -0,0 +1,50 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Unblock_Pin_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Unblock Pin APDU.
+ */
+TPS_PUBLIC Unblock_Pin_APDU::Unblock_Pin_APDU ()
+{
+    SetCLA(0x84);
+    SetINS(0x02);
+    SetP1(0x00);
+    SetP2(0x00);
+}
+
+TPS_PUBLIC Unblock_Pin_APDU::~Unblock_Pin_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Unblock_Pin_APDU::GetType()
+{
+	        return APDU_UNBLOCK_PIN;
+}
diff --git a/pki/base/tps/src/apdu/Write_Object_APDU.cpp b/pki/base/tps/src/apdu/Write_Object_APDU.cpp
new file mode 100644
index 000000000..958ee4384
--- /dev/null
+++ b/pki/base/tps/src/apdu/Write_Object_APDU.cpp
@@ -0,0 +1,103 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Write_Object_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Write Buffer APDU.  This APDU is usually sent right after
+ * the Create_Object_APDU is sent.  This APDU writes the actual object
+ * content into the object that was created with Create_Object_APDU.
+ * This APDU is used for both write and re-writes of data.
+ * The object data is stored starting from the byte specified by the
+ * offset parameter.
+ * Up to 240 bytes can be transferred with a single APDU.  If more bytes
+ * need to be transferred, then multiple WriteObject commands must be
+ * used with different offsets.
+ *
+ * WriteObject APDU format:
+ * CLA    0x84
+ * INS    0x54
+ * P1     0x00
+ * P2     0x00
+ * lc     Data Size + 9
+ * DATA   <Data Parameters>
+ *
+ * [DATA] Parameters are:
+ *        Long Object ID;
+ *        Long Offset
+ *        Byte Data Size;
+ *        Byte[] Object Data
+ *
+ * Connection requirement:
+ *   Secure Channel
+ *
+ * Possible error Status Codes:
+ *  9C 06 - unauthorized
+ *  9C 07 - object not found
+ *
+ * @param object_id as defined in APDU
+ * @param offset
+ * @param data
+ * @see APDU
+ */
+TPS_PUBLIC Write_Object_APDU::Write_Object_APDU (BYTE *object_id, int offset, Buffer &data)
+{
+    SetCLA(0x84);
+    SetINS(0x54);
+    SetP1(0x00);
+    SetP2(0x00);
+    Buffer data1;
+    data1 =
+        Buffer(1, (BYTE)object_id[0]) +
+        Buffer(1, (BYTE)object_id[1]) +
+
+        Buffer(1, (BYTE)object_id[2]) +
+        Buffer(1, (BYTE)object_id[3]) +
+      /*
+      Buffer(1, (BYTE)0x00) +
+      Buffer(1, (BYTE)0x00) +
+      */
+        Buffer(1,(BYTE)((offset>>24) & 0xff)) +
+        Buffer(1,(BYTE)((offset>>16) & 0xff)) +
+        Buffer(1,(BYTE)((offset>>8) & 0xff)) +
+        Buffer(1,(BYTE)(offset & 0xff)) +
+        Buffer(1, (BYTE)data.size()) +
+        Buffer(data);
+    SetData(data1);
+}
+
+TPS_PUBLIC Write_Object_APDU::~Write_Object_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Write_Object_APDU::GetType()
+{
+	        return APDU_WRITE_OBJECT;
+}
+
diff --git a/pki/base/tps/src/authentication/LDAP_Authentication.cpp b/pki/base/tps/src/authentication/LDAP_Authentication.cpp
new file mode 100644
index 000000000..2757bbe23
--- /dev/null
+++ b/pki/base/tps/src/authentication/LDAP_Authentication.cpp
@@ -0,0 +1,400 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <math.h>
+#include "engine/RA.h"
+#include "ldap.h"
+#include "ldap_ssl.h"
+#include "authentication/LDAP_Authentication.h"
+#include "authentication/Authentication.h"
+#include "main/Memory.h"
+#include "main/Util.h"
+
+/**
+ * Constructs a base processor.
+ */
+LDAP_Authentication::LDAP_Authentication ()
+{
+    m_hostport = NULL;
+    m_baseDN = NULL;
+    m_connInfo = NULL;
+    m_attributes = NULL;
+    m_ssl = NULL;
+    m_bindDN = NULL;
+    m_bindPwd = NULL;
+}
+
+/**
+ * Destructs processor.
+ */
+LDAP_Authentication::~LDAP_Authentication ()
+{
+    if( m_hostport != NULL ) {
+        PL_strfree( m_hostport );
+        m_hostport = NULL;
+    }
+
+    if( m_baseDN != NULL ) {
+        PL_strfree( m_baseDN );
+        m_baseDN = NULL;
+    }
+
+    if( m_connInfo != NULL ) {
+        delete m_connInfo;
+        m_connInfo = NULL;
+    }
+}
+
+static int ReadLine(PRFileDesc *f, char *buf, int buf_len, int *removed_return)
+{
+       char *cur = buf;
+       int sum = 0;
+       PRInt32 rc;
+
+       *removed_return = 0;
+       while (1) {
+         rc = PR_Read(f, cur, 1);
+         if (rc == -1 || rc == 0)
+             break;
+         if (*cur == '\r') {
+             continue;
+         }
+         if (*cur == '\n') {
+             *cur = '\0';
+             *removed_return = 1;
+             break;
+         }
+         sum++;
+         cur++;
+       }
+       return sum;
+}
+
+/*
+ * Search for password name "name" in the password file "filepath"
+ */
+static char *get_pwd_from_conf(char *filepath, char *name)
+{
+    PRFileDesc *fd;
+    char line[1024];
+    int removed_return;
+    char *val= NULL;
+
+    fd= PR_Open(filepath, PR_RDONLY, 400);
+    if (fd == NULL) {
+        return NULL;
+    }
+
+    while (1) {
+        int n = ReadLine(fd, line, 1024, &removed_return);
+        if (n > 0) {
+            /* handle comment line */
+            if (line[0] == '#')
+                continue;
+            int c = 0;
+            while ((c < n) && (line[c] != ':')) {
+                c++;
+            }
+            if (c < n) {
+                line[c] = '\0';
+            } else {
+                continue; /* no ':', skip this line */
+            }
+            if (!PL_strcmp (line, name)) {
+                val =  PL_strdup(&line[c+1]);
+                break;
+            }
+        } else if (n == 0 && removed_return == 1) {
+            continue; /* skip empty line */
+        } else {
+            break;
+        }
+    }
+    if( fd != NULL ) {
+        PR_Close( fd );
+        fd = NULL;
+    }
+    return val;
+
+}
+
+void LDAP_Authentication::Initialize(int instanceIndex) {
+    char configname[256];
+    const char *prefix="auth.instance";
+    
+    m_index = instanceIndex;
+    PR_snprintf((char *)configname, 256, "%s.%d.hostport", prefix, instanceIndex);
+    m_hostport = PL_strdup(RA::GetConfigStore()->GetConfigAsString(configname));
+    PR_snprintf((char *)configname, 256, "%s.%d.SSLOn", prefix, instanceIndex);
+    m_isSSL = RA::GetConfigStore()->GetConfigAsBool(configname, true);
+    PR_snprintf((char *)configname, 256, "%s.%d.retries", prefix, instanceIndex);
+    m_retries = RA::GetConfigStore()->GetConfigAsInt(configname, 1);
+    PR_snprintf((char *)configname, 256, "%s.%d.retryConnect", prefix, instanceIndex);
+    m_connectRetries = RA::GetConfigStore()->GetConfigAsInt(configname, 3);
+    m_connInfo = new ConnectionInfo();
+    m_connInfo->BuildFailoverList(m_hostport);
+    PR_snprintf((char *)configname, 256, "%s.%d.baseDN", prefix, instanceIndex);
+    m_baseDN = PL_strdup(RA::GetConfigStore()->GetConfigAsString(configname));
+    PR_snprintf((char *)configname, 256, "%s.%d.attributes", prefix, instanceIndex);
+    m_attributes = PL_strdup(RA::GetConfigStore()->GetConfigAsString(configname));
+    /* support of SSL */
+    PR_snprintf((char *)configname, 256, "%s.%d.ssl", prefix, instanceIndex);
+    m_ssl = PL_strdup(RA::GetConfigStore()->GetConfigAsString(configname));
+    PR_snprintf((char *)configname, 256, "%s.%d.bindDN", prefix, instanceIndex);
+    m_bindDN = PL_strdup(RA::GetConfigStore()->GetConfigAsString(configname));
+    PR_snprintf((char *)configname, 256, "%s.%d.bindPWD", prefix, instanceIndex);
+    char *m_bindPwdPath = PL_strdup(RA::GetConfigStore()->GetConfigAsString(configname));
+    m_bindPwd = get_pwd_from_conf(m_bindPwdPath, "tokendbBindPass");
+}
+
+/**
+ * @return (0:login correct) (-1:LDAP error)  (-2:User not found) (-3:Password error)
+ */
+
+#define TPS_AUTH_OK                       0
+#define TPS_AUTH_ERROR_LDAP              -1
+#define TPS_AUTH_ERROR_USERNOTFOUND      -2
+#define TPS_AUTH_ERROR_PASSWORDINCORRECT -3
+
+int LDAP_Authentication::Authenticate(AuthParams *params)
+{
+    char buffer[500];
+    char *host = NULL;
+    char *portStr = NULL;
+    int port = 0;
+    LDAP *ld = NULL;
+    int status = TPS_AUTH_ERROR_LDAP;
+    int version = LDAP_VERSION3;
+    LDAPMessage *result, *e;
+    char *dn = NULL;
+    char *uid = NULL;
+    char *password = NULL;
+    int retries = 0;
+
+    if (params == NULL) {
+        status = TPS_AUTH_ERROR_USERNOTFOUND;
+        goto loser;
+    }
+
+    uid = params->GetUID();
+    password = params->GetPassword();
+
+    GetHostPort(&host, &portStr);
+    port = atoi(portStr); 
+
+    if (m_ssl != NULL & strcmp(m_ssl, "true")==0) {
+      /* handling of SSL */
+      ld = ldapssl_init(host, port, 1); 
+    } else {
+      ld = ldap_init(host, port); 
+    }
+    while (ld == NULL && retries < m_connectRetries) {
+        RA::IncrementAuthCurrentIndex(m_connInfo->GetHostPortListLen());
+        GetHostPort(&host, &portStr);
+        port = atoi(portStr);
+        ld = ldap_init(host, port); 
+        retries++;    
+    }
+
+    if (ld == NULL) {
+        status = TPS_AUTH_ERROR_LDAP;
+        goto loser;
+    }
+
+    if (ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version) != LDAP_SUCCESS) {
+        status = TPS_AUTH_ERROR_LDAP;
+        goto loser;    
+    }
+        
+    if (m_bindDN != NULL && strlen(m_bindDN) > 0) {
+      RA::Debug("LDAP_Authentication::Authenticate", "Simple bind required '%s'", m_bindDN);
+      ldap_simple_bind_s(ld, m_bindDN, m_bindPwd);
+    }
+
+    PR_snprintf((char *)buffer, 500, "(uid=%s)", uid);
+    if (ldap_search_s(ld, m_baseDN, LDAP_SCOPE_SUBTREE, buffer, NULL, 0, &result) != LDAP_SUCCESS) {
+        status = TPS_AUTH_ERROR_USERNOTFOUND;
+        goto loser; 
+    } else {
+        for (e = ldap_first_entry(ld, result); e != NULL; e = ldap_next_entry(ld, e)) {
+            if ((dn = ldap_get_dn(ld, e)) != NULL) {
+RA::Debug("LDAP_Authentication::Authenticate", "User bind required '%s' '%s'", dn, password);
+                if (ldap_simple_bind_s(ld, dn, password) == LDAP_SUCCESS) {
+                    /* retrieve attributes and, */
+                    /* put them into the auth parameters */
+                    if (m_attributes != NULL) { 
+                         RA::Debug("LDAP_Authentication::Authenticate", "Attributes %s", m_attributes);
+                         char *m_dup_attributes = strdup(m_attributes);
+                         char *token = NULL; 
+                         token = strtok(m_dup_attributes, ","); 
+                         while( token != NULL ) { 
+                             char **v = NULL;
+                             v = ldap_get_values(ld, e, token);
+                             if (v != NULL) {
+                                 RA::Debug("LDAP_Authentication::Authenticate", "Exposed %s=%s", token, v[0]);
+                                 params->Add(token, v[0]);
+                                 RA::Debug("LDAP_Authentication::Authenticate", "Size %d", params->Size());
+                             }
+                             token = strtok( NULL, "," ); 
+                         }
+						 free(m_dup_attributes);
+                    }
+					status = TPS_AUTH_OK;   // SUCCESS - PASSWORD VERIFIED
+				} else {
+                    status = TPS_AUTH_ERROR_PASSWORDINCORRECT;
+                    goto loser;
+                } 
+            } else {
+                status = TPS_AUTH_ERROR_USERNOTFOUND;
+                goto loser;
+            } 
+        }
+    }
+
+    if (dn == NULL) {
+        status = TPS_AUTH_ERROR_USERNOTFOUND;
+        goto loser;
+    }
+
+loser:
+
+    if (result != NULL) {
+      ldap_msgfree(result);
+    }
+
+    if (dn != NULL) {
+      ldap_memfree(dn);
+    }
+
+    if (ld != NULL) {
+        ldap_unbind(ld);
+        ld = NULL;
+    } 
+    return status;
+}
+
+void LDAP_Authentication::GetHostPort(char **p, char **q) {
+    int num=0;
+    int auth_curr = RA::GetAuthCurrentIndex();
+    char *hp = (m_connInfo->GetHostPortList())[auth_curr];
+    char *host_port = PL_strdup(hp);
+
+    char *lasts = NULL;
+    char *tok = PL_strtok_r((char *)host_port, ":", &lasts);
+    while (tok != NULL) {
+        if (num == 0)
+            *p = PL_strdup(tok);
+        else
+            *q = PL_strdup(tok);
+        tok = PL_strtok_r(NULL, ":", &lasts);
+        num++;
+    } 
+
+    PR_Free(host_port);
+} 
+
+bool LDAP_Authentication::IsSSL() {
+    return m_isSSL;
+}
+
+char *LDAP_Authentication::GetHostPort() {
+    return m_hostport;
+}
+
+Authentication *GetAuthentication() {
+    LDAP_Authentication *auth = new LDAP_Authentication();    
+    return (Authentication *)auth;
+}
+
+const char *LDAP_Authentication::GetTitle(char *locale)
+{
+    char configname[256];
+    const char *prefix="auth.instance";
+    PR_snprintf((char *)configname, 256, "%s.%d.ui.title.%s", 
+        prefix, m_index, locale);
+RA::Debug("LDAP_Authentication::GetTitle", "%s", configname);
+    return RA::GetConfigStore()->GetConfigAsString(configname);
+}
+
+const char *LDAP_Authentication::GetDescription(char *locale)
+{
+    char configname[256];
+    const char *prefix="auth.instance";
+    PR_snprintf((char *)configname, 256, "%s.%d.ui.description.%s", 
+        prefix, m_index, locale);
+RA::Debug("LDAP_Authentication::GetDescription", "%s", configname);
+RA::Debug("LDAP_Authentication::GetDescription", "%s", RA::GetConfigStore()->GetConfigAsString(configname));
+    return RA::GetConfigStore()->GetConfigAsString(configname);
+}
+
+int LDAP_Authentication::GetNumOfParamNames()
+{
+    return 2;
+}
+                                                                                
+char *LDAP_Authentication::GetParamID(int index)
+{
+    if (index == 0) 
+        return ( char * ) "UID";
+    else if (index == 1)
+        return ( char * ) "PASSWORD";
+    else
+        return NULL;
+}
+
+const char *LDAP_Authentication::GetParamName(int index, char *locale)
+{
+    char configname[256];
+    const char *prefix="auth.instance";
+    PR_snprintf((char *)configname, 256, "%s.%d.ui.id.%s.name.%s", 
+        prefix, m_index, GetParamID(index), locale);
+
+RA::Debug("LDAP_Authentication::GetParamName", "%s", configname);
+
+    return RA::GetConfigStore()->GetConfigAsString(configname);
+}
+                                                                                
+char *LDAP_Authentication::GetParamType(int index)
+{
+    if (index == 0) 
+        return ( char * ) "string";
+    else if (index == 1)
+        return ( char * ) "password";
+    else
+        return NULL;
+}
+                                                                                
+const char *LDAP_Authentication::GetParamDescription(int index, char *locale)
+{
+    char configname[256];
+    const char *prefix="auth.instance";
+    PR_snprintf((char *)configname, 256, "%s.%d.ui.id.%s.description.%s", 
+        prefix, m_index, GetParamID(index), locale);
+    return RA::GetConfigStore()->GetConfigAsString(configname);
+}
+                                                                                
+char *LDAP_Authentication::GetParamOption(int index)
+{
+    return ( char * ) "";
+}
+
diff --git a/pki/base/tps/src/channel/Channel.cpp b/pki/base/tps/src/channel/Channel.cpp
new file mode 100644
index 000000000..6b77d3a19
--- /dev/null
+++ b/pki/base/tps/src/channel/Channel.cpp
@@ -0,0 +1,69 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "main/Util.h"
+#include "engine/RA.h"
+#include "channel/Channel.h"
+#include "msg/RA_Token_PDU_Request_Msg.h"
+#include "msg/RA_Token_PDU_Response_Msg.h"
+#include "apdu/Lifecycle_APDU.h"
+#include "apdu/Initialize_Update_APDU.h"
+#include "apdu/External_Authenticate_APDU.h"
+#include "apdu/Create_Object_APDU.h"
+#include "apdu/Set_Pin_APDU.h"
+#include "apdu/Read_Buffer_APDU.h"
+#include "apdu/Write_Object_APDU.h"
+#include "apdu/Generate_Key_APDU.h"
+#include "apdu/Put_Key_APDU.h"
+#include "apdu/Delete_File_APDU.h"
+#include "apdu/Load_File_APDU.h"
+#include "apdu/Install_Applet_APDU.h"
+#include "apdu/Install_Load_APDU.h"
+#include "apdu/Format_Muscle_Applet_APDU.h"
+#include "apdu/Create_Pin_APDU.h"
+#include "apdu/List_Pins_APDU.h"
+#include "apdu/APDU_Response.h"
+#include "main/Memory.h"
+
+/**
+ * Constructs a secure channel between the RA and the 
+ * token key directly.
+ */
+Channel::Channel()
+{
+} /* Channel */
+
+/**
+ * Destroys this secure channel.
+ */
+Channel::~Channel ()
+{
+} /* ~Channel */
+
+/**
+ * Closes secure channel.
+ */
+int Channel::Close()
+{
+    /* currently do not have anything to terminate here */
+    return 1;
+}
diff --git a/pki/base/tps/src/channel/Secure_Channel.cpp b/pki/base/tps/src/channel/Secure_Channel.cpp
new file mode 100644
index 000000000..3dc13d2b2
--- /dev/null
+++ b/pki/base/tps/src/channel/Secure_Channel.cpp
@@ -0,0 +1,2543 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "main/Util.h"
+#include "engine/RA.h"
+#include "channel/Secure_Channel.h"
+#include "msg/RA_Token_PDU_Request_Msg.h"
+#include "msg/RA_Token_PDU_Response_Msg.h"
+#include "apdu/Lifecycle_APDU.h"
+#include "apdu/Initialize_Update_APDU.h"
+#include "apdu/External_Authenticate_APDU.h"
+#include "apdu/Create_Object_APDU.h"
+#include "apdu/Set_Pin_APDU.h"
+#include "apdu/Set_IssuerInfo_APDU.h"
+#include "apdu/Get_IssuerInfo_APDU.h"
+#include "apdu/Import_Key_APDU.h"
+#include "apdu/Import_Key_Enc_APDU.h"
+#include "apdu/Read_Buffer_APDU.h"
+#include "apdu/Read_Object_APDU.h"
+#include "apdu/Write_Object_APDU.h"
+#include "apdu/Generate_Key_APDU.h"
+#include "apdu/Put_Key_APDU.h"
+#include "apdu/Delete_File_APDU.h"
+#include "apdu/Load_File_APDU.h"
+#include "apdu/Install_Applet_APDU.h"
+#include "apdu/Install_Load_APDU.h"
+#include "apdu/Format_Muscle_Applet_APDU.h"
+#include "apdu/Create_Pin_APDU.h"
+#include "apdu/List_Pins_APDU.h"
+#include "apdu/APDU_Response.h"
+#include "main/Memory.h"
+
+/**
+ * Constructs a secure channel between the RA and the 
+ * token key directly. APDUs that are sent via this channel 
+ * will be  mac'ed using the session key calculated by
+ * TKS which maintains all the user keys.
+ */
+
+Secure_Channel::Secure_Channel(RA_Session *session, PK11SymKey *session_key,
+			       PK11SymKey *enc_session_key,
+			       char *drm_des_key_s,
+			       char *kek_des_key_s, char *keycheck_s,
+    Buffer &key_diversification_data, Buffer &key_info_data,
+    Buffer &card_challenge, Buffer &card_cryptogram,
+    Buffer &host_challenge, Buffer &host_cryptogram)
+{
+    m_icv = Buffer(8,(BYTE)0);
+    m_session = session;
+    m_session_key = session_key;
+    m_enc_session_key = enc_session_key;
+    m_drm_wrapped_des_key_s = drm_des_key_s;
+    m_kek_wrapped_des_key_s = kek_des_key_s;
+    m_keycheck_s = keycheck_s;
+    m_key_diversification_data = key_diversification_data;
+    m_key_info_data = key_info_data;
+    m_card_challenge = card_challenge;
+    m_card_cryptogram = card_cryptogram;
+    m_host_challenge = host_challenge;
+    m_host_cryptogram = host_cryptogram;
+} /* Secure_Channel */
+
+/**
+ * Destroys this secure channel.
+ */
+Secure_Channel::~Secure_Channel ()
+{
+    /* m_session (RA_Session) should not be destroyed at this level. */
+    if( m_session_key != NULL ) {
+        PK11_FreeSymKey( m_session_key );
+        m_session_key = NULL;
+    }
+    if( m_enc_session_key != NULL ) {
+        PK11_FreeSymKey( m_enc_session_key );
+        m_enc_session_key = NULL;
+    }
+    if (m_drm_wrapped_des_key_s != NULL) {
+      PR_Free(m_drm_wrapped_des_key_s);
+      m_drm_wrapped_des_key_s = NULL;
+    }
+    if (m_kek_wrapped_des_key_s != NULL) {
+      PR_Free(m_kek_wrapped_des_key_s);
+      m_kek_wrapped_des_key_s = NULL;
+    }
+    if (m_keycheck_s != NULL) {
+      PR_Free(m_keycheck_s);
+      m_keycheck_s = NULL;
+    }
+} /* ~Secure_Channel */
+
+/**
+ * Closes secure channel.
+ */
+int Secure_Channel::Close()
+{
+    /* currently do not have anything to terminate here */
+    return 1;
+}
+
+/*
+ * to be called by all token request types
+ * it resets m_data if security level is to do encryption
+ */
+int Secure_Channel::ComputeAPDU(APDU *apdu)
+{
+    int rc = -1;
+    Buffer *mac = NULL;
+
+    if (apdu == NULL) {
+      goto loser;
+    }
+    RA::Debug(LL_PER_PDU, "Secure_Channel::ComputeAPDU", "apdu type = %d",
+	      apdu->GetType());
+
+    mac = ComputeAPDUMac(apdu);
+    if (mac == NULL)
+      goto loser;
+
+    if (m_security_level == SECURE_MSG_MAC_ENC) {
+      PRStatus status = apdu->SecureMessage(m_enc_session_key);
+      if (status == PR_FAILURE) {
+	goto loser;
+      }
+    }
+
+    rc = 1;
+ loser: 
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+
+    return rc;
+}
+
+/**
+ * Calculates MAC for the given APDU.
+ */
+Buffer *Secure_Channel::ComputeAPDUMac(APDU *apdu)
+{
+    Buffer data;
+    Buffer *mac = new Buffer(8, (BYTE)0);
+
+    if (apdu == NULL) {
+      RA::Error("Secure_Channel::ComputeAPDUMac", "apdu NULL");
+      if( mac != NULL ) {
+          delete mac;
+          mac = NULL;
+      }
+      return NULL;
+    }
+    apdu->GetDataToMAC(data);
+
+    // developer debugging only - not for deployment
+    //        RA::DebugBuffer("Secure_Channel::ComputeAPDUMac", "Data To MAC'ed",
+    //    		&data);
+
+    // Compute MAC will padd the data if it is 
+    // not in 8 byte multiples
+    Util::ComputeMAC(m_session_key, data, m_icv, *mac);
+    apdu->SetMAC(*mac);
+    m_icv = *mac;
+
+    return mac;
+} /* EncodeAPDUMac */
+
+/**
+ * Sends the token an external authenticate APDU.
+ */
+int Secure_Channel::ExternalAuthenticate()
+{
+    int rc = -1;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    External_Authenticate_APDU *external_auth_apdu = NULL;
+    APDU_Response *response = NULL;
+    Buffer *mac = NULL;
+
+    RA::Debug("Secure_Channel::ExternalAuthenticate",
+        "Secure_Channel::ExternalAuthenticate");
+
+    // This command is very strange
+    external_auth_apdu =
+        new External_Authenticate_APDU(m_host_cryptogram, m_security_level);
+
+    // Need to update APDU length to include 8-bytes MAC
+    // before mac'ing the data
+    mac = ComputeAPDUMac(external_auth_apdu);
+    external_auth_apdu->SetMAC(*mac);
+
+    token_pdu_request_msg =
+        new RA_Token_PDU_Request_Msg(external_auth_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::ExternalAuthenticate",
+        "Sent external_auth_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::ExternalAuthenticate",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::ExternalAuthenticate",
+            "Invalid Msg Type");
+        goto loser;
+    }
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::ExternalAuthenticate",
+            "No Response From Token");
+        goto loser;
+    }
+    if (response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::ExternalAuthenticate",
+            "Invalid Response From Token");
+        goto loser;
+    }
+
+    // must return 0x90 0x00
+    if (!(response->GetSW1() == 0x90 && response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::ExternalAuthenticate",
+                "Bad Response %x %x", response->GetSW1(), response->GetSW2());
+           goto loser;
+     }
+
+    rc = 1;
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+} /* ExternalAuthenticate */
+
+int Secure_Channel::DeleteFileX(RA_Session *session, Buffer *aid)
+{
+    int rc = 0;
+    APDU_Response *delete_response = NULL;
+    RA_Token_PDU_Request_Msg *delete_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *delete_response_msg = NULL;
+    Delete_File_APDU *delete_apdu = NULL;
+    // Buffer *mac = NULL;
+
+    RA::Debug("RA_Processor::DeleteFile",
+        "RA_Processor::DeleteFile");
+
+    delete_apdu = new Delete_File_APDU(*aid);
+    rc = ComputeAPDU(delete_apdu);
+    if (rc == -1)
+      goto loser;
+
+    /*
+    mac = ComputeAPDUMac(delete_apdu);
+    delete_apdu->SetMAC(*mac);
+    */
+    delete_request_msg =
+        new RA_Token_PDU_Request_Msg(delete_apdu);
+    session->WriteMsg(delete_request_msg);
+
+    RA::Debug("RA_Processor::DeleteFile",
+        "Sent delete_request_msg");
+
+    delete_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (delete_response_msg == NULL)
+    {
+       RA::Error("RA_Processor::DeleteFile",
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    if (delete_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::DeleteFile",
+            "Invalid Msg Type");
+	rc = -1;
+        goto loser;
+    }
+    delete_response = delete_response_msg->GetResponse();
+    if (delete_response == NULL) {
+        RA::Error("Secure_Channel::DeleteFile",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (delete_response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::DeleteFile",
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+
+    if (!(delete_response->GetSW1() == 0x90 && 
+	 	delete_response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::DeleteFile",
+                "Bad Response %x %x", delete_response->GetSW1(),
+		delete_response->GetSW2());
+	   rc = -1;
+           goto loser;
+     }
+
+    rc = 1;
+
+loser:
+    if( delete_request_msg != NULL ) {
+        delete delete_request_msg;
+        delete_request_msg = NULL;
+    }
+    if( delete_response_msg != NULL ) {
+        delete delete_response_msg;
+        delete_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+int Secure_Channel::InstallLoad(RA_Session *session, 
+		Buffer& packageAID, Buffer& sdAID, unsigned int fileLen)
+{
+    int rc = 0;
+    APDU_Response *install_response = NULL;
+    RA_Token_PDU_Request_Msg *install_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *install_response_msg = NULL;
+    Install_Load_APDU *install_apdu = NULL;
+    // Buffer *mac = NULL;
+
+    RA::Debug("RA_Processor::InstallLoad",
+        "RA_Processor::InstallLoad");
+
+    install_apdu = new Install_Load_APDU(packageAID, sdAID, fileLen);
+    rc = ComputeAPDU(install_apdu);
+    if (rc == -1)
+      goto loser;
+
+    /*
+    mac = ComputeAPDUMac(install_apdu);
+    install_apdu->SetMAC(*mac);
+    */
+    install_request_msg =
+        new RA_Token_PDU_Request_Msg(install_apdu);
+    session->WriteMsg(install_request_msg);
+
+    RA::Debug("RA_Processor::InstallLoad",
+        "Sent install_request_msg");
+
+    install_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (install_response_msg == NULL)
+    {
+       RA::Error("RA_Processor::InstallLoad",
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    if (install_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::InstallLoad",
+            "Invalid Msg Type");
+	rc = -1;
+        goto loser;
+    }
+    install_response = install_response_msg->GetResponse();
+    if (install_response == NULL) {
+        RA::Error("Secure_Channel::InstallLoad",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (install_response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::InstallLoad",
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+
+    if (!(install_response->GetSW1() == 0x90 && 
+	 	install_response->GetSW2() == 0x00)) {
+           RA::Error("Secure_Channel::InstallLoad",
+                "Error Response from token %2x%2x",
+				install_response->GetSW1(),
+				install_response->GetSW2());
+	rc = -1;
+           goto loser;
+     }
+
+    rc = 1;
+
+loser:
+    if( install_request_msg != NULL ) {
+        delete install_request_msg;
+        install_request_msg = NULL;
+    }
+    if( install_response_msg != NULL ) {
+        delete install_response_msg;
+        install_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+int Secure_Channel::InstallApplet(RA_Session *session, 
+		Buffer &packageAID, Buffer &appletAID, 
+		BYTE appPrivileges, unsigned int instanceSize)
+{
+    int rc = 0;
+    APDU_Response *install_response = NULL;
+    RA_Token_PDU_Request_Msg *install_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *install_response_msg = NULL;
+    Install_Applet_APDU *install_apdu = NULL;
+    // Buffer *mac = NULL;
+
+    RA::Debug("RA_Processor::InstallApplet",
+        "RA_Processor::InstallApplet");
+
+    install_apdu = new Install_Applet_APDU(packageAID, appletAID, appPrivileges, 
+		    	instanceSize);
+    rc =  ComputeAPDU(install_apdu);
+    if (rc == -1)
+      goto loser;
+
+    /*
+    mac = ComputeAPDUMac(install_apdu);
+    install_apdu->SetMAC(*mac);
+    */
+    install_request_msg =
+        new RA_Token_PDU_Request_Msg(install_apdu);
+    session->WriteMsg(install_request_msg);
+
+    RA::Debug("RA_Processor::InstallApplet",
+        "Sent install_request_msg");
+
+    install_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (install_response_msg == NULL)
+    {
+        RA::Error("RA_Processor::InstallApplet",
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    if (install_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::InstallApplet",
+            "Invalid Msg Type");
+	rc = -1;
+        goto loser;
+    }
+    install_response = install_response_msg->GetResponse();
+    if (install_response == NULL) {
+        RA::Error("Secure_Channel::InstallApplet",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (install_response->GetData().size() < 2) {
+        RA::Debug("Secure_Channel::InstallApplet",
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+
+    if (!(install_response->GetSW1() == 0x90 && 
+	 	install_response->GetSW2() == 0x00)) {
+           RA::Error("Secure_Channel::InstallApplet",
+                "Error Response from Token %2x%2x",
+				install_response->GetSW1(),
+				install_response->GetSW2());
+	rc = -1;
+           goto loser;
+     }
+
+    rc = 1;
+
+loser:
+    if( install_request_msg != NULL ) {
+        delete install_request_msg;
+        install_request_msg = NULL;
+    }
+    if( install_response_msg != NULL ) {
+        delete install_response_msg;
+        install_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+int Secure_Channel::LoadFile(RA_Session *session, BYTE refControl, BYTE blockNum, 
+	Buffer *data)
+{
+    int rc = 0;
+    APDU_Response *load_file_response = NULL;
+    RA_Token_PDU_Request_Msg *load_file_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *load_file_response_msg = NULL;
+    Load_File_APDU *load_file_apdu = NULL;
+    //    Buffer *mac = NULL;
+
+    RA::Debug("Secure_Channel::LoadFile",
+        "begin LoadFile");
+
+    load_file_apdu = new Load_File_APDU(refControl, blockNum, *data);
+
+    rc = ComputeAPDU(load_file_apdu);
+    if (rc == -1)
+      goto loser;
+
+    /*
+    mac = ComputeAPDUMac(load_file_apdu);
+    load_file_apdu->SetMAC(*mac);
+    */
+    load_file_request_msg =
+        new RA_Token_PDU_Request_Msg(load_file_apdu);
+
+    session->WriteMsg(load_file_request_msg);
+
+    RA::Debug("RA_Processor::LoadFile",
+        "Sent load_file_request_msg");
+
+    load_file_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (load_file_response_msg == NULL)
+    {
+        RA::Error("RA_Processor::LoadFile",
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    if (load_file_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::LoadFile",
+            "Invalid Msg Type");
+	rc = -1;
+        goto loser;
+    }
+    load_file_response = load_file_response_msg->GetResponse();
+    if (load_file_response == NULL) {
+        RA::Error("Secure_Channel::LoadFile",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (load_file_response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::LoadFile",
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (!(load_file_response->GetSW1() == 0x90 && 
+	 	load_file_response->GetSW2() == 0x00)) {
+           RA::Error("Secure_Channel::LoadFile",
+                "Error Response from Token %2x%2x",
+				load_file_response->GetSW1(),
+				load_file_response->GetSW2());
+	rc = -1;
+           goto loser;
+     }
+
+    rc = 1;
+
+loser:
+    if( load_file_request_msg != NULL ) {
+        delete load_file_request_msg;
+        load_file_request_msg = NULL;
+    }
+    if( load_file_response_msg != NULL ) {
+        delete load_file_response_msg;
+        load_file_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+int Secure_Channel::IsPinPresent(BYTE pin_number)
+{
+    int rc = -1;
+    List_Pins_APDU *list_pins_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+
+    RA::Debug("Secure_Channel::IsPinPresent",
+        "Secure_Channel::IsPinPresent");
+    list_pins_apdu = new List_Pins_APDU(2);
+    list_pins_apdu = (List_Pins_APDU *) ComputeAPDU(list_pins_apdu);
+
+    /*
+    mac = ComputeAPDUMac(set_pin_apdu);
+    set_pin_apdu->SetMAC(*mac);
+    */
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        list_pins_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::IsPinPresent",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::IsPinReset",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::IsPinReset",
+            "Invalid Msg Type");
+        goto loser;
+    }
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::IsPinReset",
+            "No Response From Token");
+        goto loser;
+    }
+
+    rc = 1;
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+/**
+ * Get Issuer Info
+ */
+Buffer Secure_Channel::GetIssuerInfo()
+{
+    Buffer data;
+    int rc = -1;
+    Get_IssuerInfo_APDU *get_issuerinfo_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+
+    RA::Debug("Secure_Channel::GetIssuerInfo",
+        "Secure_Channel::GetIssuerInfo");
+    get_issuerinfo_apdu = new Get_IssuerInfo_APDU();
+    rc = ComputeAPDU(get_issuerinfo_apdu);
+    if (rc == -1) {
+      goto loser;
+    }
+
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        get_issuerinfo_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::GetIssuerInfo",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::GetIssuerInfo",
+            "No Token PDU Response Msg Received");
+	    rc = -1;
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::GetIssuerInfo",
+            "Invalid Msg Type");
+	    rc = -1;
+        goto loser;
+    }
+
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::GetIssuerInfo",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::GetIssuerInfo",
+            "Invalid Response From Token");
+	    rc = -1;
+        goto loser;
+    }
+    if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::GetIssuerInfo",
+                "Bad Response");
+	       rc = -1;
+           goto loser;
+     }
+
+    data = response->GetData();
+    rc = 1;
+loser:
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return data;
+} /* SetIssuerInfo */
+/**
+ * Set Issuer Info
+ */
+int Secure_Channel::SetIssuerInfo(Buffer *info)
+{
+    int rc = -1;
+    Set_IssuerInfo_APDU *set_issuerinfo_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+
+    RA::Debug("Secure_Channel::SetIssuerInfo",
+        "Secure_Channel::SetIssuerInfo");
+    set_issuerinfo_apdu = new Set_IssuerInfo_APDU(0x0, 0x0, *info);
+    rc = ComputeAPDU(set_issuerinfo_apdu);
+    if (rc == -1) {
+      goto loser;
+    }
+
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        set_issuerinfo_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::SetIssuerInfo",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::SetIssuerInfo",
+            "No Token PDU Response Msg Received");
+	    rc = -1;
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::SetIssuerInfo",
+            "Invalid Msg Type");
+	    rc = -1;
+        goto loser;
+    }
+
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::SetIssuerInfo",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::SetIssuerInfo",
+            "Invalid Response From Token");
+	    rc = -1;
+        goto loser;
+    }
+    if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::SetIssuerInfo",
+                "Bad Response");
+	       rc = -1;
+           goto loser;
+     }
+
+    rc = 1;
+loser:
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+} /* SetIssuerInfo */
+
+/**
+ * Resets token's pin.
+ */
+int Secure_Channel::ResetPin(BYTE pin_number, char *new_pin)
+{
+    int rc = -1;
+    Set_Pin_APDU *set_pin_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+
+    RA::Debug("Secure_Channel::ResetPin",
+        "Secure_Channel::ResetPin");
+    Buffer data = Buffer((BYTE *)new_pin, strlen(new_pin));
+    set_pin_apdu = new Set_Pin_APDU(0x0, 0x0, data);
+    rc = ComputeAPDU(set_pin_apdu);
+    if (rc == -1) {
+      goto loser;
+    }
+
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        set_pin_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::ResetPin",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::ResetPin",
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::ResetPin",
+            "Invalid Msg Type");
+	rc = -1;
+        goto loser;
+    }
+
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::ResetPin",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::ResetPin",
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::ResetPin",
+                "Bad Response");
+	rc = -1;
+           goto loser;
+     }
+
+    rc = 1;
+loser:
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+} /* ResetPin */
+
+/**
+ * inject key (public key, mostly)
+ * @param key_number key slot number (from config file)
+ */
+int Secure_Channel::ImportKey(BYTE key_number)
+{
+    int rc = -1;
+    Import_Key_APDU *import_key_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+
+    RA::Debug("Secure_Channel::ImportKey",
+        "Secure_Channel::ImportKey");
+
+    import_key_apdu = new Import_Key_APDU(key_number);
+    rc = ComputeAPDU(import_key_apdu);
+    if (rc == -1) {
+      goto loser;
+    }
+
+    /*
+    mac = ComputeAPDUMac(import_key_apdu);
+    import_key_apdu->SetMAC(*mac);
+    */
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        import_key_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::ImportKey",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::ImportKey",
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::ImportKey",
+            "Invalid Msg Type");
+	rc = -1;
+        goto loser;
+    }
+
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::ImportKey",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::ImportKey",
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::ImportKey",
+                "Error Response from Token %2x%2x",
+			response->GetSW1(),
+			response->GetSW2());
+	rc = -1;
+           goto loser;
+     }
+
+    rc = 1;
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+} /* ImportKey */
+
+/**
+ * inject an encrypted key (private key, mostly)
+ * @param key_number key slot number (from config file)
+ */
+int Secure_Channel::ImportKeyEnc(BYTE priv_key_number, BYTE pub_key_number, Buffer* data)
+{
+    int rc = -1;
+    Import_Key_Enc_APDU *import_key_enc_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+      BYTE objid[4];
+
+      objid[0] = 0xFF;
+      objid[1] = 0xFF;
+      objid[2] = 0xFF;
+      objid[3] = 0xFE;
+
+
+    RA::Debug("Secure_Channel::ImportKeyEnc",
+        "Secure_Channel::ImportKeyEnc");
+
+    import_key_enc_apdu = new Import_Key_Enc_APDU(priv_key_number, pub_key_number, *data);
+    rc = ComputeAPDU(import_key_enc_apdu);
+    if (rc == -1) {
+      goto loser;
+    }
+
+    /*
+    mac = ComputeAPDUMac(import_key_enc_apdu);
+    import_key_enc_apdu->SetMAC(*mac);
+    */
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        import_key_enc_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::ImportKeyEnc",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::ImportKeyEnc",
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::ImportKeyEnc",
+            "Invalid Msg Type");
+	rc = -1;
+        goto loser;
+    }
+
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::ImportKeyEnc",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::ImportKeyEnc",
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+
+    if (!(response->GetSW1() == 0x90 && 
+		response->GetSW2() == 0x00)) {
+      RA::Error("RA_Processor::ImportKeyEnc",
+                "Error Response from Token %2x%2x",
+				response->GetSW1(),
+				response->GetSW2());
+      /*XXX debuging
+      debugBuf = ReadObject((BYTE*)objid, 0, 16);
+      if (debugBuf != NULL)
+	RA::DebugBuffer("Secure_Channel::ImportKeyEnc(): Error:", "debugBuf=",
+    		debugBuf);
+      else
+	RA::Debug("Secure_Channel::ImportKeyEnc(): Error:", "ReadObject for debugging returns none");
+      */
+	rc = -1;
+	goto loser;
+     }
+
+    /*      XXX debugging
+      debugBuf = ReadObject((BYTE*)objid, 0, 200);
+      if (debugBuf != NULL)
+	RA::DebugBuffer("Secure_Channel::ImportKeyEnc(): Success:", "debugBuf=",
+		    debugBuf);
+      else
+	RA::Debug("Secure_Channel::ImportKeyEnc(): Sucess:", "ReadObject for debugging returns none");
+
+    */
+
+    rc = 1;
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+} /* ImportKeyEnc */
+
+
+/**
+ * Put Keys
+ *
+ * Global Platform Open Platform Card Specification 
+ * Version 2.0.1 Page 9-19
+ * Sample Data:
+ *
+ * _____________ CLA
+ * |  __________ INS
+ * |  |  _______ P1
+ * |  |  |  ____ P2
+ * |  |  |  |  _ Len
+ * |  |  |  |  |
+ * 84 D8 00 81 4B
+ * 01 
+ * 81 10 B4 BA A8 9A 8C D0 29 2B 45 21 0E    (AUTH KEY)
+ * 1B C8 4B 1C 31 
+ * 03 8B AF 47 
+ * 81 10 B4 BA A8 9A 8C D0 29 2B 45 21 0E    (MAC KEY) 
+ * 1B C8 4B 1C 31 
+ * 03 8B AF 47 
+ * 81 10 B4 BA A8 9A 8C D0 29 2B 45 21 0E    (KEK KEY)
+ * 1B C8 4B 1C 31 
+ * 03 8B AF 47 
+ * 5E B8 64 3F 73 9D 7D 62
+ *
+ * Data:
+ *
+ * - New key set version
+ * - key set data field (implicit key index P2+0)
+ * - key set data field (implicit key index P2+1)
+ * - key set data field (implicit key index P2+2)
+ * 
+ * Key Set Data:
+ * 
+ * Length    Meaning
+ * ======    =========
+ * 1         Algorithm ID of key
+ * 1-n       Length of key
+ * variable  Key data value
+ * 0-n       Length of Key check value
+ * variable  Key check value (if present)
+ */
+int Secure_Channel::PutKeys(RA_Session *session, BYTE key_version, 
+                   BYTE key_index, Buffer *key_data)
+{
+    int rc = 0;
+    APDU_Response *put_key_response = NULL;
+    RA_Token_PDU_Request_Msg *put_key_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *put_key_response_msg = NULL;
+    Put_Key_APDU *put_key_apdu = NULL;
+    // Buffer *mac = NULL;
+	const char *FN="Secure_Channel::PutKeys";
+
+    RA::Debug(LL_PER_CONNECTION, FN,
+        "RA_Processor::PutKey");
+
+    put_key_apdu = new Put_Key_APDU(key_version, 0x80 | key_index, 
+             *key_data);
+    rc = ComputeAPDU(put_key_apdu);
+    if (rc == -1)
+      goto loser;
+
+    /*
+    mac = ComputeAPDUMac(put_key_apdu);
+    put_key_apdu->SetMAC(*mac);
+    */
+    put_key_request_msg =
+        new RA_Token_PDU_Request_Msg(put_key_apdu);
+    session->WriteMsg(put_key_request_msg);
+    RA::Debug(LL_PER_CONNECTION, FN,
+        "Sent put_key_request_msg");
+
+    put_key_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (put_key_response_msg == NULL)
+    {
+    	RA::Error(LL_PER_CONNECTION, FN,
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    if (put_key_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error(LL_PER_CONNECTION, FN,
+            "Invalid Msg Type");
+	rc = -1;
+        goto loser;
+    }
+    put_key_response =
+        put_key_response_msg->GetResponse();
+    if (put_key_response == NULL) {
+        RA::Error(LL_PER_CONNECTION, FN,
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (put_key_response->GetData().size() < 2) {
+        RA::Error(LL_PER_CONNECTION, FN,
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (!(put_key_response->GetSW1() == 0x90 && 
+	 	put_key_response->GetSW2() == 0x00)) {
+           RA::Error(LL_PER_CONNECTION, FN,
+                "Error Response %2x%2x", 
+					put_key_response->GetSW1(),
+					put_key_response->GetSW2());
+		rc = -1;
+           goto loser;
+     }
+
+    /* check error */
+    rc = 0;
+
+loser:
+    if( put_key_request_msg != NULL ) {
+        delete put_key_request_msg;
+        put_key_request_msg = NULL;
+    }
+    if( put_key_response_msg != NULL ) {
+        delete put_key_response_msg;
+        put_key_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+/**
+ * Sets token's lifecycle state.
+ */
+int Secure_Channel::SetLifecycleState(BYTE flag)
+{
+    int rc = -1;
+    Lifecycle_APDU *lifecycle_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+	const char *FN = "Secure_Channel::SetLifecycleState";
+
+    RA::Debug(LL_PER_CONNECTION,FN,
+        "Begin");
+    lifecycle_apdu = new Lifecycle_APDU(flag);
+    rc = ComputeAPDU(lifecycle_apdu);
+    if (rc == -1)
+      goto loser;
+
+    /*
+    mac = ComputeAPDUMac(lifecycle_apdu);
+    lifecycle_apdu->SetMAC(*mac);
+    */
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        lifecycle_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug(LL_PER_CONNECTION,FN,
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error(LL_PER_CONNECTION,FN,
+            "No Token PDU Response Msg Received");
+        rc = -1;
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE)
+    {
+        RA::Error(LL_PER_CONNECTION,FN,
+            "Invalid Msg Received");
+        rc = -1;
+        goto loser;
+    }
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error(LL_PER_CONNECTION,FN,
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (response->GetData().size() < 2) {
+        RA::Error(LL_PER_CONNECTION,FN,
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error(LL_PER_CONNECTION,FN,
+                "Error Response from token: %2x%2x",
+				response->GetSW1(),
+				response->GetSW2());
+	   rc = -1;
+           goto loser;
+     }
+
+    rc = 0;
+
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+} /* SetLifecycleState */
+
+
+char * Secure_Channel::getDrmWrappedDESKey()
+{
+    return PL_strdup(m_drm_wrapped_des_key_s);
+}
+
+char * Secure_Channel::getKekWrappedDESKey()
+{
+    return PL_strdup(m_kek_wrapped_des_key_s);
+}
+
+char * Secure_Channel::getKeycheck()
+{
+    return PL_strdup(m_keycheck_s);
+}
+
+
+/**
+ * Requests token to generate key in buffer.
+ */
+int Secure_Channel::StartEnrollment(BYTE p1, BYTE p2, Buffer *wrapped_challenge, 
+	Buffer *key_check, BYTE alg, int keysize, BYTE option)
+{
+    int rc = -1;
+    Generate_Key_APDU *generate_key_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+    Buffer data;
+
+    RA::Debug("Secure_Channel::GenerateKey",
+        "Secure_Channel::GenerateKey");
+    generate_key_apdu = new Generate_Key_APDU(p1, p2, alg, keysize, option,
+        0x85, *wrapped_challenge, *key_check);
+    rc = ComputeAPDU(generate_key_apdu);
+    if (rc == -1)
+      goto loser;
+
+    /*
+    mac = ComputeAPDUMac(generate_key_apdu);
+    generate_key_apdu->SetMAC(*mac);
+    */
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        generate_key_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::GenerateKey",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::GenerateKey",
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE)
+    {
+        RA::Error("Secure_Channel::GenerateKey",
+            "Invalid Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+	RA::Error("SecureChannel::GenerateKey", "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+
+    data = response->GetData();
+    if (data.size() != 4) {
+	RA::Error("SecureChannel::GenerateKey", "Token returned error");
+	rc = -1;
+        goto loser;
+    }
+    if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::GenerateKey",
+                "Error Response from token %2x%2x",
+				response->GetSW1(),
+				response->GetSW2());
+	rc = -1;
+           goto loser;
+     }
+
+    /* key length */
+    rc = ((BYTE*)data)[0] * 256 + ((BYTE*)data)[1];               
+
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+} /* GenerateKey */
+
+/**
+ * Reads data from token's buffer.
+ */
+int Secure_Channel::ReadBuffer(BYTE *buf, int buf_len)
+{
+    int rc = -1;
+    Read_Buffer_APDU *read_buffer_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    int offset = 0;
+    int wanted = buf_len;
+    int received = 0;
+    int request = 0;
+    int data_len;
+    Buffer data;
+    Buffer *mac = NULL;
+	const char *FN="Secure_Channel::ReadBuffer";
+
+#define MAX_READ_BUFFER_SIZE 0xd0
+        RA::Debug("Secure_Channel::ReadBuffer",
+            "Secure_Channel::ReadBuffer");
+
+    while (1)
+    {
+        if (wanted > MAX_READ_BUFFER_SIZE)
+        {
+            request = MAX_READ_BUFFER_SIZE;
+        }
+        else
+        {
+            request = wanted;
+        }
+        read_buffer_apdu = new Read_Buffer_APDU(request,offset);
+	rc = ComputeAPDU(read_buffer_apdu);
+	if (rc == -1)
+	  goto loser;
+
+	/*
+        mac = ComputeAPDUMac(read_buffer_apdu);
+        read_buffer_apdu->SetMAC(*mac);
+	*/
+        token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+            read_buffer_apdu);
+        m_session->WriteMsg(token_pdu_request_msg);
+        RA::Debug(LL_PER_CONNECTION, FN,
+            "Sent token_pdu_request_msg");
+
+        token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+            m_session->ReadMsg();
+        if (token_pdu_response_msg == NULL)
+        {
+            RA::Error(LL_PER_CONNECTION, FN,
+                "No Token PDU Response Msg Received");
+            rc = -1;
+            goto loser;
+        }
+        if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+            RA::Error(LL_PER_CONNECTION, FN,
+            "Invalid Msg Type");
+            rc = -1;
+            goto loser;
+        }
+        response = token_pdu_response_msg->GetResponse();
+        if (response == NULL)
+        {
+            RA::Error(LL_PER_CONNECTION, FN,
+                "No Response From Token");
+            rc = -1;
+            goto loser;
+        }
+        if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error(LL_PER_CONNECTION, FN,
+                "Error Response from token %2x%2x",
+				response->GetSW1(),
+				response->GetSW2());
+            rc = -1;
+           goto loser;
+        }
+        data = response->GetData();
+        data_len = data.size() - 2;
+        if (data_len == 0)
+        {
+            break;
+        }
+
+// copy data into buffer
+        for (int i = 0; i < data_len; i++)
+        {
+            buf[offset+i] = ((BYTE*)data)[i];
+        }
+
+        received += data_len;
+        wanted -= data_len;
+        offset += data_len;
+
+        if (wanted == 0)
+        {
+            break;
+        }
+
+        if( token_pdu_request_msg != NULL ) {
+            delete token_pdu_request_msg;
+            token_pdu_request_msg = NULL;
+        }
+        if( token_pdu_response_msg != NULL ) {
+            delete token_pdu_response_msg;
+            token_pdu_response_msg = NULL;
+        }
+    };
+
+    rc = received;
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+} /* ReadBuffer */
+
+/**
+ * Writes object to token.
+ */
+int Secure_Channel::CreateObject(BYTE *object_id, BYTE *permissions, int len)
+{
+    int rc = -1;
+    Create_Object_APDU *create_obj_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+
+    RA::Debug("Secure_Channel::CreateObject",
+        "Secure_Channel::CreateObject");
+    create_obj_apdu = new Create_Object_APDU(object_id, permissions, len);
+    rc = ComputeAPDU(create_obj_apdu);
+    if (rc == -1)
+      goto loser;
+
+    /*
+    mac = ComputeAPDUMac(create_obj_apdu);
+    create_obj_apdu->SetMAC(*mac);
+    */
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        create_obj_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::CreateObject",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::CreateObject",
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+            RA::Error("Secure_Channel::CreateObject",
+            "Invalid Msg Type");
+	rc = -1;
+            goto loser;
+    }
+
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::CreateObject",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::CreateObject",
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::CreateObject",
+                "Error Response from token %2x%2x",
+				response->GetSW1(),
+				response->GetSW2());
+	rc = -1;
+           goto loser;
+    }
+
+    rc = 1;
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+} /* CreateObject */ 
+
+Buffer *Secure_Channel::ReadObject(BYTE *object_id, int offset, int len)
+{
+    int rc = -1;
+    Buffer data;
+    Read_Object_APDU *read_obj_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+    Buffer *buf = NULL;
+    Buffer result = Buffer();
+
+    RA::Debug("Secure_Channel::ReadObject",
+        "Secure_Channel::ReadObject");
+    int cur_read = 0;
+    int cur_offset = 0;
+    int sum = 0;
+
+#define MAX_READ_BUFFER_SIZE 0xd0
+
+    if (len > MAX_READ_BUFFER_SIZE) {
+        cur_offset = offset;
+    	cur_read = MAX_READ_BUFFER_SIZE;
+    } else {
+        cur_offset = offset;
+    	cur_read = len;
+    }
+
+    while (sum < len) {
+
+        read_obj_apdu = new Read_Object_APDU(object_id, cur_offset, cur_read);
+        rc = ComputeAPDU(read_obj_apdu);
+        if (rc == -1)
+          goto loser;
+
+        token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        	read_obj_apdu);
+        m_session->WriteMsg(token_pdu_request_msg);
+        RA::Debug("Secure_Channel::ReadObject",
+            "Sent token_pdu_request_msg");
+
+        token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+           m_session->ReadMsg();
+        if (token_pdu_response_msg == NULL)
+        {
+           RA::Error("Secure_Channel::ReadObject",
+            "No Token PDU Response Msg Received");
+  	   rc = -1;
+           goto loser;
+        }
+
+        if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) 
+	{
+            RA::Error("Secure_Channel::ReadObject",
+            "Invalid Msg Type");
+  	    rc = -1;
+            goto loser;
+        }
+
+        response = token_pdu_response_msg->GetResponse();
+        if (response == NULL) {
+            RA::Error("Secure_Channel::ReadObject",
+            "No Response From Token");
+	    rc = -1;
+           goto loser;
+        }
+
+        if (response->GetData().size() < 2) {
+            RA::Error("Secure_Channel::ReadObject",
+            "Invalid Response From Token");
+	    rc = -1;
+            goto loser;
+        }
+        if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::ReadObject",
+                "Error Response from token %2x%2x",
+				response->GetSW1(),
+				response->GetSW2());
+    	   rc = -1;
+           goto loser;
+        }
+        data = response->GetData();
+        result += Buffer(data.substr(0, data.size() - 2));
+
+	sum += (data.size() - 2);
+	cur_offset += (data.size() - 2);
+
+	if ((len - sum) < MAX_READ_BUFFER_SIZE) {
+		cur_read = len - sum;
+	} else {
+		cur_read = MAX_READ_BUFFER_SIZE;
+	}
+        if (token_pdu_request_msg != NULL) {
+            delete token_pdu_request_msg;
+	    token_pdu_request_msg = NULL;
+	}
+        if (token_pdu_response_msg != NULL) {
+            delete token_pdu_response_msg;
+	    token_pdu_response_msg = NULL;
+	}
+
+    }
+
+    buf = new Buffer((BYTE*)result, result.size());
+
+loser:
+    if (mac != NULL)
+        delete mac;
+    if (token_pdu_request_msg != NULL)
+        delete token_pdu_request_msg;
+    if (token_pdu_response_msg != NULL)
+        delete token_pdu_response_msg;
+
+    return buf;
+}
+
+/**
+ * Writes data to token's buffer.
+ */
+int Secure_Channel::WriteObject(BYTE *objid, BYTE *buf, int buf_len)
+{
+    int rc = -1;
+    int i;
+    Write_Object_APDU *write_buffer_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    int offset = 0;
+    int len = 0;
+    int to_send = buf_len;
+    BYTE *data = buf;
+#define MAX_WRITE_BUFFER_SIZE 0xd0
+    Buffer *send_buf = NULL;
+    Buffer *mac = NULL;
+
+        RA::Debug("Secure_Channel::WriteObject",
+            "Secure_Channel::WriteObject");
+    while (1)
+    {
+        send_buf = new Buffer(MAX_WRITE_BUFFER_SIZE, (BYTE)0);
+        mac = new Buffer(8, (BYTE)0);
+
+        if (to_send > MAX_WRITE_BUFFER_SIZE)
+        {
+            len = MAX_WRITE_BUFFER_SIZE;
+        }
+        else
+        {
+            len = to_send;
+        }
+        RA::Debug("Secure_Channel::WriteObject",
+            "Sent total=%d len=%d", buf_len, len);
+
+        for (i = 0; i < len; i++)
+        {
+            ((BYTE*)*send_buf)[i] = ((BYTE*)data)[i];
+        }
+	Buffer x_buf = Buffer(*send_buf, len);
+
+        write_buffer_apdu = new Write_Object_APDU(objid, offset, x_buf);
+        rc = ComputeAPDU(write_buffer_apdu);
+	if (rc == -1)
+	  goto loser;
+
+	/*
+        mac = ComputeAPDUMac(write_buffer_apdu);
+        write_buffer_apdu->SetMAC(*mac);
+	*/
+        token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+            write_buffer_apdu);
+        m_session->WriteMsg(token_pdu_request_msg);
+        RA::Debug("Secure_Channel::WriteObject",
+            "Sent token_pdu_request_msg");
+
+        token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+            m_session->ReadMsg();
+        if (token_pdu_response_msg == NULL)
+        {
+            RA::Error("Secure_Channel::WriteObject",
+                "No Token PDU Response Msg Received");
+	    rc = -1;
+            goto loser;
+        }
+
+        if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+            RA::Error("Secure_Channel::WriteObject",
+            "Invalid Msg Type");
+	    rc = -1;
+            goto loser;
+        }
+        response = token_pdu_response_msg->GetResponse();
+        if (response == NULL) {
+            RA::Error("Secure_Channel::WriteObject",
+               "No Response From Token");
+	    rc = -1;
+            goto loser;
+        }
+        if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::WriteObject",
+                "Error Response from token %2x%2x",
+				response->GetSW1(),
+				response->GetSW2());
+	    rc = -1;
+           goto loser;
+        }
+        data += len;
+        to_send -= len;
+        offset += len;
+
+        if (to_send == 0)
+            break;                                /* done */
+        if( mac != NULL ) {
+            delete mac;
+            mac = NULL;
+        }
+        if( token_pdu_request_msg != NULL ) {
+            delete token_pdu_request_msg;
+            token_pdu_request_msg = NULL;
+        }
+        if( token_pdu_response_msg != NULL ) {
+            delete token_pdu_response_msg;
+            token_pdu_response_msg = NULL;
+        }
+        if( send_buf != NULL ) {
+            delete send_buf;
+            send_buf = NULL;
+        }
+    }
+
+    rc = 1;
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+    if( send_buf != NULL ) {
+        delete send_buf;
+        send_buf = NULL;
+    }
+
+    return rc;
+} /* WriteObject */ 
+
+int Secure_Channel::CreatePin(BYTE pin_number,
+                BYTE max_retries, const char *pin)
+{
+    int rc = -1;
+    Create_Pin_APDU *create_pin_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+
+    RA::Debug("Secure_Channel::CreatePin",
+        "Secure_Channel::CreatePin");
+    Buffer pin_buffer = Buffer((BYTE*)pin, strlen(pin));
+    create_pin_apdu = new Create_Pin_APDU(pin_number, max_retries,
+                    pin_buffer);
+    rc = ComputeAPDU(create_pin_apdu);
+    if (rc == -1)
+      goto loser;
+
+    /*
+    mac = ComputeAPDUMac(set_pin_apdu);
+    set_pin_apdu->SetMAC(*mac);
+    */
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        create_pin_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::CreatePin",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::CreatePin",
+            "No Token PDU Response Msg Received");
+        rc = -1;
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::CreatePin",
+            "Invalid Msg Type");
+        rc = -1;
+        goto loser;
+    }
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::CreatePin",
+            "No Response From Token");
+        rc = -1;
+        goto loser;
+    }
+
+    rc = 1;
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+APDU_Response *Secure_Channel::SendTokenAPU(APDU *apdu)
+{
+    int rc;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+
+    RA::Debug("Secure_Channel::SendTokenAPDU",
+        "Secure_Channel::SendTokenAPDU");
+    rc = ComputeAPDU(apdu);
+    if (rc == -1)
+      goto loser;
+
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::SendTokenAPDU",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::SendTokenAPDU",
+            "No Token PDU Response Msg Received");
+        rc = -1;
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::SendTokenAPDU",
+            "Invalid Msg Type");
+        rc = -1;
+        goto loser;
+    }
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::SendTokenAPDU",
+            "No Response From Token");
+        rc = -1;
+        goto loser;
+    }
+
+loser:
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return response;
+}
+
+
+static void AppendSHORTtoBuffer(Buffer &buf,unsigned short s)
+{
+
+    buf += s/256;
+    buf += s%256;
+}
+
+
+static void AppendLONGtoBuffer(Buffer &buf, unsigned int l)
+{
+    buf += l>>24;
+    buf += (l >> 16) & 0xFF;
+    buf += (l >> 8) & 0xFF;
+    buf += l & 0xFF;
+}
+
+static void AppendAttribute(Buffer &buf, unsigned int type, unsigned int length, BYTE *b)
+{
+    AppendLONGtoBuffer(buf, type);
+    AppendSHORTtoBuffer(buf, length);
+    buf += Buffer(b,length);
+}
+
+static void AppendKeyCapabilities(Buffer &b, const char *opType, const char *tokenType, const char *keyTypePrefix, const char *keyType) {
+    char configname[256];
+
+    bool bvalue = false;
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.encrypt",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_ENCRYPT, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.sign",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_SIGN, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.signRecover",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_SIGN_RECOVER, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.decrypt",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_DECRYPT, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.derive",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_DERIVE, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.unwrap",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_UNWRAP, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.wrap",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_WRAP, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.verifyRecover",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_VERIFY_RECOVER, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.verify",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_VERIFY, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.sensitive",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_SENSITIVE, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.private",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_PRIVATE, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.token",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_TOKEN, 1, Util::bool2byte(bvalue));
+}
+
+static void FinalizeBuffer(Buffer &b, const char* id)
+{
+        ((BYTE*)b)[0] = 0;
+        ((BYTE*)b)[1] = id[0];
+        ((BYTE*)b)[2] = id[1];
+        ((BYTE*)b)[3] = 0;
+        ((BYTE*)b)[4] = 0;
+        ((BYTE*)b)[5] = (b.size()-7) / 256;
+        ((BYTE*)b)[6] = (b.size()-7) % 256;
+}
+
+/**
+ * Creates object on token.
+ */
+int Secure_Channel::CreateObject(BYTE *objid, BYTE *permissions, Buffer *obj)
+{
+    int rc = -1;
+    rc = CreateObject(objid, permissions, obj->size());
+    if (rc == -1)
+        goto loser;
+    rc = WriteObject(objid, (BYTE*)*obj, obj->size());
+    if (rc == -1)
+        goto loser;
+    rc = 1;
+loser:
+    return rc;
+} /* CreateObject */
+
+int Secure_Channel::CreateCertificate(const char *id, Buffer *cert)
+{
+	BYTE perms[6];
+
+	perms[0] = 0xff;
+	perms[1] = 0xff;
+	perms[2] = 0x40;
+	perms[3] = 0x00;
+	perms[4] = 0x40;
+	perms[5] = 0x00;
+
+    return CreateObject((BYTE*)id, perms, cert);
+} /* CreateCertificate */
+
+/*
+Cert attrib object (c0):
+CKA_LABEL(0x0003): cert nickname
+CKA_ID (0x0102): 20 bytes same as public key
+CKA_CERTIFICATE_TYPE(0x0080): 00 00 00 00 (CKC_X_509)
+CKA_CLASS(0x0000): 01 00 00 00 (little-endian for CKO_CERTIFICATE)
+CKA_TOKEN(0x0001): true
+
+0000000 0063 3000 0000 6400 0000 0300 294a 616d   /Jam
+0000020 6965 204e 6963 6f6c 736f 6e27 7320 416d   /ie Nicolson's Am
+0000040 6572 6963 6120 4f6e 6c69 6e65 2049 6e63   /erica Online Inc
+0000060 2049 4420 2332
+                       0000 0102 0014 709b a306   /ID #2
+0000100 3fc8 9ad4 23c6 a1b2 eb04 d8ff f7dd 3f55
+0000120 0000 0080 0004 0000 0000 0000 0000 0004
+0000140 0100 0000 0000 0001 0001 0100 0000 0000
+0000160 0000 0000 0000 0000 0000 0000 0000 0000
+
+mine: (no subject)
+
+
+        0063 3000 0000 4500 0000 0300 0A74 6861
+        7965 7330 3939 33
+                       0000 0102 0014 206E 8B36
+                03A5 568D 266D 51EC 40F0 E35B B55F 8BCC
+                0000 0080 0004 0000 0000 0000 0000 0004
+                0100 0000 0000 0001 0001 01
+
+*/
+
+Buffer Secure_Channel::CreatePKCS11CertAttrsBuffer(TokenKeyType key_type, const char *id, const char *label, Buffer *keyid)
+{
+    BYTE type[4] = { 0,0,0,0 };
+    BYTE p11class[4] = { 1,0,0,0 };
+    BYTE tokenflag[1] = { 1 };
+
+    Buffer b(256);       // allocate some space
+    b.resize(7);         // this keeps the allocated space around
+
+  RA::Debug("Secure_Channel::CreatePKCS11CertAttrs", "id=%s", id);
+  RA::Debug("Secure_Channel::CreatePKCS11CertAttrs", "label=%s", label);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11CertAttrs", "keyid", keyid);
+    AppendAttribute(b, CKA_LABEL, strlen(label), (BYTE*)label);
+    // hash of pubk
+    AppendAttribute(b, CKA_ID,  keyid->size(), (BYTE*)*keyid);
+     // type of cert
+    AppendAttribute(b, CKA_CERTIFICATE_TYPE, 4, type);
+    AppendAttribute(b, CKA_CLASS, 4, p11class );  // type of object
+    AppendAttribute(b, CKA_TOKEN, 1, tokenflag);
+    FinalizeBuffer(b, id);
+
+ RA::DebugBuffer("Secure_Channel::CreatePKCS11CertAttrsBuffer", "buffer", &b);
+
+   return b;
+}
+
+int Secure_Channel::CreatePKCS11CertAttrs(TokenKeyType key_type, const char *id, const char *label, Buffer *keyid)
+{
+    BYTE type[4] = { 0,0,0,0 };
+    BYTE p11class[4] = { 1,0,0,0 };
+    BYTE tokenflag[1] = { 1 };
+
+    Buffer b(256);       // allocate some space
+    b.resize(7);         // this keeps the allocated space around
+
+  RA::Debug("Secure_Channel::CreatePKCS11CertAttrs", "id=%s", id);
+  RA::Debug("Secure_Channel::CreatePKCS11CertAttrs", "label=%s", label);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11CertAttrs", "keyid", keyid);
+    AppendAttribute(b, CKA_LABEL, strlen(label), (BYTE*)label);
+    // hash of pubk
+    AppendAttribute(b, CKA_ID,  keyid->size(), (BYTE*)*keyid);
+     // type of cert
+    AppendAttribute(b, CKA_CERTIFICATE_TYPE, 4, type);
+    AppendAttribute(b, CKA_CLASS, 4, p11class );  // type of object
+    AppendAttribute(b, CKA_TOKEN, 1, tokenflag);
+    FinalizeBuffer(b, id);
+
+ RA::DebugBuffer("Secure_Channel::CreatePKCS11CertAttrs", "buffer", &b);
+
+	BYTE perms[6];
+
+	perms[0] = 0xff;
+	perms[1] = 0xff;
+	perms[2] = 0x40;
+	perms[3] = 0x00;
+	perms[4] = 0x40;
+	perms[5] = 0x00;
+
+    return CreateObject((BYTE*)id, perms, &b);
+} /* CreatePKCS11CertAttrs */
+
+/*
+
+Private Key: (k0)
+CKA_SUBJECT (0x0101): subject name of cert
+CKA_LABEL (0x0003): nickname of cert
+CKA_MODULUS (0x0120)
+   (sha1 hash of spki)
+CKA_ID (0x0102): ?? (20 bytes, 70 9b a3 06 3f c8 9a d4 23 c6 a1 b2 eb 04 d8 ff f7 dd 3f 55)
+CKA_SENSITIVE(0x0103): true
+CKA_PRIVATE(0x0002): true
+CKA_TOKEN(0x0001): true
+CKA_KEY_TYPE(0x0100): 0x00000000 (CKK_RSA)
+cKA_CLASS(0x0000): 03 00 00 00 (little-endian(!) for CKO_PRIVATE_KEY)
+
+
+0000000 006b 3000 0001 8400 0001 0100 8630 8183
+0000020 310b 3009 0603 5504 0613 0255 5331 1b30
+0000040 1906 0355 040a 1312 416d 6572 6963 6120
+0000060 4f6e 6c69 6e65 2049 6e63 3118 3016 060a 
+0000100 0992 2689 93f2 2c64 0101 1308 6e69 636f
+0000120 6c73 6f6e 3124 3022 0609 2a86 4886 f70d
+0000140 0109 0116 156e 6963 6f6c 736f 6e40 6e65
+0000160 7473 6361 7065 2e63 6f6d 3117 3015 0603
+0000200 5504 0313 0e4a 616d 6965 204e 6963 6f6c
+0000220 736f 6e00 00
+        00 0300 294a 616d 6965 204e
+0000240 6963 6f6c 736f 6e27 7320 416d 6572 6963
+0000260 6120 4f6e 6c69 6e65 2049 6e63 2049 4420
+0000300 2332 
+             0000 0120 0080 a70e 07f4 3f51 86c7
+0000320 4f8d 4b64 522d 8c4b 31ae 58f2 f04d a9fd
+0000340 2701 637e 5245 bb48 23ec 2259 742b ddc4
+0000360 e5da f571 78df 07ba b555 6d05 0de5 7329
+0000400 f073 94e2 00a6 f846 d99d d01c 8b62 684c
+0000420 5133 9b16 3c8f ee83 34fc 844d 829b 6fca
+0000440 e694 c432 9532 6413 323c 8b81 bc64 ed30
+0000460 6074 6926 aff5 6b7f cb43 0c40 c039 ba55
+0000500 7d3a 365d bb82 0b49 0000 0102 0014 709b
+0000520 a306 3fc8 9ad4 23c6 a1b2 eb04 d8ff f7dd
+0000540 3f55 0000 0103 0001 0100 0000 0200 0101
+0000560 0000 0001 0001 0100 0001 0000 0400 0000
+0000600 0000 0000 0000 0403 0000 0000 0000 0000
+0000620 0000 0000 0000 0000 0000 0000 0000 0000
+0000640 0000 015e ffff ffff fffe 0002 0002 0002
+0000660 014e 0000 0000 0000 0000 0000 0000 0000
+0000700 0000 0000 0000 0000 0000 0000 0000 0000
+
+mine:
+
+        006B 3000 0000 D900 0000 0300 0A74 6861
+        7965 7330 3939 33
+             0000 0120 0080 DB1F EF
+        9EEA 63EC F3A9 F831 EDB2 AC38 3957 1917
+        186D 1CEB 782D 34BA B6DA 4F65 54A5 68B0
+        A08F 7840 FDF8 E115 E8A4 1522 4706 B807
+        572A 31D2 2BB9 DD9F AF0C 2E0B 8183 ADE2
+        78C4 B13E 0ED6 92F1 9989 D872 1474 A7A6
+        2205 7928 1977 075A 5A76 B24D 8FE0 99C1
+        32BE AE72 5C5D A8FA 3E93 F815 0669 074A
+        2FF5 99EE 4A29 EDC8 5B79 7B93 5D
+                0000 0102 0014 206E 8B36 03A5 568D 266D
+            51EC 40F0 E35B B55F 8BCC
+        0000 0103 0001 0100 00
+        00020001010000000100010100000100
+        00040000000000000000000403000000
+
+        H 00020001010000000100010100000100
+                H 00040000000000000000000403000000
+
+        M 00020001010000000100010100000100
+        M 00040000000000000000000403000000
+*/
+Buffer Secure_Channel::CreatePKCS11PriKeyAttrsBuffer(TokenKeyType key_type, const char *id, const char *label, Buffer *keyid, 
+                Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix)
+{
+    // BYTE sensitiveflag[1] = { 1 };
+    // BYTE privateflag[1] = { 1 };
+    // BYTE token[1] = { 1 };
+    BYTE keytype[4] = { 0,0,0,0 };
+    BYTE p11class[4] = { 3,0,0,0 };
+    // BYTE ZERO[1] = { 0 };
+    // BYTE ONE[1] = { 1 };
+    // char configname[256];
+
+    Buffer b(256);               // allocate some space
+    b.resize(7);                 // this keeps the allocated space around
+
+  RA::Debug("Secure_Channel::CreatePKCS11PriAttrs", "label=%s", label);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PriAttrs", "keyid", keyid);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PriAttrs", "modulus", modulus);
+
+//    AppendAttribute(b,CKA_LABEL, strlen(label), (BYTE*)label);
+    AppendAttribute(b,CKA_MODULUS, modulus->size(), (BYTE*)*modulus);
+    AppendAttribute(b,CKA_KEY_TYPE, 4, keytype);
+    AppendAttribute(b,CKA_CLASS, 4, p11class );
+    // hash of pubk
+    AppendAttribute(b,CKA_ID, keyid->size(),   (BYTE*)*keyid);
+
+    AppendKeyCapabilities(b, opType, tokenType, keyTypePrefix, "private");
+
+    FinalizeBuffer(b, id);
+
+ RA::DebugBuffer("Secure_Channel::CreatePKCS11PriAttrsBuffer", "buffer", &b);
+
+    return b;
+
+} /* CreatePKCS11PriKeyAttrs */
+
+int Secure_Channel::CreatePKCS11PriKeyAttrs(TokenKeyType key_type, const char *id, const char *label, Buffer *keyid, 
+                Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix)
+{
+    // BYTE sensitiveflag[1] = { 1 };
+    // BYTE privateflag[1] = { 1 };
+    // BYTE token[1] = { 1 };
+    BYTE keytype[4] = { 0,0,0,0 };
+    BYTE p11class[4] = { 3,0,0,0 };
+    // BYTE ZERO[1] = { 0 };
+    // BYTE ONE[1] = { 1 };
+    // char configname[256];
+
+    Buffer b(256);               // allocate some space
+    b.resize(7);                 // this keeps the allocated space around
+
+  RA::Debug("Secure_Channel::CreatePKCS11PriAttrs", "label=%s", label);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PriAttrs", "keyid", keyid);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PriAttrs", "modulus", modulus);
+
+//    AppendAttribute(b,CKA_LABEL, strlen(label), (BYTE*)label);
+    AppendAttribute(b,CKA_MODULUS, modulus->size(), (BYTE*)*modulus);
+    AppendAttribute(b,CKA_KEY_TYPE, 4, keytype);
+    AppendAttribute(b,CKA_CLASS, 4, p11class );
+    // hash of pubk
+    AppendAttribute(b,CKA_ID, keyid->size(),   (BYTE*)*keyid);
+
+    AppendKeyCapabilities(b, opType, tokenType, keyTypePrefix, "private");
+
+    FinalizeBuffer(b, id);
+
+ RA::DebugBuffer("Secure_Channel::CreatePKCS11PriAttrs", "buffer", &b);
+
+	BYTE perms[6];
+
+	perms[0] = 0xff;
+	perms[1] = 0xff;
+	perms[2] = 0x40;
+	perms[3] = 0x00;
+	perms[4] = 0x40;
+	perms[5] = 0x00;
+
+    return CreateObject((BYTE*)id, perms, &b);
+
+} /* CreatePKCS11PriKeyAttrs */
+
+/*
+Public Key: (k1)
+CKA_PUBLIC_EXPONENT(0x0122)
+CKA_MODULUS(0x0120)
+CKA_ID (0x0102): (20 bytes) same as private key
+CKA_CLASS(0x0000): 02 00 00 00 (little-endian for CKO_PUBLIC_KEY)
+
+0000000 006b 3100 0000 b300 0001 2200 0301 0001
+0000020 0000 0120 0080 a70e 07f4 3f51 86c7 4f8d
+0000040 4b64 522d 8c4b 31ae 58f2 f04d a9fd 2701
+0000060 637e 5245 bb48 23ec 2259 742b ddc4 e5da 
+0000100 f571 78df 07ba b555 6d05 0de5 7329 f073
+0000120 94e2 00a6 f846 d99d d01c 8b62 684c 5133
+0000140 9b16 3c8f ee83 34fc 844d 829b 6fca e694
+0000160 c432 9532 6413 323c 8b81 bc64 ed30 6074
+0000200 6926 aff5 6b7f cb43 0c40 c039 ba55 7d3a 
+0000220 365d bb82 0b49 0000 0102 0014 709b a306
+0000240 3fc8 9ad4 23c6 a1b2 eb04 d8ff f7dd 3f55
+0000260 0000 0000 0004 0200 0000 0000 0000 0000
+0000300 0000 0000 0000 0000 0000 0000 0000 0000
+*   
+0000400
+
+mine:
+        006B 3100 0000 B300 0001 2200 0301 0001
+        0000 0120 0080 F3E1 1AF0 906D BD35 4792 
+                348A CC4D 6147 CFAC 659A D018 34DD 4621
+                AB57 75F5 B5E0 87D4 F6C2 2B89 3324 D980
+                2926 4BF1 0F64 A6E5 4368 9DA5 2620 335E
+                ADCD 7540 7CBA B1F9 4ACE EEF8 13FF 6524
+                B76F C7B1 2D21 DD42 5342 EFC3 034E 39DD
+                ACBC 5C43 AC14 974A 45D4 5E66 6FFA BB17
+                1E98 C177 68CC B51B 1B7E 28C5 38AB 729D
+                27FD 3077 8C39 0000 0102 0014 815B 6FFE
+                9B2A 8515 9C76 0F92 4A4E 349F 61EA 521F
+                0000 0000 0004 0200 0000
+
+
+*/
+Buffer Secure_Channel::CreatePKCS11PubKeyAttrsBuffer(TokenKeyType key_type, const char *id, const char *label, Buffer *keyid,
+                Buffer *exponent, Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix)
+{
+#if 0
+    BYTE pubexp[3] =     // XXX should I really hardcode this!?
+    {
+        0x01,0x00,0x01
+    };
+#endif
+    BYTE p11class[4] = { 2,0,0,0 };
+    // BYTE ZERO[1] = { 0 };
+    // BYTE ONE[1] = { 1 };
+    // char configname[256];
+
+    Buffer b(256);        // allocate some space
+    b.resize(7);          // this keeps the allocated space around
+
+  RA::Debug("Secure_Channel::CreatePKCS11PubAttrs", "label=%s", label);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PubAttrs", "keyid", keyid);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PubAttrs", "modulus", modulus);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PubAttrs", "exponent", exponent);
+
+    AppendAttribute(b, CKA_PUBLIC_EXPONENT, exponent->size(),(BYTE*) *exponent);
+    AppendAttribute(b,CKA_MODULUS, modulus->size(), (BYTE*)*modulus);
+     // XXX TUES
+    // hash of pubk
+    AppendAttribute(b,CKA_ID,  keyid->size(), (BYTE*)*keyid);
+    AppendAttribute(b, CKA_CLASS, 4, p11class );  // type of object
+
+    AppendKeyCapabilities(b, opType, tokenType, keyTypePrefix, "public");
+
+
+    FinalizeBuffer(b, id);
+
+ RA::DebugBuffer("Secure_Channel::CreatePKCS11PubAttrsBuffer", "buffer", &b);
+
+    return b;
+} /* CreatePKCS11PubKeyAttrs */
+
+int Secure_Channel::CreatePKCS11PubKeyAttrs(TokenKeyType key_type, const char *id, const char *label, Buffer *keyid,
+                Buffer *exponent, Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix)
+{
+#if 0
+    BYTE pubexp[3] =     // XXX should I really hardcode this!?
+    {
+        0x01,0x00,0x01
+    };
+#endif
+    BYTE p11class[4] = { 2,0,0,0 };
+    // BYTE ZERO[1] = { 0 };
+    // BYTE ONE[1] = { 1 };
+    // char configname[256];
+
+    Buffer b(256);        // allocate some space
+    b.resize(7);          // this keeps the allocated space around
+
+  RA::Debug("Secure_Channel::CreatePKCS11PubAttrs", "label=%s", label);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PubAttrs", "keyid", keyid);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PubAttrs", "modulus", modulus);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PubAttrs", "exponent", exponent);
+
+    AppendAttribute(b, CKA_PUBLIC_EXPONENT, exponent->size(),(BYTE*) *exponent);
+    AppendAttribute(b,CKA_MODULUS, modulus->size(), (BYTE*)*modulus);
+     // XXX TUES
+    // hash of pubk
+    AppendAttribute(b,CKA_ID,  keyid->size(), (BYTE*)*keyid);
+    AppendAttribute(b, CKA_CLASS, 4, p11class );  // type of object
+
+    AppendKeyCapabilities(b, opType, tokenType, keyTypePrefix, "public");
+
+
+    FinalizeBuffer(b, id);
+
+ RA::DebugBuffer("Secure_Channel::CreatePKCS11PubAttrs", "buffer", &b);
+
+	BYTE perms[6];
+
+	perms[0] = 0xff;
+	perms[1] = 0xff;
+	perms[2] = 0x40;
+	perms[3] = 0x00;
+	perms[4] = 0x40;
+	perms[5] = 0x00;
+
+    return CreateObject((BYTE*)id, perms, &b);
+} /* CreatePKCS11PubKeyAttrs */
+
+Buffer &Secure_Channel::GetKeyDiversificationData()
+{
+    return m_key_diversification_data;
+} /* GetKeyDiversificationData */
+
+Buffer &Secure_Channel::GetKeyInfoData()
+{
+    return m_key_info_data;
+} /* GetKeyInfoData */
+
+Buffer &Secure_Channel::GetCardChallenge()
+{
+    return m_card_challenge;
+} /* GetCardChallenge */
+
+Buffer &Secure_Channel::GetCardCryptogram()
+{
+    return m_card_cryptogram;
+} /* GetCardCryptogram */
+
+Buffer &Secure_Channel::GetHostChallenge()
+{
+    return m_host_challenge;
+} /* GetCardCryptogram */
+
+Buffer &Secure_Channel::GetHostCryptogram()
+{
+    return m_host_cryptogram;
+} /* GetHostCryptogram */
+
+SecurityLevel Secure_Channel::GetSecurityLevel()
+{
+    return m_security_level;
+}
+
+void Secure_Channel::SetSecurityLevel(SecurityLevel level)
+{
+    m_security_level = level;
+}
diff --git a/pki/base/tps/src/cms/CertEnroll.cpp b/pki/base/tps/src/cms/CertEnroll.cpp
new file mode 100644
index 000000000..1712559cc
--- /dev/null
+++ b/pki/base/tps/src/cms/CertEnroll.cpp
@@ -0,0 +1,645 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <string.h>
+
+#include "main/RA_Session.h"
+#include "main/RA_Msg.h"
+#include "main/Buffer.h"
+#include "main/Util.h"
+#include "engine/RA.h"
+#include "cms/HttpConnection.h"
+#include "cms/CertEnroll.h"
+
+// for public key processing
+#include "pk11func.h"
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "base64.h"
+#include "nssb64.h"
+#include "prlock.h"
+
+#include "main/Memory.h"
+
+Buffer * parseResponse(char * /*response*/);
+ReturnStatus verifyProof(SECKEYPublicKey* , SECItem* ,
+             unsigned short , unsigned char* ,
+             unsigned char* );
+
+#ifdef XP_WIN32
+#define TOKENDB_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TOKENDB_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs handle for Certificate Enrollment
+ */
+TOKENDB_PUBLIC CertEnroll::CertEnroll()
+{
+}
+
+/**
+ * Destructs handle for Certificate Enrollment
+ */
+TOKENDB_PUBLIC CertEnroll::~CertEnroll()
+{
+}
+
+/**
+ * Revokes a certificate in the CA
+ * reason:
+ *   0 = Unspecified
+ *   1 = Key compromised
+ *   2 = CA key compromised
+ *   3 = Affiliation changed
+ *   4 = Certificate superseded
+ *   5 = Cessation of operation
+ *   6 = Certificate is on hold
+ * serialno: serial number in decimal
+ */
+TOKENDB_PUBLIC int CertEnroll::RevokeCertificate(const char *reason, const char *serialno, const char *connid, char *&o_status)
+{
+    char parameters[5000];
+    char configname[5000];
+
+    PR_snprintf((char *)parameters, 5000, "op=revoke&revocationReason=%s&revokeAll=(certRecordId%%3D%s)&totalRecordCount=1", reason, serialno);
+
+    PR_snprintf((char *)configname, 256, "conn.%s.servlet.revoke", connid);
+    char *servletID = (char*)RA::GetConfigStore()->GetConfigAsString(configname);
+
+    PSHttpResponse *resp =  sendReqToCA(servletID, parameters, connid);
+
+    char *content = resp->getContent();
+    char *p = strstr(content, "status=");
+    int num = *(p+7) - '0';
+    RA::Debug("CertEnroll::RevokeCertificate", "serialno=%s reason=%s connid=%s status=%d", serialno, reason, connid, num);
+    if (num != 0) {
+        char *q = strstr(p, "error=");
+        q = q+6;
+        o_status = q;
+        RA::Debug("CertEnroll::RevokeCertificate", "status string=%s", q);
+    }
+    if (resp != NULL) {
+      delete resp;
+    }
+    return num;
+}
+
+TOKENDB_PUBLIC int CertEnroll::UnrevokeCertificate(const char *serialno, const char *connid,
+  char *&o_status)
+{
+    char parameters[5000];
+    char configname[5000];
+
+    PR_snprintf((char *)parameters, 5000, "serialNumber=%s",serialno);
+
+    PR_snprintf((char *)configname, 256, "conn.%s.servlet.unrevoke", connid);
+    char *servletID = (char*)RA::GetConfigStore()->GetConfigAsString(configname);
+
+    PSHttpResponse *resp =  sendReqToCA(servletID, parameters, connid);
+    // XXX - need to parse response
+    char *content = resp->getContent();
+    char *p = strstr(content, "status=");
+    int num = *(p+7) - '0';
+    RA::Debug("CertEnroll::UnrevokeCertificate", "status=%d", num);
+    if (num != 0) {
+        char *q = strstr(p, "error=");
+        q = q+6;
+        o_status = q;
+        RA::Debug("CertEnroll::UnrevokeCertificate", "status string=%s", q);
+    }
+    return num;
+}
+
+/**
+ * Sends certificate request to CA for enrollment.
+ */
+Buffer * CertEnroll::EnrollCertificate( 
+					SECKEYPublicKey *pk_parsed,
+					const char *profileId,
+					const char *uid,
+					const char *cuid /*token id*/,
+					const char *connid, 
+                                        SECItem** encodedPublicKeyInfo)
+{
+    char parameters[5000];
+ 
+    SECItem* si = SECKEY_EncodeDERSubjectPublicKeyInfo(pk_parsed);
+    if (si == NULL) {
+
+      RA::Error("CertEnroll::EnrollCertificate",
+          "SECKEY_EncodeDERSubjectPublicKeyInfo  returns error");
+
+      return NULL;
+    }
+
+    // b64 encode it
+    char* pk_b64 = BTOA_ConvertItemToAscii(si);
+
+    if(encodedPublicKeyInfo == NULL)
+    {
+        if( si != NULL ) {
+            SECITEM_FreeItem( si, PR_TRUE );
+            si = NULL;
+        }
+    }
+    else
+    {
+
+        *encodedPublicKeyInfo = si;
+
+    }
+
+    if (pk_b64 == NULL) {
+    RA::Error(LL_PER_PDU, "CertEnroll::EnrollCertificate",
+          "BTOA_ConvertItemToAscii returns error");
+
+        return NULL;
+    }
+    RA::Debug(LL_PER_PDU, "CertEnroll::EnrollCertificate",
+          "after BTOA_ConvertItemToAscii pk_b64=%s",pk_b64);
+
+    char *url_pk = Util::URLEncode(pk_b64);
+    char *url_uid = Util::URLEncode(uid);
+    char *url_cuid = Util::URLEncode(cuid);
+    const char *servlet;
+    char configname[256];
+
+    PR_snprintf((char *)configname, 256, "conn.%s.servlet.enrollment", connid);
+    servlet = RA::GetConfigStore()->GetConfigAsString(configname);
+
+    PR_snprintf((char *)parameters, 5000, "profileId=%s&tokencuid=%s&screenname=%s&publickey=%s", profileId, url_cuid, url_uid, url_pk);
+
+    PSHttpResponse *resp =  sendReqToCA(servlet, parameters, connid);
+    Buffer * certificate = NULL;
+    if (resp != NULL) {
+      RA::Debug(LL_PER_PDU, "CertEnroll::EnrollCertificate",
+          "sendReqToCA done");
+
+      certificate = parseResponse(resp);
+      RA::Debug(LL_PER_PDU, "CertEnroll::EnrollCertificate",
+          "parseResponse done");
+
+      if( resp != NULL ) { 
+          delete resp;
+          resp = NULL;
+      }
+    } else {
+      RA::Error("CertEnroll::EnrollCertificate",
+        "sendReqToCA failure");
+      return NULL;
+    }
+
+    if( pk_b64 != NULL ) {
+        PR_Free( pk_b64 );
+        pk_b64 = NULL;
+    }
+    if( url_pk != NULL ) {
+        PR_Free( url_pk );
+        url_pk = NULL;
+    }
+    if( url_uid != NULL ) {
+        PR_Free( url_uid );
+        url_uid = NULL;
+    }
+    if( url_cuid != NULL ) {
+        PR_Free( url_cuid );
+        url_cuid = NULL;
+    }
+
+    return certificate;
+}
+
+/**
+ * Extracts information from the public key blob and verify proof.
+ *
+ * Muscle Key Blob Format (RSA Public Key)
+ * ---------------------------------------
+ * 
+ * The key generation operation places the newly generated key into
+ * the output buffer encoding in the standard Muscle key blob format.
+ *  For an RSA key the data is as follows:
+ * 
+ * Byte     Encoding (0 for plaintext)
+ * 
+ * Byte     Key Type (1 for RSA public)
+ * 
+ * Short     Key Length (1024 û high byte first)
+ * 
+ * Short     Modulus Length
+ * 
+ * Byte[]     Modulus
+ * 
+ * Short     Exponent Length
+ * 
+ * Byte[]     Exponent
+ * 
+ *  
+ * Signature Format (Proof)
+ * ---------------------------------------
+ *  
+ * The key generation operation creates a proof-of-location for the
+ * newly generated key. This proof is a signature computed with the 
+ * new private key using the RSA-with-MD5 signature algorithm.  The 
+ * signature is computed over the Muscle Key Blob representation of 
+ * the new public key and the challenge sent in the key generation 
+ * request.  These two data fields are concatenated together to form
+ * the input to the signature, without any other data or length fields.
+ * 
+ * Byte[]     Key Blob Data
+ * 
+ * Byte[]     Challenge
+ * 
+ * 
+ * Key Generation Result
+ * ---------------------------------------
+ * 
+ * The key generation command puts the key blob and the signature (proof)
+ * into the output buffer using the following format:
+ * 
+ * Short     Length of the Key Blob
+ * 
+ * Byte[]     Key Blob Data
+ * 
+ * Short     Length of the Proof
+ * 
+ * Byte[]     Proof (Signature) Data
+ *
+ * @param blob the publickey blob to be parsed
+ * @param challenge the challenge generated by RA
+ * @return
+ *      rc is 1 if success, -1 if failure
+ *      pk is the public key resulted from parsing the blob.
+ *
+ ******/
+
+SECKEYPublicKey *CertEnroll::ParsePublicKeyBlob(unsigned char *blob,
+                             Buffer *challenge)
+{
+    char configname[5000];
+    SECKEYPublicKey *pk = NULL;
+
+    ReturnStatus rs;
+    rs.status = PR_FAILURE;
+    rs.statusNum = ::MSG_INVALID;
+
+    if ((blob == NULL) || (challenge == NULL)) {
+        RA::Error(LL_PER_PDU, "CertEnroll::ParsePublicKeyBlob", "invalid input");
+	return NULL;
+    }
+
+    /*
+     * decode blob into structures
+     */
+
+    // offset to the beginning of the public key length.  should be 0
+    unsigned short pkeyb_len_offset = 0;
+
+    unsigned short pkeyb_len = 0;
+    unsigned char* pkeyb;
+    unsigned short proofb_len = 0;
+    unsigned char* proofb;
+
+    /*
+     * now, convert lengths
+     */
+    // 1st, keyblob length
+    unsigned char len0 = blob[pkeyb_len_offset];
+    unsigned char len1 = blob[pkeyb_len_offset +1];
+    pkeyb_len = (unsigned short) ((len0 << 8) | (len1 & 0xFF));
+
+    RA::Debug(LL_PER_PDU, "CertEnroll::ParsePublicKeyBlob",
+          "pkeyb_len =%d",pkeyb_len);
+
+    if (pkeyb_len <= 0) {
+      RA::Error("CertEnroll::ParsePublicKeyBlob", "public key blob length = %d", pkeyb_len);
+      return NULL;
+    }
+    // 2nd, proofblob length
+    unsigned short proofb_len_offset = pkeyb_len_offset + 2 + pkeyb_len;
+    len0 = blob[proofb_len_offset];
+    len1 = blob[proofb_len_offset +1];
+    proofb_len = (unsigned short) (len0 << 8 | len1 & 0xFF);
+    RA::Debug(LL_PER_PDU, "CertEnroll::ParsePublicKeyBlob",
+          "proofb_len =%d", proofb_len);
+
+    // public key blob
+    pkeyb = &blob[pkeyb_len_offset + 2];
+
+    // proof blob
+    proofb = &blob[proofb_len_offset + 2];
+
+    SECItem siProof;
+    siProof.type = (SECItemType) 0;
+    siProof.data = (unsigned char *)proofb;
+    siProof.len = proofb_len;
+
+    // convert pkeyb to pkey
+    // 1 byte encoding, 1 byte key type, 2 bytes key length, then the key
+    unsigned short pkey_offset = 4;
+    // now, convert lengths for modulus and exponent
+    len0 = pkeyb[pkey_offset];
+    len1 = pkeyb[pkey_offset + 1];
+    unsigned short mod_len = (len0 << 8 | len1);
+
+    len0 = pkeyb[pkey_offset + 2 + mod_len];
+    len1 = pkeyb[pkey_offset + 2 + mod_len + 1];
+    unsigned short exp_len = (len0 << 8 | len1);
+
+
+    // public key mod blob
+    unsigned char * modb = &pkeyb[pkey_offset + 2];
+
+    // public key exp blob
+    unsigned char * expb = &pkeyb[pkey_offset + 2 + mod_len + 2];
+
+    // construct SECItem
+    SECItem siMod;
+    siMod.type = (SECItemType) 0;
+    siMod.data = (unsigned char *) modb;
+    siMod.len = mod_len;
+
+    SECItem siExp;
+    siExp.type = (SECItemType) 0;
+    siExp.data = (unsigned char *)expb;
+    siExp.len = exp_len;
+
+    // construct SECKEYRSAPublicKeyStr
+    SECKEYRSAPublicKeyStr rsa_pks;
+    rsa_pks.modulus = siMod;
+    rsa_pks.publicExponent = siExp;
+
+    // construct SECKEYPublicKey
+    // this is to be returned
+    pk = (SECKEYPublicKey *) malloc(sizeof(SECKEYPublicKey));
+    pk->keyType = rsaKey;
+    pk->pkcs11Slot = NULL;
+    pk->pkcs11ID = CK_INVALID_HANDLE;
+    pk->u.rsa = rsa_pks;
+
+    PR_snprintf((char *)configname, 256, "general.verifyProof");
+    int verifyProofEnable = RA::GetConfigStore()->GetConfigAsInt(configname, 0x1);
+    if (verifyProofEnable) {
+      rs = verifyProof(pk, &siProof, pkeyb_len, pkeyb, challenge);
+      if (rs.status == PR_FAILURE) {
+        RA::Error("CertEnroll::ParsePublicKeyBlob",
+          "verify proof failed");
+        free(pk);
+        pk = NULL;
+      }
+    }
+
+    return pk;
+}
+
+
+/**
+ * verify the proof.
+ * @param pk the public key from the input blob
+ * @param siProof the proof from the input blob
+ * @param pkeyb_len the length of the publickey blob
+ * @param pkeyb the public key blob
+ * @param challenge the challenge generated by RA
+ *
+ * @return
+ *      returns success indication in case of success
+ *      returns error message number as defined in ReturnStatus in Base.h
+ */
+ReturnStatus CertEnroll::verifyProof(SECKEYPublicKey* pk, SECItem* siProof,
+             unsigned short pkeyb_len, unsigned char* pkeyb,
+             Buffer* challenge) {
+
+    ReturnStatus rs;
+    VFYContext * vc = NULL;
+    rs.statusNum = ::VRFY_SUCCESS;
+    rs.status = PR_SUCCESS;
+
+    // verify proof (signature)
+    RA::Debug(LL_PER_PDU, "CertEnroll::verifyProof",
+          "verify proof begins");
+
+    vc = VFY_CreateContext(pk, siProof, SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE, NULL);
+
+    if (vc == NULL) {
+        RA::Error("CertEnroll::verifyProof",
+        "VFY_CreateContext() failed");
+        rs.status = PR_FAILURE;
+        rs.statusNum = ::VFY_BEGIN_FAILURE;
+        return rs;
+    } else {
+        RA::Debug(LL_PER_PDU, "CertEnroll::verifyProof",
+        "VFY_CreateContext() succeeded");
+    }
+
+    unsigned char proof[1024];
+    int i =0; 
+    for (i = 0; i<pkeyb_len; i++) {
+        proof[i] = pkeyb[i];
+    }
+    //    RA::DebugBuffer("CertEnroll::VerifyProof","VerifyProof:: challenge =", challenge);
+    unsigned char* chal = (unsigned char *)(BYTE *) (*challenge);
+    unsigned int j = 0;
+    for (j=0; j < challenge->size(); i++, j++) {
+        proof[i] = chal[j];
+	//	RA::Debug(LL_PER_PDU, "CertEnroll::VerifyProof","proof[%d]= %x",
+	//		  i, proof[i]);
+    }
+
+    SECStatus vs = VFY_Begin(vc);
+    if (vs == SECSuccess) {
+      vs = VFY_Update(vc, (unsigned char *)proof , pkeyb_len + challenge->size());
+      if (vs == SECSuccess) {
+	vs = VFY_End(vc);
+	if (vs == SECFailure) {
+	  RA::Error("CertEnroll::verifyProof",
+		    "VFY_End() failed pkeyb_len=%d challenge_size=%d", pkeyb_len, challenge->size());
+	  rs.statusNum = ::VFY_UPDATE_FAILURE;
+	}
+      } else {
+        RA::Error("CertEnroll::verifyProof",
+          "VFY_Update() failed");
+        rs.statusNum = ::VFY_UPDATE_FAILURE;
+      }
+    } else {
+      RA::Error("CertEnroll::verifyProof",
+		"VFY_Begin() failed");
+
+      rs.statusNum = ::VFY_BEGIN_FAILURE;
+    }
+
+    if( vc != NULL ) {
+        VFY_DestroyContext( vc, PR_TRUE );
+        vc = NULL;
+    }
+    RA::Debug(LL_PER_PDU, "CertEnroll::verifyProof",
+        " VFY_End() returned %d",vs);
+
+    return rs;
+
+}
+
+/**
+ * sendReqToCA sends cert enrollment request via HTTPS to the CA
+ * @param pk normalized public key
+ * @param uid uid/screenname
+ * @param cuid cud number of the client token
+ * @param timeout timeout value for connection
+ * @return
+ *     PSHttpResponse if success
+ *     NULL if failure
+ */
+PSHttpResponse * CertEnroll::sendReqToCA(const char *servlet, const char *parameters, const char *connid)
+{
+    // compose http uri
+
+    RA::Debug(LL_PER_PDU, "CertEnroll::sendReqToCA",
+          "begins");
+
+    HttpConnection *caConn = RA::GetCAConn(connid);
+    if (caConn == NULL) {
+        RA::Debug(LL_PER_PDU, "CertEnroll::sendReqToCA", "Failed to get CA Connection %s", connid);
+        RA::Error(LL_PER_PDU, "CertEnroll::sendReqToCA", "Failed to get CA Connection %s", connid);
+        return NULL;
+    }
+    // PRLock *ca_lock = RA::GetCALock();
+    int ca_curr = RA::GetCurrentIndex(caConn);
+    int maxRetries = caConn->GetNumOfRetries();
+    ConnectionInfo *connInfo = caConn->GetFailoverList();
+    char **hostport = connInfo->GetHostPortList();
+    int currRetries = 0;
+
+    RA::Debug(LL_PER_PDU, "Before calling getResponse, caHostPort is %s", hostport[ca_curr]);
+
+    PSHttpResponse * response = caConn->getResponse(ca_curr, servlet, parameters);
+    while (response == NULL) {
+        RA::Failover(caConn, connInfo->GetHostPortListLen());
+        ca_curr = RA::GetCurrentIndex(caConn);
+
+        if (++currRetries >= maxRetries) {
+            RA::Debug(LL_PER_PDU, "Used up all the retries. Response is NULL","");
+            RA::Error("CertEnroll::sendReqToCA", "Failed connecting to CA after %d retries", currRetries);
+	    if (caConn != NULL) {
+		    RA::ReturnCAConn(caConn);
+	    }
+            return NULL;
+        }
+        response = caConn->getResponse(ca_curr, servlet, parameters);
+    }
+
+    if (caConn != NULL) {
+	    RA::ReturnCAConn(caConn);
+    }
+    return response;
+}
+
+/**
+ * parse the http response and retrieve the certificate.
+ * @param resp the response returned from http request
+ * @return
+ *      The certificate in Buffer if success
+ *      NULL if failure
+ */
+Buffer * CertEnroll::parseResponse(PSHttpResponse * resp)
+{
+    unsigned int i;
+    unsigned char blob[8192]; /* cert returned */
+    int blob_len; /* cert length */
+    char *certB64 = NULL;
+    char *certB64End = NULL;
+    unsigned int certB64Len = 0;
+    Buffer *cert = NULL;
+    char * response = NULL;
+    SECItem * outItemOpt = NULL;
+    
+    if (resp == NULL) {
+        RA::Debug(LL_PER_PDU, "CertEnroll::parseResponse",
+          "no response found");
+	    return NULL;
+    }
+    response = resp->getContent();
+    if (response == NULL) {
+        RA::Debug(LL_PER_PDU, "CertEnroll::parseResponse",
+          "no content found");
+	    return NULL;
+    }
+
+    // process result
+    // first look for errorCode="" to look for success clue
+    // and errorReason="..." to extract error reason
+    char pattern[20] = "errorCode=\"0\"";
+    char * err = strstr((char *)response, (char *)pattern);
+
+    RA::Debug(LL_PER_PDU, "CertEnroll::parseResponse",
+          "begin parsing");
+
+    if (err == NULL) {
+      RA::Error("CertEnroll::parseResponse",
+		"can't find pattern for cert request response");
+      goto endParseResp;
+    }
+
+    // if success, look for "outputList.outputVal=" to extract
+    // the cert
+    certB64 = strstr((char *)response, "outputVal=");
+    certB64 = &certB64[11]; // point pass open "
+
+    certB64End = strstr(certB64, "\";");
+    *certB64End = '\0';
+
+    certB64Len = strlen(certB64);
+    RA::Debug(LL_PER_PDU, "CertEnroll::parseResponse",
+          "certB64 len = %d", certB64Len);
+
+    for (i=0; i<certB64Len-1 ; i++) {
+        if (certB64[i] == '\\') { certB64[i] = ' '; certB64[i+1] = ' '; }
+    }
+
+    // b64 decode and put back in blob
+    RA::Debug(LL_PER_PDU, "CertEnroll::parseResponse",
+          "b64 decode received cert");
+
+    outItemOpt = NSSBase64_DecodeBuffer(NULL, NULL, certB64, certB64Len);
+    if (outItemOpt == NULL) {
+        RA::Error("CertEnroll::parseResponse",
+          "b64 decode failed");
+
+	goto endParseResp;
+    }
+    RA::Debug(LL_PER_PDU, "CertEnroll::parseResponse",
+          "b64 decode len =%d",outItemOpt->len);
+
+    memcpy((char*)blob, (const char*)(outItemOpt->data), outItemOpt->len);
+    blob_len = outItemOpt->len;
+
+    cert = new Buffer((BYTE *) blob, blob_len);
+    if( outItemOpt != NULL ) {
+        SECITEM_FreeItem( outItemOpt, PR_TRUE );
+        outItemOpt = NULL;
+    }
+
+    RA::Debug(LL_PER_PDU, "CertEnroll::parseResponse",
+          "finished");
+
+ endParseResp:
+    resp->freeContent();
+    return cert;
+}
+
diff --git a/pki/base/tps/src/cms/ConnectionInfo.cpp b/pki/base/tps/src/cms/ConnectionInfo.cpp
new file mode 100644
index 000000000..3ab503c5d
--- /dev/null
+++ b/pki/base/tps/src/cms/ConnectionInfo.cpp
@@ -0,0 +1,78 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "plstr.h"
+#include "cms/ConnectionInfo.h"
+#include "engine/RA.h"
+#include "httpClient/httpc/engine.h"
+#include "main/Util.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a base processor.
+ */
+TPS_PUBLIC ConnectionInfo::ConnectionInfo ()
+{
+    for( int i = 0; i < HOST_PORT_MEMBERS; i++ ) {
+        m_hostPortList[i] = NULL;
+    }
+}
+
+/**
+ * Destructs processor.
+ */
+TPS_PUBLIC ConnectionInfo::~ConnectionInfo()
+{
+    for (int i=0; i<m_len; i++) {
+        if( m_hostPortList[i] != NULL ) {
+            PL_strfree( m_hostPortList[i] );
+            m_hostPortList[i] = NULL;
+        }
+    }
+}
+
+TPS_PUBLIC void ConnectionInfo::BuildFailoverList(const char *str) {
+    char *lasts = NULL;
+    char *tok = PL_strtok_r((char *)str, " ", &lasts);
+    m_len = 0;
+    while (tok != NULL) {
+        m_hostPortList[m_len] = PL_strdup(tok);
+        tok = PL_strtok_r(NULL, " ", &lasts);
+        m_len++;
+    }
+}
+
+TPS_PUBLIC int ConnectionInfo::GetHostPortListLen() {
+    return m_len;
+}
+
+TPS_PUBLIC char **ConnectionInfo::GetHostPortList() { 
+    return m_hostPortList;
+}
+
diff --git a/pki/base/tps/src/cms/HttpConnection.cpp b/pki/base/tps/src/cms/HttpConnection.cpp
new file mode 100644
index 000000000..d4cece90f
--- /dev/null
+++ b/pki/base/tps/src/cms/HttpConnection.cpp
@@ -0,0 +1,186 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "cms/HttpConnection.h"
+#include "main/Memory.h"
+#include "main/NameValueSet.h"
+#include "engine/RA.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a base class for HttpConnection
+ */
+TPS_PUBLIC HttpConnection::HttpConnection(const char *id, ConnectionInfo *cinfo, int retries, int timeout,
+  bool isSSL, const char *nickname, bool keepAlive, NameValueSet *headers)
+{
+    m_failoverList = cinfo;
+    m_retries = retries;
+    m_timeout = timeout;
+    m_Id = PL_strdup(id);
+    m_isSSL = isSSL;
+    m_clientnickname = PL_strdup(nickname);
+    m_keepAlive = keepAlive;
+    m_headers = headers;
+    m_curr = 0;
+    m_lock = PR_NewLock();
+}
+
+/**
+ * Destructs processor.
+ */
+TPS_PUBLIC HttpConnection::~HttpConnection ()
+{
+    if( m_clientnickname != NULL ) {
+        PL_strfree( m_clientnickname );
+        m_clientnickname = NULL;
+    }
+    if( m_Id != NULL ) {
+        PL_strfree( m_Id );
+        m_Id = NULL;
+    }
+    if( m_failoverList != NULL ) {
+        delete m_failoverList;
+        m_failoverList = NULL;
+    }
+    if( m_headers != NULL ) {
+        delete m_headers;
+        m_headers = NULL;
+    }
+    if( m_lock != NULL ) {
+        PR_DestroyLock( m_lock );
+        m_lock = NULL;
+    }
+}
+
+TPS_PUBLIC int HttpConnection::GetNumOfRetries() {
+    return m_retries;
+}
+
+int HttpConnection::GetTimeout() {
+    return m_timeout;
+}
+
+TPS_PUBLIC ConnectionInfo *HttpConnection::GetFailoverList() {
+    return m_failoverList;
+}
+
+TPS_PUBLIC char *HttpConnection::GetId() {
+    return m_Id;
+}
+
+TPS_PUBLIC bool HttpConnection::IsSSL() {
+    return m_isSSL;
+}
+
+TPS_PUBLIC char * HttpConnection::GetClientNickname() {
+    return m_clientnickname;
+}
+
+TPS_PUBLIC bool HttpConnection::IsKeepAlive() {
+    return m_keepAlive;
+}
+
+TPS_PUBLIC PSHttpResponse *HttpConnection::getResponse(int index, const char *servlet, const char *body) {
+    char *host_port;
+    char uri[800];
+    char *nickname;
+    const char *httpprotocol;
+
+    ConnectionInfo *failoverList = GetFailoverList();
+    int len = failoverList->ConnectionInfo::GetHostPortListLen(); 
+    if (index >= len) {
+      index = len - 1; // use the last one
+    }
+    host_port= (failoverList->GetHostPortList())[index];
+
+    if (IsSSL()) {
+        httpprotocol = "https";
+    } else {
+        httpprotocol = "http";
+    }
+
+    PR_snprintf((char *)uri, 800,
+      "%s://%s/%s",
+      httpprotocol, host_port, servlet);
+
+    RA::Debug("HttpConnection::getResponse", "Send request to host %s servlet %s", host_port, servlet);
+
+    RA::Debug(LL_PER_PDU, "HttpConnection::getResponse", "uri=%s", uri);
+    RA::Debug(LL_PER_PDU, "HttpConnection::getResponse", "host_port=%s", host_port);
+
+    PSHttpServer httpserver(host_port, PR_AF_INET);
+    nickname = GetClientNickname();
+    if (IsSSL())
+       httpserver.setSSL(PR_TRUE);
+    else
+       httpserver.setSSL(PR_FALSE);
+
+    PSHttpRequest httprequest(&httpserver, uri, HTTP11, 0);
+    if (IsSSL()) {
+        httprequest.setSSL(PR_TRUE);
+        if (nickname != NULL) {
+            httprequest.setCertNickName(nickname);
+        } else {
+            return NULL;
+        }
+    } else
+        httprequest.setSSL(PR_FALSE);
+
+    httprequest.setMethod("POST");
+
+    if (body != NULL) {
+        httprequest.setBody( strlen(body), body);
+    }
+
+    httprequest.addHeader( "Content-Type", "application/x-www-form-urlencoded" );
+    if (m_headers != NULL) {
+        for (int i=0; i<m_headers->Size(); i++) {
+            char *name = m_headers->GetNameAt(i);
+            httprequest.addHeader(name, m_headers->GetValue(name));
+        }
+    }
+
+    if (IsKeepAlive())
+        httprequest.addHeader( "Connection", "keep-alive" );
+
+    HttpEngine httpEngine;
+    return httpEngine.makeRequest(httprequest, httpserver, (PRIntervalTime)GetTimeout(),
+      PR_FALSE /*expectChunked*/);
+}
+
+TPS_PUBLIC PRLock * HttpConnection::GetLock() {
+    return m_lock;
+}
+
+TPS_PUBLIC int HttpConnection::GetCurrentIndex() {
+    return m_curr;
+}
+
+TPS_PUBLIC void HttpConnection::SetCurrentIndex(int index) {
+    m_curr = index;
+}
diff --git a/pki/base/tps/src/engine/RA.cpp b/pki/base/tps/src/engine/RA.cpp
new file mode 100644
index 000000000..be17177f0
--- /dev/null
+++ b/pki/base/tps/src/engine/RA.cpp
@@ -0,0 +1,2306 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "prmem.h"
+#include "prsystem.h"
+#include "plstr.h"
+#include "prio.h"
+#include "prprf.h"
+#include "plhash.h"
+#include "pk11func.h"
+#include "cert.h"
+#include "tus/tus_db.h"
+#include "secder.h"
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#include "main/Memory.h"
+#include "main/ConfigStore.h"
+#include "main/RA_Context.h"
+#include "channel/Secure_Channel.h"
+#include "engine/RA.h"
+#include "main/Util.h"
+#include "cms/HttpConnection.h"
+#include "main/RA_pblock.h"
+
+
+static ConfigStore *m_cfg = NULL;
+static PRFileDesc *m_fd_debug = (PRFileDesc *)NULL;
+static PRFileDesc *m_fd_audit = (PRFileDesc *)NULL;
+static PRFileDesc *m_fd_error = (PRFileDesc *)NULL;
+
+static int tokendbInitialized = 0;
+
+bool RA::m_pod_enable=false;
+int RA::m_pod_curr = 0;
+PRLock *RA::m_pod_lock = NULL;
+int RA::m_auth_curr;
+PRLock *RA::m_verify_lock = NULL;
+PRLock *RA::m_auth_lock = NULL;
+PRLock *RA::m_debug_log_lock = NULL;
+PRLock *RA::m_error_log_lock = NULL;
+PRLock *RA::m_audit_log_lock = NULL;
+SecurityLevel RA::m_global_security_level;
+
+int RA::m_audit_log_level = (int) LL_PER_SERVER;
+int RA::m_debug_log_level = (int) LL_PER_SERVER;
+int RA::m_error_log_level = (int) LL_PER_SERVER;
+int RA::m_caConns_len = 0;
+int RA::m_tksConns_len = 0;
+int RA::m_drmConns_len = 0;
+int RA::m_auth_len = 0;
+
+#define MAX_BODY_LEN 4096
+
+#define MAX_CA_CONNECTIONS 20
+#define MAX_TKS_CONNECTIONS 20
+#define MAX_DRM_CONNECTIONS 20
+#define MAX_AUTH_LIST_MEMBERS 20
+HttpConnection* RA::m_caConnection[MAX_CA_CONNECTIONS];
+HttpConnection* RA::m_tksConnection[MAX_TKS_CONNECTIONS];
+AuthenticationEntry* RA::m_auth_list[MAX_AUTH_LIST_MEMBERS];
+HttpConnection* RA::m_drmConnection[MAX_DRM_CONNECTIONS];
+int RA::m_num_publishers = 0;
+PublisherEntry *RA::publisher_list = NULL;
+
+/* TKS response parameters */
+const char *RA::TKS_RESPONSE_STATUS = "status";
+const char *RA::TKS_RESPONSE_SessionKey = "sessionKey";
+const char *RA::TKS_RESPONSE_EncSessionKey = "encSessionKey";
+const char *RA::TKS_RESPONSE_KEK_DesKey = "kek_wrapped_desKey";
+const char *RA::TKS_RESPONSE_DRM_Trans_DesKey = "drm_trans_wrapped_desKey";
+const char *RA::TKS_RESPONSE_HostCryptogram = "hostCryptogram";
+
+const char *RA::CFG_DEBUG_ENABLE = "logging.debug.enable"; 
+const char *RA::CFG_DEBUG_FILENAME = "logging.debug.filename"; 
+const char *RA::CFG_DEBUG_LEVEL = "logging.debug.level";
+const char *RA::CFG_AUDIT_ENABLE = "logging.audit.enable"; 
+const char *RA::CFG_AUDIT_FILENAME = "logging.audit.filename"; 
+const char *RA::CFG_AUDIT_LEVEL = "logging.audit.level";
+const char *RA::CFG_ERROR_ENABLE = "logging.error.enable"; 
+const char *RA::CFG_ERROR_FILENAME = "logging.error.filename"; 
+const char *RA::CFG_ERROR_LEVEL = "logging.error.level";
+const char *RA::CFG_CHANNEL_SEC_LEVEL = "channel.securityLevel"; 
+const char *RA::CFG_CHANNEL_ENCRYPTION = "channel.encryption";
+const char *RA::CFG_APPLET_CARDMGR_INSTANCE_AID = "applet.aid.cardmgr_instance"; 
+const char *RA::CFG_APPLET_NETKEY_INSTANCE_AID = "applet.aid.netkey_instance"; 
+const char *RA::CFG_APPLET_NETKEY_FILE_AID = "applet.aid.netkey_file"; 
+const char *RA::CFG_APPLET_NETKEY_OLD_INSTANCE_AID = "applet.aid.netkey_old_instance"; 
+const char *RA::CFG_APPLET_NETKEY_OLD_FILE_AID = "applet.aid.netkey_old_file"; 
+const char *RA::CFG_APPLET_SO_PIN = "applet.so_pin"; 
+const char *RA::CFG_APPLET_DELETE_NETKEY_OLD = "applet.delete_old"; 
+
+const char *RA::CFG_AUTHS_ENABLE="auth.enable";
+
+/* default values */
+const char *RA::CFG_DEF_CARDMGR_INSTANCE_AID = "A0000000030000"; 
+const char *RA::CFG_DEF_NETKEY_INSTANCE_AID = "627601FF000000"; 
+const char *RA::CFG_DEF_NETKEY_FILE_AID = "627601FF0000"; 
+const char *RA::CFG_DEF_NETKEY_OLD_INSTANCE_AID = "A00000000101"; 
+const char *RA::CFG_DEF_NETKEY_OLD_FILE_AID = "A000000001"; 
+const char *RA::CFG_DEF_APPLET_SO_PIN = "000000000000"; 
+
+typedef IPublisher* (*makepublisher)();
+typedef Authentication* (*makeauthentication)();
+
+extern void BuildHostPortLists(char *host, char *port, char **hostList, 
+  char **portList, int len);
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a Registration Authority object.
+ */
+RA::RA ()
+{ 
+}
+
+/**
+ * Destructs a Registration Authority object.
+ */
+RA::~RA ()
+{
+}
+
+TPS_PUBLIC ConfigStore *RA::GetConfigStore()
+{
+	return m_cfg;
+}
+
+PRLock *RA::GetVerifyLock()
+{
+  return m_verify_lock;
+}
+
+/**
+ * Initializes RA with the given configuration file.
+ */
+TPS_PUBLIC int RA::Initialize(char *cfg_path, RA_Context *ctx)
+{
+    int ca_status = 0;
+    int tks_status = 0;
+    int drm_status = 0;
+
+	int rc = -1;
+        int i = 0;
+
+    //  Authentication *auth;
+	//	int secLevel = 0; // for getting config param
+	bool global_enc = false;
+	SecurityLevel security_level = SECURE_MSG_MAC_ENC;
+
+	m_verify_lock = PR_NewLock();
+	m_debug_log_lock = PR_NewLock();
+	m_audit_log_lock = PR_NewLock();
+	m_error_log_lock = PR_NewLock();
+	m_cfg = ConfigStore::CreateFromConfigFile(cfg_path);
+    if( m_cfg == NULL ) {
+        rc = -2;
+        goto loser;
+    }
+
+	if (m_cfg->GetConfigAsBool(CFG_DEBUG_ENABLE, 0)) {
+		m_fd_debug = PR_Open(
+			m_cfg->GetConfigAsString(CFG_DEBUG_FILENAME, 
+				"/tmp/debug.log"), 
+			PR_RDWR | PR_CREATE_FILE | PR_APPEND, 
+			440 | 220);
+		if (m_fd_debug == NULL)
+			goto loser;
+	}
+
+	if (m_cfg->GetConfigAsBool(CFG_AUDIT_ENABLE, 0)) {
+		m_fd_audit = PR_Open(
+			m_cfg->GetConfigAsString(CFG_AUDIT_FILENAME, 
+				"/tmp/audit.log"), 
+			PR_RDWR | PR_CREATE_FILE | PR_APPEND, 
+			440 | 220);
+		if (m_fd_audit == NULL)
+			goto loser;
+	}
+
+	if (m_cfg->GetConfigAsBool(CFG_ERROR_ENABLE, 0)) {
+		m_fd_error = PR_Open(
+			m_cfg->GetConfigAsString(CFG_ERROR_FILENAME, 
+				"/tmp/error.log"), 
+			PR_RDWR | PR_CREATE_FILE | PR_APPEND, 
+			440 | 220);
+		if (m_fd_error == NULL)
+			goto loser;
+	}
+
+        m_audit_log_level = m_cfg->GetConfigAsInt(CFG_AUDIT_LEVEL, (int) LL_PER_SERVER);
+        m_debug_log_level = m_cfg->GetConfigAsInt(CFG_DEBUG_LEVEL, (int) LL_PER_SERVER);
+        m_error_log_level = m_cfg->GetConfigAsInt(CFG_ERROR_LEVEL, (int) LL_PER_SERVER);
+
+	RA::Debug("RA:: Initialize", "CS TPS starting...");
+
+    rc = InitializeTokendb(cfg_path);
+    if( rc != LDAP_SUCCESS ) {
+      RA::Debug("RA:: Initialize", "Token DB initialization failed, server continues");
+        ctx->LogError( "RA::Initialize",
+                       __LINE__,
+                       "The TPS plugin could NOT load the "
+                       "Tokendb library!  See specific details in the "
+                       "TPS plugin log files." );
+        // Since the server hasn't started yet, there is
+        // no need to perform a call to RA::Shutdown()!
+        //goto loser;
+    } else
+      RA::Debug("RA:: Initialize", "Token DB initialization succeeded");
+
+    //testTokendb();
+
+    m_pod_enable = m_cfg->GetConfigAsBool("failover.pod.enable", false);
+    m_pod_curr = 0;
+    m_auth_curr = 0;
+    m_pod_lock = PR_NewLock();
+    m_auth_lock = PR_NewLock();
+
+
+    // make encryption not default for operations globally
+    // individual security levels can override
+    //    secLevel = RA::GetConfigAsInt(RA::CFG_CHANNEL_SEC_LEVEL,
+    //				  SECURE_MSG_MAC);
+
+    global_enc = m_cfg->GetConfigAsBool(RA::CFG_CHANNEL_ENCRYPTION, true);
+    if (global_enc == true)
+	  security_level = SECURE_MSG_MAC_ENC;
+	else
+	  security_level = SECURE_MSG_MAC;
+
+    RA::SetGlobalSecurityLevel(security_level);
+
+    // Initialize the CA connection pool to be empty
+    for (i=0; i<MAX_CA_CONNECTIONS; i++) {
+        m_caConnection[i] = NULL;
+    }
+
+    // Initialize the TKS connection pool to be empty
+    for (i=0; i<MAX_TKS_CONNECTIONS; i++) {
+        m_tksConnection[i] = NULL;
+    }
+
+    // Initialize the DRM connection pool to be empty
+    for (i=0; i<MAX_DRM_CONNECTIONS; i++) {
+        m_drmConnection[i] = NULL;
+    }
+
+    // Initialize the authentication list to be empty
+    for (i=0; i<MAX_AUTH_LIST_MEMBERS; i++) {
+        m_auth_list[i] = NULL;
+    }
+
+    // even rc != 0, we still go ahead starting up the server.
+    rc = InitializeAuthentication();
+
+    // initialize CA connections
+    ca_status = InitializeHttpConnections("ca", &m_caConns_len,
+                                          m_caConnection, ctx);
+
+    if( ca_status != 0 ) {
+#if 0
+        RA::Shutdown();
+        goto loser;
+#endif
+    }
+
+    // initialize TKS connections
+    tks_status = InitializeHttpConnections("tks", &m_tksConns_len,
+                                           m_tksConnection, ctx);
+
+    if( tks_status != 0 ) {
+#if 0
+        RA::Shutdown();
+        goto loser;
+#endif
+    }
+
+    // initialize DRM connections
+    drm_status = InitializeHttpConnections("drm", &m_drmConns_len,
+                                           m_drmConnection, ctx);
+
+    if( drm_status != 0 ) {
+#if 0
+        RA::Shutdown();
+        goto loser;
+#endif
+    }
+
+    //Initialize Publisher Library
+      InitializePublishers();
+
+	rc = 1;
+loser:
+	
+    // Log the status of this TPS plugin into the web server's log:
+    if( rc != 1 ) {
+        ctx->LogError( "RA::Initialize",
+                       __LINE__,
+                       "The TPS plugin could NOT be "
+                       "loaded (rc = %d)!  See specific details in the "
+                       "TPS plugin log files.", rc );
+    } else {
+        ctx->LogInfo( "RA::Initialize",
+                      __LINE__,
+                      "The TPS plugin was "
+                      "successfully loaded!" );
+    }
+
+	return rc;
+}
+
+
+int RA::testTokendb() {
+	// try to see if we can talk to the database
+	int st = 0;
+	LDAPMessage  *ldapResult = NULL;
+	const char * filter = "(cn=0000000000080000*)";
+
+	if ((st = find_tus_db_entries(filter, 0, &ldapResult)) != LDAP_SUCCESS) {
+	  RA::Debug("RA::testing", "response from token DB failed");
+	} else {
+	  RA::Debug("RA::testing", "response from token DB succeeded");
+	}
+
+	return st;
+}
+
+int RA::IsTokendbInitialized()
+{
+  return tokendbInitialized;
+}
+
+
+/**
+ * Shutdown RA.
+ */
+TPS_PUBLIC int RA::Shutdown()
+{
+
+    tus_db_end();
+
+    if( m_pod_lock != NULL ) {
+        PR_DestroyLock( m_pod_lock );
+        m_pod_lock = NULL;
+    }
+
+    if( m_auth_lock != NULL ) {
+        PR_DestroyLock( m_auth_lock );
+        m_auth_lock = NULL;
+    }
+
+    if (m_caConnection != NULL) {
+        for (int i=0; i<m_caConns_len; i++) {
+            if( m_caConnection[i] != NULL ) {
+                delete m_caConnection[i];
+                m_caConnection[i] = NULL;
+            }
+        }
+    }
+
+    if (m_tksConnection != NULL) {
+        for (int i=0; i<m_tksConns_len; i++) {
+            if( m_tksConnection[i] != NULL ) {
+                delete m_tksConnection[i];
+                m_tksConnection[i] = NULL;
+            }
+        }
+    }
+    if (m_drmConnection != NULL) {
+        for (int i=0; i<m_drmConns_len; i++) {
+            if( m_drmConnection[i] != NULL ) {
+                delete m_drmConnection[i];
+                m_drmConnection[i] = NULL;
+            }
+        }
+    }
+
+	/* close debug file if opened */
+	if( m_fd_debug != NULL ) {
+	    PR_Close( m_fd_debug );
+        m_fd_debug = NULL;
+    }
+
+	/* close audit file if opened */
+	if( m_fd_audit != NULL ) {
+	    PR_Close( m_fd_audit );
+        m_fd_audit = NULL;
+    }
+
+	/* close error file if opened */
+	if( m_fd_error != NULL ) {
+	    PR_Close( m_fd_error );
+        m_fd_error = NULL;
+    }
+
+    if( m_verify_lock != NULL ) {
+        PR_DestroyLock( m_verify_lock );
+        m_verify_lock = NULL;
+    }
+
+    if( m_debug_log_lock != NULL ) {
+        PR_DestroyLock( m_debug_log_lock );
+        m_debug_log_lock = NULL;
+    }
+
+    if( m_audit_log_lock != NULL ) {
+        PR_DestroyLock( m_audit_log_lock );
+        m_audit_log_lock = NULL;
+    }
+
+    if( m_error_log_lock != NULL ) {
+        PR_DestroyLock( m_error_log_lock );
+        m_error_log_lock = NULL;
+    }
+
+    if (m_auth_list != NULL) {
+        for (int i=0; i<m_auth_len; i++) {
+            if( m_auth_list[i] != NULL ) {
+                delete m_auth_list[i];
+                m_auth_list[i] = NULL;
+            }
+        }
+    }
+
+    /* destroy configuration hashtable */
+    if( m_cfg != NULL ) {
+        delete m_cfg;
+        m_cfg = NULL;
+    }
+
+    CleanupPublishers();
+
+    return 1;
+}
+
+HttpConnection *RA::GetTKSConn(const char *id) {
+    HttpConnection *tksconn = NULL;
+    for (int i=0; i<m_tksConns_len; i++) {
+        if (strcmp(m_tksConnection[i]->GetId(), id) == 0) {
+            tksconn = m_tksConnection[i];   
+            break;
+        }
+    }
+    return tksconn; 
+}
+
+HttpConnection *RA::GetDRMConn(const char *id) {
+    HttpConnection *drmconn = NULL;
+    for (int i=0; i<m_drmConns_len; i++) {
+        if (strcmp(m_drmConnection[i]->GetId(), id) == 0) {
+            drmconn = m_drmConnection[i];   
+            break;
+        }
+    }
+    return drmconn; 
+}
+
+void RA::ReturnTKSConn(HttpConnection *conn) {
+    // do nothing for now
+}
+
+void RA::ReturnDRMConn(HttpConnection *conn) {
+    // do nothing for now
+}
+
+HttpConnection *RA::GetCAConn(const char *id) {
+    HttpConnection *caconn = NULL;
+    if (id == NULL)
+      return NULL;
+    for (int i=0; i<m_caConns_len; i++) {
+        if (strcmp(m_caConnection[i]->GetId(), id) == 0) {
+            caconn = m_caConnection[i];
+            break;
+        }
+    }
+    return caconn;
+}
+
+AuthenticationEntry *RA::GetAuth(const char *id) {
+    AuthenticationEntry *authEntry = NULL;
+    for (int i=0; i<m_auth_len; i++) {
+        authEntry = m_auth_list[i];
+        if (strcmp(authEntry->GetId(), id) == 0)
+            return authEntry;
+    }
+    return NULL;
+}
+
+void RA::ReturnCAConn(HttpConnection *conn) {
+    // do nothing for now
+}
+
+TPS_PUBLIC PRLock *RA::GetAuthLock() {
+    return m_auth_lock;
+}
+
+int RA::GetPodIndex() {
+    PR_Lock(m_pod_lock);
+    int index = m_pod_curr;
+    PR_Unlock(m_pod_lock);
+    return index;
+}
+
+void RA::SetPodIndex(int index) {
+    PR_Lock(m_pod_lock);
+    m_pod_curr = index;
+    PR_Unlock(m_pod_lock);
+}
+
+void RA::SetCurrentIndex(HttpConnection *&conn, int index) {
+    PRLock *lock = conn->GetLock();
+    PR_Lock(lock);
+    conn->SetCurrentIndex(index);
+    PR_Unlock(lock);
+}
+
+int RA::GetCurrentIndex(HttpConnection *conn) {
+    PRLock *lock = conn->GetLock();
+    PR_Lock(lock);
+    int index = conn->GetCurrentIndex();
+    PR_Unlock(lock);
+    return index;
+}
+
+TPS_PUBLIC int RA::GetAuthCurrentIndex() {
+    PR_Lock(m_auth_lock);
+    int index = m_auth_curr;
+    PR_Unlock(m_auth_lock);
+    return index;
+}
+
+void RA::SetAuthCurrentIndex(int index) {
+    PR_Lock(m_auth_lock);
+    m_auth_curr = index;
+    PR_Unlock(m_auth_lock);
+}
+
+TPS_PUBLIC void RA::IncrementAuthCurrentIndex(int len) {
+    PR_Lock(m_auth_lock);
+    if ((++m_auth_curr) >= len)
+        m_auth_curr = 0;
+    PR_Unlock(m_auth_lock);
+}
+
+void RA::SetGlobalSecurityLevel(SecurityLevel sl) {
+    m_global_security_level = sl;
+    RA::Debug(" RA::SetGlobalSecurityLevel", "global security level set to %d", (int) sl);
+
+}
+
+SecurityLevel RA::GetGlobalSecurityLevel() {
+    return m_global_security_level;
+}
+
+
+/*
+ * recovers user encryption key that was previously archived.
+ * It expects DRM to search its archival db by cert.
+ *
+ * input:
+ * @param cuid (cuid of the recovering key's token)
+ * @param userid (uid of the recovering key owner
+ * @param desKey_s (came from TKS - session key wrapped with DRM transport
+ * @param cert (base64 encoded cert of the recovering key)
+ * @param connId (drm connectoin id)
+ *
+ * output:
+ * @param publickey_s public key provided by DRM
+ * @param wrappedPrivateKey_s encrypted private key provided by DRM
+ */
+void RA::RecoverKey(RA_Session *session, const char* cuid,
+                    const char *userid, char* desKey_s,
+                    char *b64cert, char **publicKey_s,
+                    char **wrappedPrivateKey_s, const char *connId)
+{
+    int status;
+    PSHttpResponse *response = NULL;
+    HttpConnection *drmConn = NULL;
+    char body[MAX_BODY_LEN];
+    char configname[256];
+    char * cert_s;
+    int drm_curr = 0;
+    long s;
+    char * content = NULL;
+    char ** hostport= NULL;
+    const char* servletID = NULL;
+    char *wrappedDESKey_s= NULL;
+    Buffer *decodeKey = NULL;
+    ConnectionInfo *connInfo = NULL;
+    RA_pblock *ra_pb = NULL;
+    int currRetries = 0;
+    char *p = NULL;
+
+    RA::Debug(" RA:: RecoverKey", "in RecoverKey");
+    if (cuid == NULL) {
+      RA::Debug(" RA:: RecoverKey", "in RecoverKey, cuid NULL");
+      goto loser;
+    }
+    if (userid == NULL) {
+      RA::Debug(" RA:: RecoverKey", "in RecoverKey, userid NULL");
+      goto loser;
+    }
+    if (b64cert == NULL) {
+      RA::Debug(" RA:: RecoverKey", "in RecoverKey, b64cert NULL");
+      goto loser;
+    }
+    if (desKey_s == NULL) {
+      RA::Debug(" RA:: RecoverKey", "in RecoverKey, desKey_s NULL");
+      goto loser;
+    }
+    if (connId == NULL) {
+      RA::Debug(" RA:: RecoverKey", "in RecoverKey, connId NULL");
+      goto loser;
+    }
+    RA::Debug(" RA:: RecoverKey", "in RecoverKey, desKey_s=%s, connId=%s",desKey_s,  connId);
+
+    cert_s = Util::URLEncode(b64cert);
+    drmConn = RA::GetDRMConn(connId);
+    if (drmConn == NULL) {
+        RA::Debug(" RA:: RecoverKey", "in RecoverKey, failed getting drmconn");
+	goto loser;
+    }
+    RA::Debug(" RA:: RecoverKey", "in RecoverKey, got drmconn");
+    connInfo = drmConn->GetFailoverList();
+    RA::Debug(" RA:: RecoverKey", "in RecoverKey, got drm failover");
+    decodeKey = Util::URLDecode(desKey_s);
+    RA::Debug(" RA:: RecoverKey", "in RecoverKey,url decoded des");
+    wrappedDESKey_s = Util::SpecialURLEncode(*decodeKey);
+
+    RA::Debug(" RA:: RecoverKey", "in RecoverKey, wrappedDESKey_s=%s", wrappedDESKey_s);
+
+    PR_snprintf((char *)body, MAX_BODY_LEN, 
+		"CUID=%s&userid=%s&drm_trans_desKey=%s&cert=%s",cuid, userid, wrappedDESKey_s, cert_s);
+    RA::Debug(" RA:: RecoverKey", "in RecoverKey, body=%s", body);
+        PR_snprintf((char *)configname, 256, "conn.%s.servlet.TokenKeyRecovery", connId);
+        servletID = GetConfigStore()->GetConfigAsString(configname);
+    RA::Debug(" RA:: RecoverKey", "in RecoverKey, configname=%s", configname);
+
+    drm_curr = RA::GetCurrentIndex(drmConn);
+    response = drmConn->getResponse(drm_curr, servletID, body);
+    hostport = connInfo->GetHostPortList();
+    if (response == NULL) {
+        RA::Debug(LL_PER_PDU, "The recoverKey response from DRM ", 
+          "at %s is NULL.", hostport[drm_curr]);
+ 
+      //goto loser;
+    } else {
+        RA::Debug(LL_PER_PDU, "The recoverKey response from DRM ", 
+          "at %s is not NULL.", hostport[drm_curr]);
+    }
+
+    while (response == NULL) {
+        RA::Failover(drmConn, connInfo->GetHostPortListLen());
+    
+        drm_curr = RA::GetCurrentIndex(drmConn);
+        RA::Debug(LL_PER_PDU, "RA is reconnecting to DRM ", 
+          "at %s for recoverKey.", hostport[drm_curr]);
+    
+        if (++currRetries >= drmConn->GetNumOfRetries()) {
+            RA::Debug("Used up all the retries in recoverKey. Response is NULL","");
+            RA::Error("RA::RecoverKey","Failed connecting to DRM after %d retries", currRetries);
+
+            goto loser;
+        }
+        response = drmConn->getResponse(drm_curr, servletID, body);
+    }
+
+    RA::Debug(" RA:: RecoverKey", "in RecoverKey - got response");
+    // XXXskip handling fallback host for prototype
+
+    content = response->getContent();
+    p = strstr(content, "status=");
+    content = p; //skip the HTTP header
+
+    s = response->getStatus();
+
+    if ((content != NULL) && (s == 200)) {
+      RA::Debug("RA::RecoverKey", "response from DRM status ok");
+
+      Buffer* status_b;
+      char* status_s;
+
+      ra_pb = ( RA_pblock * ) session->create_pblock(content);
+      if (ra_pb == NULL)
+	goto loser;
+
+      status_b = ra_pb->find_val("status");
+      if (status_b == NULL) {
+	status = 4;
+	goto loser;
+      }
+      else {
+	status_s = status_b->string();
+	status = atoi(status_s);
+      }
+
+
+      char * tmp = NULL;
+      tmp = ra_pb->find_val_s("public_key");
+      if ((tmp == NULL) || (tmp == "")) {
+	RA::Error(LL_PER_PDU, "RecoverKey"," got no public key");
+	goto loser;
+      } else {
+	RA::Debug(LL_PER_PDU, "RecoverKey", "got public key =%s", tmp);
+	*publicKey_s  = PL_strdup(tmp);
+      }
+
+      tmp = NULL;
+      tmp = ra_pb->find_val_s("wrapped_priv_key");
+      if ((tmp == NULL) || (tmp == "")) {
+	RA::Error(LL_PER_PDU, "RecoverKey"," got no wrapped private key");
+	//XXX	      goto loser;
+      } else {
+	RA::Debug(LL_PER_PDU, "RecoverKey", "got wrappedprivate key =%s", tmp);
+	*wrappedPrivateKey_s  = PL_strdup(tmp);
+      }
+
+    } else {// if content is NULL or status not 200
+      if (content != NULL)
+	RA::Debug("RA::RecoverKey", "response from DRM error status %ld", s);
+      else
+	RA::Debug("RA::RecoverKey", "response from DRM no content");
+    }
+ loser:
+    if (desKey_s != NULL)
+      PR_Free(desKey_s);
+
+    if (decodeKey != NULL)
+      PR_Free(decodeKey);
+
+    if (wrappedDESKey_s != NULL)
+      PR_Free(wrappedDESKey_s);
+
+    if (drmConn != NULL)
+      RA::ReturnDRMConn(drmConn);
+
+    if (response != NULL) {
+      if (content != NULL)
+	response->freeContent();
+      delete response;
+    }
+
+    if (ra_pb != NULL) {
+      delete ra_pb;
+    }
+
+}
+
+
+
+/*
+ * input:
+ * @param desKey_s provided for drm to wrap user private
+ * @param publicKey_s returned for key injection back to token
+ *
+ * Output:
+ * @param publicKey_s public key provided by DRM
+ * @param wrappedPrivateKey_s encrypted private key provided by DRM
+ */
+void RA::ServerSideKeyGen(RA_Session *session, const char* cuid,
+                          const char *userid, char* desKey_s,
+	                      char **publicKey_s,
+                          char **wrappedPrivateKey_s,
+                          char **ivParam_s, const char *connId,
+                          bool archive, int keysize)
+{
+
+	const char *FN="RA::ServerSideKeyGen";
+    int status;
+    PSHttpResponse *response = NULL;
+    HttpConnection *drmConn = NULL;
+    char body[MAX_BODY_LEN];
+    char configname[256];
+
+    long s;
+    char * content = NULL;
+    char ** hostport = NULL;
+    const char* servletID = NULL;
+    char *wrappedDESKey_s = NULL;
+    Buffer *decodeKey = NULL;
+    ConnectionInfo *connInfo = NULL;
+    RA_pblock *ra_pb = NULL;
+    int drm_curr = 0;
+    int currRetries = 0;
+    char *p = NULL;
+
+    if ((cuid == NULL) || (cuid == "")) {
+      RA::Debug( LL_PER_CONNECTION, FN,
+			"error: passed invalid cuid");
+      goto loser;
+    }
+    if ((userid == NULL) || (userid =="")) {
+      RA::Debug(LL_PER_CONNECTION, FN,
+			"error: passed invalid userid");
+      goto loser;
+    }
+    if ((desKey_s == NULL) || (desKey_s =="")) {
+      RA::Debug(LL_PER_CONNECTION, FN, 
+			 "error: passed invalid desKey_s");
+      goto loser;
+    }
+    if ((connId == NULL) ||(connId == "")) {
+      RA::Debug(LL_PER_CONNECTION, FN,
+			 "error: passed invalid connId");
+      goto loser;
+    }
+    RA::Debug(LL_PER_CONNECTION, FN,
+			 "desKey_s=%s, connId=%s",desKey_s,  connId);
+    drmConn = RA::GetDRMConn(connId);
+
+    if (drmConn == NULL) {
+        RA::Debug(LL_PER_CONNECTION, FN,
+			"drmconn is null");
+		goto loser;
+    }
+    RA::Debug(LL_PER_CONNECTION, FN,
+			"found DRM connection info");
+    connInfo = drmConn->GetFailoverList();
+    RA::Debug(LL_PER_CONNECTION, FN,
+		 "got DRM failover list");
+
+    decodeKey = Util::URLDecode(desKey_s);
+    if (decodeKey == NULL) {
+      RA::Debug(LL_PER_CONNECTION, FN,
+		"url-decoding of des key-transport-key failed");
+      goto loser;
+    }
+    RA::Debug(LL_PER_CONNECTION, FN,
+		"successfully url-decoded key-transport-key");
+    wrappedDESKey_s = Util::SpecialURLEncode(*decodeKey);
+
+    RA::Debug(LL_PER_CONNECTION, FN,
+		"wrappedDESKey_s=%s", wrappedDESKey_s);
+
+    PR_snprintf((char *)body, MAX_BODY_LEN, 
+		"archive=%s&CUID=%s&userid=%s&keysize=%d&drm_trans_desKey=%s",archive?"true":"false",cuid, userid, keysize, wrappedDESKey_s);
+    RA::Debug(LL_PER_CONNECTION, FN, 
+		"sending to DRM: query=%s", body);
+
+    PR_snprintf((char *)configname, 256, "conn.%s.servlet.GenerateKeyPair", connId);
+    servletID = GetConfigStore()->GetConfigAsString(configname);
+    RA::Debug(LL_PER_CONNECTION, FN,
+		 "finding DRM servlet info, configname=%s", configname);
+
+    drm_curr = RA::GetCurrentIndex(drmConn);
+    response = drmConn->getResponse(drm_curr, servletID, body);
+    hostport = connInfo->GetHostPortList();
+    if (response == NULL) {
+        RA::Error(LL_PER_CONNECTION, FN, 
+			"failed to get response from DRM at %s", 
+			hostport[drm_curr]);
+        RA::Debug(LL_PER_CONNECTION, FN, 
+			"failed to get response from DRM at %s", 
+			hostport[drm_curr]);
+    } else { 
+        RA::Debug(LL_PER_CONNECTION, FN,
+			"response from DRM (%s) is not NULL.",
+			 hostport[drm_curr]);
+    }
+
+    while (response == NULL) {
+        RA::Failover(drmConn, connInfo->GetHostPortListLen());
+
+        drm_curr = RA::GetCurrentIndex(drmConn);
+        RA::Debug(LL_PER_CONNECTION, FN,
+			"RA is failing over to DRM at %s", hostport[drm_curr]);
+
+        if (++currRetries >= drmConn->GetNumOfRetries()) {
+            RA::Debug(LL_PER_CONNECTION, FN,
+				"Failed to get response from all DRMs in conn group '%s'"
+				" after %d retries", connId, currRetries);
+            RA::Error(LL_PER_CONNECTION, FN,
+				"Failed to get response from all DRMs in conn group '%s'"
+				" after %d retries", connId, currRetries);
+
+
+            goto loser;
+        }
+        response = drmConn->getResponse(drm_curr, servletID, body);
+    }
+
+    RA::Debug(" RA:: ServerSideKeyGen", "in ServerSideKeyGen - got response");
+    // XXX skip handling fallback host for prototype
+
+    content = response->getContent();
+    p = strstr(content, "status=");
+    content = p; //skip the HTTP header
+    s = response->getStatus();
+
+    if ((content != NULL) && (s == 200)) {
+	  RA::Debug("RA::ServerSideKeyGen", "response from DRM status ok");
+
+	  Buffer* status_b;
+	  char* status_s;
+
+	  ra_pb = ( RA_pblock * ) session->create_pblock(content);
+	  if (ra_pb == NULL)
+	    goto loser;
+
+	  status_b = ra_pb->find_val("status");
+	  if (status_b == NULL) {
+	    status = 4;
+	    goto loser;
+	  } else {
+	    status_s = status_b->string();
+	    status = atoi(status_s);
+	  }
+
+	  char * tmp = NULL;
+	  tmp = ra_pb->find_val_s("public_key");
+	  if (tmp == NULL) {
+	    RA::Error(LL_PER_CONNECTION, FN,
+			"Did not get public key in DRM response");
+	  } else {
+	    RA::Debug(LL_PER_PDU, "ServerSideKeyGen", "got public key =%s", tmp);
+	    *publicKey_s  = PL_strdup(tmp);
+	  }
+
+	  tmp = NULL;
+	  tmp = ra_pb->find_val_s("wrapped_priv_key");
+	  if ((tmp == NULL) || (tmp == "")) {
+	    RA::Error(LL_PER_CONNECTION, FN,
+				"did not get wrapped private key in DRM response");
+	  } else {
+	    RA::Debug(LL_PER_CONNECTION, FN,
+			"got wrappedprivate key =%s", tmp);
+	    *wrappedPrivateKey_s  = PL_strdup(tmp);
+	  }
+
+	  tmp = ra_pb->find_val_s("iv_param");
+	  if ((tmp == NULL) || (tmp == "")) {
+	    RA::Error(LL_PER_CONNECTION, FN,
+				"did not get iv_param for private key in DRM response");
+	  } else {
+	    RA::Debug(LL_PER_PDU, "ServerSideKeyGen", "got iv_param for private key =%s", tmp);
+	    *ivParam_s  = PL_strdup(tmp);
+	  }
+
+    } else {// if content is NULL or status not 200
+	  if (content != NULL)
+	    RA::Debug("RA::ServerSideKeyGen", "response from DRM error status %ld", s);
+	  else
+	    RA::Debug("RA::ServerSideKeyGen", "response from DRM no content");
+    }
+
+ loser:
+    if (desKey_s != NULL)
+      PR_Free(desKey_s);
+
+    if (decodeKey != NULL) {
+      delete decodeKey;
+    }
+
+    if (wrappedDESKey_s != NULL)
+      PR_Free(wrappedDESKey_s);
+
+    if (drmConn != NULL)
+      RA::ReturnDRMConn(drmConn);
+
+    if (response != NULL) {
+      if (content != NULL)
+	response->freeContent();
+      delete response;
+    }
+
+    if (ra_pb != NULL) {
+      delete ra_pb;
+    }
+
+}
+
+
+#define DES2_WORKAROUND
+#define MAX_BODY_LEN 4096
+
+PK11SymKey *RA::ComputeSessionKey(RA_Session *session,
+                                  Buffer &CUID,
+                                  Buffer &keyInfo,
+                                  Buffer &card_challenge,
+                                  Buffer &host_challenge,
+                                  Buffer **host_cryptogram,
+                                  Buffer &card_cryptogram,
+                                  PK11SymKey **encSymKey,
+                                  char** drm_desKey_s,
+                                  char** kek_desKey_s,
+                                  char** keycheck_s,
+                                  const char *connId)
+{
+    PK11SymKey *symKey = NULL;
+    char body[MAX_BODY_LEN];
+    char configname[256];
+    char * cardc = NULL;
+    char * hostc = NULL;
+    char * cardCrypto = NULL;
+    char * cuid = NULL;
+    char * keyinfo =  NULL;
+    PSHttpResponse *response = NULL;
+    HttpConnection *tksConn = NULL;
+    RA_pblock *ra_pb = NULL;
+
+    RA::Debug(LL_PER_PDU, "Start ComputeSessionKey", "");
+    tksConn = RA::GetTKSConn(connId);
+    if (tksConn == NULL) {
+        RA::Error(LL_PER_PDU, "RA::ComputeSessionKey", "Failed to get TKSConnection %s", connId);
+        return NULL;
+    } else {
+        int currRetries = 0;
+        ConnectionInfo *connInfo = tksConn->GetFailoverList();
+
+	PR_snprintf((char *) configname, 256, "conn.%s.keySet", connId);
+	const char *keySet = RA::GetConfigStore()->GetConfigAsString(configname, "defKeySet");
+	// is serversideKeygen on?
+	PR_snprintf((char *) configname, 256, "conn.%s.serverKeygen", connId);
+	bool serverKeygen = RA::GetConfigStore()->GetConfigAsBool(configname, false);
+	if (serverKeygen)
+	  RA::Debug(LL_PER_PDU, "RA::ComputeSessionKey", "serverKeygen for %s is on", connId);
+	else
+	  RA::Debug(LL_PER_PDU, "RA::ComputeSessionKey", "serverKeygen for %s is off", connId);
+
+        cardc = Util::SpecialURLEncode(card_challenge);
+        hostc = Util::SpecialURLEncode(host_challenge);
+        cardCrypto = Util::SpecialURLEncode(card_cryptogram);
+        cuid = Util::SpecialURLEncode(CUID);
+        keyinfo = Util::SpecialURLEncode(keyInfo);
+
+        if ((cardc == NULL) || (hostc == NULL) || (cardCrypto == NULL) ||
+          (cuid == NULL) || (keyinfo == NULL))
+	    goto loser;
+
+        PR_snprintf((char *)body, MAX_BODY_LEN, 
+          "serversideKeygen=%s&CUID=%s&card_challenge=%s&host_challenge=%s&KeyInfo=%s&card_cryptogram=%s&keySet=%s", serverKeygen? "true":"false", cuid, 
+          cardc, hostc, keyinfo, cardCrypto, keySet);
+
+        PR_snprintf((char *)configname, 256, "conn.%s.servlet.computeSessionKey", connId);
+        const char *servletID = GetConfigStore()->GetConfigAsString(configname);
+        int tks_curr = RA::GetCurrentIndex(tksConn);
+        response = tksConn->getResponse(tks_curr, servletID, body);
+        char **hostport = connInfo->GetHostPortList();
+        if (response == NULL)
+            RA::Debug(LL_PER_PDU, "The computeSessionKey response from TKS ", 
+              "at %s is NULL.", hostport[tks_curr]);
+        else 
+            RA::Debug(LL_PER_PDU, "The computeSessionKey response from TKS ", 
+              "at %s is not NULL.", hostport[tks_curr]);
+
+        while (response == NULL) {
+            RA::Failover(tksConn, connInfo->GetHostPortListLen());
+
+            tks_curr = RA::GetCurrentIndex(tksConn);
+            RA::Debug(LL_PER_PDU, "RA is reconnecting to TKS ", 
+              "at %s for computeSessionKey.", hostport[tks_curr]);
+
+            if (++currRetries >= tksConn->GetNumOfRetries()) {
+                RA::Debug("Used up all the retries in ComputeSessionKey. Response is NULL","");
+                RA::Error("RA::ComputeSessionKey","Failed connecting to TKS after %d retries", currRetries);
+
+                goto loser;
+            }
+            response = tksConn->getResponse(tks_curr, servletID, body); 
+        }
+
+        RA::Debug(LL_PER_PDU, "ComputeSessionKey Response is not ","NULL");
+        char * content = response->getContent();
+
+	PK11SlotInfo *slot = PK11_GetInternalKeySlot();
+
+        if (content != NULL) {
+	  Buffer *status_b;
+
+	  char *status_s, *sessionKey_s, *encSessionKey_s, *hostCryptogram_s;
+	  int status;
+
+      /* strip the http header */
+      /* raidzilla 57722: strip the HTTP header and just pass
+         name value pairs into the pblock parsing code.
+       */
+      RA::Debug("RA::Engine", "Pre-processing content '%s", content);
+      char *cx = content;
+      while (cx[0] != '\0' && (!(cx[0] == '\r' && cx[1] == '\n' && 
+                 cx[2] == '\r' && cx[3] == '\n')))
+      {
+          cx++;
+      }
+      if (cx[0] != '\0') {
+          cx+=4;
+      }
+      RA::Debug("RA::Engine", "Post-processing content '%s", cx);
+	  ra_pb = ( RA_pblock * ) session->create_pblock(cx);
+	  if (ra_pb == NULL) {
+	    RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "fail no ra_pb");
+	    goto loser;
+	  }
+
+	status_b = ra_pb->find_val(TKS_RESPONSE_STATUS);
+	if (status_b == NULL) {
+	  status = 4;
+	    RA::Error(LL_PER_SERVER, "RA:ComputeSessionKey", "Bad TKS Connection. Please make sure TKS is accessible by TPS.");
+	    RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "fail no status");
+      goto loser;
+	  // return NULL;
+	}
+	else {
+	  status_s = status_b->string();
+	  status = atoi(status_s);
+	}
+
+	sessionKey_s = ra_pb->find_val_s(TKS_RESPONSE_SessionKey);
+	if (sessionKey_s == NULL) {
+	  RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "fail no sessionKey_b");
+	  goto loser;
+	}
+
+	RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "mac session key=%s", sessionKey_s);
+	Buffer *decodeKey = Util::URLDecode(sessionKey_s);
+
+	RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "decodekey len=%d",decodeKey->size());
+
+	BYTE masterKeyData[24];
+	SECItem masterKeyItem = {siBuffer, masterKeyData, sizeof(masterKeyData)};
+	BYTE *keyData = (BYTE *)*decodeKey;
+	memcpy(masterKeyData, (char*)keyData, 16);
+	memcpy(masterKeyData+16, (char*)keyData, 8);
+
+	symKey = PK11_ImportSymKeyWithFlags(slot, CKM_DES3_ECB,
+					    PK11_OriginGenerated, CKA_ENCRYPT, &masterKeyItem,
+					    CKF_ENCRYPT, PR_FALSE, 0);
+
+	if( decodeKey != NULL ) {
+	  delete decodeKey;
+	  decodeKey = NULL;
+	}
+	if (symKey == NULL)
+	  RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "MAC Session key is NULL");
+
+
+	encSessionKey_s = ra_pb->find_val_s(TKS_RESPONSE_EncSessionKey);
+	if (encSessionKey_s == NULL) {
+	  RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "fail no encSessionKey_b");
+	  goto loser;
+	}
+
+	RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "encSessionKey=%s", encSessionKey_s);
+	Buffer *decodeEncKey = Util::URLDecode(encSessionKey_s);
+
+	RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey",
+		  "decodeEnckey len=%d",decodeEncKey->size());
+
+	BYTE masterEncKeyData[24];
+	SECItem masterEncKeyItem =
+	  {siBuffer, masterEncKeyData, sizeof(masterEncKeyData)};
+	BYTE *EnckeyData = (BYTE *)*decodeEncKey;
+	memcpy(masterEncKeyData, (char*)EnckeyData, 16);
+	memcpy(masterEncKeyData+16, (char*)EnckeyData, 8);
+
+	*encSymKey =
+	  PK11_ImportSymKeyWithFlags(slot, CKM_DES3_ECB,
+				     PK11_OriginGenerated, CKA_ENCRYPT, &masterEncKeyItem,
+				     CKF_ENCRYPT, PR_FALSE, 0);
+
+	if( decodeEncKey != NULL ) {
+	  delete decodeEncKey;
+	  decodeEncKey = NULL;
+	}
+
+	if (encSymKey == NULL)
+	  RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "encSessionKey is NULL");
+
+
+	if (serverKeygen) {
+	  char * tmp= NULL;
+	  tmp = ra_pb->find_val_s(TKS_RESPONSE_DRM_Trans_DesKey);
+	  if (tmp == NULL) {
+	    RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "drm_desKey not retrieved");
+	    RA::Error(LL_PER_PDU, "RA:ComputeSessionKey", "drm_desKey not retrieved");
+	    goto loser;
+	  } else {
+	    *drm_desKey_s = PL_strdup(tmp);
+	  }
+	  // wrapped des key is to be sent to DRM "as is"
+	  // thus should not be touched
+	  RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "drm_desKey=%s", *drm_desKey_s );
+
+	  tmp = ra_pb->find_val_s(TKS_RESPONSE_KEK_DesKey);
+	  if (tmp == NULL) {
+	    RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "kek-wrapped desKey not retrieved");
+	    RA::Error(LL_PER_PDU, "RA:ComputeSessionKey", "kek-wrapped desKey not retrieved");
+	    goto loser;
+	  } else {
+	    *kek_desKey_s = PL_strdup(tmp);
+	  }
+	  RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "kek_desKey=%s", *kek_desKey_s );
+
+
+	  tmp = ra_pb->find_val_s("keycheck");
+	  if (tmp == NULL) {
+	    RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "keycheck not retrieved");
+	    RA::Error(LL_PER_PDU, "RA:ComputeSessionKey", "keycheck not retrieved");
+	    goto loser;
+	  } else {
+	    *keycheck_s = PL_strdup(tmp);
+	  }
+	}// serversideKeygen
+
+	hostCryptogram_s = ra_pb->find_val_s(TKS_RESPONSE_HostCryptogram);
+	if (hostCryptogram_s == NULL)
+	  goto loser;
+
+                        RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "hostC=%s", hostCryptogram_s);
+                        *host_cryptogram = Util::URLDecode(hostCryptogram_s);
+	} // if content != NULL
+
+    } // else tksConn != NULL
+        RA::Debug(LL_PER_PDU, "finish ComputeSessionKey", "");
+
+
+ loser:
+	if (tksConn != NULL) {
+            RA::ReturnTKSConn(tksConn);
+	}
+    if( cardc != NULL ) {
+        PR_Free( cardc );
+        cardc = NULL;
+    }
+    if( hostc != NULL ) {
+        PR_Free( hostc );
+        hostc = NULL;
+    }
+    if( cuid != NULL ) {
+        PR_Free( cuid );
+        cuid = NULL;
+    }
+    if( keyinfo != NULL ) {
+        PR_Free( keyinfo );
+        keyinfo = NULL;
+    }
+    if (cardCrypto != NULL) {
+        PR_Free( cardCrypto );
+        cardCrypto = NULL;
+    }
+
+    if( response != NULL ) {
+        response->freeContent();
+        delete response;
+        response = NULL;
+    }
+
+    if (ra_pb != NULL) {
+      delete ra_pb;
+    }
+	// in production, if TKS is unreachable, symKey will be NULL,
+	// and this will signal error to the caller.
+	return symKey;
+
+}
+
+Buffer *RA::ComputeHostCryptogram(Buffer &card_challenge, 
+		Buffer &host_challenge)
+{ 
+	/* hardcoded enc auth key */
+	BYTE enc_auth_key[16] = {
+		0x40, 0x41, 0x42, 0x43, 
+		0x44, 0x45, 0x46, 0x47, 
+		0x48, 0x49, 0x4a, 0x4b, 
+		0x4c, 0x4d, 0x4e, 0x4f 
+	};
+	Buffer input = Buffer(16, (BYTE)0);
+	int i;
+	Buffer icv = Buffer(8, (BYTE)0);
+	Buffer *output = new Buffer(8, (BYTE)0);
+	BYTE *cc = (BYTE*)card_challenge;
+	int cc_len = card_challenge.size();
+	BYTE *hc = (BYTE*)host_challenge;
+	int hc_len = host_challenge.size();
+
+	/* copy card and host challenge into input buffer */
+	for (i = 0; i < 8; i++) {
+		((BYTE*)input)[i] = cc[i];
+	}
+	for (i = 0; i < 8; i++) {
+		((BYTE*)input)[8+i] = hc[i];
+	}
+
+	PK11SymKey *key = Util::DeriveKey(
+		Buffer(enc_auth_key, 16), Buffer(hc, hc_len), 
+		Buffer(cc, cc_len));
+	Util::ComputeMAC(key, input, icv, *output);
+
+	return output;
+}
+
+TPS_PUBLIC void RA::DebugBuffer(const char *func_name, const char *prefix, Buffer *buf)
+{
+	RA::DebugBuffer(LL_PER_CONNECTION, func_name, prefix, buf);
+}
+
+void RA::DebugBuffer(RA_Log_Level level, const char *func_name, const char *prefix, Buffer *buf)
+{
+    int i;
+    PRTime now;
+    const char* time_fmt = "%Y-%m-%d %H:%M:%S";
+    char datetime[1024]; 
+    PRExplodedTime time;
+    BYTE *data = *buf;
+    int sum = 0;
+	PRThread *ct;
+
+    if (m_fd_debug == NULL) 
+		return;
+    if ((int) level >= m_debug_log_level)
+		return;
+    PR_Lock(m_debug_log_lock);
+    now = PR_Now();
+    PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+    PR_FormatTimeUSEnglish(datetime, 1024, time_fmt, &time);
+    ct = PR_GetCurrentThread();
+    PR_fprintf(m_fd_debug, "[%s] %x %s - ", datetime, ct, func_name);
+    PR_fprintf(m_fd_debug, "%s (length='%d')", prefix, buf->size());
+    PR_fprintf(m_fd_debug, "\n");
+    PR_fprintf(m_fd_debug, "[%s] %x %s - ", datetime, ct, func_name);
+    for (i=0; i<(int)buf->size(); i++) {
+        PR_fprintf(m_fd_debug, "%02x ", (unsigned char)data[i]);
+        sum++; 
+	if (sum == 10) {
+    		PR_fprintf(m_fd_debug, "\n");
+                PR_fprintf(m_fd_debug, "[%s] %x %s - ", datetime, ct, func_name);
+                sum = 0;
+	}
+    }
+    PR_Write(m_fd_debug, "\n", 1);
+    PR_Unlock(m_debug_log_lock);
+}
+
+TPS_PUBLIC void RA::Debug (const char *func_name, const char *fmt, ...)
+{ 
+	va_list ap; 
+	va_start(ap, fmt); 
+	RA::DebugThis(LL_PER_SERVER, func_name, fmt, ap);
+	va_end(ap); 
+}
+
+TPS_PUBLIC void RA::Debug (RA_Log_Level level, const char *func_name, const char *fmt, ...)
+{ 
+	va_list ap; 
+	va_start(ap, fmt); 
+	RA::DebugThis(level, func_name, fmt, ap);
+	va_end(ap); 
+}
+
+void RA::DebugThis (RA_Log_Level level, const char *func_name, const char *fmt, va_list ap)
+{ 
+	PRTime now;
+        const char* time_fmt = "%Y-%m-%d %H:%M:%S";
+        char datetime[1024]; 
+        PRExplodedTime time;
+	PRThread *ct;
+
+ 	if (m_fd_debug == NULL) 
+		return;
+	if ((int) level >= m_debug_log_level)
+		return;
+	PR_Lock(m_debug_log_lock);
+	now = PR_Now();
+	ct = PR_GetCurrentThread();
+        PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+	PR_FormatTimeUSEnglish(datetime, 1024, time_fmt, &time);
+	PR_fprintf(m_fd_debug, "[%s] %x %s - ", datetime, ct, func_name);
+	PR_vfprintf(m_fd_debug, fmt, ap); 
+	PR_Write(m_fd_debug, "\n", 1);
+	PR_Unlock(m_debug_log_lock);
+}
+
+TPS_PUBLIC void RA::Audit (const char *func_name, const char *fmt, ...)
+{ 
+	va_list ap; 
+	va_start(ap, fmt); 
+	RA::AuditThis (LL_PER_SERVER, func_name, fmt, ap);
+	va_end(ap); 
+	va_start(ap, fmt); 
+	RA::DebugThis (LL_PER_SERVER, func_name, fmt, ap);
+	va_end(ap); 
+}
+
+TPS_PUBLIC void RA::Audit (RA_Log_Level level, const char *func_name, const char *fmt, ...)
+{ 
+	va_list ap; 
+	va_start(ap, fmt); 
+	RA::AuditThis (level, func_name, fmt, ap);
+	va_end(ap); 
+	va_start(ap, fmt); 
+	RA::DebugThis (level, func_name, fmt, ap);
+	va_end(ap); 
+}
+
+void RA::AuditThis (RA_Log_Level level, const char *func_name, const char *fmt, va_list ap)
+{ 
+	PRTime now;
+        const char* time_fmt = "%Y-%m-%d %H:%M:%S";
+        char datetime[1024]; 
+        PRExplodedTime time;
+	PRThread *ct;
+
+ 	if (m_fd_audit == NULL) 
+		return;
+	if ((int) level >= m_audit_log_level)
+		return;
+	PR_Lock(m_audit_log_lock);
+	now = PR_Now();
+        PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+	PR_FormatTimeUSEnglish(datetime, 1024, time_fmt, &time);
+	ct = PR_GetCurrentThread();
+	PR_fprintf(m_fd_audit, "[%s] %x %s - ", datetime, ct, func_name);
+	PR_vfprintf(m_fd_audit, fmt, ap); 
+	PR_Write(m_fd_audit, "\n", 1);
+	PR_Unlock(m_audit_log_lock);
+}
+
+TPS_PUBLIC void RA::Error (const char *func_name, const char *fmt, ...)
+{ 
+	va_list ap; 
+	va_start(ap, fmt); 
+	RA::ErrorThis(LL_PER_SERVER, func_name, fmt, ap);
+	va_end(ap); 
+	va_start(ap, fmt); 
+	RA::DebugThis(LL_PER_SERVER, func_name, fmt, ap);
+	va_end(ap); 
+}
+
+TPS_PUBLIC void RA::Error (RA_Log_Level level, const char *func_name, const char *fmt, ...)
+{ 
+	va_list ap; 
+	va_start(ap, fmt); 
+	RA::ErrorThis(level, func_name, fmt, ap);
+	va_end(ap); 
+	va_start(ap, fmt); 
+	RA::DebugThis(level, func_name, fmt, ap);
+	va_end(ap); 
+}
+
+void RA::ErrorThis (RA_Log_Level level, const char *func_name, const char *fmt, va_list ap)
+{ 
+	PRTime now;
+        const char* time_fmt = "%Y-%m-%d %H:%M:%S";
+        char datetime[1024]; 
+        PRExplodedTime time;
+	PRThread *ct;
+
+ 	if (m_fd_error == NULL) 
+		return;
+	if ((int) level >= m_error_log_level)
+		return;
+	PR_Lock(m_error_log_lock);
+	now = PR_Now();
+	ct = PR_GetCurrentThread();
+        PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+	PR_FormatTimeUSEnglish(datetime, 1024, time_fmt, &time);
+	PR_fprintf(m_fd_error, "[%s] %x %s - ", datetime, ct, func_name);
+	PR_vfprintf(m_fd_error, fmt, ap); 
+	PR_Write(m_fd_error, "\n", 1);
+	PR_Unlock(m_error_log_lock);
+}
+
+PublisherEntry *RA::getPublisherById(const char *publisher_id)
+{
+
+    PublisherEntry *cur = RA::publisher_list;
+
+    if(cur == NULL)
+    {
+         return NULL;
+    }
+
+    while(cur != NULL)
+    {
+       if(!strcmp(publisher_id,cur->id))
+       {
+           break;
+       }
+
+       cur = cur->next;
+    }
+
+    return cur;
+
+}
+
+int RA::InitializePublishers()
+
+{
+    RA::m_num_publishers = 0;
+
+    RA::Debug(LL_PER_PDU, "RA::InitializePublishers: Attempting to load the configurable list of Publishers.", "");
+
+    const char *pub_prefix = "publisher.instance";
+    const char *pub_suffix = "publisherId"; 
+
+    const char *publisher_id = NULL;
+    const char *publisher_lib_name = NULL;
+    const char *publisher_lib_factory_name = NULL;
+
+    char config_str[500];
+
+    int i = -1;
+    int res = 0;
+
+    PublisherEntry *new_entry;
+
+    while(1)
+    {
+       i++;
+
+       PR_snprintf((char *)config_str, 256,"%s.%d.%s", pub_prefix,i,pub_suffix);
+       publisher_id = m_cfg->GetConfigAsString(config_str,NULL); 
+
+       if(publisher_id != NULL)
+       {
+           RA::Debug(LL_PER_PDU, "RA::InitializePublishers:"," Found publisher id %s ", publisher_id);
+           PR_snprintf((char *)config_str, 256, "%s.%d.%s",pub_prefix,i,"libraryName");
+
+           publisher_lib_name = m_cfg->GetConfigAsString(config_str,NULL);
+
+           if(publisher_lib_name != NULL)
+           {
+              RA::Debug(LL_PER_PDU, "RA::InitializePublishers:"," Found publisher lib name %s ", publisher_lib_name);
+              PR_snprintf((char *)config_str, 256, "%s.%d.%s",pub_prefix,i,"libraryFactory");
+
+              publisher_lib_factory_name = m_cfg->GetConfigAsString(config_str,NULL);
+
+             if(publisher_lib_factory_name)
+             {
+
+                 RA::Debug(LL_PER_PDU, "RA::InitializePublishers:"," Found publisher lib factory name %s ", publisher_lib_factory_name);
+
+                 PRLibrary *pb  = PR_LoadLibrary(publisher_lib_name);
+
+                 if(pb)
+                 {
+                      void *sym = PR_FindSymbol(pb,publisher_lib_factory_name);
+
+                      if(sym == NULL)
+                      {
+
+                          RA::Error(LL_PER_PDU, "RA:InitializePublishers",
+                          "Failed to find symbol '%s' publisher %s error code: %d",publisher_lib_factory_name,publisher_lib_name,PR_GetError());
+
+                          RA::Debug(LL_PER_PDU, "RA::InitializePublishers: Failed to load publish library.", "");
+
+
+                          continue;
+                      }
+                      makepublisher make_pub = (makepublisher ) sym;
+
+                      IPublisher *publisher = (* make_pub )();
+
+                     if(publisher == NULL)
+                     {
+                       RA::Error(LL_PER_PDU, "RA:InitializePublishers",
+                           "Failed to initialize publisher %s error code: %d",publisher_lib_name,PR_GetError());
+                       RA::Debug(LL_PER_PDU, "RA::InitializePublishers: Failed to allocate Netkey publisher.", "");
+                       continue;
+                     }
+                     if(publisher)
+                     {
+                         res = publisher->init();
+                     }
+
+                     if(!res)
+                     {
+                         RA::Debug(LL_PER_PDU, "RA::InitializePublishers: Failed to initialize publisher %s.", publisher_lib_name);
+                         continue;                           
+                     } 
+
+                     new_entry = (PublisherEntry *) malloc(sizeof(PublisherEntry));
+
+                     if(new_entry == NULL)
+                     {
+
+                        RA::Debug(LL_PER_PDU, "RA::InitializePublishers: Failed to allocate PublisherEntry structure", "");
+
+                        break;
+
+                     }
+                     new_entry->id = strdup(publisher_id);
+                     new_entry->publisher = publisher;
+                     new_entry->publisher_lib = pb;
+
+                     if(RA::publisher_list == NULL)
+                     {
+                         RA::publisher_list = new_entry;
+                         new_entry->next = NULL;
+
+                     }
+
+                     else
+                     {
+                         PublisherEntry *cur = RA::publisher_list;
+
+                         while(cur->next != NULL)
+                         {
+                             cur= cur->next;
+                         }
+
+                         cur->next = new_entry;
+                         new_entry->next = NULL;
+
+                     }
+                         
+                     RA::m_num_publishers++;
+                     RA::Debug(LL_PER_PDU, "RA::InitializePublishers:"," Successfully initialized publisher %s.", publisher_lib_name);
+                 }
+                 else
+                 {
+                     RA::Error(LL_PER_PDU, "RA:InitializePublishers",
+                        "Failed to open library %s error code: %d",publisher_lib_name,PR_GetError());
+
+                     RA::Debug(LL_PER_PDU, "RA::InitializePublishers"," Failed to load publish library.", "");
+
+                     continue;
+
+                 }
+             }
+             else
+             {
+                 continue;
+             }
+           }
+           else
+           {
+               continue;
+
+           }
+       }
+       else
+       {
+           break;
+       }
+    }
+
+    if(RA::m_num_publishers == 0)
+    {
+        RA::Debug(LL_PER_PDU, "RA::InitializePublishers:"," Did not load any publisher libraries, possibly not configured for publishing. Server continues normally... ");
+        return 0;
+    }
+    else
+    {
+         RA::Debug(LL_PER_PDU, "RA::InitializePublishers:"," Loaded %d Publisher(s).", RA::m_num_publishers);
+
+         return 1;
+    }
+    
+}
+
+void RA::CleanupPublishers()
+{
+
+    if(RA::m_num_publishers == 0)
+      return;
+
+    RA::Debug(LL_PER_PDU, "RA::CleanupPublishers:"," Loaded %d publishers.", RA::m_num_publishers);
+
+    PublisherEntry *cur = RA::publisher_list;
+
+    if(cur == NULL)
+    {
+         return ;
+    }
+
+    while(cur != NULL)
+    {
+
+        PublisherEntry *next =cur->next;
+
+        if(cur)
+        {
+
+            RA::Debug(LL_PER_PDU, "RA::CleanupPublishers:"," Cleanup up publisher %s", cur->id);
+            if( cur->id != NULL)
+            {
+                 free( cur->id );
+                 cur->id = NULL;
+            }
+
+            if( cur->publisher != NULL ) {
+                delete cur->publisher;
+                cur->publisher = NULL;
+            }
+
+            if( cur->publisher_lib != NULL ) {
+                PR_UnloadLibrary( cur->publisher_lib );
+                cur->publisher_lib = NULL;
+            }
+
+            if( cur != NULL ) {
+                free( cur );
+                cur = NULL;
+            }
+
+            cur = next;
+
+        }
+    }
+
+  
+}
+
+int RA::InitializeHttpConnections(const char *id, int *len, HttpConnection **conn, RA_Context *ctx) {
+    char configname[256];
+    char connID[100];
+    CERTCertDBHandle *handle = 0;
+    CERTCertificate *cert = NULL;
+    int rc = 0;
+    int i=0;
+
+    *len = 0;
+
+    // Initialize each connection
+    while (1) {
+        i++;
+        PR_snprintf((char *)configname, 256, "conn.%s%d.hostport", id, i);
+        const char *host_port = m_cfg->GetConfigAsString(configname);
+        if (host_port == NULL) {
+            break;
+        }
+        ConnectionInfo *cinfo = new ConnectionInfo();
+        cinfo->BuildFailoverList(host_port);
+        PR_snprintf((char *)configname, 256, "conn.%s%d.retryConnect", id, i);
+        int retries = m_cfg->GetConfigAsInt(configname, 3);
+        PR_snprintf((char *)configname, 256, "conn.%s%d.timeout", id, i);
+        int timeout = m_cfg->GetConfigAsInt(configname, 10);
+        PR_snprintf((char *)connID, 100, "%s%d", id, i);
+        PR_snprintf((char *)configname, 256, "conn.%s%d.clientNickname", id, i);
+        const char *clientnickname = m_cfg->GetConfigAsString(configname);
+
+        // Bugscape Bug #56583:  insure that specified certificate is present
+        //
+        // (1) To prevent a coredump, we need to determine if NSS has been
+        //     initialized prior to loading this TPS plugin.  However,
+        //     since NSS does not provide a callable initialization check
+        //     to inform the caller whether or not NSS has been initialized,
+        //     we need to supply the following workaround solution:
+        handle = CERT_GetDefaultCertDB();
+        if( handle == 0 ) {
+            ctx->InitializationError( "RA::InitializeHttpConnections",
+                                      __LINE__ );
+            rc = -1;
+            goto loser;
+        }
+
+        // (2) Since NSS has been initialized, verify the presence of the
+        //     specified certificate:
+        if( ( clientnickname != NULL ) &&
+            ( PL_strcmp( clientnickname, "" ) != 0 ) ) {
+            cert = CERT_FindCertByNickname( handle,
+                                            (char *) clientnickname );
+            if( cert == NULL ) {
+                RA::Error( LL_PER_SERVER,
+                           "RA::InitializeHttpConnections", 
+                           "A %s certificate nicknamed \"%s\" "
+                           "could NOT be found in the certificate "
+                           "database for connection %d!",
+                           id,
+                           clientnickname,
+                           i );
+                rc = -2;
+                goto loser;
+            } else {
+                RA::Debug( LL_PER_CONNECTION,
+                           "RA::InitializeHttpConnections", 
+                           "A %s certificate nicknamed \"%s\" "
+                           "was found in the certificate "
+                           "database for connection %d.",
+                           id,
+                           clientnickname,
+                           i );
+                CERT_DestroyCertificate( cert );
+                cert = NULL;
+            }
+        } else {
+                RA::Error( LL_PER_SERVER,
+                           "RA::InitializeHttpConnections", 
+                           "An empty or missing %s certificate nickname "
+                           "was specified for connection %d!",
+                           id,
+                           i );
+                rc = -3;
+                goto loser;
+        }
+
+        PR_snprintf((char *)configname, 256, "conn.%s%d.SSLOn", id, i);
+        bool isSSL = m_cfg->GetConfigAsBool(configname, true);
+        PR_snprintf((char *)configname, 256, "conn.%s%d.keepAlive", id, i);
+        bool keepAlive = m_cfg->GetConfigAsBool(configname, true);
+        conn[*len] = new HttpConnection(connID, cinfo, retries, timeout, isSSL, clientnickname, keepAlive, NULL);
+        (*len)++;
+    }
+
+loser:
+
+    return rc;
+}
+
+int RA::InitializeTokendb(char *cfg_path)
+{
+    char *error    = NULL;
+    int status;
+
+    if (tokendbInitialized)
+      return 0;
+
+    RA::Debug("RA::InitializeTokendb", "config path = %s", cfg_path);
+
+    if (get_tus_db_config(cfg_path) != 1) {
+      RA::Debug("RA::InitializeTokendb", "get_tus_db_config failed");
+      return -1;
+    }
+
+    tokendbInitialized = 1;
+
+    RA::Debug("RA::InitializeTokendb", "Initializing TUS database");
+    if( ( status = tus_db_init( &error ) ) != LDAP_SUCCESS ) {
+        if( error != NULL ) {
+            RA::Debug( "RA::InitializeTokendb",
+                       "Token DB initialization failed: '%s'",
+                       error );
+            PR_smprintf_free( error );
+            error = NULL;
+        } else {
+            RA::Debug( "RA::InitializeTokendb",
+                       "Token DB initialization failed" );
+        }
+    }
+
+    return status;
+}
+
+TPS_PUBLIC int RA::ra_find_tus_certificate_entries_by_order_no_vlv (char *filter,
+  LDAPMessage **result, int order) 
+{
+    return find_tus_certificate_entries_by_order_no_vlv(filter, result, order);
+}
+
+TPS_PUBLIC int RA::ra_find_tus_certificate_entries_by_order (char *filter,
+  int max, LDAPMessage **result, int order) 
+{
+    return find_tus_certificate_entries_by_order(filter, max, result, order);
+}
+
+TPS_PUBLIC CERTCertificate **RA::ra_get_certificates(LDAPMessage *e) {
+    return get_certificates(e);
+}
+
+TPS_PUBLIC LDAPMessage *RA::ra_get_first_entry(LDAPMessage *e) {
+    return get_first_entry(e);
+}
+
+TPS_PUBLIC LDAPMessage *RA::ra_get_next_entry(LDAPMessage *e) {
+    return get_next_entry(e);
+}
+
+TPS_PUBLIC char **RA::ra_get_attribute_values(LDAPMessage *e, const char *p) {
+    return get_attribute_values(e, p);
+}
+
+TPS_PUBLIC char *RA::ra_get_token_id(LDAPMessage *e) {
+    return get_token_id(e);
+}
+
+TPS_PUBLIC char *RA::ra_get_cert_tokenType(LDAPMessage *entry) {
+    return get_cert_tokenType(entry);
+}
+
+TPS_PUBLIC char *RA::ra_get_token_status(LDAPMessage *entry) {
+    return get_token_status(entry);
+}
+
+TPS_PUBLIC char *RA::ra_get_cert_cn(LDAPMessage *entry) {
+    return get_cert_cn(entry);
+}
+
+TPS_PUBLIC char *RA::ra_get_cert_attr_byname(LDAPMessage *entry, char *name) {
+    return get_cert_attr_byname(entry, name);
+}
+
+TPS_PUBLIC char *RA::ra_get_cert_status(LDAPMessage *entry) {
+    return get_cert_status(entry);
+}
+
+TPS_PUBLIC char *RA::ra_get_cert_type(LDAPMessage *entry) {
+    return get_cert_type(entry);
+}
+
+TPS_PUBLIC char *RA::ra_get_cert_serial(LDAPMessage *entry) {
+    return get_cert_serial(entry);
+}
+
+TPS_PUBLIC char *RA::ra_get_cert_issuer(LDAPMessage *entry) {
+    return get_cert_issuer(entry);
+}
+
+TPS_PUBLIC int RA::ra_tus_has_active_tokens(char *userid) {
+    return tus_has_active_tokens(userid);
+}
+
+TPS_PUBLIC char *RA::ra_get_token_reason(LDAPMessage *msg) {
+    return get_token_reason(msg);
+}
+
+TPS_PUBLIC int RA::ra_get_number_of_entries(LDAPMessage *ldapResult) {
+    return get_number_of_entries(ldapResult);
+}
+
+TPS_PUBLIC int RA::ra_find_tus_token_entries_no_vlv(char *filter, 
+  LDAPMessage **ldapResult, int num) 
+{
+    return find_tus_token_entries_no_vlv(filter, ldapResult, num);
+}
+
+TPS_PUBLIC int RA::ra_find_tus_token_entries(char *filter, int maxReturns,
+  LDAPMessage **ldapResult, int num) 
+{
+    return find_tus_token_entries(filter, maxReturns, ldapResult, num);
+}
+
+TPS_PUBLIC int RA::ra_is_tus_db_entry_disabled(char *cuid)
+{
+   return is_tus_db_entry_disabled(cuid);
+}
+
+TPS_PUBLIC int RA::ra_is_token_present(char *cuid)
+{
+    return is_token_present(cuid);
+}
+
+TPS_PUBLIC int RA::ra_is_token_pin_resetable(char *cuid)
+{
+    return is_token_pin_resetable(cuid);
+}
+
+TPS_PUBLIC int RA::ra_is_update_pin_resetable_policy(char *cuid)
+{
+    return is_update_pin_resetable_policy(cuid);
+}
+
+TPS_PUBLIC char *RA::ra_get_token_policy(char *cuid)
+{
+    return get_token_policy(cuid);
+}
+
+TPS_PUBLIC char *RA::ra_get_token_userid(char *cuid)
+{
+    return get_token_userid(cuid);
+}
+
+TPS_PUBLIC int RA::ra_update_token_policy(char *cuid, char *policy)
+{
+    return update_token_policy(cuid, policy);
+}
+
+TPS_PUBLIC int RA::ra_update_cert_status(char *cn, const char *status)
+{
+    return update_cert_status(cn, status);
+}
+
+TPS_PUBLIC int RA::ra_update_token_status_reason_userid(char *userid, char *cuid, const char *status, const char *reason, int modifyDateOfCreate)
+{
+    return update_token_status_reason_userid(userid, cuid, status, reason, modifyDateOfCreate);
+}
+
+TPS_PUBLIC int RA::ra_allow_token_reenroll(char *cuid)
+{
+    return allow_token_reenroll(cuid);
+}
+
+int RA::tdb_activity(char *ip, char *cuid, const char *op, const char *result, const char *msg, const char *userid)
+{
+  return add_activity(ip, cuid, op, result, msg, userid);
+}
+
+int RA::tdb_update_certificates(char* cuid, char **tokentypes, char *userid, CERTCertificate ** certificates, char **ktypes, char **origins, int numOfCerts)
+{
+    int rc = -1;
+    LDAPMessage  *ldapResult = NULL;
+    int k = 0;
+    char filter[512];
+    LDAPMessage *result = NULL;
+    LDAPMessage *e = NULL;
+    int i = 0;
+
+    if ((rc = find_tus_db_entry(cuid, 0, &ldapResult)) != LDAP_SUCCESS) {
+	return rc;
+    }
+
+    /* update certificates */
+    for (i = 0; i < numOfCerts; i++) {
+      if (certificates[i] == NULL) {
+         RA::Debug(LL_PER_PDU, "RA::tdb_update_certificates",
+	      "no certificate found at index %d for tokendb entry: %s", i, cuid);
+      } else {
+         RA::Debug(LL_PER_PDU, "RA::tdb_update_certificates",
+	      "cert=%x", certificates[i]);
+	 
+	k++;
+      }
+    }
+
+    for (i = 0; i < numOfCerts; i++) {
+        if (certificates[i] != NULL) {
+            RA::Debug(LL_PER_PDU, "RA::tdb_update_certificates",
+	        "adding cert=%x", certificates[i]);
+
+            PR_snprintf(filter, 512, "tokenSerial=%x", DER_GetInteger(&(certificates[i])->serialNumber));
+            int r = find_tus_certificate_entries_by_order_no_vlv(filter, &result, 1);
+            bool found = false;
+            if (r == LDAP_SUCCESS) {
+                for (e = get_first_entry(result); e != NULL; e = get_next_entry(e)) {
+                    char **values = get_attribute_values(e, "tokenStatus");
+                    found = true;
+                    RA::Debug("RA::tdb_update_certificates", "Certificate status is %s", values[0]);
+                    add_certificate(cuid, origins[i], tokentypes[i], userid, certificates[i], 
+                      ktypes[i], values[0]);
+                    ldap_value_free(values);
+                    break;
+                }
+
+                ldap_msgfree(result);
+            }
+            if (!found)
+                add_certificate(cuid, origins[i], tokentypes[i], userid, certificates[i], 
+                  ktypes[i], "active");
+        }
+    }
+
+    return rc;
+}
+
+/*
+ * This adds a brand new token entry to tus.
+ */
+int RA::tdb_add_token_entry(char *userid, char* cuid, const char *status) {
+    int rc = -1;
+    int r = -1;
+    LDAPMessage  *ldapResult = NULL;
+
+    if (tokendbInitialized != 1) {
+      r = 0;
+      goto loser;
+    }
+
+    RA::Debug(LL_PER_PDU, "RA::tdb_add_token_entry",
+	      "searching for tokendb entry: %s", cuid);
+
+    if ((rc = find_tus_db_entry(cuid, 0, &ldapResult)) != LDAP_SUCCESS) {
+      /* create a new entry */
+      rc = add_default_tus_db_entry(userid, "~tps", cuid, status, NULL, NULL);
+      if (rc != LDAP_SUCCESS) {
+	RA::Error(LL_PER_PDU, "RA:tdb_add_token_entry",
+		  "failed to add tokendb entry");
+	r = -1;
+	goto loser;
+      } else
+	RA::Debug(LL_PER_PDU, "RA::tdb_add_token_entry",
+		  "add tokendb entry successful");
+	r = 0;
+        goto loser;
+    } else {
+      RA::Debug(LL_PER_PDU, "RA::tdb_add_token_entry",
+		"entry in tokendb exists.");
+
+        // try to see if the userid is there
+        LDAPMessage *e = ra_get_first_entry(ldapResult);
+        char **uid = ra_get_attribute_values(e, "tokenUserID");
+
+        if (uid != NULL) {
+            if (uid[0] != NULL) {
+                if (strlen(uid[0]) > 0 && strcmp(uid[0], userid) != 0) {
+                    ldap_value_free(uid);
+                    RA::Debug(LL_PER_PDU, "RA::tdb_add_token_entry",
+                          "This token does not belong to this user: %s", userid);
+                    r = -1;
+		    goto loser;
+                } else {
+                    if (strlen(uid[0]) > 0 && strcmp(uid[0], userid) == 0) {
+                        ldap_value_free(uid);
+                        r = 0;
+			goto loser;
+                    }
+                }
+            }
+            ldap_value_free(uid);
+        }
+
+        // this is the recycled token, update userid and dateOfCreate
+        rc = ra_update_token_status_reason_userid(userid, cuid, status, "", 1);
+	r = rc;
+    }
+loser:
+    if (ldapResult != NULL) {
+	ldap_msgfree(ldapResult);
+    }
+    return r;
+}
+
+/*
+ * This adds entry to tokendb if entry not found
+ * It is then supposed to modify entry (not yet implemented)
+ */
+int RA::tdb_update(const char *userid, char* cuid, char* applet_version, char *key_info, const char *state, const char *reason)
+{
+    int rc = -1;
+    LDAPMessage  *ldapResult = NULL;
+    //    char filter[255];
+
+    if (tokendbInitialized != 1) {
+	rc = 0;
+	goto loser;
+    }
+      
+
+    //    PR_snprintf(filter, 255, "(cn=%s)", cuid);
+    RA::Debug(LL_PER_PDU, "RA::tdb_update",
+	      "searching for tokendb entry: %s", cuid);
+
+    if ((rc = find_tus_db_entry(cuid, 0, &ldapResult)) != LDAP_SUCCESS) {
+      /* create a new entry */
+      rc = add_default_tus_db_entry(userid, "~tps", cuid, state, applet_version, 
+              key_info);
+      if (rc != LDAP_SUCCESS) {
+	RA::Error(LL_PER_PDU, "RA:tdb_update",
+		  "failed to add tokendb entry");
+	rc = -1;
+	goto loser;
+      } else
+	RA::Debug(LL_PER_PDU, "RA::tdb_update",
+		  "add tokendb entry successful");
+	rc = 0;
+    } else {
+      RA::Debug(LL_PER_PDU, "RA::tdb_update",
+		"entry in tokendb exists...should modify entry");
+
+      /* need code to modify things such as applet version ...*/
+      /* ldap modify code to follow...*/
+      rc =  update_tus_db_entry ("~tps", cuid, userid, key_info, state,
+                         applet_version, reason);
+    }
+loser:
+   if (ldapResult != NULL) {
+	ldap_msgfree(ldapResult);
+   }
+   return rc;
+}
+
+int RA::InitializeAuthentication() {
+    char configname[256];
+    const char *authid;
+    const char *type;
+    const char *authPrefix = "auth.instance";
+    const char *lib = NULL;
+    const char *libfactory = NULL;
+    int i=-1;
+    int rc=0;
+    // AuthenticationEntry *authEntry; 
+
+    while (1) {
+        i++;
+        PR_snprintf((char *)configname, 256, "%s.%d.authId", authPrefix, i);
+        authid = m_cfg->GetConfigAsString(configname, NULL);
+        if (authid != NULL) {
+            RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+              "Found authentication id=%s", authid); 
+            PR_snprintf((char *)configname, 256, "%s.%d.libraryName", authPrefix, i);
+            lib = m_cfg->GetConfigAsString(configname, NULL);
+            if (lib != NULL) {
+                RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+                  "Found authentication library=%s", lib); 
+                PR_snprintf((char *)configname, 256, "%s.%d.libraryFactory", authPrefix, i);
+                libfactory = m_cfg->GetConfigAsString(configname, NULL);
+                if (libfactory != NULL) {
+                    RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+                      "Found authentication library factory=%s", libfactory); 
+                    PRLibrary *pb  = PR_LoadLibrary(lib);
+                    if (pb) {
+                        RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", "Successfully loaded the library %s", lib);
+                        void *sym = PR_FindSymbol(pb, libfactory);
+                        if (sym == NULL) {
+                            RA::Error(LL_PER_PDU, "RA::InitializeAuthentication", 
+                              "Failed to find symbol '%s' in '%s' library, error code: %d", 
+                              libfactory, lib, PR_GetError());
+                            RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+                              "Failed to load the library symbol");
+                            continue;
+                        }
+                        makeauthentication make_auth = (makeauthentication)sym;
+                        Authentication *authentication = (*make_auth)();
+                        if (authentication == NULL) {
+                            RA::Error(LL_PER_PDU, "RA::InitializeAuthentication", 
+                              "Failed to create authentication instance with library %s, error code=%d.", 
+                              lib, PR_GetError()); 
+                            RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+                              "Failed to create authentication instance with library %s, error code=%d.", 
+                              lib, PR_GetError()); 
+                            continue;
+                        } else {
+                            authentication->Initialize(i);
+                            m_auth_list[m_auth_len] = new AuthenticationEntry();
+                            m_auth_list[m_auth_len]->SetId(authid);
+                            m_auth_list[m_auth_len]->SetLibrary(pb);
+                            m_auth_list[m_auth_len]->SetAuthentication(authentication);
+                            PR_snprintf((char *)configname, 256, "%s.%d.type", authPrefix, i);
+                            type = m_cfg->GetConfigAsString(configname, NULL);
+                            m_auth_list[m_auth_len]->SetType(type);
+                            RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication:",
+                              "Successfully initialized authentication %s.", lib);
+                        }
+                    } else {
+                        RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+                          "Failed to load the library %s: error=%d", lib, PR_GetError());
+                        continue;
+                    }
+                } else {
+                    RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+                      "Failed to find the library factory %s", libfactory);
+                    continue;
+                }
+            } else {
+                RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+                  "Failed to find the library %s", lib);
+                continue;
+            }
+            m_auth_len++;
+        } else {
+            break;
+        }
+    }
+
+    if (m_auth_len == 0) {
+        RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+          "No authentication module gets loaded, but server continues starting up...");
+        rc = -1;
+    } else {
+        RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+          "Total number of authentication modules get loaded: %d", m_auth_len);
+    }
+
+    return rc;
+}
+
+int RA::Failover(HttpConnection *&conn, int len) {
+    int rc = 0;
+    if (m_pod_enable) {
+        PR_Lock(m_pod_lock);
+        if (++m_pod_curr >= len) 
+            m_pod_curr = 0;
+        HttpConnection *conn = NULL;
+        for (int i=0; i<m_caConns_len; i++) {
+            conn = m_caConnection[i];
+            RA::SetCurrentIndex(conn, m_pod_curr);
+            conn = m_drmConnection[i];
+            RA::SetCurrentIndex(conn, m_pod_curr);
+            conn = m_tksConnection[i];
+            RA::SetCurrentIndex(conn, m_pod_curr);
+        }
+        PR_Unlock(m_pod_lock);
+    } else {
+        if (conn != NULL) {
+            int curr = RA::GetCurrentIndex(conn);
+            if (++curr >= len)
+                curr = 0;
+            RA::SetCurrentIndex(conn, curr);
+        } else
+            rc = -1;
+    }
+    return rc;
+}
diff --git a/pki/base/tps/src/httpClient/Cache.cpp b/pki/base/tps/src/httpClient/Cache.cpp
new file mode 100644
index 000000000..2ea628f8c
--- /dev/null
+++ b/pki/base/tps/src/httpClient/Cache.cpp
@@ -0,0 +1,496 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+/**
+ * Simple cache implementation
+ */
+#include <string.h>
+#include <time.h>
+
+// NSS includes
+#include "pk11func.h"
+#include "hasht.h"
+
+// NSPR includes
+#include "nspr.h"
+#include "plhash.h"
+#include "plstr.h"
+#include "plbase64.h"
+
+// Always before PSCommonLib.h
+#define COMMON_LIB_DLL
+#include "httpClient/httpc/PSCommonLib.h"
+#include "httpClient/httpc/Defines.h"
+//-- #include "httpClient/httpc/PSError.h"
+#include "httpClient/httpc/Iterator.h"
+#include "httpClient/httpc/Cache.h"
+//-- #include "httpClient/httpc/DebugLogger.h"
+//-- #include "httpClient/httpc/ErrorLogger.h"
+
+#include "engine/RA.h"
+#include "main/Memory.h"
+
+//-- static const char *DEBUG_MODULE = NULL;
+//-- static const char *DEBUG_CLASS_NAME = "StringKeyCache";
+
+// From the NSPR implementation of hashtables
+/* Compute the number of buckets in ht */
+#define NBUCKETS(ht)    (1 << (PL_HASH_BITS - (ht)->shift))
+
+
+/**
+ * Called from the destructor
+ */
+extern "C" {
+static PRIntn onCacheRelease( PLHashEntry* he, PRIntn index, void* arg );
+/**
+ * Called to allocate and return copies of keys
+ */
+static PRIntn getKeys( PLHashEntry* he, PRIntn index, void* arg );
+}
+
+/**
+ * Constructor
+ *
+ * @param key  Pointer to the key being cached
+ * @param data Pointer to the data being cached
+ */
+CacheEntry::CacheEntry( const char* key, void *data ) {
+    if( key != NULL ) {
+        m_key = strdup( key );
+    } else {
+        m_key = NULL; 
+    }
+    m_data = data;
+    // NSPR counts in microseconds
+    m_startTime = (time_t)(PR_Now() / 1000000);
+}
+
+/**
+ * Destructor
+ */
+CacheEntry::~CacheEntry() {
+    if( m_key != NULL ) {
+        free( m_key );
+        m_key = NULL;
+    }
+}
+
+/**
+ * Returns a pointer to the cached key
+ *
+ * @return A pointer to the cached key
+ */
+const char *CacheEntry::GetKey() {
+	return m_key;
+}
+
+/**
+ * Returns a pointer to the cached data
+ *
+ * @return A pointer to the cached data
+ */
+void *CacheEntry::GetData() {
+    return m_data;
+}
+
+
+/**
+ * Returns the time when the entry was created
+ *
+ * @return The time when the entry was created
+ */
+long CacheEntry::GetStartTime() {
+    return (long)m_startTime;
+}
+
+
+/**
+ * Default constructor
+ */
+Cache::Cache() {
+    m_cache = NULL;
+    m_cacheLock = NULL;
+}
+
+/**
+ * Constructor
+ *
+ * @param name of the cache
+ * @param ttl Time to live of each cache entry
+ * @param implicitLock true if the Cache is to do locking internally
+ * when required; false if the caller will take responsibility
+ */
+Cache::Cache( const char *name, int ttl, bool implicitLock ) {
+
+    Initialize( name, ttl, implicitLock );
+}
+
+/**
+ * Destructor
+ */
+Cache::~Cache() {
+
+    if( m_cacheLock ) {
+        PR_DestroyRWLock( m_cacheLock );
+        m_cacheLock = NULL;
+    }
+	if( m_cache ) {
+		PL_HashTableEnumerateEntries( m_cache, onCacheRelease, NULL );
+		PL_HashTableDestroy( m_cache );
+        m_cache = NULL;
+	}
+
+}
+
+/**
+ * Initializes the object - to be called from the constructor
+ *
+ * @param name of the cache
+ * @param ttl Time to live of each cache entry
+ * @param implicitLock true if the Cache is to do locking internally
+ * when required; false if the caller will take responsibility
+ */
+void Cache::Initialize( const char *name, int ttl, bool implicitLock ) {
+
+    if ( !m_cache ) {
+        m_implicitLock = implicitLock;
+        m_ttl = ttl;
+        m_cache = PL_NewHashTable( 0,
+                                   PL_HashString,
+                                   PL_CompareStrings,
+                                   PL_CompareValues,
+                                   NULL,
+                                   NULL
+            );
+        m_cacheLock	= PR_NewRWLock( PR_RWLOCK_RANK_NONE, name );
+        m_name = name;
+    }
+
+}
+
+/**
+ * Acquires a read lock on the cache. Multiple threads may simultaneously
+ * have a read lock, but attempts to acquire a read lock will block
+ * if another thread already has a write lock. It is illegal to request
+ * a read lock if the thread already has one.
+ */
+void Cache::ReadLock() {
+	PR_RWLock_Rlock( m_cacheLock );
+}
+
+/**
+ * Acquires a write lock on the cache. Only one thread may have a write
+ * lock at any given time; attempts to acquire a write lock will block
+ * if another thread already has one. It is illegal to request
+ * a write lock if the thread already has one.
+ */
+void Cache::WriteLock() {
+	PR_RWLock_Wlock( m_cacheLock );
+}
+
+/**
+ * Releases a read or write lock that the thread has on the cache
+ */
+void Cache::Unlock() {
+	PR_RWLock_Unlock( m_cacheLock );
+}
+
+/**
+ * Returns the number of entries in the cache
+ *
+ * @return The number of entries in the cache
+ */
+int Cache::GetCount() {
+    int nKeys = 0;
+    if ( m_implicitLock ) {
+        ReadLock();
+    }
+    nKeys = m_cache->nentries;
+    if ( m_implicitLock ) {
+        Unlock();
+    }
+    return nKeys;
+}
+
+class KeyIterator : public Iterator {
+public:
+    /**
+     * Constructor
+     *
+     * @param ht A hashtable to iterate on
+     * @param cacheLock Lock for accessing the hashtable
+     * @param implictLock true if hashtable locking is to be done
+     * internally
+     */
+    KeyIterator( PLHashTable *ht, PRRWLock *cacheLock, bool implicitLock ) {
+        m_table = ht;
+        m_bucketIndex = 0;
+        m_entry = m_table->buckets[m_bucketIndex];
+        m_cacheLock = cacheLock;
+        m_implicitLock = implicitLock;
+    }
+
+    /**
+     * Destructor
+     */
+    virtual ~KeyIterator() {
+    }
+
+    /**
+     * Returns true if there is at least one more key
+     *
+     * @return true if there is at least one more key
+     */
+    bool HasMore() {
+        if ( NULL == m_entry ) {
+            Next();
+        }
+        return ( NULL != m_entry );
+    }
+
+   /**
+     * Returns the next key, if any; the key is deallocated by the Iterator
+     * in its destructor
+     *
+     * @return The next key, if any, or NULL
+     */
+    void *Next() {
+        PLHashEntry *he = m_entry;
+        m_entry = (m_entry != NULL) ? m_entry->next : NULL;
+        int nBuckets = NBUCKETS(m_table);
+        if ( m_implicitLock ) {
+            PR_RWLock_Rlock( m_cacheLock );
+        }
+        while ( (NULL == m_entry) && (m_bucketIndex < (nBuckets-1)) ) {
+            m_bucketIndex++;
+            m_entry = m_table->buckets[m_bucketIndex];
+        }
+        if ( m_implicitLock ) {
+            PR_RWLock_Unlock( m_cacheLock );
+        }
+        return ( he != NULL ) ? (void *)he->key : NULL;
+    }
+
+private:
+    PLHashTable *m_table;
+    PLHashEntry *m_entry;
+    int m_bucketIndex;
+	PRRWLock* m_cacheLock;
+    bool m_implicitLock;
+};
+
+/**
+ * Constructor
+ *
+ * @param name of the cache
+ * @param ttl Time to live of each cache entry
+ * @param implicitLock true if the Cache is to do locking internally
+ * when required; false if the caller will take responsibility
+ */
+StringKeyCache::StringKeyCache( const char *name, int ttl,
+                                bool implicitLock ) {
+
+    Initialize( name, ttl, implicitLock );
+
+}
+
+/**
+ * Destructor
+ */
+StringKeyCache::~StringKeyCache() {
+}
+
+/**
+ * Returns a cache entry
+ *
+ * @param key The name of the cache entry
+ * @return The corresponding cache entry, or NULL if not found
+ */
+CacheEntry *StringKeyCache::Get( const char *key ) {
+    // Avoid recursion when the debug log is starting up
+
+    if ( m_implicitLock ) {
+        ReadLock();
+    }
+	CacheEntry *entry =
+		(CacheEntry *)PL_HashTableLookupConst( m_cache, key );
+    if ( m_implicitLock ) {
+        Unlock();
+    }
+	if ( entry && m_ttl ) {
+		// Check if the cache entry has expired
+        // NSPR counts in microseconds
+        time_t now = (time_t)(PR_Now() / 1000000);
+		if ( ((long)now - entry->GetStartTime()) > m_ttl ) {
+            if( key != NULL ) {
+                Remove( key );
+                key = NULL;
+            }
+            if( entry != NULL ) {
+                delete entry;
+                entry = NULL;
+            }
+			 // Avoid recursion when the debug log is starting up
+     		if ( PL_strcasecmp( m_name, "DebugLogModuleCache" ) ) {
+//--          		DebugLogger *logger = DebugLogger::GetDebugLogger( DEBUG_MODULE );
+//--          		logger->Log( LOGLEVEL_FINER, DEBUG_CLASS_NAME,
+//--                          "Get",
+                   RA::Debug( LL_PER_PDU,
+                              "StringKeyCache::Get: ",
+                              "Entry %s expired from cache %s",
+                              key,
+                              m_name ); 
+        	}
+		}
+    }
+
+	return entry;
+}
+
+/**
+ * Adds a cache entry
+ *
+ * @param key The name of the cache entry; an internal copy is made
+ * @param value The value of the cache entry
+ * @return The corresponding cache entry, or NULL if it couldn't be added
+ */
+CacheEntry *StringKeyCache::Put( const char *key, void *value ) {
+	CacheEntry *entry = new CacheEntry( key, value );
+    if ( m_implicitLock ) {
+        WriteLock();
+    }
+    PL_HashTableAdd( m_cache, entry->GetKey(), entry );
+    if ( m_implicitLock ) {
+        Unlock();
+    }
+
+	return entry;
+}
+
+/**
+ * Removes a cache entry; does not free the entry object
+ *
+ * @param key The name of the cache entry
+ * @return The corresponding cache entry, or NULL if not found
+ */
+CacheEntry *StringKeyCache::Remove( const char *key ) {
+
+    if ( m_implicitLock ) {
+        WriteLock();
+    }
+	CacheEntry *entry =
+		(CacheEntry *)PL_HashTableLookupConst( m_cache, key );
+	if( entry ) {
+		PL_HashTableRemove( m_cache, key );
+	}
+    if ( m_implicitLock ) {
+        Unlock();
+    }
+
+	return entry;
+}
+
+class KeyArray {
+public:
+    KeyArray( int nKeys ) {
+        m_nKeys = nKeys;
+        m_keys = new char *[m_nKeys];
+        m_currentKey = 0;
+    }
+    virtual ~KeyArray() {
+    }
+    int m_currentKey;
+    int m_nKeys;
+    char **m_keys;
+};
+
+/**
+ * Returns an iterator over keys in the cache
+ *
+ * @return An iterator over keys in the cache
+ */
+Iterator *StringKeyCache::GetKeyIterator() {
+    return new KeyIterator( m_cache, m_cacheLock, m_implicitLock );
+}
+
+/**
+ * Allocates and returns a list of keys in the cache
+ *
+ * @param keys Returns an array of names; each name and also the
+ * array itself are to be freed by the caller with delete
+ * @return The number of keys found
+ */
+int StringKeyCache::GetKeys( char ***keys ) {
+
+    int nKeys = GetCount();
+    if ( m_implicitLock ) {
+        ReadLock();
+    }
+    KeyArray keyArray( nKeys );
+    PL_HashTableEnumerateEntries( m_cache, getKeys, &keyArray );
+    if ( m_implicitLock ) {
+        Unlock();
+    }
+    if( ( keyArray.m_nKeys < 1 ) && keyArray.m_keys ) {
+        delete [] keyArray.m_keys;
+        keyArray.m_keys = NULL;
+    }
+    *keys = keyArray.m_keys;
+
+    return keyArray.m_nKeys;
+}
+
+/**
+ * Adds cache entry keys to an accumulator
+ */
+extern "C" {
+static PRIntn getKeys( PLHashEntry* he, PRIntn index, void* arg ) {
+	PRIntn result = HT_ENUMERATE_NEXT;
+	if ( he != NULL ) {
+		if ( he->key ) {
+            KeyArray *keys = (KeyArray *)arg;
+            int len = strlen( (char *)he->key );
+            int i = keys->m_currentKey;
+            keys->m_keys[i] = new char[len+1];
+            strcpy( keys->m_keys[i], (char *)he->key );
+            keys->m_currentKey++;
+		}
+	}
+	return result;
+}
+
+/**
+ * Frees keys of entries in cache; does not free values
+ */
+static PRIntn onCacheRelease( PLHashEntry* he, PRIntn index, void* arg ) {
+    PRIntn result = HT_ENUMERATE_NEXT;
+    if( he != NULL ) {
+        if( he->key != NULL ) {
+            free( (char *) he->key );
+            he->key = NULL;
+            result = HT_ENUMERATE_REMOVE;
+        }
+    }
+    return result;
+}
+} // extern "C"
diff --git a/pki/base/tps/src/httpClient/engine.cpp b/pki/base/tps/src/httpClient/engine.cpp
new file mode 100644
index 000000000..6c5013869
--- /dev/null
+++ b/pki/base/tps/src/httpClient/engine.cpp
@@ -0,0 +1,718 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#include "nspr.h"
+#include "sslproto.h"
+#include "prerror.h"
+
+#include "ssl.h"
+#include "nss.h"
+#include "pk11func.h"
+#include "cert.h"
+#include "certt.h"
+#include "sslerr.h"
+#include "secerr.h"
+
+#include "httpClient/httpc/engine.h"
+#include "httpClient/httpc/http.h"
+#include "httpClient/httpc/PSPRUtil.h"
+#include "httpClient/httpc/Defines.h"
+//-- #include "httpClient/httpc/DebugLogger.h"
+#include "engine/RA.h"
+#include "main/Memory.h"
+
+char* certName = NULL;
+char* password = NULL;
+int ciphers[32];
+int cipherCount = 0;
+int _doVerifyServerCert = 1;
+
+//-- static const char *DEBUG_MODULE = "httpclient";
+//-- static const char *DEBUG_CLASS_NAME = "HttpEngine";
+
+PRIntervalTime Engine::globaltimeout = PR_TicksPerSecond()*30;
+
+static char * ownPasswd( PK11SlotInfo *slot, PRBool retry, void *arg) {
+	if (!retry) {
+       if( password != NULL ) {
+            return PL_strdup(password);
+       } else {
+            return PL_strdup( "httptest" );
+       }
+	} else {
+		return NULL;
+	}
+}
+
+/**
+ * Function: SECStatus myBadCertHandler()
+ * <BR>
+ * Purpose: This callback is called when the incoming certificate is not
+ * valid. We define a certain set of parameters that still cause the
+ * certificate to be "valid" for this session, and return SECSuccess to cause
+ * the server to continue processing the request when any of these conditions
+ * are met. Otherwise, SECFailure is return and the server rejects the 
+ * request.
+ */
+SECStatus myBadCertHandler( void *arg, PRFileDesc *socket ) {
+
+    SECStatus	secStatus = SECFailure;
+    PRErrorCode	err;
+
+    /* log invalid cert here */
+
+    if ( !arg ) {
+		return secStatus;
+    }
+
+    *(PRErrorCode *)arg = err = PORT_GetError();
+
+    /* If any of the cases in the switch are met, then we will proceed   */
+    /* with the processing of the request anyway. Otherwise, the default */	
+    /* case will be reached and we will reject the request.              */
+
+    switch (err) {
+    case SEC_ERROR_INVALID_AVA:
+    case SEC_ERROR_INVALID_TIME:
+    case SEC_ERROR_BAD_SIGNATURE:
+    case SEC_ERROR_EXPIRED_CERTIFICATE:
+    case SEC_ERROR_UNKNOWN_ISSUER:
+    case SEC_ERROR_UNTRUSTED_CERT:
+    case SEC_ERROR_CERT_VALID:
+    case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+    case SEC_ERROR_CRL_EXPIRED:
+    case SEC_ERROR_CRL_BAD_SIGNATURE:
+    case SEC_ERROR_EXTENSION_VALUE_INVALID:
+    case SEC_ERROR_CA_CERT_INVALID:
+    case SEC_ERROR_CERT_USAGES_INVALID:
+    case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
+	case SEC_ERROR_EXTENSION_NOT_FOUND: // Added by Rob 5/21/2002
+		secStatus = SECSuccess;
+	break;
+    default:
+		secStatus = SECFailure;
+	break;
+    }
+
+    return secStatus;
+}
+
+
+PRBool __EXPORT InitSecurity(char* certDir, char* certname, char* certpassword, char *prefix,int verify ) {
+    if (certpassword) {
+        password = PL_strdup(certpassword);
+	} else {
+        password = PL_strdup( "httptest" );
+    }
+    if (certname) {
+        certName = PL_strdup(certname);
+    }
+
+	PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 0 );
+    SECStatus stat = NSS_Initialize( certDir, prefix, prefix,"secmod.db",
+									 NSS_INIT_READONLY);
+
+    if (SECSuccess != stat) {
+		// int err = PR_GetError();
+        return PR_FAILURE;
+	}
+    PK11_SetPasswordFunc(ownPasswd);
+
+    stat = NSS_SetDomesticPolicy();
+    SSL_CipherPrefSetDefault( SSL_RSA_WITH_NULL_MD5, PR_TRUE );
+
+	_doVerifyServerCert = verify;
+
+
+     return PR_TRUE;
+}
+
+
+int ssl2Suites[] = {
+    SSL_EN_RC4_128_WITH_MD5,                    /* A */
+    SSL_EN_RC4_128_EXPORT40_WITH_MD5,           /* B */
+    SSL_EN_RC2_128_CBC_WITH_MD5,                /* C */
+    SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5,       /* D */
+    SSL_EN_DES_64_CBC_WITH_MD5,                 /* E */
+    SSL_EN_DES_192_EDE3_CBC_WITH_MD5,           /* F */
+    0
+};
+
+int ssl3Suites[] = {
+    SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,     /* a */
+    SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,          /* b */
+    SSL_RSA_WITH_RC4_128_MD5,                   /* c */
+    SSL_RSA_WITH_3DES_EDE_CBC_SHA,              /* d */
+    SSL_RSA_WITH_DES_CBC_SHA,                   /* e */
+    SSL_RSA_EXPORT_WITH_RC4_40_MD5,             /* f */
+    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,         /* g */
+    SSL_FORTEZZA_DMS_WITH_NULL_SHA,             /* h */
+    SSL_RSA_WITH_NULL_MD5,                      /* i */
+    SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,         /* j */
+    SSL_RSA_FIPS_WITH_DES_CBC_SHA,              /* k */
+    TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,        /* l */
+    TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,         /* m */
+    0
+};
+
+void disableAllCiphersOnSocket(PRFileDesc* sock) {
+    int i;
+    int numsuites = SSL_NumImplementedCiphers;
+
+    /* disable all the cipher suites for that socket */
+    for (i = 0; i<numsuites; i++) {
+        SSL_CipherPrefSet(sock, SSL_ImplementedCiphers[i], SSL_NOT_ALLOWED);
+    }
+}
+
+void __EXPORT EnableAllSSL3Ciphers(PRFileDesc* sock) {
+	int i =0;
+	while (ssl3Suites[i]) {
+        SSL_CipherPrefSet(sock, ssl3Suites[i], SSL_ALLOWED);
+	}
+}
+ 
+PRBool __EXPORT EnableCipher(const char* cipherString) {
+     int ndx;
+  
+     if (!cipherString) {
+        return PR_FALSE;
+	 }
+
+     while (0 != (ndx = *cipherString++)) {
+        int* cptr;
+        int cipher;
+
+        if (! isalpha(ndx)) {
+           continue;
+		}
+        cptr = islower(ndx) ? ssl3Suites : ssl2Suites;
+        for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) {
+			/* do nothing */;
+		}
+        ciphers[cipherCount++] = cipher;
+     }
+
+     return PR_TRUE;
+}
+
+SECStatus certcallback (
+    void *arg,
+    PRFileDesc *fd,
+    PRBool checksig,
+    PRBool isServer) {
+     return SECSuccess; // always succeed
+}
+
+/**
+ * Function: SECStatus myAuthCertificate()
+ * <BR>
+ * Purpose: This function is our custom certificate authentication handler.
+ * <BR>
+ * Note: This implementation is essentially the same as the default 
+ *       SSL_AuthCertificate().
+ */
+extern "C" {
+
+static SECStatus myAuthCertificate( void *arg,
+                             PRFileDesc *socket, 
+							 PRBool checksig,
+                             PRBool isServer ) {
+
+	SECCertUsage        certUsage;
+	CERTCertificate *   cert;
+	void *              pinArg;
+	char *              hostName = NULL;
+	SECStatus           secStatus = SECSuccess;
+//--	static const char *DEBUG_METHOD_NAME = "myAuthCertificate";
+//-- 	DebugLogger *logger = DebugLogger::GetDebugLogger( "httpclient");
+
+	if ( !arg || !socket ) {
+		return SECFailure;
+	}
+
+	/* Define how the cert is being used based upon the isServer flag. */
+
+	certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
+
+	cert = SSL_PeerCertificate( socket );
+	
+	pinArg = SSL_RevealPinArg( socket );
+
+	// Skip the server cert verification fconditionally, because our test
+    // servers do not have a valid root CA cert.
+    if ( _doVerifyServerCert ) {
+
+        PRLock *verify_lock = RA::GetVerifyLock();
+        if (verify_lock == NULL) {
+		  return SECFailure;
+        }
+        PR_Lock(verify_lock);
+        /* This function is not thread-safe. So we need to use a global lock */
+        secStatus = CERT_VerifyCertNow( (CERTCertDBHandle *)arg,
+                                        cert,
+                                        checksig,
+                                        certUsage,
+                                        pinArg);
+        PR_Unlock(verify_lock);
+
+		if( SECSuccess != secStatus ) {
+//-- 			logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+	           if (cert == NULL) {	
+                        RA::Debug( LL_PER_PDU,
+                        "myAuthCertificate: ",
+                        "Server Certificate Not Found" );
+	           } else {
+			   if (cert->subjectName == NULL) {
+                        	RA::Debug( LL_PER_PDU,
+                        	"myAuthCertificate: ",
+                        	"Untrusted server certificate" );
+			   } else {
+                        	RA::Debug( LL_PER_PDU,
+                        	"myAuthCertificate: ",
+                        	"Untrusted server certificate error=%d subject='%s'", PORT_GetError(), cert->subjectName );
+			   }
+	           }
+		}
+    }
+
+	/* If this is a server, we're finished. */
+	if (isServer || secStatus != SECSuccess) {
+		return secStatus;
+	}
+
+	/* Certificate is OK.  Since this is the client side of an SSL
+	 * connection, we need to verify that the name field in the cert
+	 * matches the desired hostname.  This is our defense against
+	 * man-in-the-middle attacks.
+	 */
+
+	/* SSL_RevealURL returns a hostName, not an URL. */
+	hostName = SSL_RevealURL( socket );
+
+	if (hostName && hostName[0]) {
+		secStatus = CERT_VerifyCertName( cert, hostName );
+		if( SECSuccess != secStatus ) {
+//-- 			logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+                 RA::Debug( LL_PER_PDU,
+                            "myAuthCertificate: ",
+                            "Server name does not match that in certificate" );
+		}
+	} else {
+		secStatus = SECFailure;
+//-- 		logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 					 DEBUG_METHOD_NAME,
+            RA::Debug( LL_PER_PDU,
+                       "myAuthCertificate: ",
+                       "server name has been specified" );
+	}
+
+    if( hostName != NULL ) {
+        PR_Free( hostName );
+        hostName = NULL;
+    }
+
+	return secStatus;
+}
+
+
+/* Function: SECStatus ownGetClientAuthData()
+ *
+ * Purpose: This callback is used by SSL to pull client certificate 
+ * information upon server request.
+ */
+static SECStatus ownGetClientAuthData(void *arg, PRFileDesc *socket,
+				    CERTDistNames *caNames,
+				    CERTCertificate **pRetCert,/*return */
+				    SECKEYPrivateKey **pRetKey) {
+    CERTCertificate *               cert = NULL;
+    SECKEYPrivateKey *              privKey = NULL;
+    void *                          proto_win = NULL;
+    SECStatus                       rv = SECFailure;
+    char *			    localNickName = (char *)arg;
+
+    proto_win = SSL_RevealPinArg(socket);
+   
+    if (localNickName) {
+        RA::Debug( LL_PER_PDU,
+                   "ownGetClientAuthData: ",
+                   "ownGetClientAuthData looking for nickname=%s",
+                   localNickName );
+     cert = PK11_FindCertFromNickname(localNickName, proto_win);
+        if (cert) {
+        RA::Debug( LL_PER_PDU,
+                   "ownGetClientAuthData: ",
+                   "ownGetClientAuthData found cert" );
+            privKey = PK11_FindKeyByAnyCert(cert, proto_win);
+            if (privKey) {
+                RA::Debug( LL_PER_PDU,
+                           "ownGetClientAuthData: ",
+                           "ownGetClientAuthData found priv key for cert" );
+                    rv = SECSuccess;
+            } else {
+                    if( cert != NULL ) {
+                        CERT_DestroyCertificate( cert );
+                        cert = NULL;
+                    }
+            }
+        }
+        else {
+            RA::Debug( LL_PER_PDU,
+                       "ownGetClientAuthData: ",
+                       "ownGetClientAuthData did NOT find cert" );
+        }
+
+        if (rv == SECSuccess) {
+			*pRetCert = cert;
+			*pRetKey  = privKey;
+        }
+
+        // if( localNickName != NULL ) {
+        //     free( localNickName );
+        //     localNickName = NULL;
+        // }
+        return rv;
+    }
+    else {
+            RA::Debug( LL_PER_PDU,
+                       "ownGetClientAuthData: ",
+                       "ownGetClientAuthData does not have nickname" );
+    }
+
+    char* chosenNickName = certName ? (char *)PL_strdup(certName) : NULL;
+    if (chosenNickName) {
+        cert = PK11_FindCertFromNickname(chosenNickName, proto_win);
+        if (cert) {
+            privKey = PK11_FindKeyByAnyCert(cert, proto_win);
+            if (privKey) {
+				rv = SECSuccess;
+            } else {
+                if( cert != NULL ) {
+                    CERT_DestroyCertificate( cert );
+                    cert = NULL;
+                }
+            }
+        }
+    } else {
+        /* no nickname given, automatically find the right cert */
+        CERTCertNicknames *     names;
+        int                     i;
+
+        names = CERT_GetCertNicknames(  CERT_GetDefaultCertDB(), 
+                                        SEC_CERT_NICKNAMES_USER,
+                                        proto_win);
+
+        if (names != NULL) {
+            for( i=0; i < names->numnicknames; i++ ) {
+                cert = PK11_FindCertFromNickname(names->nicknames[i],
+												 proto_win);
+                if (!cert) {
+                    continue;
+                }
+
+                /* Only check unexpired certs */
+                if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE) != 
+					secCertTimeValid) {
+                    if( cert != NULL ) {
+                        CERT_DestroyCertificate( cert );
+                        cert = NULL;
+                    }
+                    continue;
+                }
+
+                rv = NSS_CmpCertChainWCANames(cert, caNames);
+
+                if (rv == SECSuccess) {
+                    privKey = PK11_FindKeyByAnyCert(cert, proto_win);
+                    if (privKey) {
+                        // got the key
+                        break;
+                    }
+
+                    // cert database password was probably wrong
+                    rv = SECFailure;
+                    break;
+                };
+            } /* for loop */
+            CERT_FreeNicknames(names);
+        } // names
+    } // no nickname chosen
+
+    if (rv == SECSuccess) {
+		*pRetCert = cert;
+		*pRetKey  = privKey;
+    }
+
+    if( chosenNickName != NULL ) {
+        free( chosenNickName );
+        chosenNickName = NULL;
+    }
+
+    return rv;
+}
+} // extern "C"
+
+void nodelay(PRFileDesc* fd) {
+    PRSocketOptionData opt;
+    PRStatus rv;
+
+    opt.option = PR_SockOpt_NoDelay;
+    opt.value.no_delay = PR_FALSE;
+
+    rv = PR_GetSocketOption(fd, &opt);
+    if (rv == PR_FAILURE) {
+        return;
+    }
+
+    opt.option = PR_SockOpt_NoDelay;
+    opt.value.no_delay = PR_TRUE;
+    rv = PR_SetSocketOption(fd, &opt);
+    if (rv == PR_FAILURE) {
+        return;
+    }
+
+    return;
+}
+
+
+/**
+ * Returns a file descriptor for I/O if the HTTP connection is successful
+ * @param addr PRnetAddr structure which points to the server to connect to
+ * @param SSLOn boo;elan to state if this is an SSL client
+ */
+PRFileDesc * Engine::_doConnect(PRNetAddr *addr, PRBool SSLOn,
+								const PRInt32* cipherSuite, 
+                                PRInt32 count, const char *nickName,
+								PRBool handshake,
+								/*const SecurityProtocols& secprots,*/
+                                const char *serverName, PRIntervalTime timeout) {
+//--	static const char *DEBUG_METHOD_NAME = "doConnect";
+//-- 	DebugLogger *logger = DebugLogger::GetDebugLogger( "httpclient");
+	PRFileDesc *tcpsock = NULL;
+	PRFileDesc *sock = NULL;
+
+    SSL_CipherPrefSetDefault(0xC005 /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */, PR_TRUE);
+
+    tcpsock = PR_OpenTCPSocket(addr->raw.family);
+
+    if (nickName != NULL)
+        RA::Debug( LL_PER_PDU,
+                   "Engine::_doConnect: ",
+                   "_doConnect has nickname=%s",
+                   nickName );
+    else
+        RA::Debug( LL_PER_PDU,
+                   "Engine::_doConnect: ",
+                   "_doConnect has nickname=NULL" );
+
+    if (!tcpsock) {
+//-- 	    logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//--                  DEBUG_METHOD_NAME,
+//XXXX log NSPR error code
+        RA::Debug( LL_PER_PDU,
+                   "Engine::_doConnect: ",
+                   "PR_OpenTCPSocket returned NULL" );
+        return NULL;
+    }
+
+    nodelay(tcpsock);
+
+    if (PR_TRUE == SSLOn) {
+        sock=SSL_ImportFD(NULL, tcpsock);
+        if (!sock) {
+            //xxx log
+            if( tcpsock != NULL ) {
+                PR_Close( tcpsock );
+                tcpsock = NULL;
+            }
+            return NULL;
+        }
+
+        int error = 0;
+        PRBool rv = SSL_OptionSet(sock, SSL_SECURITY, 1);
+        if ( SECSuccess == rv ) {
+			rv = SSL_OptionSet(sock, SSL_HANDSHAKE_AS_CLIENT, 1);
+		}
+        if ( SECSuccess == rv ) {
+			rv = SSL_OptionSet(sock, SSL_ENABLE_SSL3, PR_TRUE);
+		}
+        if ( SECSuccess == rv ) {
+			rv = SSL_OptionSet(sock, SSL_ENABLE_TLS, PR_TRUE);
+		}
+        if ( SECSuccess != rv ) {
+            error = PORT_GetError();
+            if( sock != NULL ) {
+                PR_Close( sock );
+                sock = NULL;
+            }
+//-- 			logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+            RA::Debug( LL_PER_PDU,
+                       "Engine::_doConnect: ",
+                       "SSL_OptionSet error: %d",
+                       error );
+            return NULL;
+		}
+
+		rv = SSL_GetClientAuthDataHook( sock,
+										ownGetClientAuthData,
+										(void*)nickName);
+        if ( SECSuccess != rv ) {
+            error = PORT_GetError();
+            if( sock != NULL ) {
+                PR_Close( sock );
+                sock = NULL;
+            }
+//-- 			logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+            RA::Debug( LL_PER_PDU,
+                       "Engine::_doConnect: ",
+                       "SSL_GetClientAuthDataHook error: %d",
+                       error );
+            return NULL;
+		}
+		
+        rv = SSL_AuthCertificateHook(sock,
+									 (SSLAuthCertificate)myAuthCertificate,
+									 (void *)CERT_GetDefaultCertDB()); 
+
+        if (rv != SECSuccess ) {
+            if( sock != NULL ) {
+                PR_Close( sock );
+                sock = NULL;
+            }
+            return NULL;
+        }
+
+		PRErrorCode errCode = 0;
+
+        rv = SSL_BadCertHook( sock,
+							  (SSLBadCertHandler)myBadCertHandler,
+							  &errCode );
+		rv = SSL_SetURL( sock, serverName );
+
+		if (rv != SECSuccess ) {
+			error = PORT_GetError();
+            if( sock != NULL ) {
+                PR_Close( sock );
+                sock = NULL;
+            }
+//-- 			logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+            RA::Debug( LL_PER_PDU,
+                               "Engine::_doConnect: ",
+                               "SSL_SetURL error: %d",
+                               error );
+            return NULL;
+		}
+
+		//EnableAllSSL3Ciphers( sock);
+    } else {
+        sock = tcpsock;
+    }
+
+    RA::Debug( LL_PER_PDU,
+               "Engine::_doConnect: ",
+               "about to call PR_Connect, timeout =%d",
+               timeout );
+
+    if ( PR_Connect(sock, addr, timeout) == PR_FAILURE ) {
+//-- 	    logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//--                  DEBUG_METHOD_NAME,
+             RA::Debug( LL_PER_PDU,
+                        "Engine::_doConnect: ",
+                        "PR_Connect error: %d Msg=%s",
+                        PR_GetError(),
+                        "XXX" );
+        if( sock != NULL ) {
+            PR_Close( sock );
+            sock = NULL;
+        }
+        return NULL;
+    }
+
+    return (sock);
+}
+
+/**
+ * Called from higher level to connect, sends a request 
+ * and gets a response as an HttpResponse object
+ *
+ * @param request Contains the entire request url + headers etc
+ * @param server Has the host, port, protocol info
+ * @param timeout Time in seconds to wait for a response
+ * @return The response body and headers
+ */
+PSHttpResponse * HttpEngine::makeRequest( PSHttpRequest &request, 
+										  const PSHttpServer& server,
+										  int timeout, PRBool expectChunked ) {
+    PRNetAddr addr;
+    PRFileDesc *sock = NULL;
+    PSHttpResponse *resp = NULL;
+
+    PRBool response_code = 0;
+
+	server.getAddr(&addr);
+
+	char *nickName = request.getCertNickName();
+
+	char *serverName = (char *)server.getAddr();
+    sock = _doConnect( &addr, request.isSSL(), 0, 0,nickName, 0, serverName );
+
+    if ( sock != NULL) {
+        PRBool status = request.send( sock );
+        if ( status ) {
+            resp = new PSHttpResponse( sock, &request, timeout, expectChunked );
+            response_code = resp->processResponse();
+
+            RA::Debug( LL_PER_PDU,
+                       "HttpEngine::makeRequest: ",
+                       "makeRequest response %d",
+                       response_code );
+
+            if(!response_code)
+            {
+                RA::Debug( LL_PER_PDU,
+                           "HttpEngine::makeRequest: ",
+                           "Deleting response because of FALSE return, returning NULL." );
+                if( resp != NULL ) {
+                    delete resp;
+                    resp = NULL;
+                }
+                if( sock != NULL ) {
+                    PR_Close( sock );
+                    sock = NULL;
+                }
+
+                return NULL;
+
+            }
+        }
+        if( sock != NULL ) {
+            PR_Close( sock );
+            sock = NULL;
+        }
+    }
+
+    return resp;
+}
diff --git a/pki/base/tps/src/httpClient/http.cpp b/pki/base/tps/src/httpClient/http.cpp
new file mode 100644
index 000000000..948fc0da6
--- /dev/null
+++ b/pki/base/tps/src/httpClient/http.cpp
@@ -0,0 +1,303 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#include <string.h>
+
+#include "httpClient/httpc/http.h"
+#include "httpClient/httpc/engine.h"
+#include "httpClient/httpc/request.h"
+#include "httpClient/httpc/response.h"
+//-- #include "httpClient/httpc/DebugLogger.h"
+//-- #include "httpClient/httpc/ErrorLogger.h"
+#include "httpClient/httpc/PSPRUtil.h"
+#include "httpClient/httpc/Defines.h"
+#include "engine/RA.h"
+#include "main/Memory.h"
+
+
+//-- static const char *DEBUG_MODULE = "httpclient";
+//-- static const char *DEBUG_CLASS_NAME = "PSHttpServer";
+
+/**
+ * Constructor
+ * @param addr The hostname:port of the server to connect to. The default
+ * port is 80
+ * @param af The protocol family like PR_AF_INET
+ */
+PSHttpServer::PSHttpServer(const char *addr, PRUint16 af) {
+    SSLOn = PR_FALSE;
+    int port = 80;
+//--	static const char *DEBUG_METHOD_NAME = "Constructor";
+//-- 	DebugLogger *logger = DebugLogger::GetDebugLogger( DEBUG_MODULE );
+
+    char *pPort;
+
+
+    _addr = NULL;
+//  if( _addr != NULL ) {
+//      PL_strfree( _addr );
+//      _addr = NULL;
+//  }
+
+    if (addr) {
+        _addr = PL_strdup(addr); 
+    }
+
+    pPort = PL_strchr(_addr, ':');
+    if (pPort) {
+        *pPort = '\0';
+        port = atoi(++pPort);
+    }
+
+    /* kludge for doing IPv6 tests on localhost */
+    if (!PL_strcmp(_addr, "ip6-localhost") && (af == PR_AF_INET6)) {
+         PL_strcpy(_addr, "::1");
+    }
+
+    PR_InitializeNetAddr(PR_IpAddrNull, port, &_netAddr);
+
+    if (PR_StringToNetAddr(_addr, &_netAddr) == PR_FAILURE) {
+        char buf[2000];
+        PRHostEnt ent;
+
+        if (PR_GetIPNodeByName(_addr, af, PR_AI_DEFAULT,
+							   buf, sizeof(buf), &ent) == PR_SUCCESS) {
+            PR_EnumerateHostEnt(0, &ent, port, &_netAddr);
+        } else {
+//-- 		    ErrorLogger::GetErrorLogger()->Log(
+//--                 LOGLEVEL_SEVERE, PR_GetError(),
+              RA::Debug( LL_PER_PDU,
+                         "PSHttpServer::PSHttpServer: ",
+                         "PR_GetIPNodeByName returned error %d [%s] for "
+                         "address %s",
+                         PR_GetError (),
+                         "XXX",
+                         addr );
+//-- 		    logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+                    RA::Debug( LL_PER_PDU,
+                               "PSHttpServer::PSHttpServer: ",
+                               "PR_GetIPNodeByName returned error %d [%s] for "
+                               "address %s",
+                               PR_GetError(),
+                               "XXX",
+                               addr );
+        }
+    }
+}
+
+/**
+ * Destructor of the Httpserver class 
+ */
+PSHttpServer::~PSHttpServer() {
+    if( _addr != NULL ) {
+        PL_strfree( _addr );
+        _addr = NULL;
+    }
+}
+
+/**
+ * Turns SSL on or off for the connection
+ * @param SSLstate PR_TRUE to make an SSL connection
+ */
+void PSHttpServer::setSSL(PRBool SSLstate) {
+  SSLOn = SSLstate;
+}
+
+/**
+ * Returns the current SSL state for this PSHttpServer object
+ * @return PR_TRUE if SSL is enabled else PR_FALSE
+ */
+PRBool PSHttpServer::isSSL() const {
+  return SSLOn;
+}
+
+/**
+ * Returns the IP address of the HTTP server
+ * @return IP address of the server as a long
+ */
+
+long PSHttpServer::getIp() const {
+    return _netAddr.inet.ip;
+}
+
+/**
+ * Returns the port for the HTTP server
+ * @return port of the server
+ */
+
+long PSHttpServer::getPort() const {
+    return _netAddr.inet.port;
+}
+
+/**
+ * Returns the server IP address as a string
+ * @return server address as string
+*/
+const char * PSHttpServer::getAddr() const {
+    return _addr;
+}
+
+/**
+ * Gets the server addr as a PR_NetAddr structure
+ * @param addr PR_netaddr struct in which server address is returned
+ */
+void PSHttpServer::getAddr(PRNetAddr *addr) const {
+    memcpy(addr, &_netAddr, sizeof(_netAddr));
+}
+
+/**
+ * Fets the protocol as string: "HTTP/1.0" "HTTP/1.1" etc
+ * @return Protocol string
+ */
+const char *HttpProtocolToString(HttpProtocol proto) {
+    switch(proto) {
+        case HTTP09:
+            return "";
+        case HTTP10:
+            return "HTTP/1.0";
+        case HTTP11:
+            return "HTTP/1.1";
+        case HTTPBOGUS:
+            return "BOGO-PROTO";
+        case HTTPNA:
+			return NULL;
+    }
+
+    return NULL;
+}
+
+/**
+* Constructor for HttpMessage. This is a base class for PSHttpRequest
+*/
+HttpMessage :: HttpMessage(long len, const char* buf) {
+    firstline = NULL;
+    cl = 0;
+    proto = HTTPNA;
+
+    // search for the first line
+    int counter=0;
+    PRBool found = PR_FALSE;
+    while ( ( (counter++<len) && (PR_FALSE == found) ) ) {
+        if (buf[counter] != '\n') {
+            continue;
+		}
+        found = PR_TRUE;
+    }
+
+    // extract the first line
+    if (PR_TRUE == found) {
+        firstline=new char[counter+1];
+        memcpy(firstline, buf, counter);
+        firstline[counter] = '\0';
+    }
+}
+
+HttpMessage :: ~HttpMessage() {
+    if( firstline != NULL ) {
+        delete firstline;
+        firstline = NULL;
+    }
+}
+
+/*SecurityProtocols :: SecurityProtocols(PRBool s2, PRBool s3, PRBool t)
+{
+    ssl2 = s2;
+    ssl3 = s3;
+    tls = t;
+};
+
+const SecurityProtocols& SecurityProtocols :: operator = (const RWTPtrSlist<char>& protlist)
+{
+    ssl2 = PR_FALSE;
+    ssl3 = PR_FALSE;
+    tls = PR_FALSE;
+    PRInt32 i;
+    for (i = 0;i<protlist.entries();i++)
+    {
+        if (0 == strcmp(protlist.at(i), "SSL2"))
+        {
+            ssl2 = PR_TRUE;
+        };
+        if (0 == strcmp(protlist.at(i), "SSL3"))
+        {
+            ssl3 = PR_TRUE;
+        };
+        if (0 == strcmp(protlist.at(i), "TLS"))
+        {
+            tls = PR_TRUE;
+        };
+    };
+    return *this;
+};
+
+const SecurityProtocols& SecurityProtocols :: operator = (const SecurityProtocols& rhs)
+{
+    ssl2 = rhs.ssl2;
+    ssl3 = rhs.ssl3;
+    tls = rhs.tls;
+    return *this;
+};
+*/
+
+
+PRBool PSHttpServer::putFile(const char* localFile,
+							 const char* remoteUri) const {
+    PSHttpRequest request(this, remoteUri, HTTP10, Engine::globaltimeout);
+    request.setMethod("PUT");
+    request.useLocalFileAsBody(localFile);
+
+    PRBool rv = _putFile(request);
+    return rv;
+}
+
+PRBool PSHttpServer::putFile(const char *uri, int size) const {
+    PSHttpRequest request(this, uri, HTTP10, Engine::globaltimeout);
+    request.setMethod("PUT");
+    request.addRandomBody(size);
+
+    PRBool rv = _putFile(request);;
+    return rv;
+}
+
+PRBool PSHttpServer::_putFile(PSHttpRequest& request) const {
+    HttpEngine engine;
+    PRBool rv = PR_TRUE;
+
+    PSHttpResponse* response = engine.makeRequest(request, *this);
+
+    if (response) {
+        int status = response->getStatus();
+        if (status == 200 || status == 201 || status == 204) {
+            rv = PR_TRUE;
+        } else {
+            rv = PR_FALSE;
+        }
+        if( response != NULL ) {
+            delete response;
+            response = NULL;
+        }
+    } else {
+        rv = PR_FALSE;
+	}
+    return rv;
+}
+
diff --git a/pki/base/tps/src/httpClient/httpClient.cpp b/pki/base/tps/src/httpClient/httpClient.cpp
new file mode 100644
index 000000000..0e4649e45
--- /dev/null
+++ b/pki/base/tps/src/httpClient/httpClient.cpp
@@ -0,0 +1,71 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "nspr.h"
+#include <sys/types.h>
+
+#include <stdio.h>
+#ifndef XP_WIN32
+#include <unistd.h>  /* sleep */
+#else /* XP_WIN32 */
+#include <windows.h>
+#endif /* XP_WIN32 */
+
+#include "main/Base.h"
+#include "httpClient/httpc/http.h"
+#include "httpClient/httpc/request.h"
+#include "httpClient/httpc/response.h"
+#include "httpClient/httpc/engine.h"
+
+#include "engine/RA.h"
+#include "main/Memory.h"
+
+/*
+ * httpSend: sends to an HTTP server
+ *   host_port should be in the for "host:port"
+ *     e.g. ca.fedora.redhat.com:1027
+ *   uri should contain uri including parameter values
+ *     e.g. https://ca.fedora.redhat.com:1027/ca/profileSubmitSSLClient?profileId=userKey&screenname=user1&publickey=YWJjMTIzCg
+ *   method has to be "GET" or "POST"
+ *   body is the HTTP body.  Can have nothing.
+ */
+PSHttpResponse *httpSend(char *host_port, char *uri, char *method, char *body)
+{
+    const char* nickname;
+    nickname = RA::GetConfigStore()->GetConfigAsString("ra.clientNickname", "");
+
+    PSHttpServer server(host_port, PR_AF_INET);
+    server.setSSL(PR_TRUE);
+    // use "HTTP10" if no chunking
+    PSHttpRequest request( &server, uri, HTTP11, 0 );
+    request.setSSL(PR_TRUE);
+    request.setCertNickName(nickname);
+    request.setMethod(method);
+    if (body != NULL)
+        request.setBody( strlen(body), body);
+
+    // use with "POST" only
+    request.addHeader( "Content-Type", "text/xml" );
+    request.addHeader( "Connection", "keep-alive" );
+    HttpEngine engine;
+    PSHttpResponse *resp =  engine.makeRequest( request, server, 120 /*_timeout*/ , PR_TRUE /* expect chunked*/);
+
+    return resp;
+}
diff --git a/pki/base/tps/src/httpClient/nscperror.cpp b/pki/base/tps/src/httpClient/nscperror.cpp
new file mode 100644
index 000000000..38c722de2
--- /dev/null
+++ b/pki/base/tps/src/httpClient/nscperror.cpp
@@ -0,0 +1,358 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/* nscperrors.c
+ * Very crude error handling for nspr and libsec.
+ */
+
+#include "prerror.h"
+
+#define NSCP_NSPR_ERROR_BASE            (PR_NSPR_ERROR_BASE)
+#define NSCP_NSPR_MAX_ERROR             ((PR_MAX_ERROR) - 1)
+#define NSCP_LIBSEC_ERROR_BASE 		(-8192)
+#define NSCP_LIBSEC_MAX_ERROR           (NSCP_LIBSEC_ERROR_BASE + 118)
+#define NSCP_LIBSSL_ERROR_BASE 		(-12288)
+#define NSCP_LIBSSL_MAX_ERROR           (NSCP_LIBSSL_ERROR_BASE + 89)
+
+typedef struct nscp_error_t {
+    int errorNumber;
+    const char *errorString;
+} nscp_error_t;
+
+nscp_error_t nscp_nspr_errors[]  =  {
+    {  0, "Out of memory" },
+    {  1, "Bad file descriptor" },
+    {  2, "Data temporarily not available" },
+    {  3, "Access fault" },
+    {  4, "Invalid method" },
+    {  5, "Illegal access" },
+    {  6, "Unknown error" },
+    {  7, "Pending interrupt" },
+    {  8, "Not implemented" },
+    {  9, "IO error" },
+    { 10, "IO timeout error" },
+    { 11, "IO already pending error" },
+    { 12, "Directory open error" },
+    { 13, "Invalid Argument" },
+    { 14, "Address not available" },
+    { 15, "Address not supported" },
+    { 16, "Already connected" },
+    { 17, "Bad address" },
+    { 18, "Address already in use" },
+    { 19, "Connection refused" },
+    { 20, "Network unreachable" },
+    { 21, "Connection timed out" },
+    { 22, "Not connected" },
+    { 23, "Load library error" },
+    { 24, "Unload library error" },
+    { 25, "Find symbol error" },
+    { 26, "Insufficient resources" },
+    { 27, "Directory lookup error" },
+    { 28, "Invalid thread private data key" },
+    { 29, "PR_PROC_DESC_TABLE_FULL_ERROR" },
+    { 30, "PR_SYS_DESC_TABLE_FULL_ERROR" },
+    { 31, "Descriptor is not a socket" },
+    { 32, "Descriptor is not a TCP socket" },
+    { 33, "Socket address is already bound" },
+    { 34, "No access rights" },
+    { 35, "Operation not supported" },
+    { 36, "Protocol not supported" },
+    { 37, "Remote file error" },
+    { 38, "Buffer overflow error" },
+    { 39, "Connection reset by peer" },
+    { 40, "Range error" },
+    { 41, "Deadlock error" },
+    { 42, "File is locked" },
+    { 43, "File is too big" },
+    { 44, "No space on device" },
+    { 45, "Pipe error" },
+    { 46, "No seek on device" },
+    { 47, "File is a directory" },
+    { 48, "Loop error" },
+    { 49, "Name too long" },
+    { 50, "File not found" },
+    { 51, "File is not a directory" },
+    { 52, "Read-only filesystem" },
+    { 53, "Directory not empty" },
+    { 54, "Filesystem mounted" },
+    { 55, "Not same device" },
+    { 56, "Directory corrupted" },
+    { 57, "File exists" },
+    { 58, "Maximum directory entries" },
+    { 59, "Invalid device state" },
+    { 60, "Device is locked" },
+    { 61, "No more files" },
+    { 62, "End of file" },
+    { 63, "File seek error" },
+    { 64, "File is busy" },
+    { 65, "NSPR error 65" },
+    { 66, "In progress error" },
+    { 67, "Already initiated" },
+    { 68, "Group empty" },
+    { 69, "Invalid state" },
+    { 70, "Network down" },
+    { 71, "Socket shutdown" },
+    { 72, "Connect aborted" },
+    { 73, "Host unreachable" }
+};
+
+#if (PR_MAX_ERROR - PR_NSPR_ERROR_BASE) > 74
+// cfu temporarily get rid of the "#error NSPR error table is too small" error
+//#error NSPR error table is too small
+#endif
+
+nscp_error_t nscp_libsec_errors[] = {
+    {  0, "SEC_ERROR_IO - I/O Error" },
+    {  1, "SEC_ERROR_LIBRARY_FAILURE - Library Failure" },
+    {  2, "SEC_ERROR_BAD_DATA - Bad data was received" },
+    {  3, "SEC_ERROR_OUTPUT_LEN" },
+    {  4, "SEC_ERROR_INPUT_LEN" },
+    {  5, "SEC_ERROR_INVALID_ARGS" },
+    {  6, "SEC_ERROR_INVALID_ALGORITHM - Certificate contains invalid encryption or signature algorithm" },
+    {  7, "SEC_ERROR_INVALID_AVA" },
+    {  8, "SEC_ERROR_INVALID_TIME - Certificate contains an invalid time value" },
+    {  9, "SEC_ERROR_BAD_DER - Certificate is improperly DER encoded" },
+    { 10, "SEC_ERROR_BAD_SIGNATURE - Certificate has invalid signature" },
+    { 11, "SEC_ERROR_EXPIRED_CERTIFICATE - Certificate has expired" },
+    { 12, "SEC_ERROR_REVOKED_CERTIFICATE - Certificate has been revoked" },
+    { 13, "SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer" },
+    { 14, "SEC_ERROR_BAD_KEY - Invalid public key in certificate." },
+    { 15, "SEC_ERROR_BAD_PASSWORD" },
+    { 16, "SEC_ERROR_UNUSED" },
+    { 17, "SEC_ERROR_NO_NODELOCK" },
+    { 18, "SEC_ERROR_BAD_DATABASE - Problem using certificate or key database" },
+    { 19, "SEC_ERROR_NO_MEMORY - Out of Memory" },
+    { 20, "SEC_ERROR_UNTRUSTED_ISSUER - Certificate is signed by an untrusted issuer" },
+    { 21, "SEC_ERROR_UNTRUSTED_CERT" },
+    { 22, "SEC_ERROR_DUPLICATE_CERT" },
+    { 23, "SEC_ERROR_DUPLICATE_CERT_TIME" },
+    { 24, "SEC_ERROR_ADDING_CERT" },
+    { 25, "SEC_ERROR_FILING_KEY" },
+    { 26, "SEC_ERROR_NO_KEY" },
+    { 27, "SEC_ERROR_CERT_VALID" },
+    { 28, "SEC_ERROR_CERT_NOT_VALID" },
+    { 29, "SEC_ERROR_CERT_NO_RESPONSE" },
+    { 30, "SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE" },
+    { 31, "SEC_ERROR_CRL_EXPIRED" },
+    { 32, "SEC_ERROR_CRL_BAD_SIGNATURE" },
+    { 33, "SEC_ERROR_CRL_INVALID" },
+    { 34, "SEC_ERROR_EXTENSION_VALUE_INVALID" },
+    { 35, "SEC_ERROR_EXTENSION_NOT_FOUND" },
+    { 36, "SEC_ERROR_CA_CERT_INVALID" },
+    { 37, "SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID" },
+    { 38, "SEC_ERROR_CERT_USAGES_INVALID" },
+    { 39, "SEC_INTERNAL_ONLY" },
+    { 40, "SEC_ERROR_INVALID_KEY" },
+    { 41, "SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION" },
+    { 42, "SEC_ERROR_OLD_CRL" },
+    { 43, "SEC_ERROR_NO_EMAIL_CERT" },
+    { 44, "SEC_ERROR_NO_RECIPIENT_CERTS_QUERY" },
+    { 45, "SEC_ERROR_NOT_A_RECIPIENT" },
+    { 46, "SEC_ERROR_PKCS7_KEYALG_MISMATCH" },
+    { 47, "SEC_ERROR_PKCS7_BAD_SIGNATURE" },
+    { 48, "SEC_ERROR_UNSUPPORTED_KEYALG" },
+    { 49, "SEC_ERROR_DECRYPTION_DISALLOWED" },
+    { 50, "XP_SEC_FORTEZZA_BAD_CARD" },
+    { 51, "XP_SEC_FORTEZZA_NO_CARD" },
+    { 52, "XP_SEC_FORTEZZA_NONE_SELECTED" },
+    { 53, "XP_SEC_FORTEZZA_MORE_INFO" },
+    { 54, "XP_SEC_FORTEZZA_PERSON_NOT_FOUND" },
+    { 55, "XP_SEC_FORTEZZA_NO_MORE_INFO" },
+    { 56, "XP_SEC_FORTEZZA_BAD_PIN" },
+    { 57, "XP_SEC_FORTEZZA_PERSON_ERROR" },
+    { 58, "SEC_ERROR_NO_KRL" },
+    { 59, "SEC_ERROR_KRL_EXPIRED" },
+    { 60, "SEC_ERROR_KRL_BAD_SIGNATURE" },
+    { 61, "SEC_ERROR_REVOKED_KEY" },
+    { 62, "SEC_ERROR_KRL_INVALID" },
+    { 63, "SEC_ERROR_NEED_RANDOM" },
+    { 64, "SEC_ERROR_NO_MODULE" },
+    { 65, "SEC_ERROR_NO_TOKEN" },
+    { 66, "SEC_ERROR_READ_ONLY" },
+    { 67, "SEC_ERROR_NO_SLOT_SELECTED" },
+    { 68, "SEC_ERROR_CERT_NICKNAME_COLLISION" },
+    { 69, "SEC_ERROR_KEY_NICKNAME_COLLISION" },
+    { 70, "SEC_ERROR_SAFE_NOT_CREATED" },
+    { 71, "SEC_ERROR_BAGGAGE_NOT_CREATED" },
+    { 72, "XP_JAVA_REMOVE_PRINCIPAL_ERROR" },
+    { 73, "XP_JAVA_DELETE_PRIVILEGE_ERROR" },
+    { 74, "XP_JAVA_CERT_NOT_EXISTS_ERROR" },
+    { 75, "SEC_ERROR_BAD_EXPORT_ALGORITHM" },
+    { 76, "SEC_ERROR_EXPORTING_CERTIFICATES" },
+    { 77, "SEC_ERROR_IMPORTING_CERTIFICATES" },
+    { 78, "SEC_ERROR_PKCS12_DECODING_PFX" },
+    { 79, "SEC_ERROR_PKCS12_INVALID_MAC" },
+    { 80, "SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM" },
+    { 81, "SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE" },
+    { 82, "SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE" },
+    { 83, "SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM" },
+    { 84, "SEC_ERROR_PKCS12_UNSUPPORTED_VERSION" },
+    { 85, "SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT" },
+    { 86, "SEC_ERROR_PKCS12_CERT_COLLISION" },
+    { 87, "SEC_ERROR_USER_CANCELLED" },
+    { 88, "SEC_ERROR_PKCS12_DUPLICATE_DATA" },
+    { 89, "SEC_ERROR_MESSAGE_SEND_ABORTED" },
+    { 90, "SEC_ERROR_INADEQUATE_KEY_USAGE" },
+    { 91, "SEC_ERROR_INADEQUATE_CERT_TYPE" },
+    { 92, "SEC_ERROR_CERT_ADDR_MISMATCH" },
+    { 93, "SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY" },
+    { 94, "SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN" },
+    { 95, "SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME" },
+    { 96, "SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY" },
+    { 97, "SEC_ERROR_PKCS12_UNABLE_TO_WRITE" },
+    { 98, "SEC_ERROR_PKCS12_UNABLE_TO_READ" },
+    { 99, "SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED" },
+    { 100, "SEC_ERROR_KEYGEN_FAIL" },
+    { 101, "SEC_ERROR_INVALID_PASSWORD" },
+    { 102, "SEC_ERROR_RETRY_OLD_PASSWORD" },
+    { 103, "SEC_ERROR_BAD_NICKNAME" },
+    { 104, "SEC_ERROR_NOT_FORTEZZA_ISSUER" },
+    { 105, "unused error" },
+    { 106, "SEC_ERROR_JS_INVALID_MODULE_NAME" },
+    { 107, "SEC_ERROR_JS_INVALID_DLL" },
+    { 108, "SEC_ERROR_JS_ADD_MOD_FAILURE" },
+    { 109, "SEC_ERROR_JS_DEL_MOD_FAILURE" },
+    { 110, "SEC_ERROR_OLD_KRL" },
+    { 111, "SEC_ERROR_CKL_CONFLICT" },
+    { 112, "SEC_ERROR_CERT_NOT_IN_NAME_SPACE" },
+    { 113, "SEC_ERROR_KRL_NOT_YET_VALID" },
+    { 114, "SEC_ERROR_CRL_NOT_YET_VALID" },
+    { 115, "SEC_ERROR_CERT_STATUS_SERVER_ERROR" },
+    { 116, "SEC_ERROR_CERT_STATUS_UNKNOWN" },
+    { 117, "SEC_ERROR_CERT_REVOKED_SINCE" },
+    { 118, "SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE" }
+};
+
+nscp_error_t nscp_libssl_errors[] = {
+    {  0, "SSL_ERROR_EXPORT_ONLY_SERVER - client does not support high-grade encryption." },
+    {  1, "SSL_ERROR_US_ONLY_SERVER - client requires high-grade encryption which is not supported." },
+    {  2, "SSL_ERROR_NO_CYPHER_OVERLAP - no common encryption algorithm(s) with client." },
+    {  3, "SSL_ERROR_NO_CERTIFICATE - unable to find the certificate or key necessary for authentication." },
+    {  4, "SSL_ERROR_BAD_CERTIFICATE - unable to communicate securely wih peer: peer's certificate was rejected." },
+    {  5, "unused SSL error #5" },
+    {  6, "SSL_ERROR_BAD_CLIENT - protocol error." },
+    {  7, "SSL_ERROR_BAD_SERVER - protocol error." },
+    {  8, "SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE - unsupported certificate type." },
+    {  9, "SSL_ERROR_UNSUPPORTED_VERSION - client is using unsupported SSL version." },
+    { 10, "unused SSL error #10" },
+    { 11, "SSL_ERROR_WRONG_CERTIFICATE - the public key in the server's own certificate does not match its private key" },
+    { 12, "SSL_ERROR_BAD_CERT_DOMAIN - requested domain name does not match the server's certificate." },
+    { 13, "SSL_ERROR_POST_WARNING" },
+    { 14, "SSL_ERROR_SSL2_DISABLED - peer only supports SSL version 2, which is locally disabled" },
+    { 15, "SSL_ERROR_BAD_MAC_READ - SSL has received a record with an incorrect Message Authentication Code." },
+    { 16, "SSL_ERROR_BAD_MAC_ALERT - SSL has received an error indicating an incorrect Message Authentication Code." },
+    { 17, "SSL_ERROR_BAD_CERT_ALERT - SSL client cannot verify your certificate." },
+    { 18, "SSL_ERROR_REVOKED_CERT_ALERT - the server has rejected your certificate as revoked." },
+    { 19, "SSL_ERROR_EXPIRED_CERT_ALERT - the server has rejected your certificate as expired." },
+    { 20, "SSL_ERROR_SSL_DISABLED - cannot connect: SSL is disabled." },
+    { 21, "SSL_ERROR_FORTEZZA_PQG - cannot connect: SSL peer is in another Fortezza domain" },
+    { 22, "SSL_ERROR_UNKNOWN_CIPHER_SUITE - an unknown SSL cipher suite has been requested" },
+    { 23, "SSL_ERROR_NO_CIPHERS_SUPPORTED - no cipher suites are present and enabled in this program" },
+    { 24, "SSL_ERROR_BAD_BLOCK_PADDING" },
+    { 25, "SSL_ERROR_RX_RECORD_TOO_LONG" },
+    { 26, "SSL_ERROR_TX_RECORD_TOO_LONG" },
+    { 27, "SSL_ERROR_RX_MALFORMED_HELLO_REQUEST" },
+    { 28, "SSL_ERROR_RX_MALFORMED_CLIENT_HELLO" },
+    { 29, "SSL_ERROR_RX_MALFORMED_SERVER_HELLO" },
+    { 30, "SSL_ERROR_RX_MALFORMED_CERTIFICATE" },
+    { 31, "SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH" },
+    { 32, "SSL_ERROR_RX_MALFORMED_CERT_REQUEST" },
+    { 33, "SSL_ERROR_RX_MALFORMED_HELLO_DONE" },
+    { 34, "SSL_ERROR_RX_MALFORMED_CERT_VERIFY" },
+    { 35, "SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH" },
+    { 36, "SSL_ERROR_RX_MALFORMED_FINISHED" },
+    { 37, "SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER" },
+    { 38, "SSL_ERROR_RX_MALFORMED_ALERT" },
+    { 39, "SSL_ERROR_RX_MALFORMED_HANDSHAKE" },
+    { 40, "SSL_ERROR_RX_MALFORMED_APPLICATION_DATA" },
+    { 41, "SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST" },
+    { 42, "SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO" },
+    { 43, "SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO" },
+    { 44, "SSL_ERROR_RX_UNEXPECTED_CERTIFICATE" },
+    { 45, "SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH" },
+    { 46, "SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST" },
+    { 47, "SSL_ERROR_RX_UNEXPECTED_HELLO_DONE" },
+    { 48, "SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY" },
+    { 49, "SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH" },
+    { 50, "SSL_ERROR_RX_UNEXPECTED_FINISHED" },
+    { 51, "SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER" },
+    { 52, "SSL_ERROR_RX_UNEXPECTED_ALERT" },
+    { 53, "SSL_ERROR_RX_UNEXPECTED_HANDSHAKE" },
+    { 54, "SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA" },
+    { 55, "SSL_ERROR_RX_UNKNOWN_RECORD_TYPE" },
+    { 56, "SSL_ERROR_RX_UNKNOWN_HANDSHAKE" },
+    { 57, "SSL_ERROR_RX_UNKNOWN_ALERT" },
+    { 58, "SSL_ERROR_CLOSE_NOTIFY_ALERT - SSL peer has closed the connection" },
+    { 59, "SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT" },
+    { 60, "SSL_ERROR_DECOMPRESSION_FAILURE_ALERT" },
+    { 61, "SSL_ERROR_HANDSHAKE_FAILURE_ALERT" },
+    { 62, "SSL_ERROR_ILLEGAL_PARAMETER_ALERT" },
+    { 63, "SSL_ERROR_UNSUPPORTED_CERT_ALERT" },
+    { 64, "SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT" },
+    { 65, "SSL_ERROR_GENERATE_RANDOM_FAILURE" },
+    { 66, "SSL_ERROR_SIGN_HASHES_FAILURE" },
+    { 67, "SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE" },
+    { 68, "SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE" },
+    { 69, "SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE" },
+    { 70, "SSL_ERROR_ENCRYPTION_FAILURE" },
+    { 71, "SSL_ERROR_DECRYPTION_FAILURE" },
+    { 72, "SSL_ERROR_SOCKET_WRITE_FAILURE" },
+    { 73, "SSL_ERROR_MD5_DIGEST_FAILURE" },
+    { 74, "SSL_ERROR_SHA_DIGEST_FAILURE" },
+    { 75, "SSL_ERROR_MAC_COMPUTATION_FAILURE" },
+    { 76, "SSL_ERROR_SYM_KEY_CONTEXT_FAILURE" },
+    { 77, "SSL_ERROR_SYM_KEY_UNWRAP_FAILURE" },
+    { 78, "SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED" },
+    { 79, "SSL_ERROR_IV_PARAM_FAILURE" },
+    { 80, "SSL_ERROR_INIT_CIPHER_SUITE_FAILURE" },
+    { 81, "SSL_ERROR_SESSION_KEY_GEN_FAILURE" },
+    { 82, "SSL_ERROR_NO_SERVER_KEY_FOR_ALG" },
+    { 83, "SSL_ERROR_TOKEN_INSERTION_REMOVAL" },
+    { 84, "SSL_ERROR_TOKEN_SLOT_NOT_FOUND" },
+    { 85, "SSL_ERROR_NO_COMPRESSION_OVERLAP" },
+    { 86, "SSL_ERROR_HANDSHAKE_NOT_COMPLETED" },
+    { 87, "SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE" },
+    { 88, "SSL_ERROR_CERT_KEA_MISMATCH" },
+    { 89, "SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA - the CA that signed the client certificate is not trusted locally" }
+};
+
+#ifdef WIN32
+#define __EXPORT __declspec(dllexport)
+#else
+#define __EXPORT
+#endif
+
+__EXPORT const char* nscperror_lookup(int error)
+{
+    const char *errmsg;
+
+    if ((error >= NSCP_NSPR_ERROR_BASE) && (error <= NSCP_NSPR_MAX_ERROR)) {
+        errmsg = nscp_nspr_errors[error-NSCP_NSPR_ERROR_BASE].errorString;
+        return errmsg;
+    } else if ((error >= NSCP_LIBSEC_ERROR_BASE) &&
+        (error <= NSCP_LIBSEC_MAX_ERROR)) {
+        return nscp_libsec_errors[error-NSCP_LIBSEC_ERROR_BASE].errorString;
+    } else if ((error >= NSCP_LIBSSL_ERROR_BASE) &&
+        (error <= NSCP_LIBSSL_MAX_ERROR)) {
+        return nscp_libssl_errors[error-NSCP_LIBSSL_ERROR_BASE].errorString;
+    } else {
+        return (const char *)NULL;
+    }
+}
diff --git a/pki/base/tps/src/httpClient/request.cpp b/pki/base/tps/src/httpClient/request.cpp
new file mode 100644
index 000000000..080f2047f
--- /dev/null
+++ b/pki/base/tps/src/httpClient/request.cpp
@@ -0,0 +1,431 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#include <string.h>
+#include "httpClient/httpc/request.h"
+#include "httpClient/httpc/engine.h"
+#include "httpClient/httpc/PSPRUtil.h"
+#include "engine/RA.h"
+#include "main/Memory.h"
+
+//-- static const char *DEBUG_MODULE = "httpclient";
+//-- static const char *DEBUG_CLASS_NAME = "PSHttpRequest";
+
+/**
+ * Constructor
+ * @param server The server to send request to 
+ * @param uri The uri representing the request e.g /presence/start
+ * @param prot HTTP10 or HTTP11 .
+ * @param to Timeout ... ignore for now
+ */
+
+PSHttpRequest::PSHttpRequest(const PSHttpServer* server,
+							 const char *uri,
+							 HttpProtocol prot,
+							 PRIntervalTime to) :  NetRequest(server) {
+    //timeout = to;
+	timeout = PR_INTERVAL_NO_TIMEOUT;
+    _method = PL_strdup("GET");
+    _uri = PL_strdup(uri);
+    _proto = prot;
+    _body = NULL;
+    _bodyLength = -1;
+    _expectedResponseLength = -1;
+    _expectStandardBody = PR_FALSE;
+    _expectDynamicBody = PR_FALSE;
+    _hangupOk = PR_FALSE;
+	_fileFd = NULL;
+	nickName = NULL;
+	_headers = new StringKeyCache("request",10*60);
+}
+
+/**
+ * Destructor
+ *
+ */
+
+PSHttpRequest::~PSHttpRequest() {
+    if( _method != NULL ) {
+        PL_strfree( _method );
+        _method = NULL;
+    }
+    if( _uri != NULL ) {
+        PL_strfree( _uri );
+        _uri = NULL;
+    }
+    if( nickName != NULL ) {
+        PL_strfree( nickName );
+        nickName = NULL;
+    }
+    if( _fileFd != NULL ) {
+        PR_Close( _fileFd );
+        _fileFd = NULL;
+    }
+    if( _headers != NULL ) {
+        delete _headers;
+        _headers = NULL;
+    }
+}
+
+/**
+ * sets the request method for Http protocol
+ * @param method GET /POST etc
+ *
+ */
+
+PRBool PSHttpRequest::setMethod(const char *method) {
+    if( _method != NULL ) {
+        free( _method );
+        _method = NULL;
+    }
+    _method = PL_strdup(method);
+    return PR_TRUE;
+}
+
+void PSHttpRequest::setExpectedResponseLength(int size) {
+    _expectedResponseLength = size;
+}
+
+void PSHttpRequest::setExpectStandardBody() {
+    _expectStandardBody = PR_TRUE;
+}
+
+void PSHttpRequest::setExpectDynamicBody() {
+    _expectDynamicBody = PR_TRUE;
+}
+
+PRBool PSHttpRequest::getExpectStandardBody() {
+    return _expectStandardBody;
+}
+
+PRBool PSHttpRequest::getExpectDynamicBody() {
+    return _expectDynamicBody;
+}
+
+int PSHttpRequest::getExpectedResponseLength() {
+    return _expectedResponseLength;
+}
+
+/**
+ * Returns the method to use
+ *
+ * @return GET /POST etc
+ */
+
+char * PSHttpRequest::getMethod() {
+    return _method;
+}
+
+/**
+ * Returns HTTP0 or HTTP11
+ */
+HttpProtocol HttpMessage::getProtocol() const {
+    return proto;
+}
+
+/**
+ * Adds an HTTP header to the request
+ *
+ * @param name header name
+ * @param value  header value
+ */
+PRBool PSHttpRequest::addHeader(const char *name, const char *value) {
+    char *dvalue = PL_strdup(value);
+    CacheEntry *entry = _headers->Put(name,dvalue);
+	if (entry == NULL ) {
+        if( dvalue != NULL ) {
+            PL_strfree( dvalue );
+            dvalue = NULL;
+        }
+		return PR_FALSE;
+	} else {
+		return PR_TRUE;
+	}
+}
+
+/**
+ * Gets the value for a header for this HTTP request object
+ *
+ * @param name Name of the header
+ * @return The value of the header in the request object
+ */
+
+const char * PSHttpRequest::getHeader(const char *name) {
+    CacheEntry *entry = _headers->Get(name);
+	return entry ? (char *)entry->GetData() : NULL;
+}
+
+/**
+ * Sets the body of a POST message
+ *
+ * @param size Content length
+ * @param body Content of the message; it is not copied
+ * @return PR_TRUE if the Content-length header can be set
+ */
+PRBool PSHttpRequest::setBody(int size, const char* body) {
+    char byteStr[12];
+
+    sprintf(byteStr, "%d", size);
+    if (!addHeader("Content-length", byteStr)) {
+        return PR_FALSE;
+	}
+
+    _bodyLength = size;
+    _body = (char *)body;
+
+    return PR_TRUE;
+}
+
+PRBool PSHttpRequest::addRandomBody(int size) {
+    char byteStr[12];
+
+    sprintf(byteStr, "%d", size);
+    if (!addHeader("Content-length", byteStr)) {
+        return PR_FALSE;
+	}
+
+    _bodyLength = size;
+
+    return PR_TRUE;
+}
+
+PRBool PSHttpRequest::useLocalFileAsBody(const char* fileName) {
+    PRBool res  = PR_FALSE;
+    PRFileInfo finfo;
+	if (PR_GetFileInfo(fileName, &finfo) == PR_SUCCESS) {
+		res = PR_TRUE;
+		char byteStr[25];
+		sprintf(byteStr, "%d", finfo.size);
+		if (!addHeader("Content-length", byteStr)) {
+			return PR_FALSE;
+		}
+		_bodyLength = finfo.size;
+		_fileFd = PR_Open(fileName, PR_RDONLY, 0);
+		if (!_fileFd) {
+			return PR_FALSE;
+		}
+    }
+
+    return PR_TRUE;
+}
+
+/**
+ * This function sends the HTTP request to the server. 
+ * @param sock - the connection onto which the request is to be sent
+ */
+
+PRBool PSHttpRequest::send( PRFileDesc *sock ) {
+    const char *hostname;
+//--	static const char *DEBUG_METHOD_NAME = "send";
+//-- 	DebugLogger *logger = DebugLogger::GetDebugLogger( DEBUG_MODULE );
+
+    PRBool rv = PR_FALSE;
+	if (!sock) {
+		return rv;
+	}
+
+    char *data = NULL;
+
+    if (_proto == HTTP11) {
+        hostname = getHeader("host");
+
+        if (hostname == NULL) {
+            // long port = _server->getPort();
+
+            char address[100];
+            PR_snprintf(address, 100, "%s:%d", _server->getAddr(),
+              _server->getPort());
+            addHeader("host", address);
+        }
+    }
+
+	// create the HTTP string "GET /presence/stop HTTP/1.0"
+    char *path = strstr( _uri, "//" );
+    if ( path ) {
+        path = strchr( path + 2, '/' );
+    }
+    if ( !path ) {
+        path = _uri;
+    }
+	data = PR_smprintf( "%s %s %s\r\n", _method, path,
+                        HttpProtocolToString(_proto) );
+
+    // Send HTTP headers
+	char **keys;
+	char *headerValue = NULL;
+	int nKeys = _headers->GetKeys( &keys );
+	for ( int i = 0 ; i < nKeys; i++ ) {
+		CacheEntry *entry = _headers->Get( keys[i] );
+		if (entry) {
+			headerValue =  (char *)entry->GetData();
+			//adds the headers name: value
+			data = PR_sprintf_append(data,"%s: %s\r\n",keys[i],headerValue);
+            if( headerValue != NULL ) {
+                PL_strfree( headerValue );
+                headerValue = NULL;
+            }
+		}
+        entry = _headers->Remove(keys[i]);
+        if( entry != NULL ) {
+            delete entry;
+            entry = NULL;
+        }
+        if( keys[i] != NULL ) {
+            delete [] ( keys[i] );
+            keys[i] = NULL;
+        }
+    }
+    if( keys != NULL ) {
+        delete [] keys;
+        keys = NULL;
+    }
+
+    // Send terminator
+	data = PR_sprintf_append(data,"\r\n");
+
+	int len = PL_strlen(data);
+	//send the data ..
+	int bytes = PR_Send(sock, data, len, 0, timeout);
+    if( data != NULL ) {
+        PR_smprintf_free( data );
+        data = NULL;
+    }
+	if ( bytes != len ) {
+//-- 	    logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 					 DEBUG_METHOD_NAME,
+                RA::Debug( LL_PER_PDU,
+                           "PSHttpRequest::send: ",
+                           "Error sending request -- PR_Send returned(%d) Msg=%s\n",
+                           PR_GetError(),
+                           "XXX" );
+        return PR_FALSE;
+    }
+
+    if ( _fileFd ) {
+        // Send body from file
+		PRInt32 bytesSent = PR_TransmitFile(sock, _fileFd, 0, 0, 
+											PR_TRANSMITFILE_KEEP_OPEN, 
+											timeout);
+		if ( bytesSent < 0 ) {
+//-- 			logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+                    RA::Debug( LL_PER_PDU,
+                               "PSHttpRequest::send: ",
+                               "Error sending request\n" );
+			return PR_FALSE;
+		}
+    } else if (_bodyLength > 0) {
+        // Send internally stored body
+        char *allocated = NULL;
+        if ( !_body ) {
+            // Send a generated pattern
+            _body = allocated = new char[_bodyLength];
+            for ( int index = 0; index < _bodyLength; index++ ) {
+				_body[index] = (unsigned char)(index %256);
+            }
+        }
+        int sentBytes = 0;
+        char *toSend = _body;
+        for ( int i = _bodyLength; i > 0; i -= sentBytes ) {
+            sentBytes = PR_Send( sock, toSend, i, 0, timeout );
+            if ( sentBytes < 0 ) {
+//--                 logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//--                              DEBUG_METHOD_NAME,
+                      RA::Debug( LL_PER_PDU,
+                                 "PSHttpRequest::send: ",
+                                 "Error sending request in PR_Send\n" );
+                return PR_FALSE;
+            }
+            toSend += sentBytes;
+        }
+        if ( allocated ) {
+            if( _body != NULL ) {
+                delete [] _body;
+                _body = NULL;
+            }
+        }
+    }
+
+    return PR_TRUE;
+}
+
+/**
+ * Sets the nickname for the client cert to be send to the server
+ * @param certName Nickname of the cert in the cert db
+ */
+void PSHttpRequest::setCertNickName(const char *certName) {
+	nickName = PL_strdup(certName);
+}
+
+/**
+ * Gets the nickname for the client cert
+ * @return certName Nickname of the cert in the cert db
+ */
+char * PSHttpRequest::getCertNickName() {
+	return nickName;
+}
+
+void PSHttpRequest::setHangupOk() {
+    _hangupOk = PR_TRUE;
+}
+
+PRBool PSHttpRequest::isHangupOk() {
+    return(_hangupOk);
+}
+
+
+/**
+ * returns PR_TRUE if ssl is enabled for this request
+ */
+PRBool NetRequest::isSSL() const {
+  return SSLOn;
+}
+
+/**
+ * enable/disable SSL for the request
+ */
+void NetRequest::setSSL(PRBool SSLstate) {
+  SSLOn=SSLstate;
+}
+
+/** 
+* Constructor for NetRequest class. This is a superclass of httprequest class
+* @param server The server to which the request is to be send
+*/
+NetRequest :: NetRequest(const PSHttpServer* server) {
+    _server = server;
+    timeout = Engine::globaltimeout;
+    SSLOn=PR_FALSE;
+    if (server)
+        SSLOn=server->isSSL();
+    handshake = PR_FALSE;
+    cipherCount = 0;
+    cipherSet = NULL;
+
+}
+
+/** 
+* Returns the current configured timeout
+*/
+PRIntervalTime NetRequest :: getTimeout() const {
+    return timeout;
+}
diff --git a/pki/base/tps/src/httpClient/response.cpp b/pki/base/tps/src/httpClient/response.cpp
new file mode 100644
index 000000000..9aebaae06
--- /dev/null
+++ b/pki/base/tps/src/httpClient/response.cpp
@@ -0,0 +1,1115 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+/**
+ * HTTP response handler
+ */
+
+#include <ctype.h>
+#include <string.h>
+#include <math.h>
+
+#include "nspr.h"
+#include "engine/RA.h"
+#include "main/Util.h"
+#include "httpClient/httpc/response.h"
+#include "httpClient/httpc/engine.h"
+//-- #include "httpClient/httpc/DebugLogger.h"
+#include "httpClient/httpc/PSPRUtil.h"
+#include "main/Memory.h"
+
+//-- static const char *DEBUG_MODULE = "httpclient";
+//-- static const char *DEBUG_CLASS_NAME = "PSHttpResponse";
+void printBuf(int , char* );
+
+/**
+ * Constructor. This class is used by  the HttpResponse class for reading and
+ * processing data from the socket
+ * @param socket The NSPR socket from which the response is expected
+ * @param size The size of the internal buffer to hold data
+ * @param timeout Timeout in seconds on receiving a response
+ */
+
+RecvBuf::RecvBuf( const PRFileDesc *socket, int size, int timeout ) {
+    _socket = socket;
+    _allocSize = size;
+    _buf = (char *)PR_Malloc(size);
+    _curPos = 0;
+    _curSize = 0;
+    _chunkedMode = PR_FALSE;
+    _currentChunkSize = _currentChunkBytesRead = 0;
+    _timeout = PR_TicksPerSecond() * timeout;
+    _content = NULL;
+}
+
+/**
+ * Destructor
+ */
+RecvBuf::~RecvBuf() {
+    if( _buf != NULL ) {
+        PR_Free( _buf );
+        _buf = NULL;
+    }
+}
+
+/**
+ * Reads the specified number of bytes from the socket and place it into the buffer
+ *
+ * @param socket The NSPR socket from which the response is expected
+ * @param size The size of the buffer
+ * @return PR_TRUE on success, otherwise PR_FALSE
+ */
+PRBool RecvBuf::_getBytes(int size) {
+//--     DebugLogger *logger = DebugLogger::GetDebugLogger( DEBUG_MODULE );
+    PRErrorCode pec;
+    _curPos = 0;
+
+    int num =1;
+    int i =0;
+    PRBool endChunk= PR_FALSE;
+    RA::Debug( LL_PER_PDU,
+               "RecvBuf::_getBytes: ",
+               "Start RecvBuf::_getBytes" );
+    // actual reading from the socket happens here
+    do {
+        num = PR_Recv( (PRFileDesc*)_socket, 
+                       &_buf[_curSize], 
+                       _allocSize-_curSize, 
+                       0, 
+                       _timeout );
+        RA::Debug( LL_PER_PDU,
+                   "RecvBuf::_getBytes: ",
+                   "num of bytes read from the socket=%d",
+                   num );
+        /*
+         * in chunked mode, ending chunk contains a 0 to begin
+         * loop through to see if it contains just 0 (skip carriage returns
+         * endChunk indicates possible end chunk.
+         */
+        if ((_chunkedMode == PR_TRUE) && (num < 10)) {
+            endChunk = PR_FALSE;
+
+            for (i=0; i< num; i++) {
+                if (endChunk == PR_TRUE) {
+                    if ((_buf[_curSize+i] == 13) || (_buf[_curSize+i] == 10))
+                        continue;
+                    else {
+                        endChunk = PR_FALSE;
+                        break; // not an endChunk
+                    }
+                } else { // endChunk==PR_FALSE
+                    if (_buf[_curSize+i] == '0') {
+                        RA::Debug( LL_PER_PDU,
+                                   "RecvBuf::_getBytes: ",
+                                   "may be chunked mode end chunk" );
+                        endChunk = PR_TRUE;
+                    } else if ((_buf[_curSize+i] == 13) || (_buf[_curSize+i] == 10))
+                        continue;
+                    else {
+                        endChunk = PR_FALSE;
+                        break; // not an endChunk
+                    }
+                }
+            } // for
+        }
+
+        if (num >0)
+            _curSize = _curSize+num;
+
+        if (_chunkedMode == PR_FALSE) {
+            if (getAllContent()) {
+                RA::Debug( LL_PER_PDU,
+                           "RecvBuf::_getBytes: ",
+                           "Already got all the content, no need to call PR_Recv again." );
+                break;
+            }
+        }
+
+        if (endChunk == PR_TRUE)
+            break;
+    } while (num > 0);
+
+    if (num <0) {
+        pec = PR_GetError();
+        RA::Debug( LL_PER_PDU,
+                   "RecvBuf::_getBytes: ",
+                   "error in pr_recv, err=%d",
+                   pec );
+    }
+
+    if ( _curSize <= 0 ) {
+        return PR_FALSE;
+    }
+	
+	_buf[_curSize] = '\0';
+//--     logger->Log( LOGLEVEL_FINEST, DEBUG_CLASS_NAME,
+//--                  "getBytes",
+
+    _content = (char *) PR_Malloc(_curSize+1);
+    if (_content == NULL) {
+	    return PR_FALSE;
+    }
+    memcpy((char*) _content, (const char *)_buf, _curSize+1);
+    _contentSize = _curSize +1;
+
+    RA::Debug(LL_PER_PDU, "RecvBuf::_getBytes",
+	      "buffer received with size %d follows:", _contentSize);
+    printBuf(_contentSize, _content);
+
+    return PR_TRUE;
+}
+
+int RecvBuf::getAllContent() {
+    int result[10];
+    int j=0;
+    int k=0;
+    int number = 0;
+    for (int i=0; i<_curSize; i++) {
+        if (_buf[i] == '\r') {
+            if (i < (_curSize-3)) {
+                if (_buf[i+1] == '\n' && _buf[i+2] == '\r' 
+                  && _buf[i+3] == '\n') {
+                    // find content length
+// strcasestr may not be supported by Solaris
+//                    char *clen = strcasestr(_buf, "Content-length:");
+                    char *clen = strstr(_buf, "Content-Length:");
+                    if (clen != NULL) {
+                        clen = &clen[16];
+                        number = atoi(clen);
+/*
+                        while (1) {
+                            if ((number=Util::ascii2numeric(clen[j++])) >= 0) {
+                                result[k++] = number;
+                            } else {
+                                break;
+                            }
+                        }
+
+                        number = 0;
+                        for (int l=0; l<k; l++)
+                            number = (int)(number + result[l]*(float)pow((float)10, (float)k-l-1));
+*/
+                        RA::Debug( LL_PER_PDU,
+                                   "RecvBuf::getAllContent: ",
+                                   "content length number=%d",
+                                   number );
+                    }
+                    int remainingBytes = _curSize - (i+4);
+                    RA::Debug( LL_PER_PDU,
+                               "RecvBuf::getAllContent: ",
+                               "remainingbytes=%d",
+                               remainingBytes );
+                    if (remainingBytes == number) 
+                        return 1;
+                }
+            }
+        }
+    }
+
+    return 0;
+}
+
+void printBuf(int len, char* buf) {
+    RA::Debug(LL_PER_PDU, "response:printBuf",
+              "Buffer print begins");
+    RA::Debug(LL_PER_PDU, "response::printBuf",
+              "%s", buf);
+    RA::Debug(LL_PER_PDU, "response:printBuf",
+              "Buffer print end");
+    /*
+    int times = len/256;
+    if (len%256)
+        times++;
+    RA::Debug("response:printBuf",
+              "%d times", times);
+    RA::Debug("response:printBuf",
+              "attempting to print the whole buffer:");
+
+    int i;
+
+    for (i = 0; i< times; i++) {
+        char *temp;
+        temp = PL_strdup((char *)buf+i*256);
+        RA::Debug("response:printBuf",
+                  "%s", temp);
+    }
+    */
+}
+
+/**
+ * gets the next char from the buffer. If all the data in the buffer is read,
+ * read a chunk to the buffer
+ * @returns - the next char from the data
+ */
+char RecvBuf::_getChar() {
+    if (_curPos >= _curSize) {
+        if (!_getBytes(_allocSize)) {
+			/* bugscape #55624: Solaris RA exited 
+			   with a signal ABRT if we raised exception
+			   without handling it */
+			return -1; 
+			/* throw RecvBuf::EndOfFile(); */
+		}
+	}
+	
+    return _buf[_curPos++];
+}
+
+
+/**
+ * gets the next char from the buffer. If all the data in the buffer is read , 
+ * read a chunk to the buffer
+ * @returns - the next char from the data
+ */
+char RecvBuf::getChar() {
+    if (!_chunkedMode)
+        return _getChar();
+
+    else
+	{
+        if (_currentChunkSize == 0)
+		{
+            // read the chunk header
+            char ch, chunkStr[20];
+            int index = 0;
+          
+            while (!isspace(ch = _getChar()) )
+                chunkStr[index++] = ch;
+            chunkStr[index] = '\0';
+
+            sscanf((char *)chunkStr, "%x", (unsigned int *)(&_currentChunkSize));
+
+            if (ch != '\n')
+			{
+                char ch2 = _getChar();
+                if (ch != '\r' || ch2 != '\n')
+				{
+                    printf( "did not find CRLF after chunk");
+                }
+            }
+       
+            if (_currentChunkSize == 0)
+                return -1;
+
+            _currentChunkBytesRead = 1;
+            return _buf[_curPos++];
+        }
+        else
+			if (_currentChunkBytesRead < _currentChunkSize)
+			{
+				// read a byte from the chunk
+				_currentChunkBytesRead++;
+				return _getChar();
+			}
+			else
+			{
+				// read the chunk trailer
+				char ch1 = _getChar();
+				char ch2 = _getChar();
+				if (ch1 != '\r' || ch2 != '\n')
+				{
+					printf( "did not find CRLF after chunk");
+				};
+				_currentChunkSize = _currentChunkBytesRead = 0;
+				return getChar();
+			};
+    };
+
+}
+
+char *RecvBuf::get_content() {
+    return _content;
+}
+
+int RecvBuf::get_contentSize() {
+    return _contentSize;
+}
+
+/**
+ * Decrements the pointer to the internal buffer so that the next read would
+ * retrieve the last data again
+ */
+void RecvBuf::putBack() {
+    if (_curPos > 0) {
+        _curPos--;
+        if (_chunkedMode) {
+            _currentChunkBytesRead--;
+		}
+    }
+}
+
+/**
+ * Sets the chunked mode for reading data
+ * Not used now..
+ */
+void RecvBuf::setChunkedMode() {
+    _chunkedMode = PR_TRUE;
+    _currentChunkSize = _currentChunkBytesRead = 0;
+}
+
+/**
+ * Gets the timeout in seconds for reading
+ *
+ * @return The timeout in seconds for reading
+ */
+int RecvBuf::getTimeout() {
+    return _timeout / PR_TicksPerSecond();
+}
+
+
+Response::Response(const PRFileDesc *sock, NetRequest *request) {
+    _socket = sock;
+    _request = request;
+}
+
+/**
+ * Constructor
+ */
+
+PSHttpResponse::PSHttpResponse( const PRFileDesc *sock,
+                                PSHttpRequest *request,
+                                int timeout , PRBool expectChunked):
+    Response(sock, request) {
+    _request = request;
+    _proto = HTTPNA;
+    _protocol = NULL;
+	 retcode =0 ;
+    _statusNum = NULL;
+    _statusString = NULL;
+    _keepAlive = -1;
+    _connectionClosed = 0;
+    _bodyLength = -1;
+    _content = NULL;
+
+	_headers = new StringKeyCache("response",10*60);
+    _expectChunked = expectChunked;
+    _chunkedResponse = PR_FALSE;
+    _timeout = timeout;
+}
+
+PSHttpResponse::~PSHttpResponse() {
+    if( _protocol != NULL ) {
+        PL_strfree( _protocol );
+        _protocol = NULL;
+    }
+    if( _statusString != NULL ) {
+        PL_strfree( _statusString );
+        _statusString = NULL;
+    }
+    if( _statusNum != NULL ) {
+        PL_strfree( _statusNum );
+        _statusNum = NULL;
+    }
+	if (_headers) {
+		Iterator* iterator = _headers->GetKeyIterator();
+		while ( iterator->HasMore() ) {
+			const char* name = (const char*)iterator->Next();
+			CacheEntry* entry = _headers->Remove( name );
+			if ( entry ) {
+				char* value = (char*)entry->GetData();
+                if( value != NULL ) {
+                    PL_strfree( value );
+                    value = NULL;
+                }
+                if( entry != NULL ) {
+                    delete entry;
+                    entry = NULL;
+                }
+			}
+		}
+        if( iterator != NULL ) {
+            delete iterator;
+            iterator = NULL;
+        }
+        if( _headers != NULL ) {
+            delete _headers;
+            _headers = NULL;
+        }
+	}
+    _socket = 0;
+}
+
+long PSHttpResponse::getStatus() {
+    return _statusNum ? atoi(_statusNum) : 0;
+}
+
+int PSHttpResponse::getReturnCode() {
+	return retcode;
+}
+
+char * PSHttpResponse::getStatusString() {
+    return _statusString?_statusString:(char*)"";
+}
+
+HttpProtocol PSHttpResponse::getProtocol() {
+    // first check the response protocol
+    if (_proto == HTTPNA) {
+        if (_protocol) {
+            int major, minor;
+
+            sscanf(_protocol, "HTTP/%d.%d", &major, &minor);
+
+            switch(major) {
+			case 1:
+				switch(minor) {
+				case 0:
+					_proto = HTTP10;
+					break;
+				case 1:
+					_proto = HTTP11;
+					break;
+				}
+				break;
+            }
+        } else {
+            _proto = HTTP09;
+        }
+    }
+
+    if (_proto == HTTP11) {
+        // A 1.1 compliant server response shows the protocol as HTTP/1.1 even
+        // for a HTTP/1.0 request,  but it promises to only use HTTP/1.0 syntax.
+        if (_request->getProtocol() == HTTP10) {
+            _proto = HTTP10;
+		}
+    }
+
+    return _proto;
+};
+
+char * PSHttpResponse::getHeader(const char *name) {
+    CacheEntry *entry = _headers->Get(name);
+	return entry ? (char *)entry->GetData() : NULL;
+}
+
+int PSHttpResponse::getHeaders(char ***keys) {
+	
+	return _headers->GetKeys( keys );
+
+}
+
+long PSHttpResponse::getBodyLength() {
+    return _bodyLength;
+}
+
+char * PSHttpResponse::getContent() {
+    return _content;
+}
+
+void PSHttpResponse::freeContent() {
+    if( _content != NULL ) {
+        PR_Free( _content );
+        _content = NULL;
+    }
+}
+
+int PSHttpResponse::getContentSize() {
+
+    return _contentSize;
+}
+
+char *PSHttpResponse::toString() {
+    char *resp = (char *)"";
+    char **keys;
+    char *headerBuf = NULL;
+    int nHeaders = getHeaders( &keys );
+    if ( nHeaders > 0 ) {
+        char **values = new char*[nHeaders];
+        int len = 0;
+        int *keyLengths = new int[nHeaders];
+        int *valueLengths = new int[nHeaders];
+        int i;
+        for( i = 0; i < nHeaders; i++ ) {
+            keyLengths[i] = strlen( keys[i] );
+            len += keyLengths[i] + 1;
+            values[i] = getHeader(keys[i]);
+            valueLengths[i] = strlen( values[i] );
+            len += valueLengths[i] + 1;
+        }
+        headerBuf = new char[len + nHeaders * 2];
+        char *p = headerBuf;
+        for( i = 0; i < nHeaders; i++ ) {
+            strcpy( p, keys[i] );
+            p += keyLengths[i];
+            *p++ = ':';
+            strcpy( p, values[i] );
+            p += valueLengths[i];
+            *p++ = ',';
+        }
+        *p = 0;
+        for( i = 0; i < nHeaders; i++ ) {
+            if( keys[i] != NULL ) {
+                delete [] keys[i];
+                keys[i] = NULL;
+            }
+        }
+        if( keys != NULL ) {
+            delete [] keys;
+            keys = NULL;
+        }
+        if( values != NULL ) {
+            delete [] values;
+            values = NULL;
+        }
+        if( keyLengths != NULL ) {
+            delete [] keyLengths;
+            keyLengths = NULL;
+        }
+        if( valueLengths != NULL ) {
+            delete [] valueLengths;
+            valueLengths = NULL;
+        }
+    }
+
+    char *s = NULL;
+    if ( headerBuf ) {
+        s = PR_smprintf( "PSHttpResponse [%s\nbody bytes:%d]",
+                         headerBuf, _bodyLength );
+    } else {
+        s = PR_smprintf( "PSHttpResponse [body bytes:%d]", _bodyLength );
+    }
+    resp = new char[strlen(s) + 1];
+    strcpy( resp, s );
+    if( s != NULL ) {
+        PR_smprintf_free( s );
+        s = NULL;
+    }
+    return resp;
+}
+
+PRBool PSHttpResponse::checkKeepAlive() {
+    HttpProtocol proto;
+    const char *connectionHeader;
+//--	static const char *DEBUG_METHOD_NAME = "checkKeepAlive";
+//--	DebugLogger *logger = DebugLogger::GetDebugLogger( DEBUG_MODULE );
+
+    if (_keepAlive < 0) {
+        proto = getProtocol();
+        if (proto == HTTP11) {
+            // default is connection: keep-alive
+            _keepAlive = 1;
+        } else {
+            // default is connection: close
+            //            _keepAlive = 0;
+            //CMS needs keepalive with HTTP10 (so no chunked encoding)
+            _keepAlive=1;
+        }
+
+        connectionHeader = _request->getHeader("connection");
+        if (connectionHeader) {
+            if (!PL_strcasecmp(connectionHeader, "keep-alive")) {
+                _keepAlive = 1;
+            } else if (!PL_strcasecmp(connectionHeader, "close")) {
+                _keepAlive = 0;
+            } else {
+//-- 			    logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 							 DEBUG_METHOD_NAME,
+                    RA::Debug( LL_PER_PDU,
+                               "PSHttpResponse::checkKeepAlive: ",
+					           "Unknown connection header" );
+			}
+        }
+    }
+
+    return (_keepAlive == 0?PR_FALSE:PR_TRUE);
+}
+
+PRBool PSHttpResponse::checkConnection() {
+    // return true if the connection is OPEN
+    return (_connectionClosed == 0?PR_TRUE:PR_FALSE);
+}
+
+
+int PSHttpResponse::_verifyStandardBody(RecvBuf &buf,
+										int expectedBytes,
+										PRBool check) {
+    int bytesRead = 0; 
+    int curPos = 0;
+    char ch;
+//--	static const char *DEBUG_METHOD_NAME = "_verifyStandardBody";
+//--	DebugLogger *logger = DebugLogger::GetDebugLogger( DEBUG_MODULE );
+
+    while(expectedBytes > 0 ) {
+        ch = buf.getChar();
+        if (ch < 0 ) {
+			break;
+		}
+        // if check is true, we think we know what the content looks like
+        if ( check ) {
+            if (ch != (char) curPos%256) {
+//-- 			    logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 							DEBUG_METHOD_NAME,
+                RA::Debug( LL_PER_PDU,
+                          "PSHttpResponse::_verifyStandardBody: ",
+				          "Response data corrupt at byte %d (%d, %d)",
+                          curPos,
+                          ch,
+                          ( curPos % 256 ) );
+                check = PR_FALSE;
+                break;
+            }
+            curPos++;
+        }
+
+        bytesRead++;
+
+        if (expectedBytes > 0) {
+            expectedBytes--;
+		}
+    }
+
+    return bytesRead;
+}
+
+
+PRBool PSHttpResponse::_handleBody( RecvBuf &buf ) {
+    char *clHeader;      // content length header
+    char *teHeader;      // transfer-encoding header
+    int expected_cl=-1;  // expected content length
+//--	static const char *DEBUG_METHOD_NAME = "_handleBody";
+//--	DebugLogger *logger = DebugLogger::GetDebugLogger( DEBUG_MODULE );
+
+    teHeader = getHeader("transfer-encoding");
+    if (teHeader && !PL_strcasecmp(teHeader, "chunked")) {
+        _chunkedResponse = PR_TRUE;
+        buf.setChunkedMode();
+    } else {
+        _chunkedResponse = PR_FALSE;
+        clHeader = getHeader("Content-length");
+        if (clHeader) {
+             expected_cl =  atoi(clHeader);
+        }
+    }
+
+    if (_request->getExpectStandardBody()) {
+        _bodyLength = _verifyStandardBody(buf, expected_cl, PR_TRUE);
+
+    } else {
+		_bodyLength = _verifyStandardBody(buf, expected_cl, PR_FALSE);
+	}
+
+    if (expected_cl >= 0) {
+        if (_bodyLength != expected_cl) {
+//-- 		    logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+            RA::Debug( LL_PER_PDU,
+                       "PSHttpResponse::_handleBody: ",
+                       "Content length was incorrect (%d/%d bytes)", 
+                       _bodyLength,
+                       expected_cl );
+        }
+    }
+
+    return PR_TRUE;
+}
+
+/**
+ * Reads until the first space character
+ *
+ * @param buf Receive buffer to read from
+ * @param headerBuf Array to read header into
+ * @param len Size of headerBuf
+ * @return Number of characters read, or -1 if too many
+ */
+static int readHeader( RecvBuf& buf, char* headerBuf, int len ) {
+	int index = 0;
+
+	do {
+		char ch = buf.getChar();
+
+		if ( ch != -1 && !isspace(ch) ) { 
+			headerBuf[index++] = ch;
+			if ( index >= (len-1) ) {
+				return -1;
+			}			
+		} else {
+			headerBuf[index] = '\0';
+			break;	
+		}
+	} while( true );
+    //    RA::Debug( LL_PER_PDU,
+    //               "readHeader: ",
+    //               "headerBuf = %s",
+    //               headerBuf );
+
+	return index;
+}
+
+
+PRBool PSHttpResponse::processResponse() {
+    RecvBuf buf( _socket, 8192, _timeout );
+
+    if (_expectChunked) {
+        buf.setChunkedMode();
+    }
+
+//--	static const char *DEBUG_METHOD_NAME = "processResponse";
+//--	DebugLogger *logger = DebugLogger::GetDebugLogger( DEBUG_MODULE );
+    RA::Debug( LL_PER_PDU,
+               "PSHttpResponse::processResponse: ",
+               "Entered processResponse()" );
+
+    try {
+        char tmp[2048];
+		int tmpLen = sizeof(tmp);
+
+        // Get protocol string
+		int nRead = readHeader( buf, tmp, tmpLen );
+
+		if ( nRead < 0 ) {
+//-- 			logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+                RA::Debug( LL_PER_PDU,
+                           "PSHttpResponse::processResponse: ",
+                           "Returned more than expected bytes %d "
+                           "in protocol header",
+                           sizeof( tmp ) );
+			return PR_FALSE;	
+		}
+
+        _protocol = PL_strdup(tmp);
+//-- 	     logger->Log( LOGLEVEL_FINER, DEBUG_CLASS_NAME,
+//-- 						DEBUG_METHOD_NAME,
+            RA::Debug( LL_PER_PDU,
+                       "PSHttpResponse::processResponse: ",
+                       "Protocol header: %s",
+                       _protocol );
+
+        // Get status num
+		nRead = readHeader( buf, tmp, tmpLen );
+		if ( nRead < 0 ) {
+//-- 			logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+                RA::Debug( LL_PER_PDU,
+                           "PSHttpResponse::processResponse: ",
+                           "Returned more than expected bytes %d "
+                           "in status header",
+                           tmpLen );
+			return PR_FALSE;	
+		}
+
+        _statusNum = PL_strdup( tmp );
+
+//-- 		logger->Log( LOGLEVEL_FINER, DEBUG_CLASS_NAME,
+//-- 					 DEBUG_METHOD_NAME,
+                RA::Debug( LL_PER_PDU,
+                           "PSHttpResponse::processResponse: ",
+                           "Status header: %s",
+                           _statusNum );
+		retcode = atoi( tmp );
+
+        // Get status string
+        int index = 0;
+        do {
+            char ch = buf.getChar();
+            if ( ch != -1 && ch != '\r' ) {
+                tmp[index++] = ch;
+                if ( index >= (tmpLen-2) ) {
+                    tmp[index] = 0;
+//--                     logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//--                                  DEBUG_METHOD_NAME,
+                    RA::Debug( LL_PER_PDU,
+                               "PSHttpResponse::processResponse: ",
+                               "Returned more than expected bytes %d "
+                               "in protocol header:\n%s",
+                               tmpLen,
+                               tmp );
+                    return PR_FALSE;
+                }			
+            } else {
+                break;
+            }
+        } while (true);
+        tmp[index] = '\0';
+        _statusString = PL_strdup( tmp );
+
+        // Skip CRLF
+        (void)buf.getChar();
+
+        // loop over response headers
+        index = 0;
+#ifdef CHECK
+        PRBool doneParsing = PR_FALSE;
+        PRBool atEOL = PR_FALSE;
+        PRBool inName = PR_TRUE;
+        char name[2048];
+		int nameLen = sizeof(name);
+
+        while ( !doneParsing ) {
+            char value[2048];
+            int valueLen = sizeof(value);
+            char ch = buf.getChar();
+
+            switch( ch ) {
+			case ':':
+				if ( inName ) {
+					name[index] = '\0';
+					index = 0;
+					inName = PR_FALSE;
+
+					nRead = readHeader( buf, value, valueLen );
+					if ( nRead < 0 ) {
+//-- 						logger->Log( LOGLEVEL_SEVERE,
+//-- 									 DEBUG_CLASS_NAME,
+//-- 									 DEBUG_METHOD_NAME,
+                        RA::Debug( LL_PER_PDU,
+                                   "PSHttpResponse::processResponse: ",
+                                   "Name %s in header does not "
+                                   "have a value",
+                                   name );
+                        //						return PR_FALSE;	
+					} else {
+						value[index++] = ch;
+						if ( index >= (int)(sizeof(value) - 1 ) ) {
+//-- 							logger->Log( LOGLEVEL_SEVERE,
+//-- 										 DEBUG_CLASS_NAME,
+//-- 										 DEBUG_METHOD_NAME,
+                            RA::Debug( LL_PER_PDU,
+                                       "PSHttpResponse::processResponse: ",
+                                       "Name %s in header does not "
+                                       "have a value",
+                                       name );
+                            //							return PR_FALSE;			
+						}
+					}
+					break;
+				case '\r':
+					if ( inName && !atEOL ) {
+						name[index] = '\0';
+//-- 						logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 									 DEBUG_METHOD_NAME,
+                        RA::Debug( LL_PER_PDU,
+                                   "PSHttpResponse::processResponse: ",
+                                   "Name %s in header does not "
+                                   "have a value",
+                                   name );
+                        //						return PR_FALSE;
+					}
+					break;
+                case '\n':
+					if ( atEOL ) {
+						doneParsing = PR_TRUE;
+						break;
+					}
+					if ( inName ) {
+						name[index] = '\0';
+//-- 						logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 									 DEBUG_METHOD_NAME,
+                        RA::Debug( LL_PER_PDU,
+                                   "PSHttpResponse::processResponse: ",
+                                   "Name %s in header does not "
+                                   "have a value",
+                                   name );
+                        //						return PR_FALSE;
+					}
+					value[index] = '\0';
+					index = 0;
+					inName = PR_TRUE;
+					_headers->Put(name, PL_strdup(value));
+					atEOL = PR_TRUE;
+					break;
+                default:
+                    atEOL = PR_FALSE;
+                    if (inName) {
+                         name[index++] = ch;
+                    } else {
+                         value[index++] = ch;
+					}
+					if ( inName && (index >= (nameLen-2)) ) {
+						name[index] = '\0';
+//-- 						logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 									 DEBUG_METHOD_NAME,
+                        RA::Debug( LL_PER_PDU,
+                                   "PSHttpResponse::processResponse: ",
+                                   "Name %s in header exceeds the expected "
+                                   "%d max characters",
+                                   name,
+                                   nameLen );
+                        //						return PR_FALSE;			
+					} else if ( !inName && (index >= (valueLen-1)) ) {
+//-- 						logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 									 DEBUG_METHOD_NAME,
+                        RA::Debug( LL_PER_PDU,
+                                   "PSHttpResponse::processResponse: ",
+                                   "Name %s in header does not "
+                                   "have a value",
+                                   name );
+                        //						return PR_FALSE;			
+					}	
+                    break;
+				}
+			}
+
+        } //while
+#endif //CHECK
+    } catch ( RecvBuf::EndOfFile & ) {
+        if ( !_request->isHangupOk() ) {
+
+            int errCode = PR_GetError();
+            if ( PR_IO_TIMEOUT_ERROR == errCode ) {
+//--                 logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//--                              DEBUG_METHOD_NAME,
+                    RA::Debug( LL_PER_PDU,
+                               "PSHttpResponse::processResponse: ",
+                               "Timed out reading response (%d seconds)",
+                               buf.getTimeout() );
+            } else {
+//--                 logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//--                              DEBUG_METHOD_NAME,
+                   RA::Debug( LL_PER_PDU,
+                              "PSHttpResponse::processResponse: ",
+                              "Received unexpected end of file from server\n%s",
+                              "XXX" );
+            }
+        }
+        return PR_FALSE;
+    }
+
+    // Read the body (HEAD requests don't have bodies)
+    // jpierre 1xx, 204 and 304 don't have bodies either
+    if ( PL_strcmp(_request->getMethod(), "HEAD") &&
+		 (!((retcode>=100) && (retcode<200))) &&
+		 (retcode!=204) &&
+		 (retcode!=304) ) {
+        if ( _handleBody(buf) == PR_FALSE ) {
+            return PR_FALSE;
+		}
+    }
+
+    if ( checkConnection() && !checkKeepAlive() ) {
+        // if connection is still open, and we didn't expect a keepalive,
+        // read another byte to see if the connection has closed.
+        try {
+            char ch;
+            ch = buf.getChar();
+            buf.putBack();
+            // conflict!
+//-- 			logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+                RA::Debug( LL_PER_PDU,
+                           "PSHttpResponse::processResponse: ",
+                           "Connection kept alive when it shouldn't" );
+        } catch (RecvBuf::EndOfFile &) {
+            _connectionClosed = 1;
+        }
+    }
+
+    _checkResponseSanity();
+    _content = (char *)buf.get_content();
+    _contentSize = buf.get_contentSize();
+    RA::Debug( LL_PER_PDU,
+               "PSHttpResponse::processResponse: ",
+               "processed Buffer contentSize=%d",
+               getContentSize() );
+	if (_content != NULL) {
+    	RA::Debug( LL_PER_PDU,
+               "PSHttpResponse::processResponse: ",
+               "processed Buffer content=%s",
+               _content );
+	}
+    // char * yo = getContent();
+
+    return PR_TRUE;
+}
+
+void PSHttpResponse::_checkResponseSanity() {
+    char *clHeader = getHeader("Content-length");
+    char *teHeader = getHeader("Transfer-encoding");
+//--	static const char *DEBUG_METHOD_NAME = "checkResponseSanity";
+//--	DebugLogger *logger = DebugLogger::GetDebugLogger( DEBUG_MODULE );
+        RA::Debug( LL_PER_PDU,
+                   "PSHttpResponse::_checkResponseSanity: ",
+                   "in _checkResponseSanity" );
+
+    ///////////////////////////////////////////////////
+    // Check items relevant to HTTP/1.0 and HTTP/1.1 //
+    ///////////////////////////////////////////////////
+
+	// check for both content-length and chunked
+	if ( clHeader && teHeader ) {
+//-- 		logger->Log( LOGLEVEL_FINER, DEBUG_CLASS_NAME,
+//-- 					 DEBUG_METHOD_NAME,
+            RA::Debug( LL_PER_PDU,
+                       "PSHttpResponse::_checkResponseSanity: ",
+                       "Response contains both content-length and "
+                       "transfer-encoding" );
+	}
+
+	// check for basic headers
+	if ( !getHeader("Date") ) {
+//-- 		logger->Log( LOGLEVEL_WARNING, DEBUG_CLASS_NAME,
+//-- 					 DEBUG_METHOD_NAME,
+            RA::Debug( LL_PER_PDU,
+                       "PSHttpResponse::_checkResponseSanity: ",
+                       "Response does not contain a date header" );
+	}
+	if ( !getHeader("Server") ) {
+//-- 		logger->Log( LOGLEVEL_WARNING, DEBUG_CLASS_NAME,
+//-- 					 DEBUG_METHOD_NAME,
+            RA::Debug( LL_PER_PDU,
+                       "PSHttpResponse::_checkResponseSanity: ",
+                       "Response does not contain a server header" );
+	}
+
+	int expectedLength;
+	if ((expectedLength = _request->getExpectedResponseLength()) > 0) {
+		if (expectedLength != _bodyLength) {
+//-- 			logger->Log( LOGLEVEL_INFO, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+                RA::Debug( LL_PER_PDU,
+                           "PSHttpResponse::_checkResponseSanity: ",
+                           "Response body length does not match expected "
+                           "response length (%d/%d)", 
+                           _bodyLength,
+                           expectedLength );
+		}
+	}
+
+    ///////////////////////////////////////
+    // Check items relevant to HTTP/1.0  //
+    ///////////////////////////////////////
+    if ( getProtocol() == HTTP10 ) {
+        if ( _chunkedResponse ) {
+//-- 			logger->Log( LOGLEVEL_INFO, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+                RA::Debug( LL_PER_PDU,
+                           "PSHttpResponse::_checkResponseSanity: ",
+                           "Server sent a chunked HTTP/1.0 response" );
+		}
+    }
+
+    ///////////////////////////////////////
+    // Check items relevant to HTTP/1.1  //
+    ///////////////////////////////////////
+    if ( getProtocol() == HTTP11 ) {
+        if ( (!clHeader && !_chunkedResponse) &&
+			 (!((retcode>=100) && (retcode<200))) &&
+			 (retcode!=204) &&
+			 (retcode!=304) ) {
+//-- 			logger->Log( LOGLEVEL_INFO, DEBUG_CLASS_NAME,
+//-- 					 DEBUG_METHOD_NAME,
+                RA::Debug( LL_PER_PDU,
+                           "PSHttpResponse::_checkResponseSanity: ",
+                           "Server responded with a HTTP/1.1 response without "
+                           "content-length or chunked encoding" );
+		}
+    }
+}
diff --git a/pki/base/tps/src/include/apdu/APDU.h b/pki/base/tps/src/include/apdu/APDU.h
new file mode 100644
index 000000000..e0f778a19
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/APDU.h
@@ -0,0 +1,116 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef APDU_H
+#define APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "pk11func.h"
+#include "main/Base.h"
+#include "main/Buffer.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+enum APDU_Type {
+        APDU_UNDEFINED = 0,
+        APDU_CREATE_OBJECT = 1,
+        APDU_EXTERNAL_AUTHENTICATE = 2,
+        APDU_INITIALIZE_UPDATE = 3,
+        APDU_LIFECYCLE = 4,
+        APDU_READ_BUFFER = 5,
+        APDU_SET_PIN = 6,
+        APDU_UNBLOCK_PIN = 7,
+        APDU_WRITE_OBJECT = 8,
+        APDU_GENERATE_KEY = 9,
+        APDU_PUT_KEY = 10,
+        APDU_SELECT = 11,
+        APDU_GET_VERSION = 12,
+        APDU_DELETE_FILE = 13,
+        APDU_INSTALL_APPLET = 14,
+        APDU_FORMAT_MUSCLE_APPLET = 15,
+        APDU_LOAD_FILE = 16,
+        APDU_INSTALL_LOAD = 17,
+        APDU_GET_STATUS = 18 ,
+        APDU_LIST_PINS = 19,
+        APDU_CREATE_PIN = 20,
+        APDU_GET_DATA = 21,
+        APDU_READ_OBJECT = 22,
+        APDU_LIST_OBJECTS = 23,
+	    APDU_IMPORT_KEY = 24,
+	    APDU_IMPORT_KEY_ENC = 25,
+	    APDU_SET_ISSUERINFO = 26,
+	    APDU_GET_ISSUERINFO = 27
+};
+
+class APDU
+{
+  public:
+	TPS_PUBLIC APDU();
+	TPS_PUBLIC APDU(const APDU &cpy);
+	TPS_PUBLIC virtual ~APDU();
+  public:
+	TPS_PUBLIC APDU& operator=(const APDU& cpy);
+  public:
+	TPS_PUBLIC virtual void SetCLA(BYTE cla);
+	TPS_PUBLIC virtual void SetINS(BYTE ins);
+	TPS_PUBLIC virtual void SetP1(BYTE p1);
+	TPS_PUBLIC virtual void SetP2(BYTE p2);
+	TPS_PUBLIC virtual void SetData(Buffer &data);
+	TPS_PUBLIC virtual void SetMAC(Buffer &mac);
+	TPS_PUBLIC virtual void GetEncoding(Buffer &data);
+	TPS_PUBLIC virtual void GetDataToMAC(Buffer &data);
+	TPS_PUBLIC virtual PRStatus SecureMessage(PK11SymKey *encSessionKey);
+	TPS_PUBLIC virtual APDU_Type GetType();
+	TPS_PUBLIC Buffer &GetData();
+	TPS_PUBLIC Buffer &GetMAC();
+	TPS_PUBLIC BYTE GetCLA();
+	TPS_PUBLIC BYTE GetINS();
+	TPS_PUBLIC BYTE GetP1();
+	TPS_PUBLIC BYTE GetP2();
+  protected:
+	BYTE m_cla;
+	BYTE m_ins;
+	BYTE m_p1;
+	BYTE m_p2;
+	Buffer m_data;
+	Buffer m_plainText;
+	Buffer m_mac;
+};
+
+#endif /* APDU_H */
diff --git a/pki/base/tps/src/include/apdu/APDU_Response.h b/pki/base/tps/src/include/apdu/APDU_Response.h
new file mode 100644
index 000000000..0d5c62b9d
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/APDU_Response.h
@@ -0,0 +1,66 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef APDU_RESPONSE_H
+#define APDU_RESPONSE_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class APDU_Response
+{
+  public:
+	APDU_Response();
+	TPS_PUBLIC APDU_Response(Buffer &data);
+	~APDU_Response();
+        APDU_Response(const APDU_Response &cpy);
+  public:
+        APDU_Response& operator=(const APDU_Response& cpy);
+  public:
+	BYTE GetSW1();
+	BYTE GetSW2();
+	TPS_PUBLIC Buffer &GetData();
+  private:
+	Buffer m_data;
+};
+
+#endif /* APDU_Response_H */
diff --git a/pki/base/tps/src/include/apdu/Create_Object_APDU.h b/pki/base/tps/src/include/apdu/Create_Object_APDU.h
new file mode 100644
index 000000000..7433e7ceb
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Create_Object_APDU.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef CREATE_OBJECT_APDU_H
+#define CREATE_OBJECT_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Create_Object_APDU : public APDU
+{
+  public:
+  TPS_PUBLIC Create_Object_APDU(BYTE *object_id, BYTE *permissions, int len);
+	TPS_PUBLIC ~Create_Object_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* CREATE_OBJECT_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Create_Pin_APDU.h b/pki/base/tps/src/include/apdu/Create_Pin_APDU.h
new file mode 100644
index 000000000..7f666467d
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Create_Pin_APDU.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef CREATE_PIN_APDU_H
+#define CREATE_PIN_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Create_Pin_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Create_Pin_APDU(BYTE p1, BYTE p2, Buffer &data);
+	TPS_PUBLIC ~Create_Pin_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* CREATE_PIN_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Delete_File_APDU.h b/pki/base/tps/src/include/apdu/Delete_File_APDU.h
new file mode 100644
index 000000000..9e2eeeeb2
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Delete_File_APDU.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef DELETE_FILE_APDU_H
+#define DELETE_FILE_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Delete_File_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Delete_File_APDU(Buffer &AID);
+	TPS_PUBLIC ~Delete_File_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* DELETE_FILE_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/External_Authenticate_APDU.h b/pki/base/tps/src/include/apdu/External_Authenticate_APDU.h
new file mode 100644
index 000000000..ff9a6bee7
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/External_Authenticate_APDU.h
@@ -0,0 +1,62 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef EXTERNAL_AUTHENTICATE_APDU_H
+#define EXTERNAL_AUTHENTICATE_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+#include "channel/Secure_Channel.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class External_Authenticate_APDU : public APDU
+{
+  public:
+	// TPS_PUBLIC External_Authenticate_APDU(Buffer &data);
+	TPS_PUBLIC External_Authenticate_APDU(Buffer &data, SecurityLevel sl);
+	TPS_PUBLIC ~External_Authenticate_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+  public:
+	TPS_PUBLIC Buffer &GetHostCryptogram();
+};
+
+#endif /* EXTERNAL_AUTHENTICATE_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Format_Muscle_Applet_APDU.h b/pki/base/tps/src/include/apdu/Format_Muscle_Applet_APDU.h
new file mode 100644
index 000000000..b7fbbbea1
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Format_Muscle_Applet_APDU.h
@@ -0,0 +1,65 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef FORMAT_MUSCLE_APPLET_APDU_H
+#define FORMAT_MUSCLE_APPLET_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Format_Muscle_Applet_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Format_Muscle_Applet_APDU(unsigned short memSize, 
+			Buffer &PIN0, BYTE pin0Tries, 
+			Buffer &unblockPIN0, BYTE unblock0Tries, 
+			Buffer &PIN1, BYTE pin1Tries, 
+			Buffer &unblockPIN1, BYTE unblock1Tries, 
+			unsigned short objCreationPermissions, 
+			unsigned short keyCreationPermissions, 
+			unsigned short pinCreationPermissions);
+	TPS_PUBLIC ~Format_Muscle_Applet_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+	TPS_PUBLIC void GetEncoding(Buffer &data);
+};
+
+#endif /* FORMAT_MUSCLE_APPLET_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Generate_Key_APDU.h b/pki/base/tps/src/include/apdu/Generate_Key_APDU.h
new file mode 100644
index 000000000..d245b8336
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Generate_Key_APDU.h
@@ -0,0 +1,60 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef GENERATE_KEY_APDU_H
+#define GENERATE_KEY_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Generate_Key_APDU : public APDU
+{
+  public:
+	 TPS_PUBLIC Generate_Key_APDU (BYTE p1, BYTE p2, BYTE alg, 
+		int keysize, BYTE option,
+                BYTE type, Buffer &wrapped_challenge, Buffer &key_check);
+	TPS_PUBLIC ~Generate_Key_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* GENERATE_KEY_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Get_Data_APDU.h b/pki/base/tps/src/include/apdu/Get_Data_APDU.h
new file mode 100644
index 000000000..a4f78634d
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Get_Data_APDU.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef GET_DATA_APDU_H
+#define GET_DATA_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Get_Data_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Get_Data_APDU();
+	TPS_PUBLIC ~Get_Data_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+	TPS_PUBLIC void GetEncoding(Buffer &data);
+};
+
+#endif /* GET_DATA_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Get_IssuerInfo_APDU.h b/pki/base/tps/src/include/apdu/Get_IssuerInfo_APDU.h
new file mode 100644
index 000000000..075acc6d9
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Get_IssuerInfo_APDU.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef GET_ISSUERINFO_APDU_H
+#define GET_ISSUERINFO_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Get_IssuerInfo_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Get_IssuerInfo_APDU();
+	TPS_PUBLIC ~Get_IssuerInfo_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+    TPS_PUBLIC void GetEncoding(Buffer &data);
+};
+
+#endif /* GET_ISSUERINFO_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Get_Status_APDU.h b/pki/base/tps/src/include/apdu/Get_Status_APDU.h
new file mode 100644
index 000000000..5d047bf16
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Get_Status_APDU.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef GET_STATUS_APDU_H
+#define GET_STATUS_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Get_Status_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Get_Status_APDU();
+	TPS_PUBLIC ~Get_Status_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+	TPS_PUBLIC void GetEncoding(Buffer &data);
+};
+
+#endif /* GET_STATUS_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Get_Version_APDU.h b/pki/base/tps/src/include/apdu/Get_Version_APDU.h
new file mode 100644
index 000000000..8b6ff3c33
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Get_Version_APDU.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef GET_VERSION_APDU_H
+#define GET_VERSION_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Get_Version_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Get_Version_APDU();
+	TPS_PUBLIC ~Get_Version_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+	TPS_PUBLIC void GetEncoding(Buffer &data);
+};
+
+#endif /* GET_VERSION_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Import_Key_APDU.h b/pki/base/tps/src/include/apdu/Import_Key_APDU.h
new file mode 100644
index 000000000..e00d97081
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Import_Key_APDU.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef IMPORT_KEY_APDU_H
+#define IMPORT_KEY_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Import_Key_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Import_Key_APDU(BYTE p1);
+	TPS_PUBLIC ~Import_Key_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* IMPORT_KEY_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Import_Key_Enc_APDU.h b/pki/base/tps/src/include/apdu/Import_Key_Enc_APDU.h
new file mode 100644
index 000000000..bcc974987
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Import_Key_Enc_APDU.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef IMPORT_KEY_ENC_APDU_H
+#define IMPORT_KEY_ENC_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Import_Key_Enc_APDU : public APDU
+{
+  public:
+        TPS_PUBLIC Import_Key_Enc_APDU(BYTE p1, BYTE p2, Buffer& data);
+	TPS_PUBLIC ~Import_Key_Enc_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* IMPORT_KEY_ENC_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Initialize_Update_APDU.h b/pki/base/tps/src/include/apdu/Initialize_Update_APDU.h
new file mode 100644
index 000000000..8e20d77ab
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Initialize_Update_APDU.h
@@ -0,0 +1,60 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef INITIALIZE_UPDATE_APDU_H
+#define INITIALIZE_UPDATE_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Initialize_Update_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Initialize_Update_APDU(BYTE key_version, BYTE key_index, Buffer &data);
+	TPS_PUBLIC ~Initialize_Update_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+	TPS_PUBLIC void GetEncoding(Buffer &data);
+  public:
+	TPS_PUBLIC Buffer &GetHostChallenge();
+};
+
+#endif /* INITIALIZE_UPDATE_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Install_Applet_APDU.h b/pki/base/tps/src/include/apdu/Install_Applet_APDU.h
new file mode 100644
index 000000000..06bd88072
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Install_Applet_APDU.h
@@ -0,0 +1,59 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef INSTALL_APPLET_APDU_H
+#define INSTALL_APPLET_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Install_Applet_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Install_Applet_APDU(Buffer &packageAID, Buffer &appletAID, 
+			BYTE appPrivileges, unsigned int instanceSize);
+	TPS_PUBLIC Install_Applet_APDU(Buffer &data);
+	TPS_PUBLIC ~Install_Applet_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* INSTALL_APPLET_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Install_Load_APDU.h b/pki/base/tps/src/include/apdu/Install_Load_APDU.h
new file mode 100644
index 000000000..7d0ff9761
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Install_Load_APDU.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef INSTALL_LOAD_APDU_H
+#define INSTALL_LOAD_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Install_Load_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Install_Load_APDU(Buffer& packageAID, Buffer& sdAID, unsigned int fileLen);
+	TPS_PUBLIC Install_Load_APDU(Buffer& data);
+	TPS_PUBLIC ~Install_Load_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* INSTALL_LOAD_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Lifecycle_APDU.h b/pki/base/tps/src/include/apdu/Lifecycle_APDU.h
new file mode 100644
index 000000000..a3adaf9c4
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Lifecycle_APDU.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef LIFECYCLE_APDU_H
+#define LIFECYCLE_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Lifecycle_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Lifecycle_APDU(BYTE lifecycle);
+	TPS_PUBLIC ~Lifecycle_APDU();
+ 	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* LIFECYCLE_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/List_Objects_APDU.h b/pki/base/tps/src/include/apdu/List_Objects_APDU.h
new file mode 100644
index 000000000..7d5b45bff
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/List_Objects_APDU.h
@@ -0,0 +1,59 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef LIST_OBJECTS_APDU_H
+#define LIST_OBJECTS_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class List_Objects_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC List_Objects_APDU(BYTE ret_size);
+	TPS_PUBLIC ~List_Objects_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+  public:
+        TPS_PUBLIC void GetEncoding(Buffer &data);
+};
+
+#endif /* LIST_OBJECTS_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/List_Pins_APDU.h b/pki/base/tps/src/include/apdu/List_Pins_APDU.h
new file mode 100644
index 000000000..04d1102c9
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/List_Pins_APDU.h
@@ -0,0 +1,60 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef LIST_PINS_APDU_H
+#define LIST_PINS_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class List_Pins_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC List_Pins_APDU(BYTE ret_size);
+	TPS_PUBLIC ~List_Pins_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+  public:
+	BYTE m_ret_size;
+	TPS_PUBLIC void GetEncoding(Buffer &data);
+};
+
+#endif /* LIST_PINS_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Load_File_APDU.h b/pki/base/tps/src/include/apdu/Load_File_APDU.h
new file mode 100644
index 000000000..ae5f57445
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Load_File_APDU.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef LOAD_FILE_APDU_H
+#define LOAD_FILE_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Load_File_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Load_File_APDU(BYTE refControl, BYTE blockNum, Buffer& data);
+	TPS_PUBLIC ~Load_File_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* LOAD_FILE_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Put_Key_APDU.h b/pki/base/tps/src/include/apdu/Put_Key_APDU.h
new file mode 100644
index 000000000..63aa54599
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Put_Key_APDU.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef PUT_KEY_APDU_H
+#define PUT_KEY_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Put_Key_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Put_Key_APDU(BYTE p1, BYTE p2, Buffer &data);
+	TPS_PUBLIC ~Put_Key_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* PUT_KEY_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Read_Buffer_APDU.h b/pki/base/tps/src/include/apdu/Read_Buffer_APDU.h
new file mode 100644
index 000000000..3c94b564d
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Read_Buffer_APDU.h
@@ -0,0 +1,61 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef READ_BUFFER_APDU_H
+#define READ_BUFFER_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Read_Buffer_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Read_Buffer_APDU(int len, int offset);
+	TPS_PUBLIC ~Read_Buffer_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+  public:
+        TPS_PUBLIC int GetLen();
+        TPS_PUBLIC int GetOffset();
+
+};
+
+#endif /* READ_BUFFER_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Read_Object_APDU.h b/pki/base/tps/src/include/apdu/Read_Object_APDU.h
new file mode 100644
index 000000000..e2357acdd
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Read_Object_APDU.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef OBJECT_OBJECT_APDU_H
+#define OBJECT_OBJECT_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Read_Object_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Read_Object_APDU(BYTE *object_id, int offset, int len);
+	TPS_PUBLIC ~Read_Object_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* OBJECT_OBJECT_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Select_APDU.h b/pki/base/tps/src/include/apdu/Select_APDU.h
new file mode 100644
index 000000000..92c1c8ee8
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Select_APDU.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef SELECT_APDU_H
+#define SELECT_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Select_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Select_APDU(BYTE p1, BYTE p2, Buffer &data);
+	TPS_PUBLIC ~Select_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* SELECT_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Set_IssuerInfo_APDU.h b/pki/base/tps/src/include/apdu/Set_IssuerInfo_APDU.h
new file mode 100644
index 000000000..2507fdc97
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Set_IssuerInfo_APDU.h
@@ -0,0 +1,59 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef SET_ISSUERINFO_APDU_H
+#define SET_ISSUERINFO_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Set_IssuerInfo_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Set_IssuerInfo_APDU(BYTE p1, BYTE p2, Buffer &data);
+	TPS_PUBLIC ~Set_IssuerInfo_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+  public:
+	TPS_PUBLIC Buffer &GetIssuerInfo();
+};
+
+#endif /* SET_ISSUERINFO_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Set_Pin_APDU.h b/pki/base/tps/src/include/apdu/Set_Pin_APDU.h
new file mode 100644
index 000000000..f649147a1
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Set_Pin_APDU.h
@@ -0,0 +1,59 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef SET_PIN_APDU_H
+#define SET_PIN_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Set_Pin_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Set_Pin_APDU(BYTE p1, BYTE p2, Buffer &data);
+	TPS_PUBLIC ~Set_Pin_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+  public:
+	TPS_PUBLIC Buffer &GetNewPIN();
+};
+
+#endif /* SET_PIN_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Unblock_Pin_APDU.h b/pki/base/tps/src/include/apdu/Unblock_Pin_APDU.h
new file mode 100644
index 000000000..583e7ae7d
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Unblock_Pin_APDU.h
@@ -0,0 +1,54 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef UNBLOCK_PIN_APDU_H
+#define UNBLOCK_PIN_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Unblock_Pin_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Unblock_Pin_APDU();
+	TPS_PUBLIC ~Unblock_Pin_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* UNBLOCK_PIN_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Write_Object_APDU.h b/pki/base/tps/src/include/apdu/Write_Object_APDU.h
new file mode 100644
index 000000000..670cd6bbd
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Write_Object_APDU.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef WRITE_OBJECT_APDU_H
+#define WRITE_OBJECT_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Write_Object_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Write_Object_APDU(BYTE *object_id, int offset, Buffer &data);
+	TPS_PUBLIC ~Write_Object_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* WRITE_OBJECT_APDU_H */
diff --git a/pki/base/tps/src/include/authentication/AuthParams.h b/pki/base/tps/src/include/authentication/AuthParams.h
new file mode 100644
index 000000000..e0d39a249
--- /dev/null
+++ b/pki/base/tps/src/include/authentication/AuthParams.h
@@ -0,0 +1,64 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef AUTHPARAMS_H
+#define AUTHPARAMS_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/NameValueSet.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class AuthParams : public NameValueSet
+{
+  public:
+	  TPS_PUBLIC AuthParams();
+	  virtual ~AuthParams();
+  public: 
+          TPS_PUBLIC void SetUID(char *uid);
+          TPS_PUBLIC char *GetUID();
+          TPS_PUBLIC void SetPassword(char *pwd);
+          TPS_PUBLIC char *GetPassword();
+          void SetSecuridValue(char *securidValue);
+          TPS_PUBLIC char *GetSecuridValue();
+          void SetSecuridPin(char *securidPin);
+          TPS_PUBLIC char *GetSecuridPin();
+};
+
+#endif /* AUTHPARAMS_H */
diff --git a/pki/base/tps/src/include/authentication/Authentication.h b/pki/base/tps/src/include/authentication/Authentication.h
new file mode 100644
index 000000000..ae2b0c6fb
--- /dev/null
+++ b/pki/base/tps/src/include/authentication/Authentication.h
@@ -0,0 +1,80 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef AUTHENTICATION_H
+#define AUTHENTICATION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Login.h"
+#include "main/SecureId.h"
+#include "main/RA_Session.h"
+#include "authentication/AuthParams.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#define TPS_AUTH_OK                       0
+#define TPS_AUTH_ERROR_LDAP              -1
+#define TPS_AUTH_ERROR_USERNOTFOUND      -2
+#define TPS_AUTH_ERROR_PASSWORDINCORRECT -3
+
+
+class Authentication
+{
+  public:
+	  TPS_PUBLIC Authentication();
+	  TPS_PUBLIC virtual ~Authentication();
+  public:
+          virtual int Authenticate(AuthParams *params);  
+          virtual void Initialize(int index);
+  public: 
+          virtual const char *GetTitle(char *locale);
+          virtual const char *GetDescription(char *locale);
+          virtual int GetNumOfParamNames();
+          virtual char *GetParamID(int index);
+          virtual const char *GetParamName(int index, char *locale);
+          virtual char *GetParamType(int index);
+          virtual const char *GetParamDescription(int index, char *locale);
+          virtual char *GetParamOption(int index);
+          int GetNumOfRetries(); // retries if the user entered the wrong password/securid
+
+  protected:
+          int m_retries;
+};
+
+#endif /* AUTHENTICATION_H */
diff --git a/pki/base/tps/src/include/authentication/LDAP_Authentication.h b/pki/base/tps/src/include/authentication/LDAP_Authentication.h
new file mode 100644
index 000000000..2a8c0a7d5
--- /dev/null
+++ b/pki/base/tps/src/include/authentication/LDAP_Authentication.h
@@ -0,0 +1,85 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef LDAP_AUTHENTICATION_H
+#define LDAP_AUTHENTICATION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Login.h"
+#include "main/SecureId.h"
+#include "main/RA_Session.h"
+#include "authentication/Authentication.h"
+
+class LDAP_Authentication : public Authentication
+{
+  public:
+	  LDAP_Authentication();
+	  ~LDAP_Authentication();
+  public:
+          int Authenticate(AuthParams *params);
+          void Initialize(int index);
+  public:
+          bool IsSSL();
+          char *GetHostPort();
+
+  public:
+          void GetHostPort(char **p, char **q);
+          virtual const char *GetTitle(char *locale);
+          virtual const char *GetDescription(char *locale);
+          virtual int GetNumOfParamNames();
+          virtual char *GetParamID(int index);
+          virtual const char *GetParamName(int index, char *locale);
+          virtual char *GetParamType(int index);
+          virtual const char *GetParamDescription(int index, char *locale);
+          virtual char *GetParamOption(int index);
+
+  private:
+          int m_index;
+          bool m_isSSL;
+          char *m_hostport;
+          char *m_attributes;
+          char *m_ssl;
+          char *m_baseDN;
+          char *m_bindDN;
+          char *m_bindPwd;
+          int m_connectRetries; // for failover
+          ConnectionInfo *m_connInfo;
+};
+  extern "C" 
+  {
+     Authentication *GetAuthentication();
+  };
+
+#endif /* LDAP_AUTHENTICATION_H */
diff --git a/pki/base/tps/src/include/channel/Channel.h b/pki/base/tps/src/include/channel/Channel.h
new file mode 100644
index 000000000..a49af8bf1
--- /dev/null
+++ b/pki/base/tps/src/include/channel/Channel.h
@@ -0,0 +1,55 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef CHANNEL_H
+#define CHANNEL_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "pk11func.h"
+#include "main/Buffer.h"
+#include "main/RA_Session.h"
+#include "apdu/APDU.h"
+#include "apdu/APDU_Response.h"
+
+class Channel
+{
+  public:
+	  Channel();
+	  ~Channel();
+  public:
+          int Close();
+};
+
+#endif /* CHANNEL_H */
diff --git a/pki/base/tps/src/include/channel/Secure_Channel.h b/pki/base/tps/src/include/channel/Secure_Channel.h
new file mode 100644
index 000000000..01c06a30b
--- /dev/null
+++ b/pki/base/tps/src/include/channel/Secure_Channel.h
@@ -0,0 +1,158 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef SECURE_CHANNEL_H
+#define SECURE_CHANNEL_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "pk11func.h"
+#include "main/Buffer.h"
+#include "main/RA_Session.h"
+#include "apdu/APDU.h"
+#include "apdu/APDU_Response.h"
+#include "channel/Channel.h"
+
+enum SecurityLevel {
+    SECURE_MSG_ANY = 0,
+    SECURE_MSG_MAC = 1,
+    SECURE_MSG_NONE = 2, // not yet supported
+    SECURE_MSG_MAC_ENC = 3
+} ;
+
+enum TokenKeyType {
+     KEY_TYPE_ENCRYPTION = 0,
+     KEY_TYPE_SIGNING = 1,
+     KEY_TYPE_SIGNING_AND_ENCRYPTION = 2
+};
+
+class Secure_Channel : public Channel
+{
+  public:
+
+	  Secure_Channel(
+		RA_Session *session, 
+		PK11SymKey *session_key,
+		PK11SymKey *enc_session_key,
+		char *drm_des_key_s,
+		char *kek_des_key_s,
+		char *keycheck_s,
+                Buffer &key_diversification_data,
+                Buffer &key_info_data,
+                Buffer &card_challenge,
+                Buffer &card_cryptogram,
+                Buffer &host_challenge,
+                Buffer &host_cryptogram);
+
+	  ~Secure_Channel();
+  public:
+          Buffer &GetKeyDiversificationData();
+          Buffer &GetKeyInfoData();
+          Buffer &GetCardChallenge();
+          Buffer &GetCardCryptogram();
+          Buffer &GetHostChallenge();
+          Buffer &GetHostCryptogram();
+	  SecurityLevel GetSecurityLevel();
+	  void SetSecurityLevel(SecurityLevel level);
+	  char *getDrmWrappedDESKey();
+	  char *getKekWrappedDESKey();
+	  char *getKeycheck();
+
+  public:
+	  int ImportKeyEnc(BYTE priv_key_number, BYTE pub_key_number, Buffer* data);
+	  int ImportKey(BYTE key_number);
+	  int CreatePin(BYTE pin_number, BYTE max_retries, const char *pin);
+	  int ExternalAuthenticate();
+	  int SetIssuerInfo(Buffer *info);
+	  Buffer GetIssuerInfo();
+	  int ResetPin(BYTE pin_number, char *pin);
+          int IsPinPresent(BYTE pin_number);
+	  int SetLifecycleState(BYTE flag);
+	  int StartEnrollment(BYTE p1, BYTE p2, Buffer *wrapped_challenge, 
+		Buffer *key_check,
+		BYTE alg, int keysize, BYTE option);
+	  int ReadBuffer(BYTE *buf, int buf_len);
+	  int CreateObject(BYTE *object_id, BYTE* permissions, int len); 
+	  int WriteObject(BYTE *objid, BYTE *buf, int buf_len);
+	  Buffer *ReadObject(BYTE *objid, int offset, int len);
+          int PutKeys(RA_Session *session, BYTE key_version, 
+                  BYTE key_index, Buffer *key_data); 
+	  int LoadFile(RA_Session *session, BYTE refControl, BYTE blockNum,
+		        Buffer *data); 
+          int InstallApplet(RA_Session *session,
+	                Buffer &packageAID, Buffer &appletAID,
+	                BYTE appPrivileges, unsigned int instanceSize);
+          int InstallLoad(RA_Session *session,
+	                Buffer& packageAID, Buffer& sdAID, unsigned int fileLen);
+	  int DeleteFileX(RA_Session *session, Buffer *aid);
+	  int Close();
+  public:
+          int CreateObject(BYTE *objid, BYTE *perms, Buffer *obj);
+          int CreateCertificate(const char *id, Buffer *cert);
+
+          Buffer CreatePKCS11CertAttrsBuffer(TokenKeyType type, const char *id, const char *label, Buffer *keyid);
+          int CreatePKCS11CertAttrs(TokenKeyType type, const char *id, const char *label, Buffer *keyid);
+          Buffer CreatePKCS11PriKeyAttrsBuffer(TokenKeyType type, const char *id, const char *label, Buffer *keyid, 
+                Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix);
+          int CreatePKCS11PriKeyAttrs(TokenKeyType type, const char *id, const char *label, Buffer *keyid, 
+                Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix);
+          Buffer CreatePKCS11PubKeyAttrsBuffer(TokenKeyType type, const char *id, const char *label, Buffer *keyid,
+                Buffer *exponent, Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix);
+          int CreatePKCS11PubKeyAttrs(TokenKeyType type, const char *id, const char *label, Buffer *keyid,
+                Buffer *exponent, Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix);
+	  APDU_Response *SendTokenAPU(APDU *apdu);
+
+  public:
+          Buffer *ComputeAPDUMac(APDU *apdu);
+	  int ComputeAPDU(APDU *apdu);
+
+  private: 
+          PK11SymKey *m_session_key;
+          PK11SymKey *m_enc_session_key;
+	  char *m_drm_wrapped_des_key_s;
+	  char *m_kek_wrapped_des_key_s;
+	  char *m_keycheck_s;
+	  RA_Session *m_session;
+	  Buffer m_icv;
+	  Buffer m_cryptogram;
+          Buffer m_key_diversification_data;
+          Buffer m_key_info_data;
+          Buffer m_card_challenge;
+          Buffer m_card_cryptogram;
+          Buffer m_host_challenge;
+          Buffer m_host_cryptogram;
+	  SecurityLevel m_security_level;
+};
+
+#endif /* SECURE_CHANNEL_H */
diff --git a/pki/base/tps/src/include/cms/CertEnroll.h b/pki/base/tps/src/include/cms/CertEnroll.h
new file mode 100644
index 000000000..07fad00f1
--- /dev/null
+++ b/pki/base/tps/src/include/cms/CertEnroll.h
@@ -0,0 +1,73 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef CERTENROLL_H
+#define CERTENROLL_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Buffer.h"
+
+#include "httpClient/httpc/response.h"
+#include "keythi.h"
+
+#ifdef XP_WIN32
+#define TOKENDB_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TOKENDB_PUBLIC
+#endif /* !XP_WIN32 */
+
+class CertEnroll
+{
+  public:
+
+  TOKENDB_PUBLIC CertEnroll();
+  TOKENDB_PUBLIC ~CertEnroll();
+
+  SECKEYPublicKey *ParsePublicKeyBlob(unsigned char * /*blob*/,
+			 Buffer * /*challenge*/);
+  Buffer *EnrollCertificate(SECKEYPublicKey * /*pk_parsed*/,
+		            const char *profileId,
+			    const char * /*uid*/,
+			    const char * /*token cuid*/, const char *connid,
+			    	SECItem** encodedPublicKeyInfo = NULL);
+  ReturnStatus verifyProof(SECKEYPublicKey* /*pk*/, SECItem* /*siProof*/,
+			   unsigned short /*pkeyb_len*/, unsigned char* /*pkeyb*/,
+			   Buffer* /*challenge*/);
+  TOKENDB_PUBLIC int RevokeCertificate(const char *reason, const char *serialno, const char *connid, char *&status);
+  TOKENDB_PUBLIC int UnrevokeCertificate(const char *serialno, const char *connid, char *&status);
+  PSHttpResponse * sendReqToCA(const char *servlet, const char *parameters, const char *connid);
+  Buffer * parseResponse(PSHttpResponse * /*resp*/);
+};
+#endif /* CERTENROLL_H */
diff --git a/pki/base/tps/src/include/cms/ConnectionInfo.h b/pki/base/tps/src/include/cms/ConnectionInfo.h
new file mode 100644
index 000000000..07e9c3a73
--- /dev/null
+++ b/pki/base/tps/src/include/cms/ConnectionInfo.h
@@ -0,0 +1,66 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef CONNECTIONINFO_H
+#define CONNECTIONINFO_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Buffer.h"
+#include "main/NameValueSet.h"
+#include "pk11func.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#define HOST_PORT_MEMBERS 20
+
+class ConnectionInfo
+{
+  public:
+	  TPS_PUBLIC ConnectionInfo();
+	  TPS_PUBLIC ~ConnectionInfo();
+          TPS_PUBLIC void BuildFailoverList(const char *str);
+          TPS_PUBLIC int GetHostPortListLen();
+          TPS_PUBLIC char **GetHostPortList();
+
+  private:
+          int m_len;
+          char *m_hostPortList[HOST_PORT_MEMBERS];
+};
+
+#endif /* CONNECTIONINFO_H */
diff --git a/pki/base/tps/src/include/cms/HttpConnection.h b/pki/base/tps/src/include/cms/HttpConnection.h
new file mode 100644
index 000000000..da9d3a7fd
--- /dev/null
+++ b/pki/base/tps/src/include/cms/HttpConnection.h
@@ -0,0 +1,88 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef HTTPCONNECTION_H
+#define HTTPCONNECTION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/response.h"
+#include "httpClient/httpc/request.h"
+#include "httpClient/httpc/engine.h"
+#include "httpClient/httpc/http.h"
+#include "ConnectionInfo.h"
+#include "main/NameValueSet.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class HttpConnection
+{
+  public:
+//	  HttpConnection();
+          TPS_PUBLIC HttpConnection(const char *id, ConnectionInfo *cinfo, int retries, int timeout,
+            bool isSSL, const char *clientnickname, bool keepAlive, NameValueSet *headers);
+	  TPS_PUBLIC virtual ~HttpConnection();
+
+  public:
+          TPS_PUBLIC int GetNumOfRetries(); // failover retries
+          TPS_PUBLIC int GetTimeout();
+          TPS_PUBLIC ConnectionInfo *GetFailoverList();
+          TPS_PUBLIC char *GetId();
+          TPS_PUBLIC bool IsSSL();
+          TPS_PUBLIC char *GetClientNickname();
+          TPS_PUBLIC bool IsKeepAlive();
+          TPS_PUBLIC PSHttpResponse *getResponse(int index, const char *servletID, const char *body);
+          TPS_PUBLIC PRLock *GetLock();
+          TPS_PUBLIC int GetCurrentIndex();
+          TPS_PUBLIC void SetCurrentIndex(int index);
+
+  protected:
+     int m_max_conn;
+     ConnectionInfo *m_failoverList;
+     int m_retries;
+     int m_timeout;
+     char *m_Id;
+     bool m_isSSL;
+     char *m_clientnickname;
+     bool m_keepAlive;
+     NameValueSet *m_headers;
+     PRLock *m_lock;
+     int m_curr;
+};
+
+#endif /* HTTPCONNECTION_H */
diff --git a/pki/base/tps/src/include/engine/RA.h b/pki/base/tps/src/include/engine/RA.h
new file mode 100644
index 000000000..beda779d5
--- /dev/null
+++ b/pki/base/tps/src/include/engine/RA.h
@@ -0,0 +1,290 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_H
+#define RA_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "pk11func.h"
+#include "ldap.h"
+#include "main/Base.h"
+#include "main/ConfigStore.h"
+#include "main/Buffer.h"
+#include "main/PublishEntry.h"
+#include "main/AuthenticationEntry.h"
+#include "authentication/Authentication.h"
+#include "apdu/APDU.h"
+#include "main/RA_Context.h"
+#include "channel/Secure_Channel.h"
+#include "cms/HttpConnection.h"
+#include "cms/ConnectionInfo.h"
+#include  "publisher/IPublisher.h"
+
+
+/*
+ *
+ * LL_PER_SERVER = 4        these messages will occur only once during the
+ *                          entire invocation of the server, e.g. at startup
+ *                          or shutdown time., reading the conf parameters.
+ *                          Perhaps other infrequent events relating to
+ *                          failing over of CA, TKS, too
+ *
+ * LL_PER_CONNECTION = 6    these messages happen once per connection - most
+ *                          of the log events will be at this level
+ *
+ * LL_PER_PDU = 8           these messages relate to PDU processing. If you
+ *                          have something that is done for every PDU, such
+ *                          as applying the MAC, it should be logged at this
+ *                          level
+ *
+ * LL_ALL_DATA_IN_PDU = 9   dump all the data in the PDU - a more chatty
+ *                          version of the above
+ */
+enum RA_Log_Level {
+	LL_PER_SERVER = 4,
+	LL_PER_CONNECTION = 6,
+	LL_PER_PDU = 8,
+	LL_ALL_DATA_IN_PDU = 9
+};
+
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/* For now, this value must correspond exactly to the successful exit */
+/* status of RA::Initialize( char *cfg_path, RA_Context *ctx ).       */
+#define RA_INITIALIZATION_SUCCESS 1
+
+class RA
+{
+  public:
+	  RA();
+	  ~RA();
+  public:
+	  static int IsTokendbInitialized();
+	  TPS_PUBLIC static int Initialize(char *cfg_path, RA_Context *ctx);
+	  TPS_PUBLIC static int Shutdown();
+  public:
+
+ 	  static PK11SymKey *ComputeSessionKey(RA_Session *session,
+                                           Buffer &CUID,
+                                           Buffer &keyinfo,
+                                           Buffer &card_challenge,
+                                           Buffer &host_challenge,
+                                           Buffer **host_cryptogram,
+                                           Buffer &card_cryptogram,
+                                           PK11SymKey **encSymKey,
+                                           char** drm_kekSessionKey_s,
+                                           char** kek_kekSessionKey_s,
+                                           char **keycheck_s,
+                                           const char *connId);
+	  static void ServerSideKeyGen(RA_Session *session, const char* cuid,
+                                   const char *userid, char* kekSessionKey_s,
+		                           char **publickey_s,
+                                   char **wrappedPrivateKey_s,
+                                   char **ivParam_s, const char *connId,
+                                   bool archive, int keysize);
+	  static void RecoverKey(RA_Session *session, const char* cuid,
+                             const char *userid, char* kekSessionKey_s,
+                             char *cert_s, char **publickey_s,
+                             char **wrappedPrivateKey_s, const char *connId);
+
+	  static Buffer *ComputeHostCryptogram(Buffer &card_challenge, Buffer &host_challenge);
+  public:
+	  TPS_PUBLIC static ConfigStore *GetConfigStore();
+  public:
+	  TPS_PUBLIC static void Audit(const char *func_name, const char *fmt, ...);
+	  TPS_PUBLIC static void Error(const char *func_name, const char *fmt, ...);
+	  TPS_PUBLIC static void Debug(const char *func_name, const char *fmt, ...);
+	  TPS_PUBLIC static void DebugBuffer(const char *func_name, const char *prefix, Buffer *buf);
+	  TPS_PUBLIC static void Audit(RA_Log_Level level, const char *func_name, const char *fmt, ...);
+	  TPS_PUBLIC static void Error(RA_Log_Level level, const char *func_name, const char *fmt, ...);
+	  TPS_PUBLIC static void Debug(RA_Log_Level level, const char *func_name, const char *fmt, ...);
+	  static void DebugBuffer(RA_Log_Level level, const char *func_name, const char *prefix, Buffer *buf);
+  private:
+	  static void AuditThis(RA_Log_Level level, const char *func_name, const char *fmt, va_list ap);
+	  static void ErrorThis(RA_Log_Level level, const char *func_name, const char *fmt, va_list ap);
+	  static void DebugThis(RA_Log_Level level, const char *func_name, const char *fmt, va_list ap);
+  public:
+          static int InitializeTokendb(char *cfg_path);
+          static PRLock *GetVerifyLock();
+          TPS_PUBLIC static CERTCertificate **ra_get_certificates(LDAPMessage *e);
+          TPS_PUBLIC static LDAPMessage *ra_get_first_entry(LDAPMessage *e);
+          TPS_PUBLIC static LDAPMessage *ra_get_next_entry(LDAPMessage *e);
+          TPS_PUBLIC static char **ra_get_attribute_values(LDAPMessage *e, const char *p);
+          TPS_PUBLIC static char *ra_get_cert_attr_byname(LDAPMessage *e, char *name);
+          TPS_PUBLIC static char *ra_get_token_id(LDAPMessage *e);
+      TPS_PUBLIC static char *ra_get_cert_tokenType(LDAPMessage *entry);
+      TPS_PUBLIC static char *ra_get_token_status(LDAPMessage *entry);
+      TPS_PUBLIC static char *ra_get_cert_cn(LDAPMessage *entry);
+      TPS_PUBLIC static char *ra_get_cert_status(LDAPMessage *entry);
+      TPS_PUBLIC static char *ra_get_cert_type(LDAPMessage *entry);
+      TPS_PUBLIC static char *ra_get_cert_serial(LDAPMessage *entry);
+      TPS_PUBLIC static char *ra_get_cert_issuer(LDAPMessage *entry);
+          TPS_PUBLIC static int ra_tus_has_active_tokens(char *userid);
+          TPS_PUBLIC static char *ra_get_token_reason(LDAPMessage *msg);
+          TPS_PUBLIC static int ra_get_number_of_entries(LDAPMessage *ldapResult);
+          TPS_PUBLIC static int ra_find_tus_token_entries(char *filter,
+            int maxReturns, LDAPMessage **ldapResult, int num);
+          TPS_PUBLIC static int ra_find_tus_token_entries_no_vlv(char *filter,
+            LDAPMessage **ldapResult, int num);
+	  TPS_PUBLIC static int ra_is_tus_db_entry_disabled(char *cuid);
+	  TPS_PUBLIC static int ra_is_token_pin_resetable(char *cuid);
+	  TPS_PUBLIC static int ra_is_token_present(char *cuid);
+	  TPS_PUBLIC static int ra_allow_token_reenroll(char *cuid);
+	  TPS_PUBLIC static int ra_is_update_pin_resetable_policy(char *cuid);
+	  TPS_PUBLIC static char *ra_get_token_policy(char *cuid);
+	  TPS_PUBLIC static char *ra_get_token_userid(char *cuid);
+	  TPS_PUBLIC static int ra_update_token_policy(char *cuid, char *policy);
+      TPS_PUBLIC static int ra_update_cert_status(char *cn, const char *status);
+      TPS_PUBLIC static int ra_find_tus_certificate_entries_by_order(
+        char *filter, int num, LDAPMessage **msg, int order);
+      TPS_PUBLIC static int ra_find_tus_certificate_entries_by_order_no_vlv(
+        char *filter, LDAPMessage **msg, int order);
+      TPS_PUBLIC static int ra_update_token_status_reason_userid(char *userid,
+        char *cuid, const char *status, const char *reason, int modifyDateOfCreate);
+          static int tdb_add_token_entry(char *userid, char* cuid, const char *status);
+	  static int tdb_update(const char *userid, char *cuid, char *applet_version, char *key_info, const char *state, const char *reason);
+	  static int tdb_update_certificates(char *cuid, char **tokentypes, char *userid, CERTCertificate **certificates, char **ktypes, char **origins, int numOfCerts);
+	  static int tdb_activity(char *ip, char *cuid, const char *op, const char *result, const char *msg, const char *userid);
+	  static int testTokendb();
+          static int InitializeAuthentication();
+          static AuthenticationEntry *GetAuth(const char *id);
+  public:
+          static HttpConnection *GetCAConn(const char *id);
+          static void ReturnCAConn(HttpConnection *conn);
+          static HttpConnection *GetTKSConn(const char *id);
+          static void ReturnTKSConn(HttpConnection *conn);
+
+          static HttpConnection *GetDRMConn(const char *id);
+          static void ReturnDRMConn(HttpConnection *conn);
+          static int GetCurrentIndex(HttpConnection *conn);
+
+  public:
+
+          static void SetPodIndex(int index);
+          static int GetPodIndex();
+          TPS_PUBLIC static int GetAuthCurrentIndex();
+          static void SetAuthCurrentIndex(int index);
+          TPS_PUBLIC static PRLock *GetAuthLock();
+          TPS_PUBLIC static void IncrementAuthCurrentIndex(int len);
+	  static void SetGlobalSecurityLevel(SecurityLevel sl);
+	  static SecurityLevel GetGlobalSecurityLevel();
+  public: /* default values */
+	  static const char *CFG_DEF_CARDMGR_INSTANCE_AID;
+	  static const char *CFG_DEF_NETKEY_INSTANCE_AID;
+	  static const char *CFG_DEF_NETKEY_FILE_AID;
+	  static const char *CFG_DEF_NETKEY_OLD_INSTANCE_AID;
+	  static const char *CFG_DEF_NETKEY_OLD_FILE_AID;
+	  static const char *CFG_DEF_APPLET_SO_PIN;
+  public:
+	  static const char *CFG_APPLET_DELETE_NETKEY_OLD;
+	  static const char *CFG_APPLET_CARDMGR_INSTANCE_AID;
+	  static const char *CFG_APPLET_NETKEY_INSTANCE_AID;
+	  static const char *CFG_APPLET_NETKEY_FILE_AID;
+	  static const char *CFG_APPLET_NETKEY_OLD_INSTANCE_AID;
+	  static const char *CFG_APPLET_NETKEY_OLD_FILE_AID;
+	  static const char *CFG_APPLET_SO_PIN;
+	  static const char *CFG_DEBUG_ENABLE;
+	  static const char *CFG_DEBUG_FILENAME;
+          static const char *CFG_DEBUG_LEVEL;
+	  static const char *CFG_AUDIT_ENABLE;
+	  static const char *CFG_AUDIT_FILENAME;
+          static const char *CFG_AUDIT_LEVEL;
+          static const char *CFG_ERROR_LEVEL;
+	  static const char *CFG_ERROR_ENABLE;
+	  static const char *CFG_ERROR_FILENAME;
+	  static const char *CFG_CHANNEL_SEC_LEVEL;
+	  static const char *CFG_CHANNEL_ENCRYPTION;
+
+      static const char *CFG_AUTHS_ENABLE;
+      static const char *CFG_AUTHS_CURRENTIMPL;
+      static const char *CFG_AUTHS_PLUGINS_NUM;
+      static const char *CFG_AUTHS_PLUGIN_NAME;
+
+      static const char *CFG_IPUBLISHER_LIB;
+      static const char *CFG_IPUBLISHER_FACTORY;
+
+  public:
+	  static const char *TKS_RESPONSE_STATUS;
+	  static const char *TKS_RESPONSE_SessionKey;
+	  static const char *TKS_RESPONSE_EncSessionKey;
+	  static const char *TKS_RESPONSE_KEK_DesKey;
+	  static const char *TKS_RESPONSE_DRM_Trans_DesKey;
+	  static const char *TKS_RESPONSE_HostCryptogram;
+
+  public:
+          static int m_used_tks_conn;
+          static int m_used_ca_conn;
+
+          static int m_used_drm_conn;
+          static HttpConnection* m_drmConnection[];
+          static int m_drmConns_len;
+          static int m_pod_curr;
+          static int m_auth_curr;
+          static bool m_pod_enable;
+          static PRLock *m_verify_lock;
+          static PRLock *m_pod_lock;
+          static PRLock *m_auth_lock;
+          static PRLock *m_error_log_lock;
+          static PRLock *m_audit_log_lock;
+          static PRLock *m_debug_log_lock;
+          static int m_audit_log_level;
+          static int m_debug_log_level;
+          static int m_error_log_level;
+      static HttpConnection* m_caConnection[];
+      static HttpConnection* m_tksConnection[];
+      static int m_caConns_len;
+      static int m_tksConns_len;
+      static int m_auth_len;
+      static AuthenticationEntry *m_auth_list[];
+	  static SecurityLevel m_global_security_level;
+      static void SetCurrentIndex(HttpConnection *&conn, int index);
+
+          static PublisherEntry *publisher_list;
+          static int m_num_publishers;
+
+
+          static PublisherEntry *getPublisherById(const char *publisher_id);
+          static int InitializePublishers();
+          static int InitializeHttpConnections(const char *id, int *len, HttpConnection **conn, RA_Context *ctx);
+          static void CleanupPublishers();
+        static int Failover(HttpConnection *&conn, int len);        
+};
+
+#endif /* RA_H */
diff --git a/pki/base/tps/src/include/httpClient/httpc/AccessLogger.h b/pki/base/tps/src/include/httpClient/httpc/AccessLogger.h
new file mode 100644
index 000000000..2b600d7e6
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/AccessLogger.h
@@ -0,0 +1,105 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __ACCESS_LOGGER_H__
+#define __ACCESS_LOGGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/Logger.h"
+
+/**
+ * A singleton class for writing to an access log
+ */
+class EXPORT_DECL AccessLogger : public Logger {
+private:
+	AccessLogger();
+	virtual ~AccessLogger();
+
+public:
+/**
+ * Gets a logger object with parameters obtained from the configuration manager
+ */
+static AccessLogger *GetAccessLogger();
+
+/**
+ * Writes an access log entry
+ *
+ * @param hostName The IP address or host name of the requestor
+ * @param userName The authenticated user name; NULL or "" if not authenticated
+ * @param requestName The name of the requested function
+ * @param status The status returned to the client
+ * @param responseLength The number of bytes returned to the client
+ * @return 0 on success
+ */
+int Log( const char *hostName,
+		 const char *userName,
+		 const char *requestName,
+		 int status,
+		 int responseLength );
+
+/**
+ * Initializes the object with parameters from the Config Manager
+ *
+ * @param configName The name of the configuration entry to use
+ * @return 0 on success
+ */
+	int Initialize( const char *configName );
+
+/**
+ * Flush any unwritten buffers
+ */
+void Flush();
+
+protected:
+/**
+ * Gets a formatted timestamp
+ *
+ * @param now The current time
+ * @param buffer Buffer to put time in
+ * @return A formatted timestamp
+ */
+char *GetTimeStamp( struct tm *now, char *buffer );
+
+private:
+	char *m_buffer;
+	int m_bufferIndex;
+	int m_bufferTime;
+	int m_bufferSize;
+	time_t m_lastWrite;
+    char m_gmtOffset[16];
+};
+
+#endif // __ACCESS_LOGGER_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/Auth.h b/pki/base/tps/src/include/httpClient/httpc/Auth.h
new file mode 100644
index 000000000..72a5f77ee
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/Auth.h
@@ -0,0 +1,155 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_AUTH_H__
+#define __PS_AUTH_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "ldap.h"
+
+class PSConfig;
+class Pool;
+class PoolNode;
+
+/**
+ * Utility classes for authentication and authorization
+ *
+ * @author  rweltman@netscape.com
+ * @version 1.0
+ */
+
+/**
+ * Maintains a pool of LDAP connections; not yet implemented as a pool
+ */
+class LDAPConnectionPool {
+public:
+	LDAPConnectionPool( const char *host, int port, int poolSize );
+	virtual ~LDAPConnectionPool() {}
+    int Initialize();
+    PoolNode *GetConnection();
+    PoolNode *GetAuthenticatedConnection( const char *binddn,
+                                          const char *bindpwd );
+    void ReleaseConnection( PoolNode *node );
+protected:
+private:
+    const char* m_host;
+    int m_port;
+    int m_size;
+    Pool *m_pool;
+    bool m_initialized;
+};
+
+/**
+ * Produces an authenticator for an auth domain and authenticates
+ */
+class EXPORT_DECL Authenticator {
+public:
+	virtual int Authenticate( const char *username,
+                              const char *password,
+                              char *&actualID ) = 0;
+	static Authenticator *GetAuthenticator( const char *domain );
+};
+
+class EXPORT_DECL LDAPAuthenticator:public Authenticator {
+public:
+	LDAPAuthenticator();
+	virtual ~LDAPAuthenticator();
+	virtual int Authenticate( const char *username,
+                              const char *password,
+                              char *&dn );
+
+protected:
+    static int GetHashSize();
+	char *CheckCache( const char *username,
+                      const char *password );
+	void UpdateCache( const char *username,
+                      const char *dn,
+                      const char *password );
+    char *CreateHash( const char *password,
+                      char *hash,
+                      int maxChars );
+    /**
+     * Returns the DN corresponding to a username, if any
+     *
+     * @param username The user name to look up
+     * @param status The status of an LDAP search, if any
+     * @return The corresponding DN, or NULL if no DN found
+     */
+    char *GetUserDN( const char *username, int& status );
+
+private:
+    LDAPConnectionPool *m_pool;
+    const char* m_host;
+    int m_port;
+    const char* m_binddn;
+    const char* m_bindpassword;
+    const char* m_basedn;
+    const char* m_searchfilter;
+    const char* m_searchscope;
+    int   m_nsearchscope;
+    char* m_attrs[2];
+    StringKeyCache *m_cache;
+};
+
+class EXPORT_DECL LDAPAuthorizer {
+public:
+	LDAPAuthorizer();
+	virtual ~LDAPAuthorizer();
+	static LDAPAuthorizer *GetAuthorizer();
+	virtual int Authorize( const char *dn,
+                           const char *pwd,
+                           const char *methodName );
+
+protected:
+	int GetLdapConnection( LDAP** ld );
+	int CheckCache( const char *username,
+                    const char *methodName );
+	void UpdateCache( const char *username,
+                      const char *methodName );
+
+private:
+    LDAPConnectionPool *m_pool;
+    const char* m_binddn;
+    const char* m_bindpassword;
+    const char* m_basedn;
+    const char* m_searchfilter;
+    const char* m_searchscope;
+    int   m_nsearchscope;
+    char* m_attrs[2];
+    StringKeyCache *m_cache;
+};
+
+#endif // __PS_HELPER_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/ByteBuffer.h b/pki/base/tps/src/include/httpClient/httpc/ByteBuffer.h
new file mode 100644
index 000000000..cd5568c35
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/ByteBuffer.h
@@ -0,0 +1,194 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __BYTE_BUFFER_H
+#define __BYTE_BUFFER_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * ByteBuffer.h	1.000 06/12/2002
+ * 
+ * A byte buffer class
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+#define max(a,b)    (((a) > (b)) ? (a) : (b))
+#define min(a,b)    (((a) < (b)) ? (a) : (b))
+
+typedef unsigned char Byte;
+
+class EXPORT_DECL ByteBuffer {
+public:
+	/**
+	 * Constructor
+	 */
+	ByteBuffer();
+
+	/**
+	 * Destructor
+	 */
+	virtual ~ByteBuffer();
+
+public:
+	/**
+	 * Reads a single byte from the buffer
+	 * 
+	 * @param	b	byte returned
+	 * @return	0 on success
+	 */
+	int GetByte(Byte* b);
+
+	/**
+	 * Reads a number of bytes as specified by size from the buffer
+	 * 
+	 * @param	size	bytes to read
+	 * @param	buf		bytes read
+	 * @return	0 on success
+	 */
+	int GetBytes(int size, Byte* buf);
+
+	/**
+	 * Reads a short value from the buffer
+	 * 
+	 * @param	s	a short value
+	 * @return	0 on success
+	 */
+	int GetShort(unsigned short* s);
+
+	/**
+	 * Reads a integer value from the buffer
+	 * 
+	 * @param	i	a integer value
+	 * @return	0 on success
+	 */
+	int GetInt(unsigned int* i);
+
+	/**
+	 * Reads a string of given length from the buffer
+	 * 
+	 * @param	len		length of the string
+	 * @param	str		string value
+	 * @return	0 on success
+	 */
+	int GetString(int len, char* str);
+
+	/**
+	 * Writes a single byte to the buffer
+	 * 
+	 * @param	b	byte to set
+	 * @return	0 on success
+	 */
+	int SetByte(Byte b);
+
+	/**
+	 * Writes a number of bytes as specified by size to the buffer
+	 * 
+	 * @param	size	number of bytes
+	 * @param	buf		bytes to write
+	 * @return	0 on success
+	 */
+	int SetBytes(int size, Byte* buf);
+
+	/**
+	 * Writes a short value to the buffer
+	 * 
+	 * @param	s	a short value
+	 * @return	0 on success
+	 */
+	int SetShort(unsigned short s);
+
+	/**
+	 * Writes an integer value to the buffer
+	 * 
+	 * @param	i	an integer value
+	 * @return	0 on success
+	 */
+	int SetInt(unsigned int i);
+
+	/**
+	 * Writes a string to the buffer
+	 * 
+	 * @param	str		a string to write
+	 * @return	0 on success
+	 */
+	int SetString(char* str);
+
+	/**
+	 * Gets the current position in the buffer
+	 * 
+	 * @param	pos		position in the buffer
+	 * @return	0 on success
+	 */
+	int GetPosition(unsigned long* pos);
+
+	/**
+	 * Sets the pointer to the position specified by pos in the buffer
+	 * 
+	 * @param	pos		position to be set in the buffer
+	 * @return	0 on success
+	 */
+	int SetPosition(unsigned long pos);
+
+	/**
+	 * Gets total number of bytes in the buffer
+	 * 
+	 * @param	total		total number of bytes
+	 * @return	0 on success
+	 */
+	int GetTotalBytes(unsigned long* total);
+
+    /**
+     * Dumps the buffer to the debug log
+     *
+     * @param logLevel Lowest debug level for which the log should be dumped
+     */
+	void Dump(int logLevel);
+
+private:
+	int SetTotalBytes(unsigned long size, unsigned long allocUnit);
+	int ValidateBuffer(unsigned long increment);
+
+private:
+	Byte* m_buffer;
+    Byte* m_bufferEnd;
+    Byte* m_bufPtr;
+    Byte* m_maxPtr;
+};
+
+#endif // __BYTE_BUFFER_H
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/CERTUtil.h b/pki/base/tps/src/include/httpClient/httpc/CERTUtil.h
new file mode 100644
index 000000000..1f26efbb8
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/CERTUtil.h
@@ -0,0 +1,65 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _CERT_UTIL_H
+#define _CERT_UTIL_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * NSS CERT utility functions
+ */
+class EXPORT_DECL CERTUtil {
+private:
+	/**
+	 * Constructor - can't be instantiated
+	 */
+	CERTUtil() {}
+
+	/**
+	 * Destructor
+	 */
+	~CERTUtil() {}
+
+public:
+	static CERTCertificate* FindCertificate(const char* nickname);
+	static SECItem* FindExtension(CERTCertificate* cert, const SECItem* oid);
+	static int GetAsInteger(SECItem* item);
+	static char* GetAsString(SECItem* item);
+	static bool IsCertExpired(CERTCertificate* cert);
+};
+
+#endif // _CERT_UTIL_H
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/Cache.h b/pki/base/tps/src/include/httpClient/httpc/Cache.h
new file mode 100644
index 000000000..bc68f04df
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/Cache.h
@@ -0,0 +1,226 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _CACHE_H_
+#define _CACHE_H_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/Iterator.h"
+
+/**
+ * Simple cache implementation
+ */
+
+/**
+ * Contains a cache entry and housekeeping info
+ */
+class CacheEntry {
+public:
+    /**
+     * Constructor
+     *
+     * @param key  Pointer to the key being cached
+     * @param data Pointer to the data being cached
+     */
+    CacheEntry( const char *key, void *data );
+	/**
+	 * Destructor
+	 */
+	virtual ~CacheEntry();
+
+    /**
+     * Returns a pointer to the cached key
+     *
+     * @return A pointer to the cached key
+     */
+    const char *GetKey();
+
+    /**
+     * Returns a pointer to the cached data
+     *
+     * @return A pointer to the cached data
+     */
+    void *GetData();
+    /**
+     * Returns the time when the entry was created
+     *
+     * @return The time when the entry was created
+     */
+	long GetStartTime();
+
+private:
+	char *m_key;
+    void *m_data;
+    time_t m_startTime;
+};
+
+/**
+ * Contains a generic cache; this is currently an abstract base class
+ */
+class Cache {
+protected:
+    /**
+     * Default constructor
+     */
+	Cache();
+
+public:
+    /**
+     * Constructor
+     *
+     * @param name of the cache
+     * @param ttl Time to live of each cache entry
+     * @param implicitLock true if the Cached is to do locking internally
+     * when required; false if the caller will take responsibility
+     */
+	Cache( const char *name, int ttl, bool implictLock = false );
+
+    /**
+     * Destructor
+     */
+	virtual ~Cache();
+
+    /**
+     * Returns the number of entries in the cache
+     *
+     * @return The number of entries in the cache
+     */
+    virtual int GetCount();
+
+    /**
+     * Acquires a read lock on the cache. Multiple threads may simultaneously
+     * have a read lock, but attempts to acquire a read lock will block
+     * if another thread already has a write lock. It is illegal to request
+     * a read lock if the thread already has one.
+     */
+    void ReadLock();
+
+    /**
+     * Acquires a write lock on the cache. Only one thread may have a write
+     * lock at any given time; attempts to acquire a write lock will block
+     * if another thread already has one. It is illegal to request
+     * a write lock if the thread already has one.
+     */
+    void WriteLock();
+
+    /**
+     * Releases a read or write lock that the thread has on the cache
+     */
+    void Unlock();
+
+protected:
+    /**
+     * Initializes the object - to be called from the constructor
+     *
+     * @param name of the cache
+     * @param ttl Time to live of each cache entry
+     * @param implicitLock true if the Cached is to do locking internally
+     * when required; false if the caller will take responsibility
+     */
+	void Initialize( const char *name, int ttl, bool implictLock );
+
+protected:
+	const char *m_name;
+	int m_ttl;
+	PLHashTable* m_cache;
+	PRRWLock* m_cacheLock;
+    bool m_implicitLock;
+};
+
+/**
+ * Contains a cache where the keys are strings
+ */
+class StringKeyCache : public Cache {
+public:
+    /**
+     * Constructor
+     *
+     * @param name of the cache
+     * @param ttl Time to live of each cache entry
+     * @param implicitLock true if the Cached is to do locking internally
+     * when required; false if the caller will take responsibility
+     */
+	StringKeyCache( const char *name, int ttl, bool implictLock = false );
+
+    /**
+     * Destructor
+     */
+	virtual ~StringKeyCache();
+
+    /**
+     * Returns a cache entry
+     *
+     * @param key The name of the cache entry
+     * @return The corresponding cache entry, or NULL if not found
+     */
+	CacheEntry *Get( const char *key );
+
+    /**
+     * Adds a cache entry
+     *
+     * @param key The name of the cache entry; an internal copy is made
+     * @param value The value of the cache entry
+     * @return The corresponding cache entry, or NULL if it couldn't be added
+     */
+	CacheEntry *Put( const char *key, void *value );
+
+    /**
+     * Removes a cache entry; does not free the entry object
+     *
+     * @param key The name of the cache entry
+     * @return The corresponding cache entry, or NULL if not found
+     */
+	CacheEntry *Remove( const char *key );
+
+    /**
+     * Allocates and returns a list of keys in the cache
+     *
+     * @param keys Returns an array of names; each name and also the
+     * array itself are to be freed by the caller with delete
+     * @return The number of keys found
+     */
+    int GetKeys( char ***keys );
+
+    /**
+     * Returns an iterator over keys in the cache
+     *
+     * @return An iterator over keys in the cache
+     */
+    Iterator *GetKeyIterator();
+
+};
+
+#endif // _CACHE_H_
diff --git a/pki/base/tps/src/include/httpClient/httpc/Connection.h b/pki/base/tps/src/include/httpClient/httpc/Connection.h
new file mode 100644
index 000000000..5619d0dff
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/Connection.h
@@ -0,0 +1,117 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __CONNECTION_H
+#define __CONNECTION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * Connection.h	1.000 06/12/2002
+ * 
+ * Base class for all connection types. A user should extend this class 
+ * and provide its protocol specific implementation
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+class EXPORT_DECL Connection {
+	friend class ServerConnection;
+public:
+	/**
+	 * Constructor
+	 */
+	Connection();
+
+	/**
+	 * Destructor
+	 */
+	virtual ~Connection();
+
+public:
+	/**
+	 * Initiates a connection to a specified host.
+	 *
+	 * @param	host	server host name
+	 * @param	port	server port
+	 * @return			0 on success, negative error code otherwise
+	 */
+	int Connect(const char* host, int port);
+
+	/**
+	 * Reads specified number of bytes from the connection. The connection 
+	 * is locked for the period it is being read.
+	 *
+	 * @param	buf		buffer to read into
+	 * @param	size	number of bytes to read
+	 * @param	timeout	timeout before the read terminates
+	 * @return			number of bytes actually read
+	 */
+	int Read(void* buf, int size, long timeout);
+
+	/**
+	 * Writes specified number of bytes to the connection.  The connection 
+	 * is locked for the period it is being written.
+	 *
+	 * @param	buf		buffer to write from
+	 * @param	size	number of bytes to write
+	 * @param	timeout	timeout before the write terminates
+	 * @return			number of bytes actually written
+	 */
+	int Write(void* buf, int size, long timeout);
+
+	/**
+	 * Gets the status of the connection
+	 *
+	 * @return true if closed, false otherwise
+	 */
+	bool IsClosed();
+
+	/**
+	 * Closes the connection
+	 */
+	void Close();
+
+protected:
+	Socket* m_socket;
+
+private:
+	PRLock* m_lock;
+	bool m_closed;
+};
+
+#endif // __CONNECTION_H
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/ConnectionListener.h b/pki/base/tps/src/include/httpClient/httpc/ConnectionListener.h
new file mode 100644
index 000000000..0b55900b3
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/ConnectionListener.h
@@ -0,0 +1,58 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __CONNECTION_LISTENER_H
+#define __CONNECTION_LISTENER_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * ConnectionListener.h	1.000 06/12/2002
+ * 
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+class EXPORT_DECL ConnectionListener {
+public:
+	virtual int OnConnectionReceived(Connection*) = 0;
+	virtual int OnDataAvailable(Connection*) = 0;
+	virtual int OnConnectionClosed(Connection*) = 0;
+	virtual int OnConnectionError(Connection*, int, const char*) = 0;
+};
+
+#endif // __CONNECTION_LISTENER_H
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/DebugLogger.h b/pki/base/tps/src/include/httpClient/httpc/DebugLogger.h
new file mode 100644
index 000000000..37c7971c0
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/DebugLogger.h
@@ -0,0 +1,185 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __DEBUG_LOGGER_H__
+#define __DEBUG_LOGGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+struct PLHashTable;
+
+/**
+ * The DebugLogger class writes debug log entries conditionally. A single
+ * instance can be shared among modules or different modules can have
+ * their own instances. In either case, the log level can be changed
+ * globally across all instances with a single function call. All instances
+ * write through a singleton to ensure coordination in writing to a single
+ * file.
+ */
+class EXPORT_DECL DebugLogger {
+public:
+private:
+	DebugLogger( const char *moduleName );
+	virtual ~DebugLogger();
+
+public:
+/**
+ * Gets a logger object for a particular module. Provide a module name
+ * if there will be more than one logger object in use, with each module
+ * having its own instance. Pass NULL if a single logger object will be
+ * shared throughout the application.
+ *
+ * @param moduleName Name of a module
+ * @return A logger instance
+ */
+static DebugLogger *GetDebugLogger( const char *moduleName = NULL );
+
+/**
+ * Sets global default values for loggers; the values are assigned to
+ * DebugLogger objects created after this call returns
+ *
+ * @param configParams A table of key-value pairs to assign configuration
+ * parameters
+ */
+static void SetDefaults( PLHashTable *configParams );
+
+/**
+ * Sets the log level for this object
+ *
+ * @param logLevel Log level setting for the module
+ */
+void SetLogLevel( int logLevel );
+
+/**
+ * Gets the log level for this object
+ *
+ * @return logLevel Log level setting for the object
+ */
+int GetLogLevel();
+
+/**
+ * Sets the log level for a particular module or all modules
+ * in all debug logger objects
+ *
+ * @param logLevel Log level setting for the module
+ * @param moduleName Name of the module (does not need to be known before
+ * this call); if NULL, the level is applied to all modules
+ */
+static void SetGlobalLogLevel( int logLevel,
+                               const char *moduleName = NULL );
+
+/**
+ * Gets the log level for a particular module
+ *
+ * @param moduleName Name of the module
+ * @return logLevel Log level setting for the module
+ */
+static int GetLogLevel( const char *moduleName );
+
+/**
+ * Writes a debug log entry if logLevel is equal to or higher than the
+ * logLevel setting of the object
+ *
+ * @param logLevel One of the log levels defined above
+ * @param className The name of the class recording the log entry
+ * @param methodName The name of the method that is calling this log method
+ * @param fmt A sprintf format string for the remaining arguments
+ * @param ... A varargs list of things to log
+ * @return 0 on success
+ */
+int Log( int logLevel,
+         const char *className,
+         const char *methodName,
+         const char *fmt, ... );
+
+/**
+ * Writes a trace entry if the logLevel setting of the object is FINER or FINEST
+ *
+ * @param className The name of the class recording the log entry
+ * @param methodName The name of the method that is calling this log method
+ * @param args An optional descriptive string
+ * @return 0 on success
+ */
+int Entering( const char *className,
+              const char *methodName,
+              const char *args = NULL );
+
+/**
+ * Writes a trace entry if the logLevel setting of the object is FINER or FINEST
+ *
+ * @param className The name of the class recording the log entry
+ * @param methodName The name of the method that is calling this log method
+ * @param args An optional descriptive string
+ * @return 0 on success
+ */
+int Exiting( const char *className,
+             const char *methodName,
+             const char *args = NULL );
+/**
+ * Shut down, flushing any buffers and releasing resources
+ */
+void Close();
+
+/**
+ * Shut down, flushing any buffers and releasing resources
+ */
+static void CloseAll();
+
+protected:
+/**
+ * Sets the log level for a particular module
+ *
+ * @param logLevel Log level setting for the module
+ * @param moduleName Name of the module (does not need to be known before
+ * this call)
+ */
+static void SetOneLogLevel( int logLevel,
+                            const char *moduleName );
+
+private:
+/**
+ * Initializes the object with parameters from the Config Manager
+ *
+ * @param configName The name of the configuration entry to use
+ * @return 0 on success
+ */
+static int Initialize( const char *configName );
+
+private:
+    int m_level;
+    char *m_module;
+};
+
+#endif // __DEBUG_LOGGER_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/Defines.h b/pki/base/tps/src/include/httpClient/httpc/Defines.h
new file mode 100644
index 000000000..90af8e3d0
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/Defines.h
@@ -0,0 +1,219 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __DEFINES_H__
+#define __DEFINES_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * Defines.h	1.000 04/30/2002
+ * 
+ * This file contains global constants for the Presence Server
+ *
+ * @author  Rob Weltman
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+
+// ??? SSR till we have server logging functionality
+#ifdef _DEBUG
+#define PS_LOG_LEVEL PS_LOG_LEVEL_DEBUG
+#else
+#define PS_LOG_LEVEL PS_LOG_LEVEL_WARN
+#endif
+
+#define PS_SERVER_CONFIG_FILE		"psserver.conf"
+
+// Configuration file for WASP SOAP server
+#define SOAP_CONFIG_FILE            "config.xml"
+
+#define CLIENT_DESCRIPTION          "Netscape Presence Server"
+#define SERVER_VERSION              "1.0"
+
+// Key to SoapAction field in WASP call context
+#define HEADER_FIELD_SOAPACTION     "SOAP_ACTION"
+// Key to status field in WASP call context
+#define HEADER_STATUS               "HEADER_STATUS"
+
+// Keys to client parameters passed through the call context
+
+#define SERVER_URL                  "SERVER_URL"
+#define CERTIFICATE_DIRECTORY       "CERTIFICATE_DIRECTORY"
+#define CERTIFICATE_NICKNAME        "CERTIFICATE_NICKNAME"
+#define DO_SERVER_CERT_VALIDATION   "DO_SERVER_CERT_VALIDATION"
+#define CERTIFICATE_PASSWORD        "CERTIFICATE_PASSWORD"
+
+#define STRING_ON_LINE	 "ONLINE"
+#define STRING_OFF_LINE	 "OFFLINE"
+
+#define BATCH_RESULT_SIZE				1000
+#define MAX_ATTR_SIZE					   5
+
+#define NAME_BUFFER_LENGTH				256
+#define ATTR_BUFFER_LENGTH				256
+
+// Static strings for the attributes we support
+#define BUDDY_ATTRIBUTE_ON_LINE_STATUS	"onlinestatus"
+#define BUDDY_ATTRIBUTE_IDLE_TIME		"idletime"
+#define BUDDY_ATTRIBUTE_ON_LINE_SINCE	"onlinesince"
+#define BUDDY_ATTRIBUTE_AWAY_MESSAGE	"awaymessage"
+#define BUDDY_ATTRIBUTE_PROFILE			"profile"
+#define BUDDY_ATTRIBUTE_CONNECTION_TYPE	"connectiontype"
+#define BUDDY_ATTRIBUTE_CAPABILITIES	"capabilities"
+
+#define PS_LOG_LEVEL_DEBUG			0
+#define PS_LOG_LEVEL_WARN			1
+#define PS_LOG_LEVEL_ERROR			2
+
+
+// Presence Server config parameters in the bootstrap configuration file
+// psserver.conf
+#define INSTANCE_ID		"instanceid"
+#define HOST_ID			"hostid"
+#define DOMAIN_NAME		"domainname"
+#define SERVER_HOST		"serverhost"
+#define SERVER_PORT		"serverport"
+#define BINDDN			"binddn"
+#define BINDPASSWORD	"bindpassword"
+
+// dn, cn constants
+#define PS_ATTRIBUTE_DN				"dn"
+#define PS_ATTRIBUTE_CN				"cn"
+
+// nsPlugin class required attributes
+#define PLUGIN_DN			"dn"
+#define PLUGIN_CN			"cn"
+#define PLUGIN_ID			"nspluginid"
+#define PLUGIN_PATH			"nspluginpath"
+#define PLUGIN_INIT_FUNC	"nsplugininitfunc"
+#define PLUGIN_ENABLED		"nspluginenabled"
+#define PLUGIN_VERSION		"nspluginversion"
+#define PLUGIN_DESC			"nsplugindescription"
+
+// Operations when updating server
+#define PS_OPERATION_ADD		1
+#define PS_OPERATION_DELETE		2
+#define PS_OPERATION_REPLACE	4
+
+// Names of LDAP attributes for the LDAP data source
+#define LDAP_SOURCE_DN						"dn"
+#define LDAP_SOURCE_CN						"cn"
+#define LDAP_SOURCE_GROUP_NAME				"nspsgroupname"
+#define LDAP_SOURCE_SERVER_ADDRESS			"nsserveraddress"
+#define LDAP_SOURCE_SERVER_PORT				"nsserverport"
+#define LDAP_SOURCE_BIND_DN					"nsbinddn"
+#define LDAP_SOURCE_BIND_PASSWORD			"nsbindpassword"
+#define LDAP_SOURCE_BASE_DN					"nsbasedn"
+#define LDAP_SOURCE_SEARCH_FILTER			"nssearchfilter"
+#define LDAP_SOURCE_SEARCH_SCOPE			"nssearchscope"
+#define LDAP_SOURCE_IM_ID					"nsimattributetype"
+#define LDAP_SOURCE_SEARCHABLE_ATTRIBUTES	"nssearchableattributes"
+#define LDAP_SOURCE_ENABLE_SSL				"nsenablessl"
+
+
+// Configuration attribute name for max results to return
+#define SEARCH_MAX_RESULTS    "nsmaxresults"
+
+// Max results to return if SEARCH_MAX_RESULTS is not defined
+#define DEFAULT_MAX_RESULTS   1000
+
+// Names of configuration clusters
+#define CONFIG_BASE                         "ConfigBase"
+#define CONFIG_AUTHORIZE                    "ConfigAuthorize"
+#define CONFIG_ACCESS_LOG                   "ConfigAccessLog"
+#define CONFIG_ERROR_LOG                    "ConfigErrorLog"
+#define CONFIG_DEBUG_LOG                    "ConfigDebugLog"
+#define CONFIG_SERVER_LOCAL					"ConfigServerLocal"
+
+// Configuration attributes for loggers
+#define LOG_ACCESS_DIR                      "nslogdir"
+#define LOG_ERROR_DIR                       "nslogdir"
+#define LOG_DEBUG_DIR                       "nslogdir"
+#define LOG_ACCESS_BUFFER_SIZE              "nslogbuffersize"
+#define LOG_ACCESS_BUFFER_TIME              "nslogbuffertime"
+#define LOG_ACCESS_ROTATION_TIME            "nslogrotationtime"
+#define LOG_ACCESS_ROTATION_SIZE            "nslogrotationsize"
+#define LOG_ACCESS_MAX_LOGS                 "nslogmaxlogs"
+#define LOG_ERROR_ROTATION_TIME             "nslogrotationtime"
+#define LOG_ERROR_ROTATION_SIZE             "nslogrotationsize"
+#define LOG_ERROR_MAX_LOGS                  "nslogmaxlogs"
+#define LOG_DEBUG_LEVEL                     "nsloglevel"
+#define LOG_DEBUG_FORMAT                    "nslogformat"
+
+// Static constants for logging
+#define LOG_ACCESS_FILENAME                 "access"
+#define LOG_ERROR_FILENAME                  "error"
+#define LOG_DEBUG_FILENAME                  "debug"
+
+// Log level definitions
+
+typedef enum {
+	LOGLEVEL_OFF = 0,
+	LOGLEVEL_SEVERE = 1,
+	LOGLEVEL_WARNING = 2,
+	LOGLEVEL_INFO = 3,
+	LOGLEVEL_CONFIG = 4,
+	LOGLEVEL_FINE = 5,
+	LOGLEVEL_FINER = 6,
+	LOGLEVEL_FINEST = 7,
+	LOGLEVEL_ALL = 100
+} LogLevel;
+
+// Config params
+#define CONFIG_DEFAULT_BUFFER_LEN	2048
+#define BASE_CONFIG_DN              "cn=Netscape Presence Server,cn=Server Group,cn=%s,ou=%s,o=NetscapeRoot"
+
+// COOL Service params
+#define COOL_SERVICE_SERVER_HOST			"CoolServerHost"
+#define COOL_SERVICE_SERVER_PORT			"CoolServerPort"
+#define COOL_SERVICE_LOGIN_NAME				"CoolLoginName"
+#define COOL_SERVICE_LOGIN_PSWD				"CoolLoginPswd"
+
+#define COOL_DEFAULT_SERVER_HOST			"coolkey.fedora.redhat.com"
+#define COOL_DEFAULT_SERVER_PORT			"5190"
+
+// Key to service ID in global config
+#define SERVICE_TYPE                        "service_type"
+
+#define MODULE_IM_SERVICE					"ModuleIMService"
+#define MODULE_DATA_SOURCE					"ModuleDataSource"
+
+#define PROVIDER_BATCH_SIZE_ATTR			"nsbatchsize"
+#define PROVIDER_UPDATE_INTERVAL_ATTR		"nsupdateinterval"
+
+#define THREAD_POOL_TASK_NAME				"ThreadPoolTask"
+
+#endif // __DEFINES_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/ErrorLogger.h b/pki/base/tps/src/include/httpClient/httpc/ErrorLogger.h
new file mode 100644
index 000000000..df2617b06
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/ErrorLogger.h
@@ -0,0 +1,93 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __ERROR_LOGGER_H__
+#define __ERROR_LOGGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/Logger.h"
+
+/**
+ * A singleton class for writing to an error log
+ */
+class EXPORT_DECL ErrorLogger : public Logger {
+private:
+	ErrorLogger();
+	virtual ~ErrorLogger();
+
+public:
+    /**
+     * Gets a logger object with parameters obtained from the
+     * configuration manager
+     */
+    static ErrorLogger *GetErrorLogger();
+
+    /**
+     * Writes an error log entry
+     *
+     * @param level SEVERE, WARNING, or INFO
+     * @param errorCode An error code
+     * @param fmt A message to be written to the log
+     * @return 0 on success
+     */
+    int Log( int level,
+             int errorCode,
+             const char *fmt,
+             ... );
+
+    /**
+     * Initializes the object with parameters from the Config Manager
+     *
+     * @param configName The name of the configuration entry to use
+     * @return 0 on success
+     */
+    int Initialize( const char *configName );
+
+protected:
+    /**
+     * Writes the fixed argument part of an error log entry
+     *
+     * @param fp File pointer to write to
+     * @param level SEVERE, WARNING, or INFO
+     * @param errorCode An error code
+     * @return 0 on success
+     */
+    int LogProlog( FILE *fp,
+                   int level,
+                   int errorCode );
+};
+
+#endif // __ERROR_LOGGER_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/Iterator.h b/pki/base/tps/src/include/httpClient/httpc/Iterator.h
new file mode 100644
index 000000000..9b15a93e2
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/Iterator.h
@@ -0,0 +1,62 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _ITERATOR_H_
+#define _ITERATOR_H_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * Base class for iterators
+ */
+
+class EXPORT_DECL Iterator {
+public:
+    /**
+     * Returns true if there is at least one more element
+     *
+     * @return true if there is at least one more element
+     */
+    virtual bool HasMore() = 0;
+
+   /**
+     * Returns the next element, if any
+     *
+     * @return The next element, if any, or NULL
+     */
+    virtual void *Next() = 0;
+};
+
+#endif // _ITERATOR_H_
diff --git a/pki/base/tps/src/include/httpClient/httpc/LogRotationTask.h b/pki/base/tps/src/include/httpClient/httpc/LogRotationTask.h
new file mode 100644
index 000000000..eed098b6b
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/LogRotationTask.h
@@ -0,0 +1,132 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __LOG_ROTATION_TASK_H__
+#define __LOG_ROTATION_TASK_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/ScheduledTask.h"
+
+/**
+ * Log rotation task in Presence Server
+ */
+
+class EXPORT_DECL LogRotationTask: public ScheduledTask {
+public:
+    /**
+     * Constructor - creates an initialized task for log rotation
+     *
+     * @param name Name of task
+     * @param fileName Name of file to rotate
+     * @param startTime Time when the file is to be rotated
+     * @param maxLogs Max logs to keep
+     * @param interval Time between rotations
+     * @param fp File pointer for log file
+     * @param lock Lock for writing to log file
+     */
+    LogRotationTask( const char *name,
+                     const char *fileName,
+                     time_t startTime,
+                     int maxLogs,
+                     int interval,
+                     FILE **fp,
+                     PRLock *lock );
+    /**
+     * Destructor
+     */
+    virtual ~LogRotationTask();
+    /**
+     * Returns a copy of the task
+     *
+     * @return A copy of the task
+     */
+    virtual ScheduledTask *Clone();
+    /**
+     * Executes the task
+     *
+     * @return 0 on successfully starting the task
+     */
+    virtual int Start();
+
+protected:
+    /**
+     * Composes a file name from a base name and a time value
+     *
+     * @param filename The base file name (may be a path)
+     * @param ltime The time value
+     * @param outbuf Returns the composed file name
+     * @return 0 on success
+     */
+    int CreateFilename( const char *filename,
+                        time_t ltime,
+                        char *outbuf );
+    /**
+     * Extracts the folder and base name components of a file path
+     *
+     * @param fileName The full file path to examine
+     * @param dirName A buffer in which to place the folder found
+     * @param baseName A buffer in which to place the base name found
+     */
+    static void GetPathComponents( const char *fileName,
+                                   char *dirName,
+                                   char *baseName );
+
+    /**
+     * Counts the number of files with the same initial path as fileName
+     * (the same folder and the same base pattern)
+     *
+     * @param fileName The file name to compare (including a folder)
+     * @return The number of matching files
+     */
+    static int CountFiles( const char *fileName );
+
+    /**
+     * Purges (deletes) files with the same initial path as fileName
+     * (the same folder and the same base pattern)
+     *
+     * @param fileName The file name to compare (including a folder)
+     * @param maxLogs The number of files to purge to
+     * @return The number of files purged
+     */
+    static int PurgeLogs( const char *fileName, int maxLogs );
+
+    char *m_fileName;
+    int m_maxLogs;
+    FILE **m_fp;
+	PRLock *m_lock;
+};
+
+#endif // __LOG_ROTATION_TASK_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/Logger.h b/pki/base/tps/src/include/httpClient/httpc/Logger.h
new file mode 100644
index 000000000..b41d5dfbf
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/Logger.h
@@ -0,0 +1,117 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __LOGGER_H__
+#define __LOGGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <time.h>
+
+struct PRLock;
+class LogRotationTask;
+
+/**
+ * A base class for writing to a log
+ */
+class EXPORT_DECL Logger {
+
+protected:
+    /**
+     * Constructor
+     */
+	Logger();
+
+    /**
+     * Destructor
+     */
+	virtual ~Logger();
+
+    /**
+     * Parses a time string in HH:MM format into a time_t for the next
+     * occurrence of the time
+     *
+     * @param timeString A time string in HH:MM format
+     * @return A time_t for the next occurrence of the time, or -1 if the
+     * string is not in a valid format
+     */
+    time_t ParseTime( const char *timeString );
+
+    /**
+     * Creates a time-of-day rotation task
+     *
+     * @param taskName Name of task
+     * @param filename Name of log file
+     * @param rotationTime Time of day to rotate at
+     * @return Rotation task on success
+     */
+    LogRotationTask *CreateRotationTask( const char *taskName,
+                                         const char *filename,
+                                         const char *rotationTime );
+
+public:
+
+    /**
+     * Shut down, flushing any buffers and releasing resources
+     */
+    void Close();
+    /**
+     * Gets the local time of day
+     *
+     * @param now The current local time of day
+     */
+    static void GetLocalTime( struct tm *now );
+
+protected:
+	int m_rotationSize;
+	time_t m_rotationTime;
+	int m_maxLogs;
+	char *m_dir;
+	FILE *m_fp;
+    /**
+     * Lock for writing to the file
+     */
+    PRLock *m_fileLock;
+    /**
+     * Task that rotates a log file
+     */
+    LogRotationTask *m_rotator;
+    /**
+     * True if object has been successfully initialized
+     */
+    bool m_initialized;
+};
+
+#endif // __LOGGER_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/NSPRerrs.h b/pki/base/tps/src/include/httpClient/httpc/NSPRerrs.h
new file mode 100644
index 000000000..2e131fd7a
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/NSPRerrs.h
@@ -0,0 +1,160 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * END COPYRIGHT BLOCK **/
+
+/* Originally obtained from:
+ * 
+ *     CVSROOT=:pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
+ *     cvs export -r NSS_3_11_3_RTM -N mozilla/security/nss/cmd/lib/NSPRerrs.h
+ */
+
+/* General NSPR 2.0 errors */
+/* Caller must #include "prerror.h" */
+
+ER2( PR_OUT_OF_MEMORY_ERROR, 	"Memory allocation attempt failed." )
+ER2( PR_BAD_DESCRIPTOR_ERROR, 	"Invalid file descriptor." )
+ER2( PR_WOULD_BLOCK_ERROR, 	"The operation would have blocked." )
+ER2( PR_ACCESS_FAULT_ERROR, 	"Invalid memory address argument." )
+ER2( PR_INVALID_METHOD_ERROR, 	"Invalid function for file type." )
+ER2( PR_ILLEGAL_ACCESS_ERROR, 	"Invalid memory address argument." )
+ER2( PR_UNKNOWN_ERROR, 		"Some unknown error has occurred." )
+ER2( PR_PENDING_INTERRUPT_ERROR,"Operation interrupted by another thread." )
+ER2( PR_NOT_IMPLEMENTED_ERROR, 	"function not implemented." )
+ER2( PR_IO_ERROR, 		"I/O function error." )
+ER2( PR_IO_TIMEOUT_ERROR, 	"I/O operation timed out." )
+ER2( PR_IO_PENDING_ERROR, 	"I/O operation on busy file descriptor." )
+ER2( PR_DIRECTORY_OPEN_ERROR, 	"The directory could not be opened." )
+ER2( PR_INVALID_ARGUMENT_ERROR, "Invalid function argument." )
+ER2( PR_ADDRESS_NOT_AVAILABLE_ERROR, "Network address not available (in use?)." )
+ER2( PR_ADDRESS_NOT_SUPPORTED_ERROR, "Network address type not supported." )
+ER2( PR_IS_CONNECTED_ERROR, 	"Already connected." )
+ER2( PR_BAD_ADDRESS_ERROR, 	"Network address is invalid." )
+ER2( PR_ADDRESS_IN_USE_ERROR, 	"Local Network address is in use." )
+ER2( PR_CONNECT_REFUSED_ERROR, 	"Connection refused by peer." )
+ER2( PR_NETWORK_UNREACHABLE_ERROR, "Network address is presently unreachable." )
+ER2( PR_CONNECT_TIMEOUT_ERROR, 	"Connection attempt timed out." )
+ER2( PR_NOT_CONNECTED_ERROR, 	"Network file descriptor is not connected." )
+ER2( PR_LOAD_LIBRARY_ERROR, 	"Failure to load dynamic library." )
+ER2( PR_UNLOAD_LIBRARY_ERROR, 	"Failure to unload dynamic library." )
+ER2( PR_FIND_SYMBOL_ERROR, 	
+"Symbol not found in any of the loaded dynamic libraries." )
+ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." )
+ER2( PR_DIRECTORY_LOOKUP_ERROR, 	
+"A directory lookup on a network address has failed." )
+ER2( PR_TPD_RANGE_ERROR, 		
+"Attempt to access a TPD key that is out of range." )
+ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." )
+ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." )
+ER2( PR_NOT_SOCKET_ERROR, 	
+"Network operation attempted on non-network file descriptor." )
+ER2( PR_NOT_TCP_SOCKET_ERROR, 	
+"TCP-specific function attempted on a non-TCP file descriptor." )
+ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." )
+ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." )
+ER2( PR_OPERATION_NOT_SUPPORTED_ERROR, 
+"The requested operation is not supported by the platform." )
+ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR, 
+"The host operating system does not support the protocol requested." )
+ER2( PR_REMOTE_FILE_ERROR, 	"Access to the remote file has been severed." )
+ER2( PR_BUFFER_OVERFLOW_ERROR, 	
+"The value requested is too large to be stored in the data buffer provided." )
+ER2( PR_CONNECT_RESET_ERROR, 	"TCP connection reset by peer." )
+ER2( PR_RANGE_ERROR, 		"Unused." )
+ER2( PR_DEADLOCK_ERROR, 	"The operation would have deadlocked." )
+ER2( PR_FILE_IS_LOCKED_ERROR, 	"The file is already locked." )
+ER2( PR_FILE_TOO_BIG_ERROR, 	
+"Write would result in file larger than the system allows." )
+ER2( PR_NO_DEVICE_SPACE_ERROR, 	"The device for storing the file is full." )
+ER2( PR_PIPE_ERROR, 		"Unused." )
+ER2( PR_NO_SEEK_DEVICE_ERROR, 	"Unused." )
+ER2( PR_IS_DIRECTORY_ERROR, 	
+"Cannot perform a normal file operation on a directory." )
+ER2( PR_LOOP_ERROR, 		"Symbolic link loop." )
+ER2( PR_NAME_TOO_LONG_ERROR, 	"File name is too long." )
+ER2( PR_FILE_NOT_FOUND_ERROR, 	"File not found." )
+ER2( PR_NOT_DIRECTORY_ERROR, 	
+"Cannot perform directory operation on a normal file." )
+ER2( PR_READ_ONLY_FILESYSTEM_ERROR, 
+"Cannot write to a read-only file system." )
+ER2( PR_DIRECTORY_NOT_EMPTY_ERROR, 
+"Cannot delete a directory that is not empty." )
+ER2( PR_FILESYSTEM_MOUNTED_ERROR, 
+"Cannot delete or rename a file object while the file system is busy." )
+ER2( PR_NOT_SAME_DEVICE_ERROR, 	
+"Cannot rename a file to a file system on another device." )
+ER2( PR_DIRECTORY_CORRUPTED_ERROR, 
+"The directory object in the file system is corrupted." )
+ER2( PR_FILE_EXISTS_ERROR, 	
+"Cannot create or rename a filename that already exists." )
+ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR, 
+"Directory is full.  No additional filenames may be added." )
+ER2( PR_INVALID_DEVICE_STATE_ERROR, 
+"The required device was in an invalid state." )
+ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." )
+ER2( PR_NO_MORE_FILES_ERROR, 	"No more entries in the directory." )
+ER2( PR_END_OF_FILE_ERROR, 	"Encountered end of file." )
+ER2( PR_FILE_SEEK_ERROR, 	"Seek error." )
+ER2( PR_FILE_IS_BUSY_ERROR, 	"The file is busy." )
+ER2( PR_IN_PROGRESS_ERROR,
+"Operation is still in progress (probably a non-blocking connect)." )
+ER2( PR_ALREADY_INITIATED_ERROR,
+"Operation has already been initiated (probably a non-blocking connect)." )
+
+#ifdef PR_GROUP_EMPTY_ERROR
+ER2( PR_GROUP_EMPTY_ERROR, 	"The wait group is empty." )
+#endif
+
+#ifdef PR_INVALID_STATE_ERROR
+ER2( PR_INVALID_STATE_ERROR, 	"Object state improper for request." )
+#endif
+
+#ifdef PR_NETWORK_DOWN_ERROR
+ER2( PR_NETWORK_DOWN_ERROR,	"Network is down." )
+#endif
+
+#ifdef PR_SOCKET_SHUTDOWN_ERROR
+ER2( PR_SOCKET_SHUTDOWN_ERROR,	"The socket was previously shut down." )
+#endif
+
+#ifdef PR_CONNECT_ABORTED_ERROR
+ER2( PR_CONNECT_ABORTED_ERROR,	"TCP Connection aborted." )
+#endif
+
+#ifdef PR_HOST_UNREACHABLE_ERROR
+ER2( PR_HOST_UNREACHABLE_ERROR,	"Host is unreachable." )
+#endif
+
+/* always last */
+ER2( PR_MAX_ERROR, 		"Placeholder for the end of the list" )
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSBuddy.h b/pki/base/tps/src/include/httpClient/httpc/PSBuddy.h
new file mode 100644
index 000000000..4d84b8727
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSBuddy.h
@@ -0,0 +1,89 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_BUDDY_H__
+#define __PS_BUDDY_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSBuddy.h	1.000 05/15/2002
+ * 
+ * Interface to store buddy online status attributes
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/15/2002
+ */
+class EXPORT_DECL PSBuddy {
+public:
+	PSBuddy() { };
+	virtual ~PSBuddy() { };
+	/**
+	 * Gets the buddy name 
+	 *
+	 * @return name of the buddy
+	 */
+	virtual const char* GetName() = 0;
+
+	/**
+	 * Gets online status of the buddy
+	 *
+	 * @return true if online, false otherwise
+	 */
+	virtual bool IsOnline() = 0;
+
+	/**
+	 * Gets the value of the specified online status attribute
+	 *
+	 * @param	attribute type
+	 * @param	attribute value upon success
+	 * @return 0 on Success, error code otherwise
+	 */
+	virtual int GetStatus(const char*, char**) = 0;
+
+	/**
+	 * Returns a copy of the buddy
+	 *
+	 * @return A copy of the buddy
+	 */
+	virtual PSBuddy* Clone() = 0;
+};
+
+#endif // __PS_BUDDY_H__
+
+
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSBuddyCache.h b/pki/base/tps/src/include/httpClient/httpc/PSBuddyCache.h
new file mode 100644
index 000000000..3c880074b
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSBuddyCache.h
@@ -0,0 +1,123 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_BUDDY_CACHE_H__
+#define __PS_BUDDY_CACHE_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSBuddyCache.h	1.000 04/30/2002
+ * 
+ * Cache of PSBuddy objects containing online status
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class PSBuddyCache
+{
+public:
+
+	/**
+	 * Constructor - initializes the internal cache
+	 */
+	PSBuddyCache();
+
+	/**
+	 * Destructor
+	 */
+	virtual ~PSBuddyCache();
+
+	/**
+	 * Adds a buddy to the cache. The old entry, if exists, is deleted
+	 * from the cache
+	 *
+	 * @param	name	name of the new buddy
+	 * @param	buddy	object containing onlinestatus attributes
+	 * @return	0 on success
+	 */
+	int AddBuddy(const char* name, PSBuddy* buddy);
+
+	/**
+	 * Removes a buddy from the cache
+	 *
+	 * @param	name	name of the buddy to be removed
+	 * @return	0 on success
+	 */
+	int RemoveBuddy(const char* name);
+
+	/**
+	 * Gets the buddy object
+	 *
+	 * @param	name	name of the new buddy
+	 * @return	object containing onlinestatus attributes, NULL if not found
+	 */
+	PSBuddy* GetBuddy(const char* name);
+
+	/**
+	 * Gets count of buddies in the cache
+	 *
+	 * @return	count of buddies
+	 */
+	int GetBuddyCount();
+
+	/**
+	 * Gets all the screen names  
+	 *
+	 * @param	names	On return, contains array of screen names
+	 * @return	number of screen names
+	 */
+	int GetAllBuddies(char*** names);
+
+	/**
+	 * Acquires a read lock on the cache. Multiple threads may simultaneously
+	 * have a read lock, but attempts to acquire a read lock will block
+	 * if another thread already has a write lock. It is illegal to request
+	 * a read lock if the thread already has one.
+	 */
+	void ReadLock();
+
+	/**
+	 * Releases a read lock that the thread has on the cache
+	 */
+	void Unlock();
+
+private:
+	StringKeyCache* m_buddies;
+};
+
+#endif // __PS_BUDDY_CACHE_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSBuddyList.h b/pki/base/tps/src/include/httpClient/httpc/PSBuddyList.h
new file mode 100644
index 000000000..49155a8a5
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSBuddyList.h
@@ -0,0 +1,373 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_BUDDY_LIST_H__
+#define __PS_BUDDY_LIST_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSBuddyList.h	1.000 05/21/2002
+ * 
+ * This class maintains users information which are set for 
+ * online status tracking. The online status of users are updated 
+ * through a PSBuddyListener interface implemented by this class. 
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/21/2002
+ */
+class PSBuddyList : 
+    public PSBuddyListener
+{
+private:
+
+	/**
+	 * Constructor
+	 */
+	PSBuddyList();
+
+	/**
+	 * Destructor
+	 */
+	virtual ~PSBuddyList();
+
+public:
+
+	/**
+	 * Gets an instance of the class
+	 */
+	static PSBuddyList* GetBuddyList();
+
+	public:
+
+	/**
+	 * Save the users maintain by an instance of presence server 
+	 * to a local file in the BLT format
+	 *
+	 * @return 0 on succcess, negative error code otherwise
+	 */
+	int SaveBuddyList();
+
+	/**
+	 * Loads the users into an instance of presence server 
+	 * from a local file
+	 *
+	 * @return 0 on succcess, negative error code otherwise
+	 */
+	int LoadBuddyList();
+
+	/**
+	 * Sets a service provider. We currently support only one service
+	 * provider in a presence server instance.
+	 *
+	 * @return 0 on succcess, negative error code otherwise
+	 */
+	int RegisterService(PSBuddyService* service);
+
+	/** 
+	 * Gets the online status of a user along with the 
+	 * requested additional attributes
+	 * 
+	 * @param     group       group name to which the user belongs 
+	 * @param     name        the screen name of the user to query status for 
+	 * @param     nAttributes number of attributes 
+	 * @param     attributes  the names of the attributes of the user to return 
+	 * @param     user        upon return, filled with user attributes 
+	 * @return                0 on success, a negative error code on failure 
+	 */ 
+	int GetUserStatus( const char* group, 
+					   const char* name, 
+					   int nAttributes, 
+					   char** attributes, 
+					   PSUser** user );
+
+	/** 
+	 * Gets the online status of multiple users along with the requested
+	 * additional attributes
+	 * 
+	 * @param     group       group name to which the user belongs 
+	 * @param     nUsers      the number of screen names to status query for
+	 * @param     names       the screen names of the users to query status for 
+	 * @param     nAttributes number of attributes 
+	 * @param     attributes  the names of the attributes of the user to return 
+	 * @param     user        upon return, filled with user attributes 
+	 * @return                0 on success, a negative error code on failure 
+	 */ 
+	int GetMultipleUserStatus( const char* group,
+							   int nUsers,
+							   char** names,
+							   int nAttributes,
+							   char** attributes,
+							   PSUser*** users );
+
+	/** 
+	 * Gets the screen names and attributes of users that match 
+	 * certain search criteria
+	 * 
+	 * @param     group       group name to query from 
+	 * @param     filter      an LDAP-like search expression on 
+	 *						  presence status attributes 
+	 * @param     nAttrbiutes number of attributes 
+	 * @param     attributes  the names of the attributes of the user to return 
+	 * @param     user        upon return, an array of users with 
+	 *						  requested attributes 
+	 * @return                number of users returned, or a negative error code 
+	 */ 
+	int GetUsersByFilter( const char* group, 
+						  const char* filter, 
+						  int nAttributes, 
+						  char** attributes, 
+						  PSUser*** users );
+
+	/** 
+	 * Gets the screen names and attributes of users that match certain search
+	 * criteria and sorts the results (currently only by entryId)
+	 * 
+	 * @param     group       group name to query from 
+	 * @param     filter      an LDAP-like search expression on presence status
+	 *                        attributes 
+	 * @param     sortKey     name of attribute to sort on
+	 * @param     sortKeyType 1 for numeric, 2 for string
+	 * @param     nAttributes number of attributes 
+	 * @param     attributes  the names of the attributes of the user to return 
+	 * @param     user        upon return, an array of users with requested
+	 *                        attributes 
+	 * @return                number of users returned, or a negative error code 
+	 */ 
+	int GetSortedUsersByFilter(	const char* group, 
+								const char* filter, 
+								const char *sortKey, 
+								int sortKeyType, 
+								int nAttributes, 
+								char** attributes, 
+								PSUser*** users	);
+
+	/** 
+	 * Gets the number of users who are online or offline in a group
+	 * 
+	 * @param group Name of group to query; NULL or empty for all groups
+	 * @param bOnline true to return the count of online users, false for offline
+	 * @return Number of users, or a negative error code on failure 
+	 *
+	 * Error Code(s):
+	 * PS_UNKOWN_GROUP 
+	 */ 
+	int GetBuddyCount( const char* group, int bOnline );
+
+	/** 
+	 * Add a new group 
+	 * 
+	 * @param     group       name of the new group 
+	 * @param     nAttributes number of attributes 
+	 * @param     attributes  attributes the group will support 
+	 * @return                0 on success, a negative error code on failure 
+	 */ 
+	int AddGroup( const char* group, int nAttributes, char** attributes	); 
+
+	/** 
+	 * Adds a user to be tracked. 
+	 * 
+	 * @param     group       name of the group to add the user in 
+	 * @param     name        screen name of the user to track 
+	 * @param     nAttributes number of attributes 
+	 * @param     attributes  the attributes of the users to be stored 
+	 * @return                on success, 0 or an error code 
+	 */
+	int AddUser( const char* group, 
+				 const char* name, 
+				 int nAttributes, 
+				 PSAttribute** attributes );
+
+	/** 
+	 * Adds a number of users to track. 
+	 * 
+	 * @param     group       name of the group to which the users belong 
+	 * @param     nUsers      number of users 
+	 * @param     users       names and attributes of users to track 
+	 * @return                number of users added on success, 
+							  or a negative error code on failure 
+	 */ 
+	int AddUsers( const char* group, 
+				  int nUsers, 
+				  PSUser** users );
+
+	/** 
+	 * Removes a user to be tracked. 
+	 * 
+	 * @param     group       name of the group to which the user belongs 
+	 * @param     name        screen name of the user to be removed 
+	 * @return                0 on success, or a negative error code on failure 
+	 */ 
+	int RemoveUser(	const char* group, const char* name	);
+
+	/** 
+	 * Removes a number of users to be tracked. 
+	 * 
+	 * @param     group       name of the group to which the users belong 
+	 * @param     nUsers      number of users 
+	 * @param     names       screen name of the users to be removed 
+	 * @return                number of users removed on success, 
+	 *						or a negative error code on failure 
+	 */ 
+	int RemoveUsers( const char* group, int nUsers, char** names );
+
+	/** 
+	 * Removes a group. 
+	 * 
+	 * @param     group       name of the group to be removed 
+	 * @return                number of users removed on success, 
+	 *						or a negative error code on failure 
+	 * 
+	 * Error Code(s):
+	 * PS_UNKNOWN_GROUP 
+	 */ 
+	int RemoveGroup(const char* group); 
+
+	/** 
+	 * Gets the list of groups. 
+	 * 
+	 * @param     groups      upon return, array containing group names 
+	 * @return                number of groups or 0 if no group present 
+	 * 
+	 * Error Code(s):
+	 * PS_NO_GROUPS
+	 */ 
+	int GetAllGroups(char*** groups);
+
+	/** 
+	 * Gets the users in a group(s). 
+	 * 
+	 * @param     group       name of the group to query 
+	 * @param     users       upon return, array of User objects 
+	 * @return                number of users returned, 
+	 *						 or a negative error code on failure 
+	 */ 
+	int GetAllUsers( const char* group, PSUser*** users	); 
+
+	/** 
+	 * Gets the attributes supported by a group(s)
+	 * 
+	 * @param     group			name of the group
+	 * @param	  attributes	upon return, array of attributes
+	 * @return					number of users removed on success, 
+	 *							or a negative error code on failure 
+	 */ 
+	int GetSearchableAttributes( const char* group, char*** attributes );
+
+	// PSBuddyListener interface
+	/**
+	 * Callback to notify buddy changes
+	 *
+	 * @param	service	the reporting buddy service
+	 * @param	buddy	buddy object containing online status attributes
+	 * @return			0 on success
+	 */
+	int OnBuddyChanged(PSBuddyService* service, PSBuddy* buddy);
+
+	/**
+	 * Callback to refresh the list of screen names to the buddy queue 
+	 *
+	 * @param	the reporting buddy service
+	 * @return 0 on success
+	 */
+	int OnRefreshList(PSBuddyService* service);
+
+	/** 
+	 * Removes a user from a group based on its entry Id
+	 * 
+	 * @param	group		name of the group
+	 * @param	entryId		user's entry id
+	 * @return	0
+	 */ 
+	int RemoveUserByEntryId(const char* group, char* entryId);
+
+protected:
+
+	/** 
+	 * Gets the max number of search results to return
+	 * 
+	 * @return The max number of search results to return
+	 */ 
+	int GetMaxSearchResults();
+
+private:
+
+	/**
+	 * Parses the LDAP like filter and create a map object containing
+	 * filter in the form of name-value pair
+	 *
+	 * @param	filter	LDAP like filter
+	 * @param	map		array containing break up of filter into name-value pair
+	 * @return 0 on success
+	 */
+	int ParseFilter(const char* filter, PSAttribute*** map);
+
+	/**
+	 * Checks whether a given string is NULL or ""
+	 *
+	 * @param	value	a string to be tested for NULL or ""
+	 * @return  true if NULL, false otherwise
+	 */
+	bool IsNull(const char* value);
+
+	/**
+	 * Prints buddy information
+	 *
+	 * @param	buddy	a buddy object containing online status attributes
+	 * @return 0 on success
+	 */
+	int DumpBuddy(PSBuddy* buddy);
+
+	/**
+	 * Sorts a list of users based on a "entryId"
+	 *
+	 * @param	users	array of users to be sorted
+	 * @param	nUsers	number of users in the array
+	 * @return 0 on success
+	 */
+	int SortUsersByEntryId(PSUser** users, int nUsers);
+
+private:    
+	PSBuddyCache*	m_buddies;
+	PSGroupCache*	m_groups;
+	PSBuddyService*	m_service;
+
+	/* flag indicating if buddy list is loaded from the disk */
+	bool m_loadedList;	
+};
+
+#endif // __PS_BUDDY_LIST_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSBuddyListener.h b/pki/base/tps/src/include/httpClient/httpc/PSBuddyListener.h
new file mode 100644
index 000000000..87e701373
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSBuddyListener.h
@@ -0,0 +1,78 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_BUDDY_LISTENER_H__
+#define __PS_BUDDY_LISTENER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSBuddyListener.h	1.000 05/15/2002
+ * 
+ * A listener interface for getting notifications from a buddy service. 
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/15/2002
+ */
+class PSBuddyListener :
+	public PSListener
+{
+public:
+
+/**
+ * Notifies the listener of the buddy status changes
+ *
+ * @param	the reporting buddy service
+ * @param	buddy object containing online status attributes
+ * @return 0 on success
+ */
+virtual int OnBuddyChanged(PSBuddyService*, PSBuddy*) = 0;
+
+/**
+ * Notifies the listener of the service to refresh the list 
+ * of screen names to the buddy queue 
+ *
+ * @param	the reporting buddy service
+ * @return 0 on success
+ */
+virtual int OnRefreshList(PSBuddyService*) = 0; 
+
+};
+
+#endif // __PS_BUDDY_LISTENER_H__
+
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSBuddyService.h b/pki/base/tps/src/include/httpClient/httpc/PSBuddyService.h
new file mode 100644
index 000000000..2556420e9
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSBuddyService.h
@@ -0,0 +1,121 @@
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_BUDDY_SERVICE_H__
+#define __PS_BUDDY_SERVICE_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSBuddyService.h	1.000 05/16/2002
+ * 
+ * A pure virtual class defining Buddy Service interface 
+ * to be implemented by the various IM presence service providers. 
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/16/2002
+ */
+class EXPORT_DECL PSBuddyService {
+public:
+
+/**
+ * Registers a listener with this class. The listener 
+ * is notified of any changes to the buddies being tracked.
+ *
+ * @param	a buddy service listener
+ * @return 0 on success
+ */
+virtual int RegisterListener(PSListener*) = 0;
+
+/**
+ * An entry point to start the service. This function is responsible
+ * for authentication with the backend service.
+ *
+ * @param	config parameters for the service to start
+ * @return 0 on success
+ */
+virtual int SignOn(PSConfig*) = 0;
+
+/**
+ * Shutdown of the service.
+ *
+ * @return 0 on success
+ */
+virtual int SignOff() = 0;
+
+/**
+ * Sets a user name for online status tracking.
+ *
+ * @param	user name to be tracked
+ * @return 0 on success
+ */
+virtual int WatchBuddy(const char*) = 0;	
+
+/**
+ * Sets a number of users for online status tracking
+ *
+ * @param	number of users to be tracked
+ * @param	array of user names
+ * @return 0 on success
+ */
+virtual int WatchBuddies(int, char**) = 0;
+
+/**
+ * Unsets a user name from online status tracking.
+ *
+ * @param	user name to be tracked
+ * @return 0 on success
+ */
+virtual int UnwatchBuddy(const char*) = 0;
+
+/**
+ * Unsets a number of users from online status tracking
+ *
+ * @param	number of users to be tracked
+ * @param	array of user names
+ * @return 0 on success
+ */
+virtual int UnwatchBuddies(int, char**) = 0;
+
+/**
+ * Gets the service config entry
+ *
+ * @return config object
+ */
+virtual PSConfig* GetServiceConfig() = 0;
+
+};
+
+#endif // __PS_BUDDY_SERVICE_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSCertExtension.h b/pki/base/tps/src/include/httpClient/httpc/PSCertExtension.h
new file mode 100644
index 000000000..f528a54b4
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSCertExtension.h
@@ -0,0 +1,153 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _PS_CERT_EXTENSION_H
+#define _PS_CERT_EXTENSION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * Presence Server cert extension. This extension contains customer 
+ * specific information as per the contract apart from host and port 
+ * used by BIG service provider to send user updates.
+ */
+
+class EXPORT_DECL PSCertExtension {
+public:
+	/**
+	 * Constructor - 
+	 */
+	PSCertExtension();
+
+	/**
+	 * Destructor
+	 */
+	~PSCertExtension();
+
+public:
+	/**
+	 * Loads the extension data from the specified cert. This function 
+	 * will also verify the validity these fields :
+	 *		HOST_NAME		-	should not be NULL or ""
+	 *		PORT_NUMBER		-	> 0 and <= 65535
+	 *		MAX_USERS		-	>= 0
+	 *
+	 * @param	nickname	cert nickname which contains the extension
+	 * return	0 on success, 
+	 *			-1 if nickname is missing from the argument
+	 *			-2 if unable to find the cert
+	 *			-3 if the presence extension is mising
+	 *			-4 if the required values (hostname, port, maxusers) are invalid
+	 *			-5 if the cert is expired
+	 */
+	int Load(const char* nickname);
+
+	/**
+	 * Gets the service version number from the cert ext
+	 *
+	 * return	version number as specified in the cert
+	 */
+	int GetVersion();
+
+	/**
+	 * Gets the street address from the cert
+	 *
+	 * return	street address as specified in the cert ext
+	 */
+	const char* GetStreetAddress();
+
+	/**
+	 * Gets the telephone number from the cert
+	 *
+	 * return	telephone number as specified in the cert ext
+	 */
+	const char* GetTelephoneNumber();
+
+	/**
+	 * Gets the RFC822 name from the cert
+	 *
+	 * return	RFC822 name as specified in the cert ext
+	 */
+	const char* GetRFC822Name();
+
+	/**
+	 * Gets the IM id from the cert
+	 *
+	 * return	IM id as specified in the cert ext
+	 */
+	const char* GetID();
+
+	/**
+	 * Gets the hostname from the cert ext
+	 *
+	 * return	hostname as specified in the cert ext
+	 */
+	const char* GetHostName();
+
+	/**
+	 * Gets the port number from the cert ext
+	 *
+	 * return	port number as specified in the cert ext
+	 */
+	int GetPortNumber();
+
+	/**
+	 * Gets the max users allowed from the cert ext
+	 *
+	 * return	max users as specified in the cert ext
+	 */
+	int GetMaxUsers();
+
+	/**
+	 * Gets the service level from the cert ext
+	 *
+	 * return	service level as specified in the cert ext
+	 */
+	int GetServiceLevel();
+
+private:
+	int	m_version;
+	char* m_streetAddress;
+	char* m_telephoneNumber;
+	char* m_rfc822Name;
+	char* m_id;
+	char* m_hostName;
+	int	m_portNumber;
+	int	m_maxUsers;
+	int	m_serviceLevel;
+};
+
+#endif // _PS_CERT_EXTENSION_H
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSCommonLib.h b/pki/base/tps/src/include/httpClient/httpc/PSCommonLib.h
new file mode 100644
index 000000000..09903b38f
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSCommonLib.h
@@ -0,0 +1,52 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _PS_COMMON_LIB_H_
+#define _PS_COMMON_LIB_H_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#undef EXPORT_DECL
+#ifdef _MSC_VER
+#ifdef COMMON_LIB_DLL
+#define EXPORT_DECL __declspec( dllexport )
+#else
+#define EXPORT_DECL __declspec (dllimport )
+#endif // COMMON_LIB_DLL
+#else
+#define EXPORT_DECL
+#endif // _MSC_VER
+
+#endif // _PS_COMMON_LIB_H_
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSConfig.h b/pki/base/tps/src/include/httpClient/httpc/PSConfig.h
new file mode 100644
index 000000000..897def3c9
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSConfig.h
@@ -0,0 +1,67 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_CONFIG_H__
+#define __PS_CONFIG_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSConfig.h	1.000 04/30/2002
+ * 
+ * This class provides structure to store and fetch string type data.
+ * Typical usage of this class would be storing server config data.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class EXPORT_DECL PSConfig {
+public:
+	PSConfig();
+	PSConfig( const char *name );
+	virtual ~PSConfig();
+
+public:
+	void SetAttribute( const char* key, char* value );
+	char* GetAttribute( const char* key );
+	void SetName( const char *name );
+	const char *GetName();
+
+private:
+	PLHashTable* m_entryData;
+	const char *m_name;
+};
+
+#endif // __PS_CONFIG_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSConfigManager.h b/pki/base/tps/src/include/httpClient/httpc/PSConfigManager.h
new file mode 100644
index 000000000..d2f5d3335
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSConfigManager.h
@@ -0,0 +1,66 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_CONFIG_MANAGER_H__
+#define __PS_CONFIG_MANAGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSConfigManager.h	1.000 04/30/2002
+ * 
+ * This class is a singleton that provides access to configuration parameters
+ * for the Presence Server.
+ *
+ * @author  rweltman@netscape.com
+ * @version 1.0
+ */
+class EXPORT_DECL PSConfigManager {
+private:
+	PSConfigManager();
+	virtual ~PSConfigManager();
+
+public:
+	static PSConfigManager *GetConfigManager();
+
+public:
+	void SetConfigEntry( PSConfig *entry );
+	PSConfig *GetConfigEntry( const char *name );
+
+private:
+	PLHashTable* m_configEntries;
+};
+
+#endif // __PS_CONFIG_MANAGER_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSConfigReader.h b/pki/base/tps/src/include/httpClient/httpc/PSConfigReader.h
new file mode 100644
index 000000000..a507a26dc
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSConfigReader.h
@@ -0,0 +1,71 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_CONFIG_READER_H__
+#define __PS_CONFIG_READER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSConfigReader.h	1.000 04/30/2002
+ * 
+ * This class provides access to the server configuration entries. The 
+ * implementation of the config store is hidden from the user. 
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class EXPORT_DECL PSConfigReader
+{
+private:
+	PSConfigReader();
+	virtual ~PSConfigReader();
+
+public:
+	static PSConfigReader* GetConfigReader();
+
+public:
+	int GetSubEntries(const char* root, char*** entries);
+	int GetEntryConfig(const char* entry, PSConfig** params);
+
+private:
+	int Init();
+
+private:
+	LDAP* m_LD;
+	char* m_bindPassword;
+};
+
+#endif // __PS_CONFIG_READER_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSCrypt.h b/pki/base/tps/src/include/httpClient/httpc/PSCrypt.h
new file mode 100644
index 000000000..bfd05788d
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSCrypt.h
@@ -0,0 +1,79 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PSCRYPT_H__
+#define __PSCRYPT_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ *  Encrypt/Decrypt
+ */
+
+class EXPORT_DECL PSCrypt {
+private:
+    /**
+     * Constructor 
+     */
+    PSCrypt( );
+    /**
+     * Destructor 
+     */
+    virtual ~PSCrypt();
+
+public:
+    /**
+     * Retuns the decrypted string
+     * Assumption: The input string is base64 encoded
+     * Assumption: Caller has to free the returned string using free
+     * @param base64 encoded string to be decrypted
+     * @param decrypted upon return, string in ascii
+	 * @return 0 on success, -1 on failure
+     */
+    static int Decrypt (const char* encrypted, char** decrypted);
+
+    /**
+     * Retuns the encrypted string in base64
+     *
+	 * Assumption: Caller has to free the returned string using free
+     * @param  text to encrypt
+     * @param  encrypted upon return, text in base64
+	 * @return 0 on success, -1 on failure
+     */
+    static int Encrypt(const char* text, char** encrypted);
+};
+
+#endif /* __PSCRYPT_H__ */
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSDataSourceListener.h b/pki/base/tps/src/include/httpClient/httpc/PSDataSourceListener.h
new file mode 100644
index 000000000..36842904d
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSDataSourceListener.h
@@ -0,0 +1,106 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_DATA_SOURCE_LISTENER_H__
+#define __PS_DATA_SOURCE_LISTENER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/PSUser.h"
+
+/**
+ * PSDataSourceListener.h	1.000 04/30/2002
+ * 
+ * A listener class for data source type plugins. The plugins 
+ * notify the data source service manager through the functions 
+ * provided by this interface.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class EXPORT_DECL PSDataSourceListener :
+	public PSListener
+{
+public:
+
+/**
+ * Notifies the listener of any errors encountered by
+ * the data sources
+ *
+ * @param	sourceId	reporting source ID
+ * @param	errCode		error code
+ * @param	errString	error message
+ * @return 0 on success
+ */
+virtual int OnSourceError( const char* sourceId, 
+						   int errCode, 
+						   const char* errString) = 0;
+
+/**
+ * Notifies the listener of any new group
+ *
+ * @param	group	name of the group
+ * @param	nAttrs	number of attributes
+ * @param	attrs	array of attributes supported by the group
+ * @return 0 on success
+ */
+virtual int OnNewGroup( const char* group, int nAttrs, char** attrs ) = 0;
+
+/**
+ * Notifies the listener of any new users
+ *
+ * @param	group	name of the group
+ * @param	nUsers	number of users
+ * @param	users	array containing user objects
+ * @return 0 on success
+ */
+virtual int OnNewUsers( const char* group, int nUsers, PSUser** users ) = 0;
+
+/**
+ * Notifies the listener of any changes to the user being
+ * watched
+ *
+ * @param	op		operation to be performed ( add/replace/remove)
+ * @param	group	name of the group
+ * @param	user	the user object containing modified attributes
+ * @return 0 on success
+ */
+virtual int OnUserChanged(int op, const char* group, PSUser* user) = 0;
+
+};
+
+#endif	// __PS_DATA_SOURCE_LISTENER_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSDataSourceManager.h b/pki/base/tps/src/include/httpClient/httpc/PSDataSourceManager.h
new file mode 100644
index 000000000..1b0662b69
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSDataSourceManager.h
@@ -0,0 +1,152 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_DATA_SOURCE_MANAGER_H__
+#define __PS_DATA_SOURCE_MANAGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSDataSourceManager.h	1.000 05/21/2002
+ * 
+ * This class manages presence server data sources plugins. 
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/21/2002
+ */
+class PSDataSourceManager :
+	public PSDataSourceListener
+{
+private:
+
+	/**
+	 * Constructor - creates a data source manager object
+	 */
+	PSDataSourceManager();
+
+	/**
+	 * Destructor
+	 */
+	virtual ~PSDataSourceManager();
+
+public:
+
+	/**
+	 * Gets an instance of this class.
+	 */
+	static PSDataSourceManager* GetDataSourceManager();
+
+public:
+
+	/**
+	 * Registers a listener with this class. Only one listener is 
+	 * allowed to be registered. If an attempt is made to register
+	 * more than one listener, then an error condition is raised.
+	 *
+	 * @param	listener	a server listener
+	 * @return	0 on success, negative error upon failure
+	 */
+	int RegisterListener(PSServerListener* listener);
+
+	/**
+	 * Loads all data source type plugins.
+	 *
+	 * @return	0 for success, negative error code otherwise
+	 */
+	int LoadDataSources();
+
+	/**
+	 * Unloads all data source type plugins.
+	 *
+	 * @return	0 for success, negative error code otherwise
+	 */
+	int UnloadDataSources();
+
+// PSDataSourceListener interface
+public:
+
+	/**
+	 * Callback function to notify the manager upon data source error.
+	 *
+	 * @param	sourceid	id of the source calling 
+	 * @param	errorcode	error code
+	 * @param	errorstring	error string
+	 * @return				0 on success
+	 * 
+	 */
+	int OnSourceError(const char* sourceid, int errorcode, const char* errorstring);
+
+	/**
+	 * Callback function to notify the manager upon new group.
+	 *
+	 * @param     group		name of the new group 
+	 * @param     nAttrs	number of attributes 
+	 * @param     attrs		attributes the group will support 
+	 * @return              0 on success
+	 * 
+	 */
+	int OnNewGroup(const char* group, int nAttrs, char** attrs);
+
+	/**
+	 * Callback function to notify the manager of new users
+	 *
+	 * @param	group	name of the group
+	 * @param	nUsers	number of users
+	 * @param	users	array containing user objects
+	 * @return 0 on success, a negative error code on failure 
+	 */
+	int OnNewUsers(const char* group, int nUsers, PSUser** users); 
+
+	/**
+	 * Callback function to notify the manager of changes to a user.
+	 * The valid operations are :
+	 *		PS_OPERATION_ADD
+	 *		PS_OPERATION_REPLACE
+	 *		PS_OPERATION_DELETE
+	 *
+	 * @param	op		operation to be performed
+	 * @param	group	name of the group
+	 * @param	user	the user object containing modified attributes
+	 * @return 0 on success, a negative error code on failure 
+	 */
+	int OnUserChanged(int op, const char* group, PSUser* user);
+
+private:
+	char* m_dataSourceDN;
+	PSServerListener* m_serverListener;
+	bool m_dataSourcesLoaded;
+};
+
+#endif // __PS_DATA_SOURCE_MANAGER_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSGroup.h b/pki/base/tps/src/include/httpClient/httpc/PSGroup.h
new file mode 100644
index 000000000..8427c39c3
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSGroup.h
@@ -0,0 +1,97 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_GROUP_H__
+#define __PS_GROUP_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+class PSUser;
+
+/**
+ * PSGroup.h	1.000 04/30/2002
+ * 
+ * This class stores information about the users belonging to a group. 
+ * All the users must belong to at least one group in the server.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class PSGroup
+{
+public:
+	PSGroup(const char* name, int nAttributes, char** attributes);
+	virtual ~PSGroup();
+
+public:
+	char* GetName();
+	int GetAttributeCount();
+	char** GetAttributes();
+	int GetAttributes(int offset, char** & attributes);
+
+	int AddUser(PSUser* user);
+	int RemoveUser(const char* name);
+	PSUser* GetUser(const char* name);
+	bool UserExists(const char* name);
+
+	int GetUserCount();
+	int GetAllUsers(int offset, PSUser** & users, int maxcount);
+	int GetAllUsers(int offset, char** & names, int maxcount);
+
+	int UpdateStatus(const char* name, bool changeToOnline);
+	int GetOnlineUsers(char*** names);
+	int GetOfflineUsers(char*** names);
+	int GetOnlineCount();
+	int GetOfflineCount();
+
+	void ReadLock();
+	void Unlock();
+
+private:
+	char* m_name;
+	int m_count;
+	char** m_attributes;
+
+	PRRWLock* m_psOnlineLock;
+	PRRWLock* m_psOfflineLock;
+	StringList* m_psOnlineUsers;
+	StringList* m_psOfflineUsers;
+
+	StringKeyCache* m_users;
+};
+
+#endif // __PS_GROUP_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSGroupCache.h b/pki/base/tps/src/include/httpClient/httpc/PSGroupCache.h
new file mode 100644
index 000000000..6807e50e4
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSGroupCache.h
@@ -0,0 +1,74 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_GROUP_CACHE_H__
+#define __PS_GROUP_CACHE_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSGroupCache.h	1.000 04/30/2002
+ * 
+ * This class provides caching of various groups maintained in the 
+ * server.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class PSGroupCache
+{
+public:
+	PSGroupCache();
+	virtual ~PSGroupCache();
+
+	int AddGroup(const char* name, PSGroup* group);
+	int RemoveGroup(const char* name);
+	PSGroup* GetGroup(const char* name);
+	bool GroupExists(const char* name);
+	int GetAllGroups(char*** names);
+
+	int GetAttributeCount(int nGroups, char** groups);
+	int GetUserCount(int nGroups, char** groups);
+	int GetOnlineCount(int nGroups, char** groups);
+	int GetOfflineCount(int nGroups, char** groups);
+	
+	void ReadLock();
+	void Unlock();
+
+private:
+	StringKeyCache* m_groups;	
+};
+
+#endif // __PS_GROUP_CACHE_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSHelper.h b/pki/base/tps/src/include/httpClient/httpc/PSHelper.h
new file mode 100644
index 000000000..7b9240b1b
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSHelper.h
@@ -0,0 +1,70 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_HELPER_H__
+#define __PS_HELPER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSHelper.h	1.000 04/30/2002
+ * 
+ * A utility class used for logging, utility functions
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+// ??? SSR temporary logging solution
+class EXPORT_DECL PSLogger
+{
+public:
+	PSLogger(int level);
+	virtual ~PSLogger();
+
+public:
+	void Log(int level, char* fmt, ...);
+private:
+	int m_Level;
+};
+
+extern "C" {
+    EXPORT_DECL PSLogger* getServerLogger();
+    EXPORT_DECL void toLower(char* str);
+	EXPORT_DECL void normalize(char* str);
+}
+
+#endif // __PS_HELPER_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSListener.h b/pki/base/tps/src/include/httpClient/httpc/PSListener.h
new file mode 100644
index 000000000..1d85a9912
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSListener.h
@@ -0,0 +1,55 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_LISTENER_H__
+#define __PS_LISTENER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSListener.h	1.000 05/22/2002
+ * 
+ * A Generic base class for all listeners.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/22/2002
+ */
+class EXPORT_DECL PSListener
+{
+};
+
+#endif	// __PS_LISTENER_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSPRUtil.h b/pki/base/tps/src/include/httpClient/httpc/PSPRUtil.h
new file mode 100644
index 000000000..f3b104cc0
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSPRUtil.h
@@ -0,0 +1,92 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _PS_PRUTIL_H
+#define _PS_PRUTIL_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * NSPR related Utility functions
+ */
+
+// define a stuct to store the mesasge
+struct tuple_str {
+    PRErrorCode  errNum;
+    const char * errString;
+};
+
+typedef struct tuple_str tuple_str;
+
+#define ER2(a,b)   {a, b},
+#define ER3(a,b,c) {a, c},
+
+
+class EXPORT_DECL PSPRUtil {
+
+private:
+	/**
+	 * Constructor - can't be instantiated
+	 */
+	PSPRUtil() {}
+
+	/**
+	 * Destructor
+	 */
+	~PSPRUtil() {}
+
+public:
+	/**
+ 	 * Returns a string corresponding to an NSPR or NSS error code
+ 	 *
+ 	 * @param errNum Error number from PR_GetError()
+ 	 * @retuns An immutable string, the empty string if the code is not known
+	 */
+	 static const char * GetErrorString (PRErrorCode errCode);
+
+	
+	/**
+ 	 * Returns an error string for the latest NSPR or NSS error
+	 *
+	 * @return An error string, or the empty string if there is no current
+	 * NSPR or NSS error
+	 */
+	static const char * GetErrorString();
+
+
+};
+
+#endif // _PS_PRUTIL_H
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSPlugin.h b/pki/base/tps/src/include/httpClient/httpc/PSPlugin.h
new file mode 100644
index 000000000..f6655591e
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSPlugin.h
@@ -0,0 +1,81 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_PLUGIN_H__
+#define __PS_PLUGIN_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSPlugin.h	1.000 04/30/2002
+ * 
+ * Pure virtual class defining the functions to be implemented by 
+ * different types of plugins in the server. The listener object passed
+ * the Init function is used to notify the server.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class EXPORT_DECL PSPlugin {
+public:
+
+/**
+ * Initialize the plugin.
+ *
+ * @param	a listener for this plugin
+ * @return 0 on success
+ */
+virtual int Init(PSListener*) = 0;
+
+/**
+ * Start the plugin.
+ *
+ * @param	config params for the plugin
+ * @return 0 on success
+ */
+virtual int Start(PSConfig*) = 0;
+
+/**
+ * Stops the plugin.
+ *
+ * @return 0 on success
+ */
+virtual int Stop() = 0;
+
+};
+
+#endif	// __PSPLUGIN_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSPluginManager.h b/pki/base/tps/src/include/httpClient/httpc/PSPluginManager.h
new file mode 100644
index 000000000..7ea12829a
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSPluginManager.h
@@ -0,0 +1,102 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_PLUGIN_MANAGER_H__
+#define __PS_PLUGIN_MANAGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSPluginManager.h	1.000 05/21/2002
+ * 
+ * This class manages loading and unloading of all server plugin modules. 
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/21/2002
+ */
+class PSPluginManager
+{
+private:
+
+/**
+ * Constructor - creates an instance of Plugin manager object
+ */
+PSPluginManager();
+
+/**
+ * Destructor
+ */
+virtual ~PSPluginManager();
+
+public:
+
+/**
+ * Gets an instance of the class
+ */
+static PSPluginManager* GetPluginManager();
+
+public:
+
+/**
+ * Loads a group of plugins based on the type (dn) specified. If the loading 
+ * is successful the specified listener is registered with the plugin and 
+ * the plugin is started.
+ *
+ * @param dn		root DN of the plugins
+ * @param listener	listener associated with the specified type of plugins
+ * @return 0 on success, negative error code otherwise
+ */
+int LoadPlugin(const char* dn, PSListener* listener);
+
+/**
+ * Unloads a group of plugins based on the type ( dn ) specified. 
+ * This function just issues a Stop on all the loaded plugins. 
+ * It doesn't attempt to release any allocated data structures.
+ *
+ * @param dn	root DN of the plugins
+ * @return		0 for success or error code for failure
+ */
+int UnloadPlugin(const char* dn);
+
+private:
+	StringKeyCache* m_serverPlugins;
+};
+
+#endif // __PS_PLUGIN_MANAGER_H__
+
+
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSServer.h b/pki/base/tps/src/include/httpClient/httpc/PSServer.h
new file mode 100644
index 000000000..86d2ca326
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSServer.h
@@ -0,0 +1,95 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_SERVER_H__
+#define __PS_SERVER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+#include <time.h>
+#include <ctype.h>
+
+#include "nspr.h"
+#include "plhash.h"
+#include "plstr.h"
+
+#include "ldap.h"
+
+#define PRESENCESERVER_DLL
+#include "httpClient/httpc/PSServerLib.h"
+#include "httpClient/httpc/PresenceServer.h"
+
+#include "httpClient/httpc/Defines.h"
+#include "httpClient/httpc/PSError.h"
+#include "httpClient/httpc/PSHelper.h"
+#include "httpClient/httpc/PSConfig.h"
+#include "httpClient/httpc/PSConfigReader.h"
+#include "httpClient/httpc/PSConfigManager.h"
+#include "httpClient/httpc/Cache.h"
+#include "httpClient/httpc/StringList.h"
+#include "httpClient/httpc/StringUtil.h"
+#include "httpClient/httpc/ScheduledTask.h"
+#include "httpClient/httpc/PSCrypt.h"
+
+#include "httpClient/httpc/PSListener.h"
+#include "httpClient/httpc/PSBuddy.h"
+#include "httpClient/httpc/PSBuddyService.h"
+#include "httpClient/httpc/PSBuddyListener.h"
+#include "httpClient/httpc/PSServerListener.h"
+#include "httpClient/httpc/PSServiceListener.h"
+#include "httpClient/httpc/PSPluginManager.h"
+#include "httpClient/httpc/PSServiceManager.h"
+#include "httpClient/httpc/PSPlugin.h"
+#include "httpClient/httpc/PSUser.h"
+#include "httpClient/httpc/PSDataSourceListener.h"
+#include "httpClient/httpc/PSDataSourceManager.h"
+#include "httpClient/httpc/PSGroup.h"
+#include "httpClient/httpc/PSGroupCache.h"
+#include "httpClient/httpc/PSBuddyCache.h"
+#include "httpClient/httpc/PSBuddyList.h"
+#include "httpClient/httpc/PresenceManager.h"
+#include "httpClient/httpc/PSServerManager.h"
+
+#include "httpClient/httpc/ErrorLogger.h"
+#include "httpClient/httpc/DebugLogger.h"
+#include "httpClient/httpc/ScheduledTask.h"
+#include "httpClient/httpc/LogRotationTask.h"
+#include "httpClient/httpc/TaskList.h"
+#include "httpClient/httpc/Scheduler.h"
+
+#endif // __PS_SERVER_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSServerLib.h b/pki/base/tps/src/include/httpClient/httpc/PSServerLib.h
new file mode 100644
index 000000000..079134230
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSServerLib.h
@@ -0,0 +1,62 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_SERVER_LIB_H__
+#define __PS_SERVER_LIB_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSServerLib.h	1.000 05/27/2002
+ * 
+ * @author  Surendra Rajam
+ * @version 1.000, 05/27/2002
+ */
+
+#ifdef _MSC_VER
+	#ifdef PRESENCESERVER_DLL
+		#define EXPORT_DECL __declspec( dllexport )
+	#else
+		#define EXPORT_DECL __declspec (dllimport )
+	#endif // PRESENCESERVER_DLL
+#else
+	#define EXPORT_DECL
+#endif // _MSC_VER
+
+#endif // __PS_SERVER_LIB_H__
+
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSServerListener.h b/pki/base/tps/src/include/httpClient/httpc/PSServerListener.h
new file mode 100644
index 000000000..152fbf58f
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSServerListener.h
@@ -0,0 +1,85 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_SERVER_LISTENER_H__
+#define __PS_SERVER_LISTENER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSServerListener.h	1.000 04/30/2002
+ * 
+ * A listener class to report back into the server.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class EXPORT_DECL PSServerListener :
+	public PSListener
+{
+public:
+
+/**
+ * Callback to report startup of a service.
+ *
+ * @param	reporting module ID
+ * @return 0 on success
+ */
+virtual int OnStartup(const char*) = 0;
+
+/**
+ * Callback to report shutdown of a service.
+ *
+ * @param	reporting module ID
+ * @return 0 on success
+ */
+virtual int OnShutdown(const char*) = 0;
+
+/**
+ * Callback to report any errors encountered during service execution.
+ *
+ * @param	reporting module ID
+ * @param	error code
+ * @param	error message
+ * @return 0 on success
+ */
+virtual int OnCriticalError(const char*, int, const char*) = 0;
+
+};
+
+#endif	// __PS_SERVER_LISTENER_H__
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSServerManager.h b/pki/base/tps/src/include/httpClient/httpc/PSServerManager.h
new file mode 100644
index 000000000..6597ad605
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSServerManager.h
@@ -0,0 +1,145 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_SERVER_MANAGER_H__
+#define __PS_SERVER_MANAGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSServerManager.h	1.000 05/21/2002
+ * 
+ * This class manages the server execution. It is responsible for loading
+ * of configurations, starting of services and proper shutdown of services. 
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/21/2002
+ */
+class PSServerManager :
+	public PSServerListener
+{
+private:
+
+/**
+ * Constructor - creates an instance of server manager object
+ */
+PSServerManager();
+
+/**
+ * Destructor
+ */
+virtual ~PSServerManager();
+
+public:
+
+/**
+ * Gets an instance of this class.
+ */
+static PSServerManager* GetServerManager();
+
+public:
+
+/**
+ * Loads general configuration into the ConfigManager
+ *
+ * @return 0 on success, negative error code otherwise
+ */
+int InitServices();
+
+/**
+ * Starts services after server startup. The presence services are 
+ * started before anything else and if it fails then no attempt is 
+ * made to start other services. 
+ * 
+ * @return		0 on success, negative error code otherwise
+ */
+int StartServices();
+
+/**
+ * Stops services before server shutdown.
+ * 
+ * @return		0 on success, negative error code otherwise
+ */
+int StopServices();
+
+private:
+
+/**
+ * Loads one configuration entry
+ *
+ * @param configdn		The DN of the LDAP entry containing the config
+ * @param configName	The name of the config entry
+ * @param descr			A description of the config entry
+ * @return				0 on success
+ */
+int LoadOneConfig(const char* configdn, const char* configName, const char* descr);
+
+// PSServerListener interface
+public:
+
+/**
+ * Callback to notify server upon a service startup
+ *
+ * @param moduleid	the notifying service id
+ * @return			0 on success
+ */
+int OnStartup(const char* moduleid);
+
+/**
+ * Callback to notify server upon a service shutdown
+ *
+ * @param moduleid	the notifying service id
+ * @return			0 on success
+ */
+int OnShutdown(const char* moduleid);
+
+/**
+ * Callback to notify server upon a critical errors. The server immediately
+ * shuts down upon receipt of any such notification.
+ *
+ * @param moduleid		the notifying service id
+ * @param errorcode		negative error code
+ * @param errorstring	negative error code
+ * @return				0 on success
+ */
+int OnCriticalError(const char* moduleid, int errorcode, const char* errorstring);
+
+private:
+	bool m_loadServiceDone;
+};
+
+#endif // __PS_SERVER_MANAGER_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSServiceListener.h b/pki/base/tps/src/include/httpClient/httpc/PSServiceListener.h
new file mode 100644
index 000000000..358f0c295
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSServiceListener.h
@@ -0,0 +1,87 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_SERVICE_LISTENER_H__
+#define __PS_SERVICE_LISTENER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSServiceListener.h	1.000 05/16/2002
+ * 
+ * A listener interface for all the IM services to report back into 
+ * service manager.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/16/2002
+ */
+class EXPORT_DECL PSServiceListener :
+	public PSListener
+{
+public:
+
+/**
+ * Callback to report start of a buddy service.
+ *
+ * @param	reporting module
+ * @return 0 on success
+ */
+virtual int OnServiceStart(PSBuddyService*) = 0;
+
+/**
+ * Callback to report buddy service errors.
+ *
+ * @param	reporting module
+ * @param	error code
+ * @param	error message
+ * @return 0 on success
+ */
+virtual int OnServiceError(PSBuddyService*, int, const char*) = 0;
+
+
+/**
+ * Callback to report shutdown of a buddy service.
+ *
+ * @param	reporting module
+ * @return 0 on success
+ */
+virtual int OnServiceStop(PSBuddyService*) = 0;
+
+};
+
+#endif // __PS_SERVICE_LISTENER_H__
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSServiceManager.h b/pki/base/tps/src/include/httpClient/httpc/PSServiceManager.h
new file mode 100644
index 000000000..1fd755c14
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSServiceManager.h
@@ -0,0 +1,145 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_SERVICE_MANAGER_H__
+#define __PS_SERVICE_MANAGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSServiceManager.h	1.000 05/16/2002
+ * 
+ * A Singleton class to manage presence services. Currently we support 
+ * only one service to be loaded.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/16/2002
+ */
+class PSServiceManager :
+	public PSServiceListener
+{
+private:
+
+/**
+ * Constructor - creates a service manager object
+ */
+PSServiceManager();
+
+/**
+ * Destructor
+ */
+virtual ~PSServiceManager();
+
+public:
+
+/**
+ * Gets an instance of this class.
+ */
+static PSServiceManager* GetServiceManager();
+
+public:
+
+/**
+ * Registers a listener with this class. Only one listener is 
+ * allowed to be registered. If an attempt is made to register
+ * more than one listener, then an error condition is raised.
+ *
+ * @param	listener	a server listener
+ * @return	0 on success, negative error upon failure
+ */
+int RegisterListener(PSServerListener* listener);
+
+/**
+ * Loads all providers type plugins. 
+ *
+ * @return	0 for success, negative error code otherwise
+ */
+int LoadServices();
+
+/**
+ * Unloads all providers type plugins. 
+ *
+ * @return	0 for success, negative error code otherwise
+ */
+int UnloadServices();
+
+/**
+ * Gets the service currently loaded. Only one service can 
+ * be configured at a time.
+ *
+ * @return	an im service 
+ */
+PSBuddyService* GetService();
+
+// PSServiceListener interface
+public:
+
+/**
+ * Callback function to notify the manager of a service being started.
+ *
+ * @param	service		a buddy service
+ */
+int OnServiceStart(PSBuddyService* service);
+
+/**
+ * Callback function to notify the manager of a service error.
+ *
+ * @param	service		a buddy service
+ * @param	errorcode	a negative error code
+ * @param	errorstring	an error message
+ */
+int OnServiceError(PSBuddyService* service, int errorcode, const char* errorstring);
+
+/**
+ * Callback function to notify the manager of a service being stopped.
+ *
+ * @param	service		a buddy service
+ */
+int OnServiceStop(PSBuddyService* service);
+
+private:
+	char* m_serviceDN;
+	PSServerListener* m_serverListener;
+	PSBuddyService* m_service;
+
+	bool m_servicesLoaded;
+};
+
+#endif // __PS_SERVICE_MANAGER_H__
+
+
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSUser.h b/pki/base/tps/src/include/httpClient/httpc/PSUser.h
new file mode 100644
index 000000000..a66c4e32f
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSUser.h
@@ -0,0 +1,164 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PSUSER_H__
+#define __PSUSER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "PresenceServer.h"
+
+/**
+ * PSUser.h	1.000 04/30/2002
+ * 
+ * This class represents one attribute of a user.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class EXPORT_DECL PSAttribute
+{
+public:
+
+/**
+ * Construts a new PSAttribute object.
+ *
+ * @param	name	name of the attribute
+ * @param	value	value of the attribute
+ */
+PSAttribute(const char* name, const char* value);
+
+/**
+ * Destructor
+ */
+virtual ~PSAttribute();
+
+/**
+ * Gets the name of the attribute.
+ *
+ * @return	name of the attribute
+ */
+char* GetName();
+
+/**
+ * Gets the value of the specified attribute.
+ *
+ * @return	value of the attribute
+ */
+char* GetValue();
+
+private:
+	char* m_name;
+	char* m_value;
+};
+
+/**
+ * PSUser.h	1.000 04/30/2002
+ * 
+ * This class represents information about a single user. 
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class EXPORT_DECL PSUser
+{
+public:
+
+/**
+ * Construts a new PSUser object with just one attribute.
+ *
+ * @param	name		name of the user
+ * @param	attribute	a user attribute
+ */
+PSUser(const char* name, PSAttribute* attribute);
+
+/**
+ * Construts a new PSUser object with number of attributes.
+ *
+ * @param	name		name of the user
+ * @param	nAttributes	number of attributes
+ * @param	attribute	array containing user attributes
+ */
+PSUser(const char* name, int nAttributes, PSAttribute** attributes);
+
+/**
+ * Destructor
+ */
+virtual ~PSUser();
+
+/**
+ * Gets the name of the user.
+ *
+ * @return	user name
+ */
+char* GetName();
+
+/**
+ * Get the count of user attributes.
+ *
+ * @return	count of user attributes
+ */
+int GetCount();
+
+/**
+ * Gets a list of attribute objects for the user.
+ *
+ * @return	array of attribute objects
+ */
+PSAttribute** GetAttributes();
+
+/**
+ * Gets the user attribute based on the specified attribute name.
+ *
+ * @return	user attribute object on success, NULL otherwise
+ */
+PSAttribute* Lookup(char* key);
+
+/**
+ * Creates a new copy of the current user object.
+ *
+ * @return	new user object
+ */
+void Clone(PSUser** user);
+
+private:
+	char* m_name;
+	int m_attrCount;
+	PSAttribute** m_attributes;
+};
+
+#endif
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSWaspLib.h b/pki/base/tps/src/include/httpClient/httpc/PSWaspLib.h
new file mode 100644
index 000000000..8fdea6bcc
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSWaspLib.h
@@ -0,0 +1,55 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _PS_WASP_LIB_H_
+#define _PS_WASP_LIB_H_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#ifdef _MSC_VER
+#undef EXPORT_DECL
+#ifdef WASP_LIB_DLL
+#define EXPORT_DECL __declspec( dllexport )
+#else
+#define EXPORT_DECL __declspec (dllimport )
+#endif // EXPORT_LIB_DLL
+#else
+#define EXPORT_DECL
+#endif // _MSC_VER
+
+// Key to hostname in WASP CallContext
+#define CONTEXT_HOSTNAME_TOKEN "Hostname"
+
+#endif // _PS_WASP_LIB_H_
diff --git a/pki/base/tps/src/include/httpClient/httpc/Pool.h b/pki/base/tps/src/include/httpClient/httpc/Pool.h
new file mode 100644
index 000000000..074b36b3b
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/Pool.h
@@ -0,0 +1,149 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __POOL_H__
+#define __POOL_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#define AUTOTOOLS_CONFIG_H
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * Utility classes for object pools
+ *
+ * @author  rweltman@netscape.com
+ * @version 1.0
+ */
+
+class PoolNode;
+class Pool;
+
+typedef int (*PoolEnumerator)(PoolNode *node);
+
+/**
+ * A node in a pool
+ */
+class EXPORT_DECL PoolNode {
+    friend class Pool;
+public:
+    /**
+     * Constructor
+     *
+     * @param data The real data of the node
+     */
+    PoolNode( void *data );
+    /**
+     * Destructor
+     */
+    virtual ~PoolNode();
+    /**
+     * Returns the real data of the node
+     *
+     * @return The real data of the node
+     */
+    void *GetData();
+    /**
+     * Returns the next entry in the list
+     *
+     * @return The next entry in the list
+     */
+    PoolNode *GetNext();
+    /**
+     * Returns the previous entry in the list
+     *
+     * @return The previous entry in the list
+     */
+    PoolNode *GetPrev();
+private:
+    void *m_data;
+    PoolNode *m_next;
+    PoolNode *m_prev;
+};
+
+/**
+ * A generic object pool
+ */
+class EXPORT_DECL Pool {
+public:
+    /**
+     * Constructor - creates a pool with an internal list of nodes
+     *
+     * @param name Name of pool
+     * @param poolSize Max number of nodes kept
+     * @param enumerator Optional enumerator to be called on destruction
+     */
+    Pool( const char *name, int poolSize, PoolEnumerator enumerator = NULL );
+    /**
+     * Destructor - Empties the pool
+     */
+    virtual ~Pool();
+    /**
+     * Appends an entry to the end of the internal list
+     *
+     * @param node An entry to add
+     * @return The added entry
+     */
+    PoolNode *Append( PoolNode *node );
+    /**
+     * Retrieves the head of the internal list and removes it
+     *
+     * @return The head of the internal list
+     */
+    PoolNode *RemoveHead();
+    /**
+     * Returns true if the pool is empty
+     *
+     * @return true if the pool is empty
+     */
+    bool IsEmpty();
+
+    /**
+     * Returns the number of entries in the pool
+     *
+     * @return The number of entries in the pool
+     */
+    int GetCount();
+
+protected:
+private:
+    PoolNode *m_list;
+    char *m_name;
+    int m_maxNodes;
+    int m_count;
+    PoolEnumerator m_enumerator;
+	PRRWLock *m_lock;
+	PRLock *m_conditionLock;
+    PRCondVar *m_condition;
+};
+
+#endif // __POOL_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/PresenceManager.h b/pki/base/tps/src/include/httpClient/httpc/PresenceManager.h
new file mode 100644
index 000000000..f7f4f753f
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PresenceManager.h
@@ -0,0 +1,93 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PRESENCEMANAGER_H__
+#define __PRESENCEMANAGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#define AUTOTOOLS_CONFIG_H
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/PSUser.h"
+
+/**
+ * PresenceManager.h	1.000 04/30/2002
+ * 
+ * Wrapper class around the core buddylist management API. 
+ *
+ * @author  Rob Weltman
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class EXPORT_DECL PresenceManager {
+public:
+    PresenceManager();
+    virtual ~PresenceManager();
+
+	int GetUserStatus(const char* group, const char* name, int nAttributes, char** attributes, PSUser** user);
+	int GetMultipleUserStatus(const char* group,
+							  int nUsers,
+							  char** names,
+							  int nAttributes,
+							  char** attributes,
+							  PSUser*** users);
+	int GetUsersByFilter(const char* group, const char* filter, int nAttributes, char** attributes, PSUser*** users);
+	int GetSortedUsersByFilter(const char* group, const char* filter,
+							   const char *sortKey, int sortKeyType,
+							   int nAttributes, char** attributes, PSUser*** users);
+    /** 
+     * Gets the number of users who are online or offline in a group
+     * 
+     * @param group Name of group to query; NULL or empty for all groups
+     * @param bOnline true to return the count of online users, false for
+     * offline
+     * @return Number of users, or a negative error code on failure 
+     *
+     * Error Code(s):
+     * PS_UNKOWN_GROUP 
+     */ 
+    int GetUserCount( const char* group, int bOnline );
+	int AddGroup(const char* group, int nAttributes, char** attributes); 
+	int AddUser(const char* group, const char* name, int nAttributes, PSAttribute** attributes);
+	int AddUsers(const char* group, int nUsers, PSUser** users);
+	int RemoveUser(const char* group, const char* name);
+	int RemoveUsers(const char* group, int nUsers, char** names);
+	int RemoveGroup(const char* group); 
+	int GetAllGroups(char*** groups);
+	int GetAllUsers(const char* group, PSUser*** users); 
+	int GetSearchableAttributes(const char* group, char*** attributes);
+
+private:    
+};
+
+#endif // __PRESENCEMANAGER_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/PresenceServer.h b/pki/base/tps/src/include/httpClient/httpc/PresenceServer.h
new file mode 100644
index 000000000..1a9b259e9
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PresenceServer.h
@@ -0,0 +1,60 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PRESENCE_SERVER_H__
+#define __PRESENCE_SERVER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/PSServerLib.h"
+
+/**
+ * PresenceServer.h	1.000 04/30/2002
+ * 
+ * Starts and stops presence services
+ *
+ * @author  Rob Weltman
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+
+extern "C" {
+EXPORT_DECL int  presence_main( int argc, char* argv[] );
+EXPORT_DECL void presence_exit();
+}
+
+#endif	// __PRESENCE_SERVER_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PresenceServerImpl.h b/pki/base/tps/src/include/httpClient/httpc/PresenceServerImpl.h
new file mode 100644
index 000000000..8c07b9140
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PresenceServerImpl.h
@@ -0,0 +1,111 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PRESENCE_SERVER_IMPL_H__
+#define __PRESENCE_SERVER_IMPL_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+class PSUser;
+
+/**
+ * PresenceServerImpl.h	1.000 04/30/2002
+ * 
+ * Interface for WASP implementation of presence service
+ *
+ * @author  Rob Weltman
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+
+class EXPORT_DECL PresenceServerImpl:public PresenceServiceImpl {
+public:
+    PresenceServerImpl() {}
+    virtual ~PresenceServerImpl() {}
+    virtual int getAllGroups (ArrayOfstring *& groups);
+    virtual int getAllUsers (WASP_String * group, ArrayOfstring *& users);
+    virtual int removeGroup (WASP_String * group);
+    virtual int getUsersByFilter (WASP_String * group, WASP_String * filter, int nAttributes, ArrayOfstring * attributes, ArrayOfPresenceUser *& users);
+    virtual int getMultipleUserStatus (WASP_String * group,
+									   int nUsers,
+									   ArrayOfstring * names,
+									   int nAttributes,
+									   ArrayOfstring * attributes,
+									   ArrayOfPresenceUser *& users);
+    virtual int removeUser (WASP_String * group, WASP_String * name);
+    virtual int getUserStatus (WASP_String * group, WASP_String * name, int nAttributes, ArrayOfstring * attributes, PresenceUser *& user);
+    /** 
+     * Gets the number of users who are online or offline in a group
+     * 
+     * @param group Name of group to query; NULL or empty for all groups
+     * @param bOnline true to return the count of online users, false for offline
+     * @return Number of users, or a negative error code on failure 
+     *
+     * Error Code(s):
+     * PS_UNKOWN_GROUP 
+     */ 
+    virtual int getUserCount( WASP_String* group, int bOnline );
+    virtual int addUsers (WASP_String * group, int nUsers, ArrayOfPresenceUser * users);
+    virtual int addGroup (WASP_String * group, int nAttributes, ArrayOfstring * attributes);
+    virtual int getSearchableAttributes (WASP_String * group, ArrayOfstring *& attributes);
+    virtual int addUser (WASP_String * group, WASP_String * name, int nAttributes, ArrayOfUserAttribute * attributes);
+    virtual int getSortedUsersByFilter (WASP_String * group,
+										WASP_String * filter,
+										WASP_String * sortKey,
+										int sortKeyType,
+										int nAttributes,
+										ArrayOfstring * attributes,
+										ArrayOfPresenceUser *& users);
+    virtual int removeUsers (WASP_String * group, int nUsers, ArrayOfstring * names);
+protected:
+    void doLog(const char *func, int status);
+    static int parseUsers(int nUsers, PSUser** tusers,
+                          ArrayOfPresenceUser*& users);
+    /**
+     * Decodes an array of Unicode strings from a WASP string array object;
+     * the result should be freed by deleting the individual strings as well as
+     * the array itself; nStrings is set to 0 if wStrings is NULL
+     *
+     * @param attributes WASP string array object to convert
+     * @param nAttributes Number of strings to process
+     * @return Array of strings
+     */
+    char **DecodeStringArrayObject( ArrayOfstring* wStrings,
+                                    int& nStrings );
+};
+
+#endif // __PRESENCE_SERVER_IMPL_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/SECerrs.h b/pki/base/tps/src/include/httpClient/httpc/SECerrs.h
new file mode 100644
index 000000000..d7495ff28
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/SECerrs.h
@@ -0,0 +1,522 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * END COPYRIGHT BLOCK **/
+
+/* Originally obtained from:
+ * 
+ *     CVSROOT=:pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
+ *     cvs export -r NSS_3_11_3_RTM -N mozilla/security/nss/cmd/lib/SECerrs.h
+ */
+
+/* General security error codes  */
+/* Caller must #include "secerr.h" */
+
+ER3(SEC_ERROR_IO,				SEC_ERROR_BASE + 0,
+"An I/O error occurred during security authorization.")
+
+ER3(SEC_ERROR_LIBRARY_FAILURE,			SEC_ERROR_BASE + 1,
+"security library failure.")
+
+ER3(SEC_ERROR_BAD_DATA,				SEC_ERROR_BASE + 2,
+"security library: received bad data.")
+
+ER3(SEC_ERROR_OUTPUT_LEN,			SEC_ERROR_BASE + 3,
+"security library: output length error.")
+
+ER3(SEC_ERROR_INPUT_LEN,			SEC_ERROR_BASE + 4,
+"security library has experienced an input length error.")
+
+ER3(SEC_ERROR_INVALID_ARGS,			SEC_ERROR_BASE + 5,
+"security library: invalid arguments.")
+
+ER3(SEC_ERROR_INVALID_ALGORITHM,		SEC_ERROR_BASE + 6,
+"security library: invalid algorithm.")
+
+ER3(SEC_ERROR_INVALID_AVA,			SEC_ERROR_BASE + 7,
+"security library: invalid AVA.")
+
+ER3(SEC_ERROR_INVALID_TIME,			SEC_ERROR_BASE + 8,
+"Improperly formatted time string.")
+
+ER3(SEC_ERROR_BAD_DER,				SEC_ERROR_BASE + 9,
+"security library: improperly formatted DER-encoded message.")
+
+ER3(SEC_ERROR_BAD_SIGNATURE,			SEC_ERROR_BASE + 10,
+"Peer's certificate has an invalid signature.")
+
+ER3(SEC_ERROR_EXPIRED_CERTIFICATE,		SEC_ERROR_BASE + 11,
+"Peer's Certificate has expired.")
+
+ER3(SEC_ERROR_REVOKED_CERTIFICATE,		SEC_ERROR_BASE + 12,
+"Peer's Certificate has been revoked.")
+
+ER3(SEC_ERROR_UNKNOWN_ISSUER,			SEC_ERROR_BASE + 13,
+"Peer's Certificate issuer is not recognized.")
+
+ER3(SEC_ERROR_BAD_KEY,				SEC_ERROR_BASE + 14,
+"Peer's public key is invalid.")
+
+ER3(SEC_ERROR_BAD_PASSWORD,			SEC_ERROR_BASE + 15,
+"The security password entered is incorrect.")
+
+ER3(SEC_ERROR_RETRY_PASSWORD,			SEC_ERROR_BASE + 16,
+"New password entered incorrectly.  Please try again.")
+
+ER3(SEC_ERROR_NO_NODELOCK,			SEC_ERROR_BASE + 17,
+"security library: no nodelock.")
+
+ER3(SEC_ERROR_BAD_DATABASE,			SEC_ERROR_BASE + 18,
+"security library: bad database.")
+
+ER3(SEC_ERROR_NO_MEMORY,			SEC_ERROR_BASE + 19,
+"security library: memory allocation failure.")
+
+ER3(SEC_ERROR_UNTRUSTED_ISSUER,			SEC_ERROR_BASE + 20,
+"Peer's certificate issuer has been marked as not trusted by the user.")
+
+ER3(SEC_ERROR_UNTRUSTED_CERT,			SEC_ERROR_BASE + 21,
+"Peer's certificate has been marked as not trusted by the user.")
+
+ER3(SEC_ERROR_DUPLICATE_CERT,			(SEC_ERROR_BASE + 22),
+"Certificate already exists in your database.")
+
+ER3(SEC_ERROR_DUPLICATE_CERT_NAME,		(SEC_ERROR_BASE + 23),
+"Downloaded certificate's name duplicates one already in your database.")
+
+ER3(SEC_ERROR_ADDING_CERT,			(SEC_ERROR_BASE + 24),
+"Error adding certificate to database.")
+
+ER3(SEC_ERROR_FILING_KEY,			(SEC_ERROR_BASE + 25),
+"Error refiling the key for this certificate.")
+
+ER3(SEC_ERROR_NO_KEY,				(SEC_ERROR_BASE + 26),
+"The private key for this certificate cannot be found in key database")
+
+ER3(SEC_ERROR_CERT_VALID,			(SEC_ERROR_BASE + 27),
+"This certificate is valid.")
+
+ER3(SEC_ERROR_CERT_NOT_VALID,			(SEC_ERROR_BASE + 28),
+"This certificate is not valid.")
+
+ER3(SEC_ERROR_CERT_NO_RESPONSE,			(SEC_ERROR_BASE + 29),
+"Cert Library: No Response")
+
+ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE,	(SEC_ERROR_BASE + 30),
+"The certificate issuer's certificate has expired.  Check your system date and time.")
+
+ER3(SEC_ERROR_CRL_EXPIRED,			(SEC_ERROR_BASE + 31),
+"The CRL for the certificate's issuer has expired.  Update it or check your system data and time.")
+
+ER3(SEC_ERROR_CRL_BAD_SIGNATURE,		(SEC_ERROR_BASE + 32),
+"The CRL for the certificate's issuer has an invalid signature.")
+
+ER3(SEC_ERROR_CRL_INVALID,			(SEC_ERROR_BASE + 33),
+"New CRL has an invalid format.")
+
+ER3(SEC_ERROR_EXTENSION_VALUE_INVALID,		(SEC_ERROR_BASE + 34),
+"Certificate extension value is invalid.")
+
+ER3(SEC_ERROR_EXTENSION_NOT_FOUND,		(SEC_ERROR_BASE + 35),
+"Certificate extension not found.")
+
+ER3(SEC_ERROR_CA_CERT_INVALID,			(SEC_ERROR_BASE + 36),
+"Issuer certificate is invalid.")
+   
+ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID,	(SEC_ERROR_BASE + 37),
+"Certificate path length constraint is invalid.")
+
+ER3(SEC_ERROR_CERT_USAGES_INVALID,		(SEC_ERROR_BASE + 38),
+"Certificate usages field is invalid.")
+
+ER3(SEC_INTERNAL_ONLY,				(SEC_ERROR_BASE + 39),
+"**Internal ONLY module**")
+
+ER3(SEC_ERROR_INVALID_KEY,			(SEC_ERROR_BASE + 40),
+"The key does not support the requested operation.")
+
+ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION,	(SEC_ERROR_BASE + 41),
+"Certificate contains unknown critical extension.")
+
+ER3(SEC_ERROR_OLD_CRL,				(SEC_ERROR_BASE + 42),
+"New CRL is not later than the current one.")
+
+ER3(SEC_ERROR_NO_EMAIL_CERT,			(SEC_ERROR_BASE + 43),
+"Not encrypted or signed: you do not yet have an email certificate.")
+
+ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY,		(SEC_ERROR_BASE + 44),
+"Not encrypted: you do not have certificates for each of the recipients.")
+
+ER3(SEC_ERROR_NOT_A_RECIPIENT,			(SEC_ERROR_BASE + 45),
+"Cannot decrypt: you are not a recipient, or matching certificate and \
+private key not found.")
+
+ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH,		(SEC_ERROR_BASE + 46),
+"Cannot decrypt: key encryption algorithm does not match your certificate.")
+
+ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE,		(SEC_ERROR_BASE + 47),
+"Signature verification failed: no signer found, too many signers found, \
+or improper or corrupted data.")
+
+ER3(SEC_ERROR_UNSUPPORTED_KEYALG,		(SEC_ERROR_BASE + 48),
+"Unsupported or unknown key algorithm.")
+
+ER3(SEC_ERROR_DECRYPTION_DISALLOWED,		(SEC_ERROR_BASE + 49),
+"Cannot decrypt: encrypted using a disallowed algorithm or key size.")
+
+
+/* Fortezza Alerts */
+ER3(XP_SEC_FORTEZZA_BAD_CARD,			(SEC_ERROR_BASE + 50),
+"Fortezza card has not been properly initialized.  \
+Please remove it and return it to your issuer.")
+
+ER3(XP_SEC_FORTEZZA_NO_CARD,			(SEC_ERROR_BASE + 51),
+"No Fortezza cards Found")
+
+ER3(XP_SEC_FORTEZZA_NONE_SELECTED,		(SEC_ERROR_BASE + 52),
+"No Fortezza card selected")
+
+ER3(XP_SEC_FORTEZZA_MORE_INFO,			(SEC_ERROR_BASE + 53),
+"Please select a personality to get more info on")
+
+ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND,		(SEC_ERROR_BASE + 54),
+"Personality not found")
+
+ER3(XP_SEC_FORTEZZA_NO_MORE_INFO,		(SEC_ERROR_BASE + 55),
+"No more information on that Personality")
+
+ER3(XP_SEC_FORTEZZA_BAD_PIN,			(SEC_ERROR_BASE + 56),
+"Invalid Pin")
+
+ER3(XP_SEC_FORTEZZA_PERSON_ERROR,		(SEC_ERROR_BASE + 57),
+"Couldn't initialize Fortezza personalities.")
+/* end fortezza alerts. */
+
+ER3(SEC_ERROR_NO_KRL,				(SEC_ERROR_BASE + 58),
+"No KRL for this site's certificate has been found.")
+
+ER3(SEC_ERROR_KRL_EXPIRED,			(SEC_ERROR_BASE + 59),
+"The KRL for this site's certificate has expired.")
+
+ER3(SEC_ERROR_KRL_BAD_SIGNATURE,		(SEC_ERROR_BASE + 60),
+"The KRL for this site's certificate has an invalid signature.")
+
+ER3(SEC_ERROR_REVOKED_KEY,			(SEC_ERROR_BASE + 61),
+"The key for this site's certificate has been revoked.")
+
+ER3(SEC_ERROR_KRL_INVALID,			(SEC_ERROR_BASE + 62),
+"New KRL has an invalid format.")
+
+ER3(SEC_ERROR_NEED_RANDOM,			(SEC_ERROR_BASE + 63),
+"security library: need random data.")
+
+ER3(SEC_ERROR_NO_MODULE,			(SEC_ERROR_BASE + 64),
+"security library: no security module can perform the requested operation.")
+
+ER3(SEC_ERROR_NO_TOKEN,				(SEC_ERROR_BASE + 65),
+"The security card or token does not exist, needs to be initialized, or has been removed.")
+
+ER3(SEC_ERROR_READ_ONLY,			(SEC_ERROR_BASE + 66),
+"security library: read-only database.")
+
+ER3(SEC_ERROR_NO_SLOT_SELECTED,			(SEC_ERROR_BASE + 67),
+"No slot or token was selected.")
+
+ER3(SEC_ERROR_CERT_NICKNAME_COLLISION,		(SEC_ERROR_BASE + 68),
+"A certificate with the same nickname already exists.")
+
+ER3(SEC_ERROR_KEY_NICKNAME_COLLISION,		(SEC_ERROR_BASE + 69),
+"A key with the same nickname already exists.")
+
+ER3(SEC_ERROR_SAFE_NOT_CREATED,			(SEC_ERROR_BASE + 70),
+"error while creating safe object")
+
+ER3(SEC_ERROR_BAGGAGE_NOT_CREATED,		(SEC_ERROR_BASE + 71),
+"error while creating baggage object")
+
+ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR,		(SEC_ERROR_BASE + 72),
+"Couldn't remove the principal")
+
+ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR,		(SEC_ERROR_BASE + 73),
+"Couldn't delete the privilege")
+
+ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR,		(SEC_ERROR_BASE + 74),
+"This principal doesn't have a certificate")
+
+ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM,		(SEC_ERROR_BASE + 75),
+"Required algorithm is not allowed.")
+
+ER3(SEC_ERROR_EXPORTING_CERTIFICATES,		(SEC_ERROR_BASE + 76),
+"Error attempting to export certificates.")
+
+ER3(SEC_ERROR_IMPORTING_CERTIFICATES,		(SEC_ERROR_BASE + 77),
+"Error attempting to import certificates.")
+
+ER3(SEC_ERROR_PKCS12_DECODING_PFX,		(SEC_ERROR_BASE + 78),
+"Unable to import.  Decoding error.  File not valid.")
+
+ER3(SEC_ERROR_PKCS12_INVALID_MAC,		(SEC_ERROR_BASE + 79),
+"Unable to import.  Invalid MAC.  Incorrect password or corrupt file.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM,	(SEC_ERROR_BASE + 80),
+"Unable to import.  MAC algorithm not supported.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE,(SEC_ERROR_BASE + 81),
+"Unable to import.  Only password integrity and privacy modes supported.")
+
+ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE,	(SEC_ERROR_BASE + 82),
+"Unable to import.  File structure is corrupt.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, (SEC_ERROR_BASE + 83),
+"Unable to import.  Encryption algorithm not supported.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION,	(SEC_ERROR_BASE + 84),
+"Unable to import.  File version not supported.")
+
+ER3(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT,(SEC_ERROR_BASE + 85),
+"Unable to import.  Incorrect privacy password.")
+
+ER3(SEC_ERROR_PKCS12_CERT_COLLISION,		(SEC_ERROR_BASE + 86),
+"Unable to import.  Same nickname already exists in database.")
+
+ER3(SEC_ERROR_USER_CANCELLED,			(SEC_ERROR_BASE + 87),
+"The user pressed cancel.")
+
+ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA,		(SEC_ERROR_BASE + 88),
+"Not imported, already in database.")
+
+ER3(SEC_ERROR_MESSAGE_SEND_ABORTED,		(SEC_ERROR_BASE + 89),
+"Message not sent.")
+
+ER3(SEC_ERROR_INADEQUATE_KEY_USAGE,		(SEC_ERROR_BASE + 90),
+"Certificate key usage inadequate for attempted operation.")
+
+ER3(SEC_ERROR_INADEQUATE_CERT_TYPE,		(SEC_ERROR_BASE + 91),
+"Certificate type not approved for application.")
+
+ER3(SEC_ERROR_CERT_ADDR_MISMATCH,		(SEC_ERROR_BASE + 92),
+"Address in signing certificate does not match address in message headers.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY,	(SEC_ERROR_BASE + 93),
+"Unable to import.  Error attempting to import private key.")
+
+ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN,	(SEC_ERROR_BASE + 94),
+"Unable to import.  Error attempting to import certificate chain.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, (SEC_ERROR_BASE + 95),
+"Unable to export.  Unable to locate certificate or key by nickname.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY,	(SEC_ERROR_BASE + 96),
+"Unable to export.  Private Key could not be located and exported.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, 		(SEC_ERROR_BASE + 97),
+"Unable to export.  Unable to write the export file.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ,		(SEC_ERROR_BASE + 98),
+"Unable to import.  Unable to read the import file.")
+
+ER3(SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, (SEC_ERROR_BASE + 99),
+"Unable to export.  Key database corrupt or deleted.")
+
+ER3(SEC_ERROR_KEYGEN_FAIL,			(SEC_ERROR_BASE + 100),
+"Unable to generate public/private key pair.")
+
+ER3(SEC_ERROR_INVALID_PASSWORD,			(SEC_ERROR_BASE + 101),
+"Password entered is invalid.  Please pick a different one.")
+
+ER3(SEC_ERROR_RETRY_OLD_PASSWORD,		(SEC_ERROR_BASE + 102),
+"Old password entered incorrectly.  Please try again.")
+
+ER3(SEC_ERROR_BAD_NICKNAME,			(SEC_ERROR_BASE + 103),
+"Certificate nickname already in use.")
+
+ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER,       	(SEC_ERROR_BASE + 104),
+"Peer FORTEZZA chain has a non-FORTEZZA Certificate.")
+
+ER3(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY, 	(SEC_ERROR_BASE + 105),
+"A sensitive key cannot be moved to the slot where it is needed.")
+
+ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, 		(SEC_ERROR_BASE + 106),
+"Invalid module name.")
+
+ER3(SEC_ERROR_JS_INVALID_DLL, 			(SEC_ERROR_BASE + 107),
+"Invalid module path/filename")
+
+ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, 		(SEC_ERROR_BASE + 108),
+"Unable to add module")
+
+ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, 		(SEC_ERROR_BASE + 109),
+"Unable to delete module")
+
+ER3(SEC_ERROR_OLD_KRL,	     			(SEC_ERROR_BASE + 110),
+"New KRL is not later than the current one.")
+ 
+ER3(SEC_ERROR_CKL_CONFLICT,	     		(SEC_ERROR_BASE + 111),
+"New CKL has different issuer than current CKL.  Delete current CKL.")
+
+ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, 		(SEC_ERROR_BASE + 112),
+"The Certifying Authority for this certificate is not permitted to issue a \
+certificate with this name.")
+
+ER3(SEC_ERROR_KRL_NOT_YET_VALID,		(SEC_ERROR_BASE + 113),
+"The key revocation list for this certificate is not yet valid.")
+
+ER3(SEC_ERROR_CRL_NOT_YET_VALID,		(SEC_ERROR_BASE + 114),
+"The certificate revocation list for this certificate is not yet valid.")
+
+ER3(SEC_ERROR_UNKNOWN_CERT,			(SEC_ERROR_BASE + 115),
+"The requested certificate could not be found.")
+
+ER3(SEC_ERROR_UNKNOWN_SIGNER,			(SEC_ERROR_BASE + 116),
+"The signer's certificate could not be found.")
+
+ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION,		(SEC_ERROR_BASE + 117),
+"The location for the certificate status server has invalid format.")
+
+ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE,	(SEC_ERROR_BASE + 118),
+"The OCSP response cannot be fully decoded; it is of an unknown type.")
+
+ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE,		(SEC_ERROR_BASE + 119),
+"The OCSP server returned unexpected/invalid HTTP data.")
+
+ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST,		(SEC_ERROR_BASE + 120),
+"The OCSP server found the request to be corrupted or improperly formed.")
+
+ER3(SEC_ERROR_OCSP_SERVER_ERROR,		(SEC_ERROR_BASE + 121),
+"The OCSP server experienced an internal error.")
+
+ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER,		(SEC_ERROR_BASE + 122),
+"The OCSP server suggests trying again later.")
+
+ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG,		(SEC_ERROR_BASE + 123),
+"The OCSP server requires a signature on this request.")
+
+ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST,	(SEC_ERROR_BASE + 124),
+"The OCSP server has refused this request as unauthorized.")
+
+ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS,	(SEC_ERROR_BASE + 125),
+"The OCSP server returned an unrecognizable status.")
+
+ER3(SEC_ERROR_OCSP_UNKNOWN_CERT,		(SEC_ERROR_BASE + 126),
+"The OCSP server has no status for the certificate.")
+
+ER3(SEC_ERROR_OCSP_NOT_ENABLED,			(SEC_ERROR_BASE + 127),
+"You must enable OCSP before performing this operation.")
+
+ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER,	(SEC_ERROR_BASE + 128),
+"You must set the OCSP default responder before performing this operation.")
+
+ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE,		(SEC_ERROR_BASE + 129),
+"The response from the OCSP server was corrupted or improperly formed.")
+
+ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE,	(SEC_ERROR_BASE + 130),
+"The signer of the OCSP response is not authorized to give status for \
+this certificate.")
+
+ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE,		(SEC_ERROR_BASE + 131),
+"The OCSP response is not yet valid (contains a date in the future).")
+
+ER3(SEC_ERROR_OCSP_OLD_RESPONSE,		(SEC_ERROR_BASE + 132),
+"The OCSP response contains out-of-date information.")
+
+ER3(SEC_ERROR_DIGEST_NOT_FOUND,			(SEC_ERROR_BASE + 133),
+"The CMS or PKCS #7 Digest was not found in signed message.")
+
+ER3(SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE,		(SEC_ERROR_BASE + 134),
+"The CMS or PKCS #7 Message type is unsupported.")
+
+ER3(SEC_ERROR_MODULE_STUCK,			(SEC_ERROR_BASE + 135),
+"PKCS #11 module could not be removed because it is still in use.")
+
+ER3(SEC_ERROR_BAD_TEMPLATE,			(SEC_ERROR_BASE + 136),
+"Could not decode ASN.1 data. Specified template was invalid.")
+
+ER3(SEC_ERROR_CRL_NOT_FOUND,			(SEC_ERROR_BASE + 137),
+"No matching CRL was found.")
+
+ER3(SEC_ERROR_REUSED_ISSUER_AND_SERIAL,        (SEC_ERROR_BASE + 138),
+"You are attempting to import a cert with the same issuer/serial as \
+an existing cert, but that is not the same cert.")
+
+ER3(SEC_ERROR_BUSY,				(SEC_ERROR_BASE + 139),
+"NSS could not shutdown. Objects are still in use.")
+
+ER3(SEC_ERROR_EXTRA_INPUT,			(SEC_ERROR_BASE + 140),
+"DER-encoded message contained extra unused data.")
+
+ER3(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE,	(SEC_ERROR_BASE + 141),
+"Unsupported elliptic curve.")
+
+ER3(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM,	(SEC_ERROR_BASE + 142),
+"Unsupported elliptic curve point form.")
+
+ER3(SEC_ERROR_UNRECOGNIZED_OID,			(SEC_ERROR_BASE + 143),
+"Unrecognized Object IDentifier.")
+
+ER3(SEC_ERROR_OCSP_INVALID_SIGNING_CERT,	(SEC_ERROR_BASE + 144),
+"Invalid OCSP signing certificate in OCSP response.")
+
+ER3(SEC_ERROR_REVOKED_CERTIFICATE_CRL,          (SEC_ERROR_BASE + 145),
+"Certificate is revoked in issuer's certificate revocation list.")
+
+ER3(SEC_ERROR_REVOKED_CERTIFICATE_OCSP,         (SEC_ERROR_BASE + 146),
+"Issuer's OCSP responder reports certificate is revoked.")
+
+ER3(SEC_ERROR_CRL_INVALID_VERSION,              (SEC_ERROR_BASE + 147),
+"Issuer's Certificate Revocation List has an unknown version number.")
+
+ER3(SEC_ERROR_CRL_V1_CRITICAL_EXTENSION,        (SEC_ERROR_BASE + 148),
+"Issuer's V1 Certificate Revocation List has a critical extension.")
+
+ER3(SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION,   (SEC_ERROR_BASE + 149),
+"Issuer's V2 Certificate Revocation List has an unknown critical extension.")
+
+ER3(SEC_ERROR_UNKNOWN_OBJECT_TYPE,	        (SEC_ERROR_BASE + 150),
+"Unknown object type specified.")
+
+ER3(SEC_ERROR_INCOMPATIBLE_PKCS11,	        (SEC_ERROR_BASE + 151),
+"PKCS #11 driver violates the spec in an incompatible way.")
+
+ER3(SEC_ERROR_NO_EVENT,	        		(SEC_ERROR_BASE + 152),
+"No new slot event is available at this time.")
+
+ER3(SEC_ERROR_CRL_ALREADY_EXISTS,      		(SEC_ERROR_BASE + 153),
+"CRL already exists.")
+
+ER3(SEC_ERROR_NOT_INITIALIZED,      		(SEC_ERROR_BASE + 154),
+"NSS is not initialized.")
+
+ER3(SEC_ERROR_TOKEN_NOT_LOGGED_IN,  		(SEC_ERROR_BASE + 155),
+"The operation failed because the PKCS#11 token is not logged in.")
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/SSLServerSocket.h b/pki/base/tps/src/include/httpClient/httpc/SSLServerSocket.h
new file mode 100644
index 000000000..a059d7279
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/SSLServerSocket.h
@@ -0,0 +1,93 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __SSL_SERVER_SOCKET_H
+#define __SSL_SERVER_SOCKET_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * SSLServerSocket.h	1.000 06/12/2002
+ * 
+ * A Secure server socket implementation based on NSPR / NSS
+ * 
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+class EXPORT_DECL SSLServerSocket : public ServerSocket {
+public:
+	/**
+	 * Constructor 
+	 */
+	SSLServerSocket( const char* host, 
+					 int port, 
+					 const char* nickname,
+					 int requestcert );
+
+	/**
+	 * Destructor 
+	 */
+	virtual ~SSLServerSocket();
+
+public:
+	/**
+	 * Initializes cert and private key before calling base class
+	 * Accept function.
+	 */
+	Socket* Accept();
+
+private:
+	/**
+	 * Overrides base class function to create SSL sockets
+	 *
+	 * @return	a newly accepted SSL socket
+	 */
+	Socket* InternalAccept(PRFileDesc* fd);
+
+private:
+	char* m_nickName;
+	int m_requestCert;
+	CERTCertificate* m_serverCert;
+	SECKEYPrivateKey* m_serverPrivKey;
+	SSLKEAType m_certKEA;
+};
+
+#endif // __SSL_SERVER_SOCKET_H
+
+
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/SSLSocket.h b/pki/base/tps/src/include/httpClient/httpc/SSLSocket.h
new file mode 100644
index 000000000..14d647c60
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/SSLSocket.h
@@ -0,0 +1,132 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __SSL_SOCKET_H
+#define __SSL_SOCKET_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * SSLSocket.h	1.000 06/12/2002
+ * 
+ * A Secure socket implementation based on NSPR / NSS 
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+class EXPORT_DECL SSLSocket : public Socket {
+	friend class SSLServerSocket;
+public:
+	/**
+	 * Constructor
+	 */
+	SSLSocket();
+
+	/**
+	 * Destructor
+	 */
+	virtual ~SSLSocket();
+
+private:
+	/**
+	 * Sets up this socket to behave as a SSL server
+	 *
+	 * @param	cert		server certificate object
+	 * @param	privKey		private key structure
+	 * @param	password	password to access DB
+	 * @param	requestCert	whether to request cert from the client
+	 * @return				0 on success, negative error code otherwise
+	 *
+	 */
+	int SetupSSLServer(	CERTCertificate* serverCert, 
+						SECKEYPrivateKey* privKey,
+						SSLKEAType certKEA,
+						int requestCert );
+private:
+	// server callbacks
+	/**
+	 * Specifies a certificate authentication callback function called 
+	 * to authenticate an incoming certificate
+	 *
+	 * @param	arg			pointer supplied by the application 
+	 *						(in the call to SSL_AuthCertificateHook) 
+	 *						that can be used to pass state information
+	 * @param	socket		pointer to the file descriptor for the SSL socket
+	 * @param	checksig	PR_TRUE means signatures are to be checked and 
+	 *						the certificate chain is to be validated
+	 * @param	isServer	PR_TRUE means the callback function should 
+	 *						evaluate the certificate as a server does, 
+	 *						treating the remote end is a client
+	 * @return				SECSuccess on success, SECFailure otherwise
+	 *
+	 */
+	static SECStatus AuthCertificate( void* arg, 
+									  PRFileDesc* socket,
+									  PRBool checksig, 
+									  PRBool isServer );
+
+	/**
+	 * Sets up a callback function to deal with a situation where the 
+	 * SSL_AuthCertificate callback function has failed. This callback 
+	 * function allows the application to override the decision made by 
+	 * the certificate authorization callback and authorize the certificate 
+	 * for use in the SSL connection. 
+	 *
+	 * @param	arg			The arg parameter passed to SSL_BadCertHook
+	 * @param	socket		pointer to the file descriptor for the SSL socket
+	 * @return				SECSuccess on success, SECFailure otherwise
+	 */
+	static SECStatus BadCertHandler( void* arg, 
+								     PRFileDesc* socket );
+
+	/**
+	 * Sets up a callback function used by SSL to inform either a client 
+	 * application or a server application when the handshake is completed
+	 *
+	 * @param	arg			The arg parameter passed to SSL_HandshakeCallback
+	 * @param	socket		pointer to the file descriptor for the SSL socket
+	 * @return				SECSuccess on success, SECFailure otherwise
+	 */
+	static SECStatus HandshakeCallback( PRFileDesc* socket, 
+									    void* arg );
+
+private:
+	bool m_initializedAsServer;
+};
+
+#endif // __SSL_SOCKET_H
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/SSLerrs.h b/pki/base/tps/src/include/httpClient/httpc/SSLerrs.h
new file mode 100644
index 000000000..818da3e87
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/SSLerrs.h
@@ -0,0 +1,392 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * END COPYRIGHT BLOCK **/
+
+/* Originally obtained from:
+ * 
+ *     CVSROOT=:pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
+ *     cvs export -r NSS_3_11_3_RTM -N mozilla/security/nss/cmd/lib/SSLerrs.h
+ */
+
+/* SSL-specific security error codes  */
+/* caller must include "sslerr.h" */
+
+ER3(SSL_ERROR_EXPORT_ONLY_SERVER,			SSL_ERROR_BASE + 0,
+"Unable to communicate securely.  Peer does not support high-grade encryption.")
+
+ER3(SSL_ERROR_US_ONLY_SERVER,				SSL_ERROR_BASE + 1,
+"Unable to communicate securely.  Peer requires high-grade encryption which is not supported.")
+
+ER3(SSL_ERROR_NO_CYPHER_OVERLAP,			SSL_ERROR_BASE + 2,
+"Cannot communicate securely with peer: no common encryption algorithm(s).")
+
+ER3(SSL_ERROR_NO_CERTIFICATE,				SSL_ERROR_BASE + 3,
+"Unable to find the certificate or key necessary for authentication.")
+
+ER3(SSL_ERROR_BAD_CERTIFICATE,				SSL_ERROR_BASE + 4,
+"Unable to communicate securely with peer: peers's certificate was rejected.")
+
+/* unused						(SSL_ERROR_BASE + 5),*/
+
+ER3(SSL_ERROR_BAD_CLIENT,				SSL_ERROR_BASE + 6,
+"The server has encountered bad data from the client.")
+
+ER3(SSL_ERROR_BAD_SERVER,				SSL_ERROR_BASE + 7,
+"The client has encountered bad data from the server.")
+
+ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,		SSL_ERROR_BASE + 8,
+"Unsupported certificate type.")
+
+ER3(SSL_ERROR_UNSUPPORTED_VERSION,			SSL_ERROR_BASE + 9,
+"Peer using unsupported version of security protocol.")
+
+/* unused						(SSL_ERROR_BASE + 10),*/
+
+ER3(SSL_ERROR_WRONG_CERTIFICATE,			SSL_ERROR_BASE + 11,
+"Client authentication failed: private key in key database does not match public key in certificate database.")
+
+ER3(SSL_ERROR_BAD_CERT_DOMAIN,				SSL_ERROR_BASE + 12,
+"Unable to communicate securely with peer: requested domain name does not match the server's certificate.")
+
+/* SSL_ERROR_POST_WARNING				(SSL_ERROR_BASE + 13),
+   defined in sslerr.h
+*/
+
+ER3(SSL_ERROR_SSL2_DISABLED,				(SSL_ERROR_BASE + 14),
+"Peer only supports SSL version 2, which is locally disabled.")
+
+
+ER3(SSL_ERROR_BAD_MAC_READ,				(SSL_ERROR_BASE + 15),
+"SSL received a record with an incorrect Message Authentication Code.")
+
+ER3(SSL_ERROR_BAD_MAC_ALERT,				(SSL_ERROR_BASE + 16),
+"SSL peer reports incorrect Message Authentication Code.")
+
+ER3(SSL_ERROR_BAD_CERT_ALERT,				(SSL_ERROR_BASE + 17),
+"SSL peer cannot verify your certificate.")
+
+ER3(SSL_ERROR_REVOKED_CERT_ALERT,			(SSL_ERROR_BASE + 18),
+"SSL peer rejected your certificate as revoked.")
+
+ER3(SSL_ERROR_EXPIRED_CERT_ALERT,			(SSL_ERROR_BASE + 19),
+"SSL peer rejected your certificate as expired.")
+
+ER3(SSL_ERROR_SSL_DISABLED,				(SSL_ERROR_BASE + 20),
+"Cannot connect: SSL is disabled.")
+
+ER3(SSL_ERROR_FORTEZZA_PQG,				(SSL_ERROR_BASE + 21),
+"Cannot connect: SSL peer is in another FORTEZZA domain.")
+
+
+ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE          , (SSL_ERROR_BASE + 22),
+"An unknown SSL cipher suite has been requested.")
+
+ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED          , (SSL_ERROR_BASE + 23),
+"No cipher suites are present and enabled in this program.")
+
+ER3(SSL_ERROR_BAD_BLOCK_PADDING             , (SSL_ERROR_BASE + 24),
+"SSL received a record with bad block padding.")
+
+ER3(SSL_ERROR_RX_RECORD_TOO_LONG            , (SSL_ERROR_BASE + 25),
+"SSL received a record that exceeded the maximum permissible length.")
+
+ER3(SSL_ERROR_TX_RECORD_TOO_LONG            , (SSL_ERROR_BASE + 26),
+"SSL attempted to send a record that exceeded the maximum permissible length.")
+
+/*
+ * Received a malformed (too long or short or invalid content) SSL handshake.
+ */
+ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST    , (SSL_ERROR_BASE + 27),
+"SSL received a malformed Hello Request handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO     , (SSL_ERROR_BASE + 28),
+"SSL received a malformed Client Hello handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO     , (SSL_ERROR_BASE + 29),
+"SSL received a malformed Server Hello handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE      , (SSL_ERROR_BASE + 30),
+"SSL received a malformed Certificate handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH  , (SSL_ERROR_BASE + 31),
+"SSL received a malformed Server Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST     , (SSL_ERROR_BASE + 32),
+"SSL received a malformed Certificate Request handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE       , (SSL_ERROR_BASE + 33),
+"SSL received a malformed Server Hello Done handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY      , (SSL_ERROR_BASE + 34),
+"SSL received a malformed Certificate Verify handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH  , (SSL_ERROR_BASE + 35),
+"SSL received a malformed Client Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_FINISHED         , (SSL_ERROR_BASE + 36),
+"SSL received a malformed Finished handshake message.")
+
+/*
+ * Received a malformed (too long or short) SSL record.
+ */
+ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER    , (SSL_ERROR_BASE + 37),
+"SSL received a malformed Change Cipher Spec record.")
+
+ER3(SSL_ERROR_RX_MALFORMED_ALERT            , (SSL_ERROR_BASE + 38),
+"SSL received a malformed Alert record.")
+
+ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE        , (SSL_ERROR_BASE + 39),
+"SSL received a malformed Handshake record.")
+
+ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40),
+"SSL received a malformed Application Data record.")
+
+/*
+ * Received an SSL handshake that was inappropriate for the state we're in.
+ * E.g. Server received message from server, or wrong state in state machine.
+ */
+ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST   , (SSL_ERROR_BASE + 41),
+"SSL received an unexpected Hello Request handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO    , (SSL_ERROR_BASE + 42),
+"SSL received an unexpected Client Hello handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO    , (SSL_ERROR_BASE + 43),
+"SSL received an unexpected Server Hello handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE     , (SSL_ERROR_BASE + 44),
+"SSL received an unexpected Certificate handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45),
+"SSL received an unexpected Server Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST    , (SSL_ERROR_BASE + 46),
+"SSL received an unexpected Certificate Request handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE      , (SSL_ERROR_BASE + 47),
+"SSL received an unexpected Server Hello Done handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY     , (SSL_ERROR_BASE + 48),
+"SSL received an unexpected Certificate Verify handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49),
+"SSL received an unexpected Cllient Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED        , (SSL_ERROR_BASE + 50),
+"SSL received an unexpected Finished handshake message.")
+
+/*
+ * Received an SSL record that was inappropriate for the state we're in.
+ */
+ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER   , (SSL_ERROR_BASE + 51),
+"SSL received an unexpected Change Cipher Spec record.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_ALERT           , (SSL_ERROR_BASE + 52),
+"SSL received an unexpected Alert record.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE       , (SSL_ERROR_BASE + 53),
+"SSL received an unexpected Handshake record.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54),
+"SSL received an unexpected Application Data record.")
+
+/*
+ * Received record/message with unknown discriminant.
+ */
+ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE        , (SSL_ERROR_BASE + 55),
+"SSL received a record with an unknown content type.")
+
+ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE          , (SSL_ERROR_BASE + 56),
+"SSL received a handshake message with an unknown message type.")
+
+ER3(SSL_ERROR_RX_UNKNOWN_ALERT              , (SSL_ERROR_BASE + 57),
+"SSL received an alert record with an unknown alert description.")
+
+/*
+ * Received an alert reporting what we did wrong.  (more alerts above)
+ */
+ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT            , (SSL_ERROR_BASE + 58),
+"SSL peer has closed this connection.")
+
+ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT    , (SSL_ERROR_BASE + 59),
+"SSL peer was not expecting a handshake message it received.")
+
+ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT   , (SSL_ERROR_BASE + 60),
+"SSL peer was unable to succesfully decompress an SSL record it received.")
+
+ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT       , (SSL_ERROR_BASE + 61),
+"SSL peer was unable to negotiate an acceptable set of security parameters.")
+
+ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT       , (SSL_ERROR_BASE + 62),
+"SSL peer rejected a handshake message for unacceptable content.")
+
+ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT        , (SSL_ERROR_BASE + 63),
+"SSL peer does not support certificates of the type it received.")
+
+ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT     , (SSL_ERROR_BASE + 64),
+"SSL peer had some unspecified issue with the certificate it received.")
+
+
+ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE       , (SSL_ERROR_BASE + 65),
+"SSL experienced a failure of its random number generator.")
+
+ER3(SSL_ERROR_SIGN_HASHES_FAILURE           , (SSL_ERROR_BASE + 66),
+"Unable to digitally sign data required to verify your certificate.")
+
+ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE    , (SSL_ERROR_BASE + 67),
+"SSL was unable to extract the public key from the peer's certificate.")
+
+ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE   , (SSL_ERROR_BASE + 68),
+"Unspecified failure while processing SSL Server Key Exchange handshake.")
+
+ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE   , (SSL_ERROR_BASE + 69),
+"Unspecified failure while processing SSL Client Key Exchange handshake.")
+
+ER3(SSL_ERROR_ENCRYPTION_FAILURE            , (SSL_ERROR_BASE + 70),
+"Bulk data encryption algorithm failed in selected cipher suite.")
+
+ER3(SSL_ERROR_DECRYPTION_FAILURE            , (SSL_ERROR_BASE + 71),
+"Bulk data decryption algorithm failed in selected cipher suite.")
+
+ER3(SSL_ERROR_SOCKET_WRITE_FAILURE          , (SSL_ERROR_BASE + 72),
+"Attempt to write encrypted data to underlying socket failed.")
+
+ER3(SSL_ERROR_MD5_DIGEST_FAILURE            , (SSL_ERROR_BASE + 73),
+"MD5 digest function failed.")
+
+ER3(SSL_ERROR_SHA_DIGEST_FAILURE            , (SSL_ERROR_BASE + 74),
+"SHA-1 digest function failed.")
+
+ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE       , (SSL_ERROR_BASE + 75),
+"MAC computation failed.")
+
+ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE       , (SSL_ERROR_BASE + 76),
+"Failure to create Symmetric Key context.")
+
+ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE        , (SSL_ERROR_BASE + 77),
+"Failure to unwrap the Symmetric key in Client Key Exchange message.")
+
+ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED   , (SSL_ERROR_BASE + 78),
+"SSL Server attempted to use domestic-grade public key with export cipher suite.")
+
+ER3(SSL_ERROR_IV_PARAM_FAILURE              , (SSL_ERROR_BASE + 79),
+"PKCS11 code failed to translate an IV into a param.")
+
+ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE     , (SSL_ERROR_BASE + 80),
+"Failed to initialize the selected cipher suite.")
+
+ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE       , (SSL_ERROR_BASE + 81),
+"Client failed to generate session keys for SSL session.")
+
+ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG         , (SSL_ERROR_BASE + 82),
+"Server has no key for the attempted key exchange algorithm.")
+
+ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL       , (SSL_ERROR_BASE + 83),
+"PKCS#11 token was inserted or removed while operation was in progress.")
+
+ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND          , (SSL_ERROR_BASE + 84),
+"No PKCS#11 token could be found to do a required operation.")
+
+ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP        , (SSL_ERROR_BASE + 85),
+"Cannot communicate securely with peer: no common compression algorithm(s).")
+
+ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED       , (SSL_ERROR_BASE + 86),
+"Cannot initiate another SSL handshake until current handshake is complete.")
+
+ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE      , (SSL_ERROR_BASE + 87),
+"Received incorrect handshakes hash values from peer.")
+
+ER3(SSL_ERROR_CERT_KEA_MISMATCH             , (SSL_ERROR_BASE + 88),
+"The certificate provided cannot be used with the selected key exchange algorithm.")
+
+ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA	, (SSL_ERROR_BASE + 89),
+"No certificate authority is trusted for SSL client authentication.")
+
+ER3(SSL_ERROR_SESSION_NOT_FOUND		, (SSL_ERROR_BASE + 90),
+"Client's SSL session ID not found in server's session cache.")
+
+ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT     , (SSL_ERROR_BASE + 91),
+"Peer was unable to decrypt an SSL record it received.")
+
+ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT       , (SSL_ERROR_BASE + 92),
+"Peer received an SSL record that was longer than is permitted.")
+
+ER3(SSL_ERROR_UNKNOWN_CA_ALERT            , (SSL_ERROR_BASE + 93),
+"Peer does not recognize and trust the CA that issued your certificate.")
+
+ER3(SSL_ERROR_ACCESS_DENIED_ALERT         , (SSL_ERROR_BASE + 94),
+"Peer received a valid certificate, but access was denied.")
+
+ER3(SSL_ERROR_DECODE_ERROR_ALERT          , (SSL_ERROR_BASE + 95),
+"Peer could not decode an SSL handshake message.")
+
+ER3(SSL_ERROR_DECRYPT_ERROR_ALERT         , (SSL_ERROR_BASE + 96),
+"Peer reports failure of signature verification or key exchange.")
+
+ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT    , (SSL_ERROR_BASE + 97),
+"Peer reports negotiation not in compliance with export regulations.")
+
+ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT      , (SSL_ERROR_BASE + 98),
+"Peer reports incompatible or unsupported protocol version.")
+
+ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT , (SSL_ERROR_BASE + 99),
+"Server requires ciphers more secure than those supported by client.")
+
+ER3(SSL_ERROR_INTERNAL_ERROR_ALERT        , (SSL_ERROR_BASE + 100),
+"Peer reports it experienced an internal error.")
+
+ER3(SSL_ERROR_USER_CANCELED_ALERT         , (SSL_ERROR_BASE + 101),
+"Peer user canceled handshake.")
+
+ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT      , (SSL_ERROR_BASE + 102),
+"Peer does not permit renegotiation of SSL security parameters.")
+
+ER3(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED , (SSL_ERROR_BASE + 103),
+"SSL server cache not configured and not disabled for this socket.")
+
+ER3(SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT    , (SSL_ERROR_BASE + 104),
+"SSL peer does not support requested TLS hello extension.")
+
+ER3(SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT , (SSL_ERROR_BASE + 105),
+"SSL peer could not obtain your certificate from the supplied URL.")
+
+ER3(SSL_ERROR_UNRECOGNIZED_NAME_ALERT        , (SSL_ERROR_BASE + 106),
+"SSL peer has no certificate for the requested DNS name.")
+
+ER3(SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT , (SSL_ERROR_BASE + 107),
+"SSL peer was unable to get an OCSP response for its certificate.")
+
+ER3(SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT      , (SSL_ERROR_BASE + 108),
+"SSL peer reported bad certificate hash value.")
diff --git a/pki/base/tps/src/include/httpClient/httpc/ScheduledTask.h b/pki/base/tps/src/include/httpClient/httpc/ScheduledTask.h
new file mode 100644
index 000000000..cbb99ab61
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/ScheduledTask.h
@@ -0,0 +1,86 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __SCHEDULED_TASK_H__
+#define __SCHEDULED_TASK_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <time.h>
+
+class TaskList;
+
+/**
+ * Base class for scheduled tasks in Presence Server
+ */
+
+class EXPORT_DECL ScheduledTask {
+    friend class TaskList;
+public:
+    /**
+     * Constructor - creates an empty task
+     */
+    ScheduledTask();
+    /**
+     * Constructor - creates an empty task
+     *
+     * @param name Name of task
+     */
+    ScheduledTask( const char *name );
+    /**
+     * Destructor
+     */
+    virtual ~ScheduledTask();
+    /**
+     * Returns a copy of the task
+     *
+     * @return A copy of the task
+     */
+    virtual ScheduledTask *Clone();
+    /**
+     * Executes the task
+     *
+     * @return 0 on successfully starting the task
+     */
+    virtual int Start();
+protected:
+    char *m_name;
+    ScheduledTask *m_next;
+    ScheduledTask *m_prev;
+    time_t m_time;
+    int m_interval;
+};
+
+#endif // __SCHEDULED_TASK_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/Scheduler.h b/pki/base/tps/src/include/httpClient/httpc/Scheduler.h
new file mode 100644
index 000000000..a0e77ffb4
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/Scheduler.h
@@ -0,0 +1,103 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __SCHEDULER_H__
+#define __SCHEDULER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+class ScheduledTask;
+class TaskList;
+
+/**
+ * Base class for scheduled tasks in Presence Server
+ */
+
+class EXPORT_DECL Scheduler {
+private:
+    /**
+     * Constructor - creates a scheduler object
+     */
+    Scheduler();
+    /**
+     * Destructor
+     */
+    ~Scheduler();
+public:
+    /**
+     * Returns the single scheduler object
+     *
+     * @return The single scheduler object
+     */
+    static Scheduler *GetScheduler();
+    /**
+     * Starts executing a sleep and check task list loop
+     *
+     * @return 0 on success
+     */
+    int Run();
+    /**
+     * Shuts down the scheduler
+     */
+    static void Shutdown();
+    /**
+     * Launches a thread that executes Run()
+     *
+     * @param interval Interval in seconds between checking for task execution
+     * time
+     * @return 0 on success
+     */
+    int Start( int interval );
+    /**
+     * Adds a task to the list
+     *
+     * @param task A task to be executed
+     */
+    void AddTask( ScheduledTask *task );
+    /**
+     * Removes a task from the list
+     *
+     * @param taskName Name of a task to be removed
+     */
+    void RemoveTask( const char *taskName );
+private:
+    TaskList *m_taskList;
+    int m_interval;
+    bool m_done;
+    bool m_running;
+};
+
+#endif /* __SCHEDULER_H__ */
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/SecurityHeaders.h b/pki/base/tps/src/include/httpClient/httpc/SecurityHeaders.h
new file mode 100644
index 000000000..a54ecb1a2
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/SecurityHeaders.h
@@ -0,0 +1,48 @@
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __SECURITY_HEADERS_H__
+#define __SECURITY_HEADERS_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+// SOAP header elements defined by WS-SECURITY and used to transfer
+// username and password
+#define HEADER_FIELD_USERNAME "Username"
+#define HEADER_FIELD_PASSWORD "Password"
+#define HEADER_FIELD_SECURITY "Security"
+#define HEADER_FIELD_NS "http://schemas.xmlsoap.org/ws/2002/04/secext"
+#define HEADER_FIELD_TOKEN "UsernameToken"
+
+#endif /* __SECURITY_HEADERS_H__ */
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/ServerConnection.h b/pki/base/tps/src/include/httpClient/httpc/ServerConnection.h
new file mode 100644
index 000000000..bc33aa216
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/ServerConnection.h
@@ -0,0 +1,179 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __SERVER_CONNECTION_H
+#define __SERVER_CONNECTION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * ServerConnection.h	1.000 06/12/2002
+ * 
+ * This class handles server side connections. The accept happens on 
+ * a separate thread and newly accepted connection are polled for 
+ * read ready state. Once data is available on one or more connections
+ * the listeners are notified about it.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+class EXPORT_DECL ServerConnection {
+	friend class PollThread;
+	friend class AcceptThread;
+public:
+	/**
+	 *	Constructor
+	 */
+	ServerConnection();
+
+	/**
+	 *	Destructor
+	 */
+	virtual ~ServerConnection();
+
+public:
+	/**
+	 * Registers a listener interface to notify on the connections
+	 * 
+	 * @param	listener	listener object
+	 * @return				0 on success, negative error code otherwise
+	 */
+	int RegisterListener(ConnectionListener* listener);
+
+	/**
+	 * Listens for connections on a specified socket
+	 *
+	 * @param	host	host name / ip
+	 * @param	port	listen port
+	 * @return			0 on success, negative error code otherwise
+	 */
+
+	int Start(char* host, int port);
+
+	/**
+	 * Listens for connections on a specified socket for SSL connections
+	 *
+	 * @param	host		host name / ip
+	 * @param	port		listen port
+	 * @param	nickename	name of the server cert
+	 * @param	password	password for DB
+	 * @param	requestCert	request client certficate for authentication
+	 * @return			0 on success, negative error code otherwise
+	 */
+	int Start( char* host, 
+			   int port, 
+			   const char* nickname, 
+			   int requestcert);
+
+	/**
+	 * Closes the server connection
+	 *
+	 * @return	0 on success, negative error code otherwise
+	 */
+    int Shutdown();
+
+	/**
+	 * Releases the connection to the read pool. 
+	 *
+	 * @param	conn	a connection object
+	 */
+	void PollRead(Connection* conn);
+
+	/**
+	 * Releases the connection to the write pool. 
+	 *
+	 * @param	conn	a connection object
+	 */
+	void Release(Connection* conn);
+
+	/**
+	 * Gets a connection from the write pool. This connection should be 
+	 * returned to the pool after writing.
+	 *
+	 * @return 0 on success, negative error code otherwise
+	 */
+	Connection* GetConnection();
+
+	/**
+	 * Returns the number of connections 
+	 *
+	 * @return	number of connections
+	 */
+	int GetCount();
+
+	static void Poll(void* arg);
+	static void Accept(void* arg);
+
+protected:
+	/**
+	 * Protocol specific implementations should implement this
+	 * function and return their own connection object
+	 * 
+	 * @return	a newly created connection
+	 */
+	virtual Connection* AcceptedConnection();
+
+	const char* GetPeerHost(Connection* conn);
+	int GetPeerPort(Connection* conn);
+
+private:
+	int InternalStart();
+	void SetServerFlag(Connection* conn);
+	PRFileDesc* GetFD( Connection* conn );
+	void SetSocket(Connection* conn, Socket* socket);
+	int UpdateWritePool(Connection* conn);
+
+private:
+	ServerSocket* m_server;
+	ConnectionListener*	m_connectionListener;
+
+	Pool* m_readPool;
+	Pool* m_writePool;
+
+	PRLock* m_readLock;
+	PRLock* m_writeLock;
+
+	PRBool m_threadInitialized;
+	PRLock*	m_threadLock;
+	PRCondVar* m_threadCondv;
+
+	int	m_totalConnections;
+	bool m_serverRunning;
+};
+
+#endif // __SERVER_CONNECTION_H
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/ServerHeaderProcessor.h b/pki/base/tps/src/include/httpClient/httpc/ServerHeaderProcessor.h
new file mode 100644
index 000000000..213d3b13b
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/ServerHeaderProcessor.h
@@ -0,0 +1,72 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef __WASP_SERVER_HEADER_PROCESSOR_H
+#define __WASP_SERVER_HEADER_PROCESSOR_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <waspc/config/config.h>
+#include <waspc/util/exceptions.h>
+#include <waspc/xmlprotocol/header/HeaderProcessor.h>
+
+class ServerHeaderProcessorItemConfiguration;
+
+/**
+ * Creates WS-Security header with a session token
+ */
+class EXPORT_DECL ServerHeaderProcessor : public WASP_HeaderProcessor {
+protected:
+    virtual ~ServerHeaderProcessor();
+public:
+    ServerHeaderProcessor();
+
+    //inherited methods from WASP_Configurable
+    virtual void load (WASP_Configuration *, EXCENV_DECL);
+    virtual void init (EXCENV_DECL);
+    virtual void destroy ();
+
+    //inherited from WASP_HeaderProcessor    
+    virtual void processInput(WASP_XMLProtocolMessage *message, EXCENV_DECL);
+    virtual void processOutput(WASP_XMLProtocolMessage *message, EXCENV_DECL);
+    virtual void processInputFault(WASP_XMLProtocolMessage *message, EXCENV_DECL);
+    virtual void processOutputFault(WASP_XMLProtocolMessage *message, EXCENV_DECL);
+    virtual WASP_String **getUnderstandHeaders(int &count, EXCENV_DECL);
+
+protected:
+    WASP_String **mppsUnderstandHeaderNamesAndNs;
+    int miUnderstandHeaderCount;
+};
+
+#endif //__WASP_SERVER_HEADER_PROCESSOR_H
diff --git a/pki/base/tps/src/include/httpClient/httpc/ServerSocket.h b/pki/base/tps/src/include/httpClient/httpc/ServerSocket.h
new file mode 100644
index 000000000..3cec2444a
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/ServerSocket.h
@@ -0,0 +1,113 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __SERVER_SOCKET_H
+#define __SERVER_SOCKET_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * ServerSocket.h	1.000 06/12/2002
+ * 
+ * A NSPR implementation of ServerSocket 
+ * 
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+class EXPORT_DECL ServerSocket {
+public:
+
+	/**
+	 * Constructor - Creates a new TCP socket
+	 *
+	 * @param	host	host name / ip
+	 * @param	port	a listen port
+	 */
+	ServerSocket(const char* host, int port);
+
+	/**
+	 * Constructor - Creates a new TCP socket
+	 *
+	 * @param	port	a listen port
+	 */
+	ServerSocket(int port);
+
+	/**
+	 * Desstructor
+	 */
+	virtual ~ServerSocket();
+
+public:
+	
+	/**
+	 * Binds the socket to the specified port and starts listening for
+	 * connections. The first connection is accepted from the queue of 
+	 * pending connections and creates a new socket for the newly accepted 
+	 * connection. The accept is blocked with no time out in its own thread. 
+	 *
+	 * @return	a new socket for the newly accepted connection
+	 */
+	virtual Socket* Accept();
+
+	/**
+	 * Closes the server socket
+	 */
+    virtual void Shutdown();
+
+protected:
+	/**
+	 * Internal method to call accept. Sub classes should override this
+	 * to provide their own implementation for returned sockets.
+	 *
+	 * @return	a newly accepted socket
+	 */
+	virtual Socket* InternalAccept(PRFileDesc* fd);
+
+protected:
+	bool m_initialized;
+
+private:
+	PRFileDesc* m_fd;
+	PRNetAddr m_addr;
+	char* m_host;
+	int m_port;
+	int m_backlog;
+};
+
+#endif // __SERVER_SOCKET_H
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/Socket.h b/pki/base/tps/src/include/httpClient/httpc/Socket.h
new file mode 100644
index 000000000..c2ef4afd4
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/Socket.h
@@ -0,0 +1,157 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __SOCKET_H
+#define __SOCKET_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * Socket.h	1.000 06/12/2002
+ * 
+ * A NSPR implementation of socket
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+class EXPORT_DECL Socket {
+	friend class ServerSocket;
+	friend class ServerConnection;
+public:
+	
+	/**
+	 * Constructor 
+	 */
+	Socket();
+
+	/**
+	 * Constructor - creates a socket connecting to the host and port
+	 *
+	 * @param	host	hostname to connect to
+	 * @param	port	port of the machine
+	 */
+	Socket(const char* host, int port);
+
+	/**
+	 * Destructor
+	 */
+	virtual ~Socket();
+
+public:
+
+	/**
+	 * Reads specified number of bytes from the socket. This is a blocking
+	 * socket read with timeout.
+	 *
+	 * @param	buf		buffer to read into
+	 * @param	size	number of bytes to read
+	 * @param	timeout	timeout before the read terminates
+	 * @return			number of bytes actually read
+	 */
+	int Read(void* buf, int size, long timeout);
+
+	/**
+	 * Writes specified number of bytes to the socket. This is a blocking
+	 * socket write with timeout.
+	 *
+	 * @param	buf		buffer to write from
+	 * @param	size	number of bytes to write
+	 * @param	timeout	timeout before the write terminates
+	 * @return			number of bytes actually written
+	 */
+	int Write(void* buf, int size, long timeout);
+
+	/**
+	 * Gets ip address for a specified socket
+	 *
+	 * @return	ip address
+	 */
+	const char* GetLocalIp();
+
+	/**
+	 * Gets port for a specified socket
+	 *
+	 * @return	port
+	 */
+	int GetLocalPort();
+
+	/**
+	 * Gets ip address of a connected peer
+	 *
+	 * @return	ip address
+	 */
+	const char* GetPeerIp();
+
+	/**
+	 * Gets port of a connected peer
+	 *
+	 * @return	ip address
+	 */
+	int GetPeerPort();
+
+	/**
+	 * Shuts down part of a full-duplex connection on a specified socket
+	 *
+	 * @param	how		the kind of disallowed operations on the socket
+	 *					the possible values are :
+	 *					PR_SHUTDOWN_RCV
+	 *					PR_SHUTDOWN_SEND
+	 *					PR_SHUTDOWN_BOTH
+	 */
+	void Shutdown(PRShutdownHow how);
+
+protected:
+	int Init(PRFileDesc* fd);
+
+private:
+	void CancelIO(PRInt32 err);
+
+protected:
+	PRFileDesc* m_fd;
+
+private:
+	char* m_localIp;
+	char* m_peerIp;
+	int m_localPort;
+	int m_peerPort;
+	bool m_initialized;
+	PRLock* m_readLock;
+	PRLock* m_writeLock;
+};
+
+#endif // __SOCKET_H
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/SocketINC.h b/pki/base/tps/src/include/httpClient/httpc/SocketINC.h
new file mode 100644
index 000000000..43b36c9a0
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/SocketINC.h
@@ -0,0 +1,163 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _SOCKET_INC_H_
+#define _SOCKET_INC_H_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * SocketINC.h	1.000 06/12/2002
+ * 
+ * Public header file for Socket / Connection module
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+/**************************************************
+ * Imported header files 
+ **************************************************/
+#include <time.h>
+#include <string.h>
+
+#include "nspr.h"
+#include "plhash.h"
+#include "plstr.h"
+#include "private/pprio.h"
+
+#include "pk11func.h"
+#include "secitem.h"
+#include "ssl.h"
+#include "certt.h"
+#include "nss.h"
+#include "secrng.h"
+#include "secder.h"
+#include "key.h"
+#include "sslproto.h"
+
+#include "httpClient/httpc/Defines.h"	// ??? SSR should be spilt into respective modules
+#include "httpClient/httpc/Pool.h"
+#include "httpClient/httpc/DebugLogger.h"
+#include "httpClient/httpc/ErrorLogger.h"
+#include "httpClient/httpc/CERTUtil.h"
+#include "httpClient/httpc/PSPRUtil.h"
+
+/**************************************************
+ * Socket / Connection module header files 
+ **************************************************/
+#include "httpClient/httpc/Socket.h"
+#include "httpClient/httpc/ServerSocket.h"
+#include "httpClient/httpc/SSLSocket.h"
+#include "httpClient/httpc/SSLServerSocket.h"
+#include "httpClient/httpc/Connection.h"
+#include "httpClient/httpc/ConnectionListener.h"
+#include "httpClient/httpc/ServerConnection.h"
+
+
+/*************************************************
+ * Error codes used by this module
+ *************************************************/
+// Socket errors
+typedef enum {
+	SOCKET_ERROR_CREATE_SOCKET			= -2001,
+	SOCKET_ERROR_SET_OPTION				= -2002,
+	SOCKET_ERROR_BIND					= -2003,
+	SOCKET_ERROR_LISTEN					= -2004,
+	SOCKET_ERROR_CONNECTION_CLOSED		= -2005,
+	SOCKET_ERROR_READ					= -2006,
+	SOCKET_ERROR_WRITE					= -2007,
+	SOCKET_ERROR_ACCEPT_THREAD			= -2008,
+	SOCKET_ERROR_ALREADY_REGISTERED		= -2009,
+	SOCKET_ERROR_ALREADY_LISTENING		= -2010,
+	SOCKET_ERROR_POLL_THREAD			= -2011,
+	SOCKET_ERROR_NO_LISTENER			= -2012,
+	SOCKET_ERROR_POLL					= -2013,
+	SOCKET_ERROR_POLL_TIMED_OUT			= -2014,
+	SOCKET_ERROR_ALREADY_CONNECTED		= -2015,
+	SOCKET_ERROR_INITIALIZATION_FAILED	= -2016
+} SocketError;
+
+typedef enum {
+	SSL_ERROR_SERVER_CERT				= -2016,
+	SSL_ERROR_SERVER_PRIVATE_KEY		= -2017,
+	SSL_ERROR_IMPORT_FD					= -2018,
+	SSL_ERROR_OPTION_SECURITY			= -2019,
+	SSL_ERROR_OPTION_SERVER_HANDSHAKE	= -2020,
+	SSL_ERROR_OPTION_REQUEST_CERTIFCATE	= -2021,
+	SSL_ERROR_OPTION_REQUIRE_CERTIFCATE	= -2022,
+	SSL_ERROR_CALLBACK_AUTH_CERTIFICATE	= -2023,
+	SSL_ERROR_CALLBACK_BAD_CERT_HANDLER	= -2024,
+	SSL_ERROR_CALLBACK_HAND_SHAKE		= -2025,
+	SSL_ERROR_CALLBACK_PASSWORD_ARG		= -2026,
+	SSL_ERROR_CONFIG_SECURE_SERVER		= -2027,
+	SSL_ERROR_RESET_HAND_SHAKE			= -2028,
+	SSL_ERROR_OPTION_ENABLE_FDX			= -2029
+} SslError;
+
+/**************************************************
+ * Defines used by this module
+ **************************************************/
+#define SOCKET_DEFAULT_HOST_NAME			"localhost"
+#define SOCKET_DEFAULT_READ_TIME_OUT		1000UL			// 1 sec
+#define SOCKET_DEFAULT_WRITE_TIME_OUT		0xffffffffUL	// infinte
+#define	SOCKET_DEFAULT_READ_BUFFER_SIZE		4096			// 4k
+#define	SOCKET_DEFAULT_WRITE_BUFFER_SIZE	4096			// 4k
+#define SOCKET_DEFAULT_POLL_TIMEOUT			1000UL			// 1 sec
+#define SOCKET_DEFAULT_BACKLOG				50				// pending conns
+#define SOCKET_DEFAULT_POOL_SIZE			100				// conn pool size
+
+typedef enum {
+	SOCKET_ERROR_SEVERE	 = 1,
+	SOCKET_ERROR_WARNING = 2,
+	SOCKET_ERROR_INFO	 = 3
+} SocketErrorLevel;
+
+
+typedef enum {
+	REQUEST_CERT_NONE = 0,
+	REQUIRE_CERT_NONE = 1,
+	REQUEST_CERT_ONCE = 2,
+	REQUIRE_CERT_ONCE = 3,
+	REQUEST_CERT_ALL  = 4,
+	REQUIRE_CERT_ALL  = 5
+} RequireCert;
+
+#endif // _SOCKET_INC_H_
+
+
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/SocketLib.h b/pki/base/tps/src/include/httpClient/httpc/SocketLib.h
new file mode 100644
index 000000000..5a00b2ecb
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/SocketLib.h
@@ -0,0 +1,62 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _SOCKET_LIB_H_
+#define _SOCKET_LIB_H_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * SocketLib.h	1.000 06/12/2002
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+#undef EXPORT_DECL
+#ifdef _MSC_VER
+#ifdef PS_SOCKET_LIB_INTERNAL
+	#define EXPORT_DECL __declspec( dllexport )
+#else
+	#define EXPORT_DECL __declspec (dllimport )
+#endif // PS_SOCKET_LIB_INTERNAL
+#else
+	#define EXPORT_DECL
+#endif // _MSC_VER
+
+#endif // _CONNECTION_LIB_H_
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/StringList.h b/pki/base/tps/src/include/httpClient/httpc/StringList.h
new file mode 100644
index 000000000..80cd61dd6
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/StringList.h
@@ -0,0 +1,151 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _STRING_LIST_H
+#define _STRING_LIST_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * Simple String list class using the STL List template
+ */
+
+#include <list>
+#ifdef HPUX
+#include <iostream.h>
+#else
+#include <iostream>
+#endif
+
+#include "httpClient/httpc/Iterator.h"
+
+#ifndef HPUX
+using namespace std;
+#endif
+
+typedef EXPORT_DECL list<const char *> LISTSTR;
+
+class EXPORT_DECL StringList {
+public:
+	/**
+	 * Constructor
+	 */
+	StringList();
+
+	/**
+	 * Destructor
+	 */
+	~StringList();
+
+	/**
+	 * Appends a string to the end of the list
+	 *
+	 * @param value The string value to append
+	 */
+	void Add( const char *value );
+
+    /**
+     * Gets the string at a particular index in the list
+     *
+     * @param index Index of the string to retrieve
+     * @return The string at the specified index, or NULL if outside
+     * the range of the list
+     */
+    const char *GetAt( int index );
+
+	/**
+	 * Returns the index of a string in the list
+	 *
+	 * @param matchString The string to match
+	 * @param startIndex The index to start searching from
+	 * @return The index of the string, or -1 if not found
+	 */
+	int Find( const char *matchString,
+						  int startIndex );
+
+	/**
+	 * Returns the number of strings in the list
+	 *
+	 * @return The number of strings in the list
+	 */
+	int GetCount();
+
+	/**
+	 * Inserts a string before the specified position
+	 *
+	 * @param index Position to insert the string
+	 * @param value The string to insert
+	 * @return The index of the string, or -1 if the requested index
+	 * is beyond the end of the list
+	 */
+	int Insert( int index, const char *value );
+
+	/**
+	 * Removes a string at the specified position
+	 *
+	 * @param index Position to remove the string
+	 * @return 0 on sucess, or -1 if the requested index
+	 * is beyond the end of the list
+	 */
+	int Remove( int index );
+
+	/**
+	 * Removes all strings
+	 */
+	void RemoveAll();
+
+    /**
+     * Returns an iterator over strings in the list
+     *
+     * @return An iterator over strings in the list
+     */
+    Iterator *GetIterator();
+
+	EXPORT_DECL friend ostream& operator<< ( ostream& os, StringList& list );
+
+protected:
+	/**
+	 * Gets the iterator for an indexed element
+	 *
+	 * @param index Position to get
+	 * @return Iterator for the position (could be end())
+	 */
+	LISTSTR::iterator GetIteratorAt( int index );
+
+private:
+	LISTSTR m_list;
+};
+
+#endif // _STRING_LIST_H
diff --git a/pki/base/tps/src/include/httpClient/httpc/StringUtil.h b/pki/base/tps/src/include/httpClient/httpc/StringUtil.h
new file mode 100644
index 000000000..5c8955d37
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/StringUtil.h
@@ -0,0 +1,74 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _STRING_UTIL_H
+#define _STRING_UTIL_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * String utility functions
+ */
+
+class EXPORT_DECL StringUtil {
+private:
+	/**
+	 * Constructor - can't be instantiated
+	 */
+	StringUtil() {}
+
+	/**
+	 * Destructor
+	 */
+	~StringUtil() {}
+
+public:
+	/**
+	 * Normalizes a screen name
+	 *
+	 * @param raw The raw screen name
+	 * @param normalized The normalized screen name (lower case, no spaces)
+	 */
+	static void NormalizeScreenName( const char *raw, char *normalized );
+
+	/**
+	 * Converts the string to lower case
+	 *
+	 * @param	raw		string to be converted
+	 */
+	static void ToLower(char* raw);
+};
+
+#endif // _STRING_UTIL_H
diff --git a/pki/base/tps/src/include/httpClient/httpc/TaskList.h b/pki/base/tps/src/include/httpClient/httpc/TaskList.h
new file mode 100644
index 000000000..779d27ead
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/TaskList.h
@@ -0,0 +1,114 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __TASK_LIST_H__
+#define __TASK_LIST_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * Base class for scheduled tasks in Presence Server
+ */
+
+class EXPORT_DECL TaskList {
+public:
+    /**
+     * Constructor - creates an empty task list
+     *
+     * @param name Name of task list
+     */
+    TaskList( const char *name );
+    /**
+     * Destructor - Empties the task list, deleting each entry
+     */
+    virtual ~TaskList();
+    /**
+     * Returns true if the task list is empty
+     *
+     * @return true if the task list is empty
+     */
+    bool IsEmpty();
+    /**
+     * Adds a task to the list; the list is sorted by execution time
+     *
+     * @param node An entry to add
+     * @return The added entry
+     */
+    ScheduledTask *Add( ScheduledTask *node );
+    /**
+     * Removes a node from the list but does not delete it
+     *
+     * @param taskName The name of the node to remove
+     * @return The node with the name taskName, or NULL if not found
+     */
+    ScheduledTask *Remove( const char *taskName );
+    /**
+     * Executes each task for which the time is right in a separate thread;
+     * if the task is repeating, a new entry is created for it, otherwise
+     * it is removed from the list
+     *
+     * @return The number of tasks executed
+     */
+    int ExecuteCurrent();
+    /**
+     * Dumps the task list to the debug log
+     *
+     * @param logLevel Lowest debug level for which the log should be dumped
+     */
+    void Dump( int logLevel );
+private:
+    /**
+     * Removes a node from the list but does not delete it; does not lock
+     *
+     * @param node The node to remove
+     * @return The node
+     */
+    ScheduledTask *InternalRemove( ScheduledTask *node );
+    /**
+     * Adds a task to the list; the list is sorted by execution time
+     *
+     * @param node An entry to add
+     * @return The added entry
+     */
+    ScheduledTask *InternalAdd( ScheduledTask *node );
+
+    char *m_name;
+    ScheduledTask *m_next;
+    int m_interval;
+	PRLock *m_lock;
+};
+
+#endif /* __TASK_LIST_H__ */
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/ThreadPool.h b/pki/base/tps/src/include/httpClient/httpc/ThreadPool.h
new file mode 100644
index 000000000..389d42606
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/ThreadPool.h
@@ -0,0 +1,159 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __THREAD_POOL_H
+#define __THREAD_POOL_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * ThreadPool.h	1.000 06/12/2002
+ * 
+ * A worker thread pool.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+class EXPORT_DECL ThreadPool {
+	friend class WorkerThread;
+public:
+	/**
+	 * Constructor - creates the pool with default values
+	 *
+	 * @param	name	name of the threadpool
+	 */
+	ThreadPool(const char* name);
+
+	/**
+	 * Constructor
+	 *
+	 * @param	name	name of the threadpool
+	 * @param	min		minimum threads in the pool
+	 * @param	max		maximum threads that can be created
+	 * @param	timeout	timeout for each thread
+	 */
+	ThreadPool(const char* name, int min, int max, int timeout);
+	
+	/**
+	 * Destructor
+	 */
+	virtual ~ThreadPool();
+
+public:
+
+	/**
+	 * Initializes the thread pool with minimum threads
+	 */
+	void Init();
+
+	/**
+	 * Shutdown the thread pool
+	 */
+	void Shutdown();
+
+	/**
+	 * Adds a task for future execution
+	 *
+	 * @param	task	a task to execute
+	 */
+	void AddTask(ScheduledTask* task);	
+
+	/**
+	 * Executes the task immediately 
+	 *
+	 * @param	task	a task to execute
+	 */
+	void ExecuteTask(ScheduledTask* task);	
+
+	/**
+	 * Gets the number of active threads in the pool
+	 *
+	 * @return	number of active threads
+	 */
+	int GetThreads();
+
+	/**
+	 * Gets the number of pending tasks in the list
+	 *
+	 * @return	number of pending tasks
+	 */
+	int GetPendingTasks();
+
+	/**
+	 * Function to start a NSPR thread
+	 */
+	static void StartWorkerThread(void* arg);
+
+private:
+	/**
+	 * Initializes constructor params
+	 */
+	void ConstructorInit(const char* name, int min, int max, int timeout);
+
+	/**
+	 * Creates a new thread
+	 */
+	void CreateNewThread();
+
+	/**
+	 * Notify one of the threads waiting on a condition
+	 */
+	void Notify();
+
+private:
+	char* m_name;
+	TaskList* m_taskList;
+
+	int m_minThreads;
+	int m_maxThreads;
+	int m_timeout;
+
+	int m_threads;
+	int m_activeThreads;
+
+	PRBool m_threadWait;
+	PRLock* m_threadLock;
+	PRCondVar* m_threadCondVar;
+
+	PRBool m_newThreadInitialized;
+	PRLock* m_newThreadLock;
+	PRCondVar* m_newThreadCondVar;
+
+	bool m_keepRunning;
+};
+
+#endif // __THREAD_POOL_H
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/URLUtil.h b/pki/base/tps/src/include/httpClient/httpc/URLUtil.h
new file mode 100644
index 000000000..379986999
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/URLUtil.h
@@ -0,0 +1,92 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _URL_UTIL_H
+#define _URL_UTIL_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * URL utility functions
+ */
+
+typedef enum {
+	URL_TYPE_HTTP		= 1,
+	URL_TYPE_HTTPS		= 2,
+	URL_TYPE_LDAP		= 3,
+	URL_TYPE_LDAPS		= 4,
+	URL_TYPE_UNKNOWN	= 5
+} UrlType;
+
+class EXPORT_DECL URLUtil {
+private:
+	/**
+	 * Constructor - can't be instantiated
+	 */
+	URLUtil() {}
+
+	/**
+	 * Destructor
+	 */
+	~URLUtil() {}
+
+public:
+	/**
+	 * Parses the URL 
+	 *
+	 * @param url	url to parse
+	 * @param type	protocol header type
+	 * @param host	hostname from the url
+	 * @param port	port number from the url
+	 * @param path	uri from the url
+	 * @return		0 on success, negative error code otherwise
+	 */
+	static int ParseURL( const char* url, 
+						 int* type,
+						 char** host, 
+						 int* port, 
+						 char** path );
+
+private:
+	static int ParseURLType(const char* url, int* type, int* hlen);
+	static int ParseAtPort(const char* url, int* port, char** path);
+	static int ParseAtPath(const char* url, char** path);
+	static int GetPort(const char* url, int* port);
+	static bool IsAsciiSpace(char c);
+	static bool IsAsciiDigit(char c);
+};
+
+#endif // _URL_UTIL_H
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/engine.h b/pki/base/tps/src/include/httpClient/httpc/engine.h
new file mode 100644
index 000000000..73881ed81
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/engine.h
@@ -0,0 +1,76 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _HTTP_ENGINE_
+#define _HTTP_ENGINE_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/http.h"
+#include "httpClient/httpc/response.h"
+#include "httpClient/httpc/request.h"
+
+class __EXPORT Engine {
+    public:
+        Engine() {};
+        ~Engine() {};
+
+        PRFileDesc *_doConnect(PRNetAddr *addr, PRBool SSLOn = PR_FALSE,
+							   const PRInt32* cipherSuite = NULL, 
+                               PRInt32 count = 0, const char* nickname = NULL,
+							   PRBool handshake = PR_FALSE,
+                               /*const SecurityProtocols& secprots = SecurityProtocols() ,*/
+							   const char *serverName ="localhost",
+                               PRIntervalTime iv = PR_SecondsToInterval(30));
+        static PRIntervalTime globaltimeout;
+};
+
+
+class __EXPORT HttpEngine: public Engine {
+    public:
+        HttpEngine() {};
+        ~HttpEngine() {};
+
+        PSHttpResponse *makeRequest( PSHttpRequest &request,
+			 const PSHttpServer& server,
+			 int timeout = 30, PRBool expectChunked = PR_FALSE);
+};
+
+PRBool __EXPORT InitSecurity(char* dbpath, char* certname, char* certpassword,
+							 char * prefix ,int verify=1);
+PRBool __EXPORT EnableCipher(const char* ciphername);
+void  __EXPORT EnableAllSSL3Ciphers();
+__EXPORT const char * nscperror_lookup(int error);
+
+#endif
diff --git a/pki/base/tps/src/include/httpClient/httpc/http.h b/pki/base/tps/src/include/httpClient/httpc/http.h
new file mode 100644
index 000000000..0dccfddbd
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/http.h
@@ -0,0 +1,120 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _HTTP_SERVER_
+#define _HTTP_SERVER_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdlib.h>
+#include <prnetdb.h>
+#include <prio.h>
+#include <time.h>
+#include <plhash.h>
+#include <nspr.h>
+#include <plstr.h>
+
+#include "httpClient/httpc/PSCommonLib.h"
+#include "httpClient/httpc/Cache.h"
+#include "httpClient/httpc/Defines.h"
+//#include "httpClient/httpc/DebugLogger.h"
+//#include "httpClient/httpc/ErrorLogger.h"
+
+#ifdef WIN32
+#define __EXPORT __declspec(dllexport)
+#else
+#define __EXPORT
+#endif
+
+class PSHttpRequest;
+
+class __EXPORT PSHttpServer
+{
+public:
+    PSHttpServer(const char *addr, PRUint16 af);
+    ~PSHttpServer();
+
+    long getIp() const;
+    long getPort() const;
+    const char *getAddr() const;
+    void getAddr(PRNetAddr *addr) const;
+    void setSSL(PRBool SSLstate);
+    PRBool isSSL() const;
+
+    // put a file on the server of size bytes
+    PRBool putFile(const char *uri, int size) const;
+    PRBool putFile(const char* uri, const char* localFile) const;
+
+private:
+    char *_addr;
+    PRNetAddr _netAddr;
+    PRBool SSLOn;
+    PRBool _putFile(PSHttpRequest& rq) const;
+};
+
+typedef __EXPORT enum HttpProtocol_e { HTTPNA    = 0x0, 
+                                       HTTP09    = 0x1, 
+                                       HTTP10    = 0x2, 
+                                       HTTP11    = 0x4, 
+                                       HTTPBOGUS = 0x8 } HttpProtocol;
+
+#define NUM_PROTOS 5 // needed for arrays of tests
+
+__EXPORT const char *HttpProtocolToString(HttpProtocol);
+
+class __EXPORT HttpMessage
+{
+    public:
+        HttpMessage(long len = 0, const char* buf = NULL);
+        ~HttpMessage();
+
+        PRBool          operator == (const HttpMessage& rhs);
+
+        void addData(long len, const void* buf);
+
+        // set data on the message
+        void            setProtocol(HttpProtocol prot);
+
+        // get data about the message
+        HttpProtocol    getProtocol() const;
+
+
+    protected:
+        char*               firstline; // first line - may be the request-line or server status
+        HttpProtocol        proto;
+        long                cl;
+};
+
+
+#endif
diff --git a/pki/base/tps/src/include/httpClient/httpc/request.h b/pki/base/tps/src/include/httpClient/httpc/request.h
new file mode 100644
index 000000000..0399732ef
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/request.h
@@ -0,0 +1,115 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef _REQUEST_H_
+#define _REQUEST_H_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/http.h"
+
+// abstract request class
+class __EXPORT NetRequest
+{
+    public:
+        NetRequest(const PSHttpServer* server);
+        PRBool         isSSL() const;
+        void           setSSL(PRBool SSLstate);
+        void           getAddr(PRNetAddr *addr);
+        const char*    getAddr();
+        const char*    getHost();
+        const          PSHttpServer * getServer();
+        void           setServer(PSHttpServer* _server);
+        PRIntervalTime getTimeout() const;
+        const PRInt32* cipherSet;
+        PRInt32        cipherCount;
+        PRBool         handshake;
+//        SecurityProtocols secprots;
+
+    protected:
+        PRBool SSLOn;
+        const PSHttpServer * _server;
+        PRIntervalTime timeout;
+        
+};
+
+// Netscape-style request
+class __EXPORT PSHttpRequest: public HttpMessage, public NetRequest
+{
+public:
+    PSHttpRequest(const PSHttpServer* server, const char *uri, HttpProtocol proto, PRIntervalTime to);
+    virtual ~PSHttpRequest();
+
+    // connection related stuff
+
+    // set data on the request
+    PRBool         setMethod(const char *method);
+    PRBool         addHeader(const char *name, const char *value);
+    PRBool         addRandomBody(int size);
+    PRBool         useLocalFileAsBody(const char* fileName);
+    PRBool         setBody(int size, const char* body);
+    void           setExpectedResponseLength(int size);
+    void           setExpectStandardBody();
+    void           setExpectDynamicBody();
+    void           setHangupOk();
+    PRBool         isHangupOk();
+
+    // get data about the request
+    char           *getMethod();
+    //HttpProtocol   getProtocol();
+	const char	   *getHeader(const char *name);
+    int            getExpectedResponseLength();
+    PRBool         getExpectStandardBody();
+    PRBool         getExpectDynamicBody();
+
+    PRBool send(PRFileDesc *sock);
+	void setCertNickName(const char *);
+	char *getCertNickName();
+
+private:
+    char            *_method;
+    char            *_uri;
+    HttpProtocol     _proto;
+    int              _bodyLength;
+	char            *_body;
+    char			*nickName;
+	StringKeyCache	 *_headers;
+    int              _expectedResponseLength;
+    PRBool           _expectStandardBody;
+    PRBool           _expectDynamicBody;
+    PRBool           _hangupOk;
+    PRFileDesc*      _fileFd;
+};
+
+#endif
diff --git a/pki/base/tps/src/include/httpClient/httpc/response.h b/pki/base/tps/src/include/httpClient/httpc/response.h
new file mode 100644
index 000000000..5c45d574c
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/response.h
@@ -0,0 +1,148 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _RESPONSE_H_
+#define _RESPONSE_H_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/http.h"
+#include "httpClient/httpc/request.h"
+
+class __EXPORT RecvBuf
+{
+public:
+    RecvBuf(const PRFileDesc *socket, int size, int timeout = 30);
+    virtual ~RecvBuf();
+
+    char getChar();
+    void putBack();
+
+    void setChunkedMode();
+    int getAllContent();
+    int getTimeout();
+
+    char *get_content();
+    int get_contentSize();
+
+    class EndOfFile {};
+    class EndOfChunking {};
+
+private:
+    char _getChar();
+    PRBool _getBytes(int size);
+
+    const PRFileDesc *_socket;
+    int _allocSize;
+    char *_buf;
+    int _curPos;
+    int _curSize;
+
+    PRBool _chunkedMode;
+    int _currentChunkSize;
+    int _currentChunkBytesRead;
+    PRIntervalTime _timeout;
+    char *_content;
+    int _contentSize;
+};
+
+
+class __EXPORT Response
+{
+    public:
+        Response(const PRFileDesc *sock, NetRequest *request);
+
+    protected:
+        const PRFileDesc   *_socket;
+        NetRequest		 *_request;
+};
+
+
+class __EXPORT PSHttpResponse: public Response
+{
+    public:
+        PSHttpResponse( const PRFileDesc *sock,
+                        PSHttpRequest *request );
+        PSHttpResponse( const PRFileDesc *sock,
+                        PSHttpRequest *request,
+                        int timeout, PRBool expectChunked );
+        virtual ~PSHttpResponse();
+        virtual PRBool        processResponse();
+
+		int			  getReturnCode();
+        long          getStatus();
+        char         *getStatusString();
+        HttpProtocol  getProtocol();
+        char         *getHeader(const char *name);
+        int			  getHeaders(char ***keys);
+
+        PRBool        checkKeepAlive(); // return true if we *expect* keepalive based on request
+        PRBool        checkConnection();  // return true if connection is open
+
+        long          getBodyLength();
+        char          *getContent();
+	void          freeContent();
+	int getContentSize();
+        char          *toString();
+
+    protected:
+        PSHttpRequest   *_request;
+        int           _verifyStandardBody(RecvBuf &, int, PRBool);
+        PRBool        _handleBody(RecvBuf &buf);
+        void          _checkResponseSanity();
+
+        HttpProtocol  _proto;
+        char         *_protocol;
+        int retcode;
+        char         *_statusNum;
+        char         *_statusString;
+
+        int           _keepAlive;
+        int           _connectionClosed;
+
+        long          _bodyLength;
+
+	PRBool        _expectChunked;
+        PRBool        _chunkedResponse;
+
+        StringKeyCache  *_headers;
+
+        int           _timeout;
+        char          *_content;
+        int	 _contentSize;
+};
+
+
+#endif
diff --git a/pki/base/tps/src/include/main/AttributeSpec.h b/pki/base/tps/src/include/main/AttributeSpec.h
new file mode 100644
index 000000000..3aa0655b5
--- /dev/null
+++ b/pki/base/tps/src/include/main/AttributeSpec.h
@@ -0,0 +1,68 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_ATTRIBUTESPEC_H
+#define RA_ATTRIBUTESPEC_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "pk11func.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class AttributeSpec
+{
+  public:
+	  AttributeSpec();
+	  ~AttributeSpec();
+  public:
+	  static AttributeSpec *Parse(Buffer *b, int offset);
+	  void SetAttributeID(unsigned long v);
+	  unsigned long GetAttributeID();
+	  void SetType(BYTE v);
+	  BYTE GetType();
+	  void SetData(Buffer data);
+	  Buffer GetData();  // this gets entire AttributeSpec
+	  Buffer GetValue(); // this gets AttributeValue
+   public:
+	  unsigned long m_id;
+	  BYTE m_type;
+	  Buffer m_data; // this contains AttributeValue
+};
+
+#endif /* RA_ATTRIBUTESPEC_H */
diff --git a/pki/base/tps/src/include/main/AuthenticationEntry.h b/pki/base/tps/src/include/main/AuthenticationEntry.h
new file mode 100644
index 000000000..e4ec0715c
--- /dev/null
+++ b/pki/base/tps/src/include/main/AuthenticationEntry.h
@@ -0,0 +1,64 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef AUTHENTICATIONENTRY_H
+#define AUTHENTICATIONENTRY_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "authentication/Authentication.h"
+
+class AuthenticationEntry
+{
+  public:
+	  AuthenticationEntry();
+	  virtual ~AuthenticationEntry();
+  public: 
+          void SetLibrary(PRLibrary* lib);
+          PRLibrary *GetLibrary();
+          void SetId(const char *id);
+          char *GetId();
+          void SetAuthentication(Authentication *auth);
+          Authentication *GetAuthentication();
+          void SetType(const char *type);
+          char *GetType();
+
+  private:
+          PRLibrary *m_lib;
+          char *m_Id;
+          char *m_type;
+          Authentication *m_authentication;
+};
+
+#endif /* AUTHENTICATIONENTRY_H */
diff --git a/pki/base/tps/src/include/main/Base.h b/pki/base/tps/src/include/main/Base.h
new file mode 100644
index 000000000..3c5260178
--- /dev/null
+++ b/pki/base/tps/src/include/main/Base.h
@@ -0,0 +1,63 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef BASE_H
+#define BASE_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "nspr.h"
+
+typedef unsigned char BYTE;
+
+enum nsNKeyMsgEnum {
+  VRFY_FAILURE,
+  VRFY_SUCCESS,
+  ENCODE_DER_PUBKEY_FAILURE,
+  B64ENCODE_FAILURE,
+  VFY_BEGIN_FAILURE,
+  VFY_UPDATE_FAILURE,
+  HTTP_REQ_EXE_FAILURE,
+  HTTP_ERROR_RCVD,
+  BASE64_DECODE_FAILURE,
+  REQ_TO_CA_SUCCESS,
+  MSG_INVALID
+};
+
+struct ReturnStatus {
+  PRStatus status;
+  nsNKeyMsgEnum statusNum;
+};
+
+#endif /* BASE_H */
diff --git a/pki/base/tps/src/include/main/Buffer.h b/pki/base/tps/src/include/main/Buffer.h
new file mode 100644
index 000000000..4fa7af6df
--- /dev/null
+++ b/pki/base/tps/src/include/main/Buffer.h
@@ -0,0 +1,196 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifndef BUFFER_H
+#define BUFFER_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+#include "main/Base.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * This class represents a byte array.
+ */
+class Buffer {
+
+  private:
+    BYTE *buf;
+    unsigned int len;
+    unsigned int res;
+
+  public:
+    /**
+     * Creates an empty Buffer.
+     */
+    TPS_PUBLIC Buffer() : buf(0), len(0), res(0) { }
+
+    /**
+     * Creates a Buffer of length 'len', with each byte initialized to 'b'.
+     */
+    TPS_PUBLIC Buffer(unsigned int len, BYTE b);
+
+    /**
+     * Creates a Buffer of length 'len', initialized to zeroes.
+     */
+    TPS_PUBLIC explicit Buffer(unsigned int len);
+
+    /**
+     * Creates a Buffer of length 'len', initialized from 'buf'. 'buf' must
+     * contain at least 'len' bytes.
+     */
+    TPS_PUBLIC Buffer(const BYTE* buf, unsigned int len);
+
+    /**
+     * Copy constructor.
+     */
+    TPS_PUBLIC Buffer(const Buffer& cpy);
+
+    /**
+     * Destructor.
+     */
+    TPS_PUBLIC ~Buffer();
+
+    /**
+     * Assignment operator.
+     */
+    TPS_PUBLIC Buffer& operator=(const Buffer& cpy);
+
+    /**
+     * Returns true if the two buffers are the same length and contain
+     * the same byte at each offset.
+     */
+    TPS_PUBLIC bool operator==(const Buffer& cmp) const;
+
+    /**
+     * Returns ! operator==(cmp).
+     */
+    TPS_PUBLIC bool operator!=(const Buffer& cmp) const { return ! (*this == cmp); }
+
+    /**
+     * Concatenation operator.
+     */
+    TPS_PUBLIC Buffer operator+(const Buffer&addend) const;
+
+    /**
+     * Append operators.
+     */
+    TPS_PUBLIC Buffer& operator+=(const Buffer&addend);
+    TPS_PUBLIC Buffer& operator+=(BYTE b);
+
+    /**
+     * Returns a pointer into the Buffer. This also enables the subscript
+     * operator, so you can say, for example, 'buf[4] = b' or 'b = buf[4]'.
+     */
+    TPS_PUBLIC operator BYTE*() { return buf; }
+    TPS_PUBLIC operator const BYTE*() const { return buf; }
+
+    /**
+     * The length of buffer. The actual amount of space allocated may be
+     * higher--see capacity().
+     */
+    TPS_PUBLIC unsigned int size() const { return len; }
+
+    /**
+     * The amount of memory allocated for the buffer. This is the maximum
+     * size the buffer can grow before it needs to allocate more memory.
+     */
+    TPS_PUBLIC unsigned int capacity() const { return res; }
+
+    /**
+     * Sets all bytes in the buffer to 0.
+     */
+    TPS_PUBLIC void zeroize();
+
+    /**
+     * Changes the length of the Buffer. If 'newLen' is shorter than the
+     * current length, the Buffer is truncated. If 'newLen' is longer, the
+     * new bytes are initialized to 0. If 'newLen' is the same as size(),
+     * this is a no-op.
+     */
+    TPS_PUBLIC void resize(unsigned int newLen);
+
+    /**
+     * Ensures that capacity() is at least 'reserve'. Allocates more memory
+     * if necessary. If 'reserve' is <= capacity(), this is a no-op.
+     * Does not affect size().
+     */
+    TPS_PUBLIC void reserve(unsigned int reserve);
+
+    /**
+     * Returns a new Buffer that is a substring of this Buffer, starting
+     * from offset 'start' and continuing for 'len' bytes. This Buffer
+     * must have size() >= (start + len).
+     */
+    TPS_PUBLIC Buffer substr(unsigned int start, unsigned int len) const;
+
+    /**
+     * Replaces bytes i through i+n in this Buffer using the values in 'cpy'.
+     * This Buffer is resized if necessary. The 'cpy' argument can be a
+     * Buffer.
+     */
+    TPS_PUBLIC void replace(unsigned int i, const BYTE* cpy, unsigned int n);
+
+    /**
+     * returns a hex version of the buffer
+     */
+    TPS_PUBLIC char *toHex();
+
+    /**
+     * Dumps this Buffer to the given file as formatted hex: 16 bytes per
+     * line, separated by spaces.
+     */
+    TPS_PUBLIC void dump(FILE* file) const;
+
+    /**
+     * returns a null-terminated string of the buf.
+     * should be called only by callers that are certain that buf
+     * is entirely representable by printable characters and wants
+     * a string instead.
+     */
+    TPS_PUBLIC char *string();
+
+    /**
+     * dump()s this Buffer to stdout.
+     */
+    TPS_PUBLIC void dump() const;
+
+};
+
+#endif
diff --git a/pki/base/tps/src/include/main/ConfigStore.h b/pki/base/tps/src/include/main/ConfigStore.h
new file mode 100644
index 000000000..2d365cfbe
--- /dev/null
+++ b/pki/base/tps/src/include/main/ConfigStore.h
@@ -0,0 +1,119 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef CONFIG_STORE_H
+#define CONFIG_STORE_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "plhash.h"
+#include "main/Buffer.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#ifdef XP_WIN32
+#define TOKENDB_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TOKENDB_PUBLIC
+#endif /* !XP_WIN32 */
+
+class ConfigStoreRoot;
+
+class ConfigStore
+{
+  public:
+	  ConfigStore(ConfigStoreRoot* root, const char *subStoreName);
+      //ConfigStore::ConfigStore(const ConfigStore &X);
+
+	  ~ConfigStore();
+	  static ConfigStore *Parse(const char *s, const char *separator);
+	  static ConfigStore *CreateFromConfigFile(const char *cfg_path);
+
+	  int                 IsNameDefined(const char *name);
+	  void                Add(const char *name, const char *value);
+	  const char *        GetConfig(const char *name);
+	  int                 Size();
+	  const char *        GetNameAt(int pos);
+	  ConfigStore         GetSubStore(const char*name);
+
+	// Retrieve config parameters
+      Buffer *         GetConfigAsBuffer(const char *key);
+      Buffer *         GetConfigAsBuffer(const char *key, const char *def);
+	  int              GetConfigAsInt(const char *key);
+	  TPS_PUBLIC int GetConfigAsInt(const char *key, int def); 
+	  unsigned int     GetConfigAsUnsignedInt(const char *key);
+	  TPS_PUBLIC unsigned int GetConfigAsUnsignedInt(const char *key,
+                                                       unsigned int def); 
+      bool              GetConfigAsBool(const char *key);
+      TPS_PUBLIC bool GetConfigAsBool(const char *key, bool def); 
+      TOKENDB_PUBLIC const char *GetConfigAsString(const char *key, const char *def);  
+      TPS_PUBLIC const char *GetConfigAsString(const char *key);
+	  /**
+	   * operator[] is used to look up config strings in the ConfigStore.
+	   * For example:
+	   * <PRE>
+	   *   const char *param = cfg["filename"];           // equivalent
+	   *   const char *param = cfg.GetConfig("filename"); // equivalent
+	   * </PRE>
+	   */
+      const char *      operator[](const char*key);
+
+  private: 
+	  char      *m_substore_name;
+	  ConfigStoreRoot *m_root;
+};
+
+class ConfigStoreRoot
+{
+	  friend class ConfigStore;
+    public:
+	  ConfigStoreRoot();
+	  ~ConfigStoreRoot();
+	  void addref();
+	  void release();
+	
+	private:
+	  PLHashTable* getSet();
+	  PLHashTable *m_set;
+	  int          m_set_refcount;
+
+};
+
+
+
+#endif /* CONFIG_STORE_H */
diff --git a/pki/base/tps/src/include/main/Login.h b/pki/base/tps/src/include/main/Login.h
new file mode 100644
index 000000000..81a22870e
--- /dev/null
+++ b/pki/base/tps/src/include/main/Login.h
@@ -0,0 +1,55 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef LOGIN_H
+#define LOGIN_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+
+class Login
+{
+  public:
+	  Login(char *uid, char *pwd);
+	  ~Login();
+  public:
+	  char *GetUID();
+	  char *GetPassword();
+  private:
+	  char *m_uid;
+	  char *m_pwd;
+};
+
+#endif /* LOGIN_H */
diff --git a/pki/base/tps/src/include/main/Memory.h b/pki/base/tps/src/include/main/Memory.h
new file mode 100644
index 000000000..ca9608466
--- /dev/null
+++ b/pki/base/tps/src/include/main/Memory.h
@@ -0,0 +1,130 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_MEMORY_H
+#define RA_MEMORY_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/MemoryMgr.h"
+
+#ifdef MEM_PROFILING
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+extern void MEM_init(char *audit_file, char *dump_file);
+extern void MEM_shutdown();
+extern void MEM_dump_unfree();
+extern char *MEM_strdup(const char *, const char *, const char *, const char *, int);
+extern void *MEM_malloc(int, const char *, const char *, const char *, int);
+extern void MEM_free(void *i, const char *, const char *, const char *, int);
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#ifdef malloc
+#undef malloc
+#endif
+
+#ifdef free
+#undef free
+#endif
+
+#ifdef strdup
+#undef strdup
+#endif
+
+#ifdef PL_strdup
+#undef PL_strdup
+#endif
+
+#ifdef PL_strfree
+#undef PL_strfree
+#endif
+
+
+#define strdup(s)          MEM_strdup(s,"strcpy",__FUNCTION__,__FILE__,__LINE__)
+#define malloc(size)       MEM_malloc(size,"malloc",__FUNCTION__,__FILE__,__LINE__)
+#define free(p)            MEM_free(p,"free",__FUNCTION__,__FILE__,__LINE__)
+#define PR_MALLOC(size)    MEM_malloc(size,"PL_MALLOC",__FUNCTION__,__FILE__,__LINE__)
+#define PR_Malloc(size)    MEM_malloc(size,"PR_Malloc",__FUNCTION__,__FILE__,__LINE__)
+#define PR_Free(p)         MEM_free(p,"free",__FUNCTION__,__FILE__,__LINE__)
+
+#define PL_strdup(s)       MEM_strdup(s,"PL_strdup",__FUNCTION__,__FILE__,__LINE__)
+#define PL_strfree(p)      MEM_free(p,"PL_strfree",__FUNCTION__,__FILE__,__LINE__)
+
+#if 0
+extern void *operator new(size_t size, const char *func, const char *file, int line);
+extern void *operator new[](size_t size, const char *func, const char *file, int line);
+#endif
+extern void operator delete(void* p);
+extern void operator delete[](void* p);
+
+inline void *operator new(size_t size, const char *func, const char *file, int line)
+{
+	  return MEM_malloc(size, "new", func, file, line);
+}
+
+inline void *operator new[](size_t size, const char *func, const char *file, int line)  
+{
+	  return MEM_malloc(size, "new[]", func, file, line);
+}
+
+#if 0
+inline void operator delete(void *p)
+{
+	  MEM_free(p,"delete","", "", 0);
+}
+
+inline void operator delete[](void *p)
+{
+           MEM_free(p,"delete[]","", "", 0);
+}
+#endif
+
+
+#ifdef new
+#undef new
+#endif
+
+#define new                new(__FUNCTION__,__FILE__,__LINE__)
+
+#endif
+
+#endif /* RA_MEMORY_H */
diff --git a/pki/base/tps/src/include/main/MemoryMgr.h b/pki/base/tps/src/include/main/MemoryMgr.h
new file mode 100644
index 000000000..7e2f71dc1
--- /dev/null
+++ b/pki/base/tps/src/include/main/MemoryMgr.h
@@ -0,0 +1,46 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_MEMORY_MGR_H
+#define RA_MEMORY_MGR_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/* Uncomment the following to enable memory profiling */
+
+/* #define MEM_PROFILING  */
+#define MEM_AUDIT_FILE "/tmp/mem-audit.log" 
+#define MEM_DUMP_FILE  "/tmp/mem-dump.log"
+
+#endif /* RA_MEMORY_MGR_H */
diff --git a/pki/base/tps/src/include/main/NameValueSet.h b/pki/base/tps/src/include/main/NameValueSet.h
new file mode 100644
index 000000000..6c9055a59
--- /dev/null
+++ b/pki/base/tps/src/include/main/NameValueSet.h
@@ -0,0 +1,72 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef NAME_VALUE_SET_H
+#define NAME_VALUE_SET_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "plhash.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class NameValueSet
+{
+  public:
+	  TPS_PUBLIC NameValueSet();
+	  TPS_PUBLIC ~NameValueSet();
+  public:
+	  TPS_PUBLIC static NameValueSet *Parse(const char *s, const char *separator);
+	  TPS_PUBLIC int IsNameDefined(const char *name);
+	  TPS_PUBLIC void Remove(const char *name);
+	  TPS_PUBLIC void Add(const char *name, const char *value);
+	  TPS_PUBLIC char *GetValue(const char *name);
+	  TPS_PUBLIC int Size();
+	  TPS_PUBLIC char *GetNameAt(int pos);
+	  TPS_PUBLIC int GetValueAsInt(const char *key);
+	  TPS_PUBLIC int GetValueAsInt(const char *key, int def); 
+          TPS_PUBLIC int GetValueAsBool(const char *key);
+          TPS_PUBLIC int GetValueAsBool(const char *key, int def); 
+          TPS_PUBLIC char *GetValueAsString(const char *key, char *def);  
+          TPS_PUBLIC char *GetValueAsString(const char *key);
+
+  private: 
+	  PLHashTable *m_set;
+};
+
+#endif /* NAME_VALUE_SET_H */
diff --git a/pki/base/tps/src/include/main/ObjectSpec.h b/pki/base/tps/src/include/main/ObjectSpec.h
new file mode 100644
index 000000000..3b0bee72c
--- /dev/null
+++ b/pki/base/tps/src/include/main/ObjectSpec.h
@@ -0,0 +1,79 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_OBJECTSPEC_H
+#define RA_OBJECTSPEC_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "pk11func.h"
+#include "main/Buffer.h"
+#include "main/AttributeSpec.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class ObjectSpec
+{
+  public:
+	  ObjectSpec();
+	  ~ObjectSpec();
+  public:
+	  static ObjectSpec *ParseFromTokenData(unsigned long objid, Buffer *b);
+	  static ObjectSpec *Parse(Buffer *b, int offset, int *nread);
+	  static void ParseAttributes(char *objectID, ObjectSpec *ObjectSpec, Buffer *b);
+	  static void ParseCertificateAttributes(char *objectID, ObjectSpec *ObjectSpec, Buffer *b);
+	  static void ParseKeyAttributes(char *objectID, ObjectSpec *ObjectSpec, Buffer *b);
+	  static void ParseCertificateBlob(char *objectID, ObjectSpec *ObjectSpec, Buffer *b);
+
+	  void SetObjectID(unsigned long v);
+	  unsigned long GetObjectID();
+	  void SetFixedAttributes(unsigned long v);
+	  unsigned long GetFixedAttributes();
+	  int GetAttributeSpecCount();
+	  AttributeSpec *GetAttributeSpec(int p);
+	  void AddAttributeSpec(AttributeSpec *p);
+          void RemoveAttributeSpec(int p);
+	  Buffer GetData();
+  public:
+	  unsigned long m_objectID;
+	  unsigned long m_fixedAttributes;
+#define MAX_ATTRIBUTE_SPEC 30
+	  AttributeSpec *m_attributeSpec[MAX_ATTRIBUTE_SPEC];
+};
+
+#endif /* RA_OBJECTSPEC_H */
diff --git a/pki/base/tps/src/include/main/PKCS11Obj.h b/pki/base/tps/src/include/main/PKCS11Obj.h
new file mode 100644
index 000000000..ef3fca964
--- /dev/null
+++ b/pki/base/tps/src/include/main/PKCS11Obj.h
@@ -0,0 +1,80 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_PKCS11OBJ_H
+#define RA_PKCS11OBJ_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "pk11func.h"
+#include "main/ObjectSpec.h"
+#include "main/Buffer.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class PKCS11Obj
+{
+  public:
+	  PKCS11Obj();
+	  ~PKCS11Obj();
+  public:
+	  static PKCS11Obj *Parse(Buffer *b, int offset);
+	  void SetFormatVersion(unsigned short v);
+	  unsigned short GetFormatVersion();
+	  void SetObjectVersion(unsigned short v);
+	  unsigned short GetObjectVersion();
+	  void SetCUID(Buffer CUID);
+	  Buffer GetCUID();
+	  void SetTokenName(Buffer tokenName);
+	  Buffer GetTokenName();
+	  Buffer GetData();
+	  Buffer GetCompressedData();
+	int GetObjectSpecCount();
+	ObjectSpec *GetObjectSpec(int p);
+	void AddObjectSpec(ObjectSpec *p);
+	void RemoveObjectSpec(int p);
+  public:
+	unsigned short m_formatVersion;
+	unsigned short m_objectVersion;
+	Buffer m_CUID;
+	Buffer m_tokenName;
+#define MAX_OBJECT_SPEC 20
+	ObjectSpec *m_objSpec[MAX_OBJECT_SPEC];
+};
+
+#endif /* RA_PKCS11OBj_H */
diff --git a/pki/base/tps/src/include/main/PublishEntry.h b/pki/base/tps/src/include/main/PublishEntry.h
new file mode 100644
index 000000000..05d5939a4
--- /dev/null
+++ b/pki/base/tps/src/include/main/PublishEntry.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_PUBLISH_ENTRY_H
+#define RA_PUBLISH_ENTRY_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "publisher/IPublisher.h"
+#define MAX_PUBLISHERS 10
+
+struct PublisherEntry
+{
+
+    char *id;
+    IPublisher *publisher;
+    PRLibrary *publisher_lib;
+    char      *factory;
+
+    struct  PublisherEntry *next;
+};
+
+typedef struct PublisherEntry  PublisherEntry;
+
+#endif /* RA_PUBLISH_ENTRY_H */
+
diff --git a/pki/base/tps/src/include/main/RA_Context.h b/pki/base/tps/src/include/main/RA_Context.h
new file mode 100644
index 000000000..e313f45fd
--- /dev/null
+++ b/pki/base/tps/src/include/main/RA_Context.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_CONTEXT_H
+#define RA_CONTEXT_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Context
+{
+  public:
+	  TPS_PUBLIC RA_Context();
+	  TPS_PUBLIC virtual ~RA_Context();
+  public:
+          virtual void LogError(const char *func, int line, const char *fmt,...);
+          virtual void LogInfo(const char *func, int line, const char *fmt,...);
+          virtual void InitializationError(const char *func, int line);
+};
+
+#endif /* RA_CONTEXT_H */
diff --git a/pki/base/tps/src/include/main/RA_Msg.h b/pki/base/tps/src/include/main/RA_Msg.h
new file mode 100644
index 000000000..d94063b00
--- /dev/null
+++ b/pki/base/tps/src/include/main/RA_Msg.h
@@ -0,0 +1,79 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_MSG_H
+#define RA_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+
+enum RA_Op_Type {
+	OP_ENROLL = 1,
+	OP_UNBLOCK = 2,
+	OP_RESET_PIN = 3,
+	OP_RENEW = 4,
+	OP_FORMAT = 5
+};
+
+enum RA_Msg_Type {
+	MSG_UNDEFINED = -1,
+	MSG_BEGIN_OP = 2,
+	MSG_LOGIN_REQUEST = 3,
+	MSG_LOGIN_RESPONSE = 4,
+	MSG_SECUREID_REQUEST = 5,
+	MSG_SECUREID_RESPONSE = 6,
+	MSG_ASQ_REQUEST = 7,
+	MSG_ASQ_RESPONSE = 8,
+	MSG_NEW_PIN_REQUEST = 11,
+	MSG_NEW_PIN_RESPONSE = 12,
+	MSG_TOKEN_PDU_REQUEST = 9,
+	MSG_TOKEN_PDU_RESPONSE = 10,
+	MSG_END_OP = 13,
+	MSG_STATUS_UPDATE_REQUEST = 14,
+	MSG_STATUS_UPDATE_RESPONSE = 15,
+	MSG_EXTENDED_LOGIN_REQUEST = 16,
+	MSG_EXTENDED_LOGIN_RESPONSE = 17
+};
+
+class RA_Msg
+{
+  public:
+	  RA_Msg();
+	  virtual ~RA_Msg();
+  public:
+	  virtual RA_Msg_Type GetType();
+};
+
+#endif /* RA_MSG_H */
diff --git a/pki/base/tps/src/include/main/RA_Session.h b/pki/base/tps/src/include/main/RA_Session.h
new file mode 100644
index 000000000..520a94b6a
--- /dev/null
+++ b/pki/base/tps/src/include/main/RA_Session.h
@@ -0,0 +1,61 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_SESSION_H
+#define RA_SESSION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_pblock.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Session
+{
+  public:
+	  TPS_PUBLIC RA_Session();
+	  TPS_PUBLIC virtual ~RA_Session();
+  public:
+	  virtual RA_pblock *create_pblock( char *data );
+	  virtual RA_Msg *ReadMsg();
+	  virtual char *GetRemoteIP();
+	  virtual void WriteMsg(RA_Msg *msg);
+};
+
+#endif /* RA_SESSION_H */
diff --git a/pki/base/tps/src/include/main/RA_pblock.h b/pki/base/tps/src/include/main/RA_pblock.h
new file mode 100644
index 000000000..685dc321b
--- /dev/null
+++ b/pki/base/tps/src/include/main/RA_pblock.h
@@ -0,0 +1,74 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_PBLOCK_H
+#define RA_PBLOCK_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Buffer.h"
+
+#define MAX_NVS 50
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+struct Buffer_nv {
+    char *name;
+    char *value_s;
+    Buffer *value;
+};
+
+class RA_pblock
+{
+    public:
+        TPS_PUBLIC RA_pblock( int tm_nargs, Buffer_nv** tm_nvs );
+        TPS_PUBLIC ~RA_pblock();
+    public:
+        Buffer_nv **GetNVs();
+        TPS_PUBLIC Buffer *find_val( const char * name );
+        TPS_PUBLIC char* find_val_s( const char * name );
+        void free_pblock();
+        TPS_PUBLIC char *get_name( int i );
+        TPS_PUBLIC int get_num_of_names();
+    public:
+        // an array of pointers to name/value pairs
+        Buffer_nv *m_nvs[MAX_NVS];
+        int m_nargs;
+};
+
+#endif /* RA_PBLOCK_H */
diff --git a/pki/base/tps/src/include/main/SecureId.h b/pki/base/tps/src/include/main/SecureId.h
new file mode 100644
index 000000000..fd7e6a158
--- /dev/null
+++ b/pki/base/tps/src/include/main/SecureId.h
@@ -0,0 +1,55 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef SECUREID_H
+#define SECUREID_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+
+class SecureId
+{
+  public:
+	  SecureId(char *value, char *pin);
+	  ~SecureId();
+  public:
+	  char *GetValue();
+	  char *GetPIN(); /* optional pin */
+  private: 
+	  char *m_value; 
+          char *m_pin;
+};
+
+#endif /* RA_MSG_H */
diff --git a/pki/base/tps/src/include/main/Util.h b/pki/base/tps/src/include/main/Util.h
new file mode 100644
index 000000000..bd92a50fe
--- /dev/null
+++ b/pki/base/tps/src/include/main/Util.h
@@ -0,0 +1,98 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_UTIL_H
+#define RA_UTIL_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "pk11func.h"
+#include "main/Buffer.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Util
+{
+  public:
+	  TPS_PUBLIC Util();
+	  TPS_PUBLIC ~Util();
+  public:
+          TPS_PUBLIC static int ascii2numeric(char ch);
+	  TPS_PUBLIC static char *Buffer2String (Buffer &data);
+	  TPS_PUBLIC static Buffer *Str2Buf (const char *s);
+	  TPS_PUBLIC static char *URLEncode (Buffer &data);
+	  TPS_PUBLIC static char *URLEncodeInHex (Buffer &data);
+	  TPS_PUBLIC static char *URLEncode (const char *data);
+	  TPS_PUBLIC static char *URLEncode1 (const char *data);
+	  TPS_PUBLIC static Buffer *URLDecode(const char *data);
+	  TPS_PUBLIC static char *SpecialURLEncode (Buffer &data);
+	  TPS_PUBLIC static Buffer *SpecialURLDecode(const char *data);
+          TPS_PUBLIC static PRStatus GetRandomChallenge(Buffer &random);
+          TPS_PUBLIC static PRStatus CreateKeySetData(
+                             Buffer &key_set_version,
+                             Buffer &old_kek_key, 
+			     Buffer &new_auth_key, 
+			     Buffer &new_mac_key, 
+			     Buffer &new_kek_key, 
+			     Buffer &output);
+          TPS_PUBLIC static PRStatus ComputeCryptogram(PK11SymKey *key,
+			  const Buffer &card_challenge, 
+			  const Buffer &host_challenge,
+			  Buffer &output);
+	  TPS_PUBLIC static PRStatus ComputeMAC(PK11SymKey *key, 
+			  Buffer &input, const Buffer &icv, 
+			  Buffer &output);
+	  TPS_PUBLIC static PRStatus ComputeKeyCheck(
+			  const Buffer& newKey, Buffer& output);
+          TPS_PUBLIC static PK11SymKey *DeriveKey(const Buffer& permKey,
+		        const Buffer& hostChallenge,
+	              	const Buffer& cardChallenge);
+	  TPS_PUBLIC static PRStatus EncryptData(PK11SymKey *encSessionKey,
+			  Buffer &input, Buffer &output);
+	  TPS_PUBLIC static PRStatus EncryptData(Buffer &kek_key, 
+			  Buffer &input, Buffer &output);
+          TPS_PUBLIC static PK11SymKey *DiversifyKey(PK11SymKey *master, 
+                          Buffer &data, PK11SlotInfo *slot);
+	  TPS_PUBLIC static PRStatus DecryptData(Buffer &kek_key, 
+			  Buffer &input, Buffer &output);
+	  TPS_PUBLIC static PRStatus DecryptData(PK11SymKey* enc_key, 
+			  Buffer &input, Buffer &output);
+          TPS_PUBLIC static BYTE*    bool2byte(bool p);
+};
+
+#endif /* RA_UTIL_H */
diff --git a/pki/base/tps/src/include/modules/tps/AP_Context.h b/pki/base/tps/src/include/modules/tps/AP_Context.h
new file mode 100644
index 000000000..4faca55ac
--- /dev/null
+++ b/pki/base/tps/src/include/modules/tps/AP_Context.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef AP_CONTEXT_H
+#define AP_CONTEXT_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Context.h"
+
+class AP_Context : public RA_Context
+{
+    public:
+        AP_Context( server_rec *sv );
+        virtual ~AP_Context();
+    public:
+        virtual void LogError( const char *func, int line,
+                               const char *fmt, ... );
+        virtual void LogInfo( const char *func, int line,
+                              const char *fmt, ... );
+        virtual void InitializationError( const char *func, int line );
+    private:
+        server_rec *m_sv;
+};
+
+#endif /* AP_CONTEXT_H */
diff --git a/pki/base/tps/src/include/modules/tps/AP_Session.h b/pki/base/tps/src/include/modules/tps/AP_Session.h
new file mode 100644
index 000000000..832166a1b
--- /dev/null
+++ b/pki/base/tps/src/include/modules/tps/AP_Session.h
@@ -0,0 +1,56 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef AP_SESSION_H
+#define AP_SESSION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Session.h"
+
+class AP_Session : public RA_Session
+{
+    public:
+        AP_Session( request_rec *rq );
+        virtual ~AP_Session();
+    public:
+        virtual char *GetRemoteIP();
+        virtual RA_pblock *create_pblock( char *data );
+        virtual RA_Msg *ReadMsg();
+        virtual void WriteMsg( RA_Msg *msg );
+    private:
+        request_rec *m_rq;
+};
+
+#endif /* AP_SESSION_H */
diff --git a/pki/base/tps/src/include/msg/RA_ASQ_Request_Msg.h b/pki/base/tps/src/include/msg/RA_ASQ_Request_Msg.h
new file mode 100644
index 000000000..15f8bd7a4
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_ASQ_Request_Msg.h
@@ -0,0 +1,62 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_ASQ_REQUEST_MSG_H
+#define RA_ASQ_REQUEST_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_ASQ_Request_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_ASQ_Request_Msg(char *question);
+	  TPS_PUBLIC ~RA_ASQ_Request_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC char *GetQuestion();
+  private:
+	  char *m_question;
+};
+
+#endif /* RA_ASQ_REQUEST_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_ASQ_Response_Msg.h b/pki/base/tps/src/include/msg/RA_ASQ_Response_Msg.h
new file mode 100644
index 000000000..3614e443f
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_ASQ_Response_Msg.h
@@ -0,0 +1,62 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_ASQ_RESPONSE_MSG_H
+#define RA_ASQ_RESPONSE_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_ASQ_Response_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_ASQ_Response_Msg(char *answer);
+	  TPS_PUBLIC ~RA_ASQ_Response_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC char *GetAnswer();
+  private:
+	  char *m_answer;
+};
+
+#endif /* RA_ASQ_RESPONSE_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_Begin_Op_Msg.h b/pki/base/tps/src/include/msg/RA_Begin_Op_Msg.h
new file mode 100644
index 000000000..48a61a659
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_Begin_Op_Msg.h
@@ -0,0 +1,64 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_BEGIN_OP_MSG_H
+#define RA_BEGIN_OP_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Msg.h"
+#include "main/NameValueSet.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Begin_Op_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_Begin_Op_Msg(RA_Op_Type op, NameValueSet *exts);
+	  TPS_PUBLIC ~RA_Begin_Op_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC RA_Op_Type GetOpType();
+	  TPS_PUBLIC NameValueSet *GetExtensions();
+  private:
+	  RA_Op_Type m_op;
+	  NameValueSet *m_exts;
+};
+
+#endif /* RA_BEGIN_OP_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_End_Op_Msg.h b/pki/base/tps/src/include/msg/RA_End_Op_Msg.h
new file mode 100644
index 000000000..fe396f05b
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_End_Op_Msg.h
@@ -0,0 +1,84 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_END_OP_MSG_H
+#define RA_END_OP_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+
+#define    NKEY_ERROR_NO_ERROR 0
+#define    NKEY_ERROR_SNAC 1
+#define    NKEY_ERROR_SEC_INIT_UPDATE 2
+#define    NKEY_ERROR_CREATE_CARDMGR 3
+#define    NKEY_ERROR_MAC_RESET_PIN_PDU 4
+#define    NKEY_ERROR_MAC_CERT_PDU 5
+#define    NKEY_ERROR_MAC_LIFESTYLE_PDU 6
+#define    NKEY_ERROR_MAC_ENROLL_PDU 7
+#define    NKEY_ERROR_READ_OBJECT_PDU 8
+#define    NKEY_ERROR_BAD_STATUS 9
+#define    NKEY_ERROR_CA_RESPONSE 10
+#define    NKEY_ERROR_READ_BUFFER_OVERFLOW 11
+#define    NKEY_ERROR_TOKEN_RESET_PIN_FAILED 12
+#define    NKEY_ERROR_CONNECTION 13
+
+#define    RESULT_GOOD       0
+#define    RESULT_ERROR 1
+
+class RA_End_Op_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_End_Op_Msg(RA_Op_Type op, int result, int msg);
+	  TPS_PUBLIC ~RA_End_Op_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC RA_Op_Type GetOpType();
+	  TPS_PUBLIC int GetResult();
+	  TPS_PUBLIC int GetMsg();
+  private:
+	  RA_Op_Type m_op;
+	  int m_result;
+	  int m_msg;
+};
+
+#endif /* RA_BEGIN_OP_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_Extended_Login_Request_Msg.h b/pki/base/tps/src/include/msg/RA_Extended_Login_Request_Msg.h
new file mode 100644
index 000000000..fdfceedcf
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_Extended_Login_Request_Msg.h
@@ -0,0 +1,73 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_EXTENDED_LOGIN_REQUEST_MSG_H
+#define RA_EXTENDED_LOGIN_REQUEST_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Extended_Login_Request_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_Extended_Login_Request_Msg(int invalid_pw, 
+            int blocked, char **parameters, int len, 
+            char *title, char *description);
+	  TPS_PUBLIC ~RA_Extended_Login_Request_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC int IsInvalidPassword();
+	  TPS_PUBLIC int IsBlocked();
+	  TPS_PUBLIC int GetLen();
+	  TPS_PUBLIC char *GetParam(int i);
+	  TPS_PUBLIC char *GetTitle();
+	  TPS_PUBLIC char *GetDescription();
+  private:
+          char *m_title;
+          char *m_description;
+	  int m_invalid_pw;
+	  int m_blocked;
+	  char **m_parameters;
+          int m_len;
+};
+
+#endif /* RA_EXTENDED_LOGIN_REQUEST_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_Extended_Login_Response_Msg.h b/pki/base/tps/src/include/msg/RA_Extended_Login_Response_Msg.h
new file mode 100644
index 000000000..37da9feb3
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_Extended_Login_Response_Msg.h
@@ -0,0 +1,63 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_EXTENDED_LOGIN_RESPONSE_MSG_H
+#define RA_EXTENDED_LOGIN_RESPONSE_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "authentication/AuthParams.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Extended_Login_Response_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_Extended_Login_Response_Msg(AuthParams *param);
+	  TPS_PUBLIC ~RA_Extended_Login_Response_Msg();
+  public:
+          TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC AuthParams *GetAuthParams();
+  private:
+	  AuthParams *m_params;
+};
+
+#endif /* RA_EXTENDED_LOGIN_RESPONSE_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_Login_Request_Msg.h b/pki/base/tps/src/include/msg/RA_Login_Request_Msg.h
new file mode 100644
index 000000000..01a7a5acd
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_Login_Request_Msg.h
@@ -0,0 +1,63 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_LOGIN_REQUEST_MSG_H
+#define RA_LOGIN_REQUEST_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Login_Request_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_Login_Request_Msg(int invalid_pw, int blocked);
+	  TPS_PUBLIC ~RA_Login_Request_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC int IsInvalidPassword();
+	  TPS_PUBLIC int IsBlocked();
+  private:
+	  int m_invalid_pw;
+	  int m_blocked;
+};
+
+#endif /* RA_LOGIN_REQUEST_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_Login_Response_Msg.h b/pki/base/tps/src/include/msg/RA_Login_Response_Msg.h
new file mode 100644
index 000000000..dcc9e3530
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_Login_Response_Msg.h
@@ -0,0 +1,64 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_LOGIN_RESPONSE_MSG_H
+#define RA_LOGIN_RESPONSE_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Login_Response_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_Login_Response_Msg(char *uid, char *password);
+	  TPS_PUBLIC ~RA_Login_Response_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC char *GetUID();
+	  TPS_PUBLIC char *GetPassword();
+  private:
+	  char *m_uid;
+	  char *m_password;
+};
+
+#endif /* RA_LOGIN_RESPONSE_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_New_Pin_Request_Msg.h b/pki/base/tps/src/include/msg/RA_New_Pin_Request_Msg.h
new file mode 100644
index 000000000..8ebf16259
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_New_Pin_Request_Msg.h
@@ -0,0 +1,63 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_NEW_PIN_REQUEST_MSG_H
+#define RA_NEW_PIN_REQUEST_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_New_Pin_Request_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_New_Pin_Request_Msg(int min_len, int max_len);
+	  TPS_PUBLIC ~RA_New_Pin_Request_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC int GetMinLen();
+	  TPS_PUBLIC int GetMaxLen();
+  private:
+	  int m_min_len;
+	  int m_max_len;
+};
+
+#endif /* RA_NEW_PIN_REQUEST_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_New_Pin_Response_Msg.h b/pki/base/tps/src/include/msg/RA_New_Pin_Response_Msg.h
new file mode 100644
index 000000000..f062adcf0
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_New_Pin_Response_Msg.h
@@ -0,0 +1,62 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_NEW_PIN_RESPONSE_MSG_H
+#define RA_NEW_PIN_RESPONSE_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_New_Pin_Response_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_New_Pin_Response_Msg(char *new_pin);
+	  TPS_PUBLIC ~RA_New_Pin_Response_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC char *GetNewPIN();
+  private:
+	  char *m_new_pin;
+};
+
+#endif /* RA_NEW_PIN_RESPONSE_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_SecureId_Request_Msg.h b/pki/base/tps/src/include/msg/RA_SecureId_Request_Msg.h
new file mode 100644
index 000000000..132e04c22
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_SecureId_Request_Msg.h
@@ -0,0 +1,63 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_SECUREID_REQUEST_MSG_H
+#define RA_SECUREID_REQUEST_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_SecureId_Request_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_SecureId_Request_Msg(int pin_required, int next_value);
+	  TPS_PUBLIC ~RA_SecureId_Request_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC int IsPinRequired();
+	  TPS_PUBLIC int IsNextValue();
+  private:
+	  int m_pin_required;
+	  int m_next_value;
+};
+
+#endif /* RA_SECUREID_REQUEST_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_SecureId_Response_Msg.h b/pki/base/tps/src/include/msg/RA_SecureId_Response_Msg.h
new file mode 100644
index 000000000..279e07475
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_SecureId_Response_Msg.h
@@ -0,0 +1,64 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_SECUREID_RESPONSE_MSG_H
+#define RA_SECUREID_RESPONSE_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_SecureId_Response_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_SecureId_Response_Msg(char *value, char *pin);
+	  TPS_PUBLIC ~RA_SecureId_Response_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC char *GetValue();
+	  TPS_PUBLIC char *GetPIN();
+  private:
+	  char *m_value;
+	  char *m_pin;
+};
+
+#endif /* RA_SECUREID_RESPONSE_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_Status_Update_Request_Msg.h b/pki/base/tps/src/include/msg/RA_Status_Update_Request_Msg.h
new file mode 100644
index 000000000..bdc037c97
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_Status_Update_Request_Msg.h
@@ -0,0 +1,65 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_STATUS_UPDATE_REQUEST_MSG_H
+#define RA_STATUS_UPDATE_REQUEST_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Status_Update_Request_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_Status_Update_Request_Msg(int status, const char *info);
+	  TPS_PUBLIC ~RA_Status_Update_Request_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+	  TPS_PUBLIC int GetStatus();
+	  TPS_PUBLIC char *GetInfo();
+  private:
+	  int m_status;
+	  char *m_info;
+};
+
+#endif /* RA_STATUS_UPDATE_REQUEST_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_Status_Update_Response_Msg.h b/pki/base/tps/src/include/msg/RA_Status_Update_Response_Msg.h
new file mode 100644
index 000000000..c5a13eaa4
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_Status_Update_Response_Msg.h
@@ -0,0 +1,63 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_STATUS_UPDATE_RESPONSE_MSG_H
+#define RA_STATUS_UPDATE_RESPONSE_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Status_Update_Response_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_Status_Update_Response_Msg(int status);
+	  TPS_PUBLIC ~RA_Status_Update_Response_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+	  TPS_PUBLIC int GetStatus();
+  private:
+	  int m_status;
+};
+
+#endif /* RA_STATUS_UPDATE_REQUEST_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_Token_PDU_Request_Msg.h b/pki/base/tps/src/include/msg/RA_Token_PDU_Request_Msg.h
new file mode 100644
index 000000000..bcbdfc7fc
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_Token_PDU_Request_Msg.h
@@ -0,0 +1,63 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_TOKEN_PDU_REQUEST_MSG_H
+#define RA_TOKEN_PDU_REQUEST_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Token_PDU_Request_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_Token_PDU_Request_Msg(APDU *apdu);
+	  TPS_PUBLIC ~RA_Token_PDU_Request_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+	  TPS_PUBLIC APDU *GetAPDU();
+  private:
+	  APDU *m_apdu;
+};
+
+#endif /* RA_TOKEN_PDU_REQUEST_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_Token_PDU_Response_Msg.h b/pki/base/tps/src/include/msg/RA_Token_PDU_Response_Msg.h
new file mode 100644
index 000000000..e7c2d538f
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_Token_PDU_Response_Msg.h
@@ -0,0 +1,62 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_TOKEN_PDU_RESPONSE_MSG_H
+#define RA_TOKEN_PDU_RESPONSE_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "apdu/APDU.h"
+#include "apdu/APDU_Response.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Token_PDU_Response_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_Token_PDU_Response_Msg(APDU_Response *response);
+	  TPS_PUBLIC ~RA_Token_PDU_Response_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+	  TPS_PUBLIC APDU_Response *GetResponse();
+  private:
+	  APDU_Response *m_response;
+};
+
+#endif /* RA_TOKEN_PDU_RESPONSE_MSG_H */
diff --git a/pki/base/tps/src/include/processor/RA_Enroll_Processor.h b/pki/base/tps/src/include/processor/RA_Enroll_Processor.h
new file mode 100644
index 000000000..e109783a6
--- /dev/null
+++ b/pki/base/tps/src/include/processor/RA_Enroll_Processor.h
@@ -0,0 +1,266 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_ENROLL_PROCESSOR_H
+#define RA_ENROLL_PROCESSOR_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Session.h"
+#include "main/PKCS11Obj.h"
+#include "processor/RA_Processor.h"
+#include "cms/HttpConnection.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Enroll_Processor : public RA_Processor
+{
+	public:
+		TPS_PUBLIC RA_Enroll_Processor();
+		TPS_PUBLIC ~RA_Enroll_Processor();
+	public:
+		int ParsePublicKeyBlob(unsigned char *blob,
+				unsigned char *challenge,
+				SECKEYPublicKey *pk);
+		RA_Status DoEnrollment(AuthParams *login, RA_Session *session,
+				CERTCertificate **certificates,
+				char **origins,
+				char **ktypes,
+				int pkcs11obj,
+				PKCS11Obj * pkcs_objx,
+				NameValueSet *extensions,
+				int index, int keyTypeNum,
+				int start_progress,
+				int end_progress,
+				Secure_Channel *channel, Buffer *wrapped_challenge,
+				const char *tokenType,
+				const char *keyType,
+				Buffer *key_check,
+				Buffer *plaintext_challenge,
+				const char *cuid,
+				const char *msn,
+				const char *khex,
+				TokenKeyType key_type,
+				const char *profileId,
+				const char *userid,
+				const char *cert_id,
+				const char *publisher_id,
+				const char *cert_attr_id,
+				const char *pri_attr_id,
+				const char *pub_attr_id,
+				BYTE se_p1, BYTE se_p2, int keysize, const char *connid, const char *keyTypePrefix,char * applet_version);
+
+        bool GenerateCertificate(AuthParams *login,
+                int keyTypeNum, 
+                const char *keyTypeValue, 
+                int i, 
+                RA_Session *session,
+                char **origins, 
+                char **ktypes, 
+                char *tokenType, 
+                PKCS11Obj *pkcs11objx, 
+                int pkcs11obj_enable, 
+                NameValueSet *extensions,
+                Secure_Channel *channel, 
+                Buffer *wrapped_challenge,
+                Buffer *key_check, 
+                Buffer *plaintext_challenge,
+                char *cuid, 
+                char *msn, 
+                const char *final_applet_version,
+                char *khex, 
+                const char *userid, 
+                RA_Status &o_status, 
+                CERTCertificate **certificates);
+
+		bool GenerateCertsAfterRecoveryPolicy(AuthParams *login,
+				RA_Session *session, 
+				char **&origins,
+				char **&ktypes,
+				char *&tokenType, 
+				PKCS11Obj *pkcs11objx, 
+				int pkcs11obj_enable, 
+				NameValueSet *extensions,
+				Secure_Channel *channel, 
+				Buffer *wrapped_challenge,
+				Buffer *key_check, 
+				Buffer *plaintext_challenge, 
+				char *cuid, 
+				char *msn, 
+				const char *final_applet_version,
+				char *khex, 
+				const char *userid,
+				RA_Status &o_status, 
+				CERTCertificate **&certificates,
+                int &o_certNums, char **&tokenTypes);
+
+		bool GenerateCertificates(AuthParams *login,
+				RA_Session *session, 
+				char **&origins,
+				char **&ktypes,
+				char *tokenType, 
+				PKCS11Obj *pkcs11objx, 
+				int pkcs11obj_enable, 
+				NameValueSet *extensions,
+				Secure_Channel *channel, 
+				Buffer *wrapped_challenge,
+				Buffer *key_check, 
+				Buffer *plaintext_challenge, 
+				char *cuid, 
+				char *msn, 
+				const char *final_applet_version,
+				char *khex, 
+				const char *userid,
+				RA_Status &o_status, 
+				CERTCertificate **&certificates,
+                int &o_certNums, char **&tokenTypes);
+
+		int DoPublish(
+				const char *cuid,
+				SECItem *encodedPublicKeyInfo,
+				Buffer *cert,
+				const char *publisher_id,
+				char *applet_version);
+
+		bool ProcessRecovery(AuthParams *login,
+				char *reason, 
+				RA_Session *session, 
+				char **&origins,   
+				char **&ktypes,   
+				char *tokenType, 
+				PKCS11Obj *pkcs11objx, 
+				int pkcs11obj_enable, 
+				NameValueSet *extensions,
+				Secure_Channel *channel, 
+				Buffer *wrapped_challenge,
+				Buffer *key_check, 
+				Buffer *plaintext_challenge, 
+				char *cuid,
+				char *msn, 
+				const char *final_applet_version, 
+				char *khex,
+				const char *userid, 
+				RA_Status &o_status, 
+				CERTCertificate **&certificates,
+                char *lostTokenCUID,
+                int &o_certNums, char **&tokenTypes, char *origTokenType);
+
+		bool GetCardManagerAppletInfo(
+				RA_Session*, 
+				Buffer *, 
+				RA_Status&, 
+				char*&, 
+				char*&, 
+				Buffer& );
+
+		bool GetAppletInfo( 
+				RA_Session *a_session,   /* in */ 
+				Buffer *a_aid ,  /* in */ 
+				BYTE &o_major_version, 
+				BYTE &o_minor_version, 
+				BYTE &o_app_major_version, 
+				BYTE &o_app_minor_version);
+
+		bool FormatAppletVersionInfo(
+				RA_Session *a_session,
+				const char *a_tokenType,
+				char *a_cuid,
+				BYTE a_app_major_version,
+				BYTE a_app_minor_version,
+				RA_Status &status,              // out
+				char * &o_appletVersion       // out
+				);
+
+		bool RequestUserId(
+				RA_Session * a_session,
+				NameValueSet *extensions,
+				const char * a_configname,
+				const char * a_tokenType,
+				char *a_cuid,
+				AuthParams *& o_login,  // out 
+				const char *&o_userid,   // out 
+				RA_Status &o_status //out 
+				);
+
+
+		bool AuthenticateUser(
+				RA_Session * a_session,
+				const char * a_configname,
+				char *a_cuid,
+				NameValueSet *a_extensions,
+				const char *a_tokenType,
+				AuthParams *& a_login, 
+				const char *&o_userid,
+				RA_Status &o_status
+				);
+
+		bool AuthenticateUserLDAP(
+				RA_Session *a_session,
+				NameValueSet *extensions,
+				char *a_cuid,
+				AuthenticationEntry *a_auth,
+				AuthParams *& o_login,
+				RA_Status &o_status);
+
+		bool CheckAndUpgradeApplet(
+				RA_Session *a_session,
+				NameValueSet *a_extensions,
+				char *a_cuid,
+				const char *a_tokenType,
+				char *&o_current_applet_on_token,
+				BYTE &o_major_version,
+				BYTE &o_minor_version,
+				Buffer *a_aid,
+				RA_Status &o_status );
+
+		bool CheckAndUpgradeSymKeys(
+				RA_Session *session,
+				NameValueSet* extensions,
+				char *cuid,
+				const char *tokenType,
+				char *msn,
+				Buffer *a_cardmanagerAID,  /* in */
+				Buffer *a_appletAID,       /* in */
+				Secure_Channel *&channel,  /* out */
+				RA_Status &status          /* out */
+				);
+
+		TPS_PUBLIC RA_Status Process(RA_Session *session, NameValueSet *extensions);
+};
+
+#endif /* RA_ENROLL_PROCESSOR_H */
diff --git a/pki/base/tps/src/include/processor/RA_Format_Processor.h b/pki/base/tps/src/include/processor/RA_Format_Processor.h
new file mode 100644
index 000000000..836c89080
--- /dev/null
+++ b/pki/base/tps/src/include/processor/RA_Format_Processor.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_FORMAT_PROCESSOR_H
+#define RA_FORMAT_PROCESSOR_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "processor/RA_Processor.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Format_Processor : public RA_Processor
+{
+  public:
+	  TPS_PUBLIC RA_Format_Processor();
+	  TPS_PUBLIC ~RA_Format_Processor();
+  public:
+	  TPS_PUBLIC RA_Status Process(RA_Session *session, NameValueSet *extensions);
+};
+
+#endif /* RA_UPGRADE_PROCESSOR_H */
diff --git a/pki/base/tps/src/include/processor/RA_Pin_Reset_Processor.h b/pki/base/tps/src/include/processor/RA_Pin_Reset_Processor.h
new file mode 100644
index 000000000..a3d511865
--- /dev/null
+++ b/pki/base/tps/src/include/processor/RA_Pin_Reset_Processor.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_PIN_RESET_PROCESSOR_H
+#define RA_PIN_RESET_PROCESSOR_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "processor/RA_Processor.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Pin_Reset_Processor : public RA_Processor
+{
+  public:
+	  TPS_PUBLIC RA_Pin_Reset_Processor();
+	  TPS_PUBLIC ~RA_Pin_Reset_Processor();
+  public:
+	  TPS_PUBLIC RA_Status Process(RA_Session *session, NameValueSet *extensions);
+};
+
+#endif /* RA_PIN_RESET_PROCESSOR_H */
diff --git a/pki/base/tps/src/include/processor/RA_Processor.h b/pki/base/tps/src/include/processor/RA_Processor.h
new file mode 100644
index 000000000..7fbe46408
--- /dev/null
+++ b/pki/base/tps/src/include/processor/RA_Processor.h
@@ -0,0 +1,201 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_PROCESSOR_H
+#define RA_PROCESSOR_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Login.h"
+#include "main/SecureId.h"
+#include "main/RA_Session.h"
+#include "authentication/AuthParams.h"
+#include "apdu/APDU.h"
+#include "apdu/APDU_Response.h"
+#include "channel/Secure_Channel.h"
+
+enum RA_Status {
+    STATUS_NO_ERROR=0,
+    STATUS_ERROR_SNAC=1,
+    STATUS_ERROR_SEC_INIT_UPDATE=2,
+    STATUS_ERROR_CREATE_CARDMGR=3,
+    STATUS_ERROR_MAC_RESET_PIN_PDU=4,
+    STATUS_ERROR_MAC_CERT_PDU=5,
+    STATUS_ERROR_MAC_LIFESTYLE_PDU=6,
+    STATUS_ERROR_MAC_ENROLL_PDU=7,
+    STATUS_ERROR_READ_OBJECT_PDU=8,
+    STATUS_ERROR_BAD_STATUS=9,
+    STATUS_ERROR_CA_RESPONSE=10,
+    STATUS_ERROR_READ_BUFFER_OVERFLOW=11,
+    STATUS_ERROR_TOKEN_RESET_PIN_FAILED=12,
+    STATUS_ERROR_CONNECTION=13,
+    STATUS_ERROR_LOGIN=14,
+    STATUS_ERROR_DB=15,
+    STATUS_ERROR_TOKEN_DISABLED=16,
+    STATUS_ERROR_SECURE_CHANNEL=17,
+    STATUS_ERROR_MISCONFIGURATION=18,
+    STATUS_ERROR_UPGRADE_APPLET=19,
+    STATUS_ERROR_KEY_CHANGE_OVER=20,
+    STATUS_ERROR_EXTERNAL_AUTH=21,
+    STATUS_ERROR_DEFAULT_TOKENTYPE_NOT_FOUND=22,
+    STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND=23,
+    STATUS_ERROR_PUBLISH=24,
+    STATUS_ERROR_LDAP_CONN=25,
+    STATUS_ERROR_DISABLED_TOKEN=26,
+    STATUS_ERROR_NOT_PIN_RESETABLE=27,
+    STATUS_ERROR_CONN_LOST=28,
+    STATUS_ERROR_CREATE_TUS_TOKEN_ENTRY=29,
+    STATUS_ERROR_NO_SUCH_TOKEN_STATE=30,
+    STATUS_ERROR_NO_SUCH_LOST_REASON=31,
+    STATUS_ERROR_UNUSABLE_TOKEN_KEYCOMPROMISE=32,
+    STATUS_ERROR_INACTIVE_TOKEN_NOT_FOUND=33,
+    STATUS_ERROR_HAS_AT_LEAST_ONE_ACTIVE_TOKEN=34,
+    STATUS_ERROR_CONTACT_ADMIN=35,
+    STATUS_ERROR_RECOVERY_IS_PROCESSED=36,
+    STATUS_ERROR_RECOVERY_FAILED=37,
+    STATUS_ERROR_NO_OPERATION_ON_LOST_TOKEN=38,
+    STATUS_ERROR_KEY_ARCHIVE_OFF=39,
+    STATUS_ERROR_NO_TKS_CONNID=40,
+    STATUS_ERROR_UPDATE_TOKENDB_FAILED=41,
+    STATUS_ERROR_REVOKE_CERTIFICATES_FAILED=42,
+    STATUS_ERROR_NOT_TOKEN_OWNER=43
+};
+
+class RA_Processor
+{
+	public:
+		RA_Processor();
+		virtual ~RA_Processor();
+		virtual RA_Status Process(RA_Session *session, NameValueSet *extensions);
+		char *MapPattern(NameValueSet *nv, char *pattern);
+
+		int InitializeUpdate(RA_Session *session,
+				BYTE key_version, BYTE key_index,
+				Buffer &key_diversification_data,
+				Buffer &key_info_data,
+				Buffer &card_challenge,
+				Buffer &card_cryptogram,
+				Buffer &host_challenge);
+
+		int CreatePin(RA_Session *session, BYTE pin_number, BYTE max_retries, char *pin);
+
+		int IsPinPresent(RA_Session *session,BYTE pin_number);
+
+		AuthParams *RequestLogin(RA_Session *session, int invalid_pw, int blocked);
+		AuthParams *RequestExtendedLogin(RA_Session *session, int invalid_pw, int blocked, char **parameters, int len, char *title, char *description);
+
+		void StatusUpdate(RA_Session *session, NameValueSet *extensions, int status, const char *info);
+		void StatusUpdate(RA_Session *session, int status, const char *info);
+
+		Buffer *GetAppletVersion(RA_Session *session);
+
+		Secure_Channel *SetupSecureChannel(RA_Session *session, BYTE key_version, BYTE key_index, const char *connId);
+		Secure_Channel *SetupSecureChannel(RA_Session *session,
+				BYTE key_version, BYTE key_index, SecurityLevel security_level, const char *connId);
+
+		SecureId *RequestSecureId(RA_Session *session);
+
+		char *RequestNewPin(RA_Session *session, unsigned int min_len, unsigned int max_len);
+
+		char *RequestASQ(RA_Session *session, char *question);
+
+		int EncryptData(Buffer &cuid, Buffer &versionID, Buffer &in, Buffer &out, const char *connid);
+
+		int CreateKeySetData(
+			Buffer &cuid, 
+			Buffer &versionID, 
+			Buffer &NewMasterVer, 
+			Buffer &out, 
+			const char *connid);
+
+		bool GetTokenType(
+			const char *prefix, 
+			int major_version, int minor_version, 
+			const char *cuid, const char *msn, 
+			NameValueSet *extensions,
+			RA_Status &o_status,
+			const char *&o_tokenType);
+
+		Buffer *ListObjects(RA_Session *session, BYTE seq);
+
+		Buffer *GetStatus(RA_Session *session, BYTE p1, BYTE p2);
+
+		Buffer *GetData(RA_Session *session);
+
+		int SelectApplet(RA_Session *session, BYTE p1, BYTE p2, Buffer *aid);
+
+		int UpgradeApplet(
+				RA_Session *session, 
+                char *prefix,
+                char *tokenType,
+				BYTE major_version, BYTE minor_version, 
+				const char *new_version, 
+				const char *applet_dir, 
+				SecurityLevel security_level, 
+				const char *connid, 
+				NameValueSet *extensions,
+				int start_progress, int end_progress);
+
+		int UpgradeKey(RA_Session *session, BYTE major_version, BYTE minor_version, int new_version);
+
+		int SelectCardManager(RA_Session *session, char *prefix, char *tokenType);
+
+		int FormatMuscleApplet(
+				RA_Session *session,
+				unsigned short memSize,
+				Buffer &PIN0, BYTE pin0Tries,
+				Buffer &unblockPIN0, BYTE unblock0Tries,
+				Buffer &PIN1, BYTE pin1Tries,
+				Buffer &unblockPIN1, BYTE unblock1Tries,
+				unsigned short objCreationPermissions,
+				unsigned short keyCreationPermissions,
+				unsigned short pinCreationPermissions);
+
+		Secure_Channel *GenerateSecureChannel(
+				RA_Session *session, const char *connid,
+				Buffer &card_diversification_data,
+				Buffer &card_key_data,
+				Buffer &card_challenge,
+				Buffer &card_cryptogram,
+				Buffer &host_challenge);
+                AuthenticationEntry *GetAuthenticationEntry(
+                                const char * a_prefix,
+                                const char * a_configname,
+                                const char * a_tokenType);
+
+	protected:
+		int IsTokenDisabledByTus(Secure_Channel *channel);
+};
+
+#endif /* RA_PROCESSOR_H */
diff --git a/pki/base/tps/src/include/processor/RA_Renew_Processor.h b/pki/base/tps/src/include/processor/RA_Renew_Processor.h
new file mode 100644
index 000000000..bb8710a74
--- /dev/null
+++ b/pki/base/tps/src/include/processor/RA_Renew_Processor.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_RENEW_PROCESSOR_H
+#define RA_RENEW_PROCESSOR_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "processor/RA_Processor.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Renew_Processor : public RA_Processor
+{
+  public:
+	  TPS_PUBLIC RA_Renew_Processor();
+	  TPS_PUBLIC ~RA_Renew_Processor();
+  public:
+	  TPS_PUBLIC RA_Status Process(RA_Session *session, NameValueSet *extensions);
+};
+
+#endif /* RA_RENEW_PROCESSOR_H */
diff --git a/pki/base/tps/src/include/processor/RA_Unblock_Processor.h b/pki/base/tps/src/include/processor/RA_Unblock_Processor.h
new file mode 100644
index 000000000..ae28ea593
--- /dev/null
+++ b/pki/base/tps/src/include/processor/RA_Unblock_Processor.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_UNBLOCK_PROCESSOR_H
+#define RA_UNBLOCK_PROCESSOR_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "processor/RA_Processor.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Unblock_Processor : public RA_Processor
+{
+  public:
+	  TPS_PUBLIC RA_Unblock_Processor();
+	  TPS_PUBLIC ~RA_Unblock_Processor();
+  public:
+	  TPS_PUBLIC RA_Status Process(RA_Session *session, NameValueSet *extensions);
+};
+
+#endif /* RA_UNBLOCK_PROCESSOR_H */
diff --git a/pki/base/tps/src/include/publisher/IConnector.h b/pki/base/tps/src/include/publisher/IConnector.h
new file mode 100644
index 000000000..9a5caa70e
--- /dev/null
+++ b/pki/base/tps/src/include/publisher/IConnector.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef __ICONNECTOR_H__
+#define __ICONNECTOR_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#if !defined (I_CONNECTOR_H)
+#define I_CONNECTOR_H 
+
+#include "IPublish_Data.h"
+class IConnector
+{
+public:
+
+    virtual ~IConnector() {};
+    virtual int init() = 0;
+    virtual void shutdown() = 0;
+    virtual int send_msg(IPublish_Data *data) =0;
+
+};
+
+#endif
+
+#endif /* __ICONNECTOR_H__ */
+
diff --git a/pki/base/tps/src/include/publisher/IPublish_Data.h b/pki/base/tps/src/include/publisher/IPublish_Data.h
new file mode 100644
index 000000000..50b7e3247
--- /dev/null
+++ b/pki/base/tps/src/include/publisher/IPublish_Data.h
@@ -0,0 +1,56 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef __IPUBLISH_DATA_H__
+#define __IPUBLISH_DATA_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#if !defined (IPUBLISH_DATA_H)
+#define IPUBLISH_DATA_H 
+
+
+
+class IPublish_Data 
+{
+public:
+
+   virtual void Reset() = 0;
+
+};
+
+#endif
+
+#endif /* __IPUBLISH_DATA_H__ */
+
diff --git a/pki/base/tps/src/include/publisher/IPublisher.h b/pki/base/tps/src/include/publisher/IPublisher.h
new file mode 100644
index 000000000..56a1b7357
--- /dev/null
+++ b/pki/base/tps/src/include/publisher/IPublisher.h
@@ -0,0 +1,74 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef __IPUBLISHER_H__
+#define __IPUBLISHER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#if !defined (IPUBLISHER_H)
+
+#define IPUBLISHER_H 
+
+#include "IConnector.h"
+
+class IPublisher
+{
+
+public:
+
+  virtual ~IPublisher() {
+      if( m_connector != NULL ) {
+          delete m_connector;
+          m_connector = NULL;
+      }
+  };
+  virtual int init(void) = 0;
+
+  virtual int publish(unsigned char *cuid, int cuid_len,long key_type,unsigned char * public_key,int public_key_len,
+                     unsigned long cert_activate_date,unsigned long  cert_expire_date,unsigned long applet_version,unsigned long applet_version_date)= 0;
+
+  IConnector *getConnector() { return m_connector;}
+
+protected:
+
+   IConnector * m_connector;
+
+
+};
+
+#endif
+
+#endif /* __IPUBLISHER_H__ */
+
diff --git a/pki/base/tps/src/include/publisher/NetkeyPublisher.h b/pki/base/tps/src/include/publisher/NetkeyPublisher.h
new file mode 100644
index 000000000..05cf4d191
--- /dev/null
+++ b/pki/base/tps/src/include/publisher/NetkeyPublisher.h
@@ -0,0 +1,74 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef __NETKEY_PUBLISHER_H__
+#define __NETKEY_PUBLISHER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#if !defined (NETKEY_PUBLISHER_H)
+#define NETKEY_PUBLISHER_H
+
+#include "IPublisher.h"
+class IPublisher;
+class NetkeyPublisher : public IPublisher
+{
+
+public:
+
+
+  NetkeyPublisher();
+  ~NetkeyPublisher();
+
+  int init(void) ;
+
+  int publish(unsigned char *cuid, int cuid_len,long key_type,unsigned char * public_key,int public_key_len,
+                      unsigned long cert_activate_date,unsigned long  cert_expire_date,unsigned long applet_version,unsigned long applet_version_date);
+
+
+  static  pthread_mutex_t mutex;
+
+
+};
+
+extern "C"
+{
+    IPublisher *GetIPublisher();
+
+};
+
+#endif
+
+#endif /* __NETKEY_PUBLISHER_H__ */
+
diff --git a/pki/base/tps/src/include/service/NK_Context.h b/pki/base/tps/src/include/service/NK_Context.h
new file mode 100644
index 000000000..e5ed59992
--- /dev/null
+++ b/pki/base/tps/src/include/service/NK_Context.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef NK_CONTEXT_H
+#define NK_CONTEXT_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Context.h"
+
+class NK_Context : public RA_Context
+{
+  public:
+	  NK_Context(pblock *pb, Session *sn, Request *rq);
+	  virtual ~NK_Context();
+  public:
+          virtual void LogError(const char *func, int line, const char *fmt,...);
+          virtual void LogInfo(const char *func, int line, const char *fmt,...);
+          virtual void InitializationError(const char *func, int line);
+  private:
+	  pblock *m_pb;
+	  Session *m_sn;
+	  Request *m_rq;
+};
+
+#endif /* NK_CONTEXT_H */
diff --git a/pki/base/tps/src/include/service/NK_Session.h b/pki/base/tps/src/include/service/NK_Session.h
new file mode 100644
index 000000000..55cd19439
--- /dev/null
+++ b/pki/base/tps/src/include/service/NK_Session.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef NK_SESSION_H
+#define NK_SESSION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Session.h"
+
+class NK_Session : public RA_Session
+{
+  public:
+	  NK_Session(pblock *pb, Session *sn, Request *rq);
+	  virtual ~NK_Session();
+  public:
+	  virtual char *GetRemoteIP();
+      virtual RA_pblock *create_pblock( char *data );
+	  virtual RA_Msg *ReadMsg();
+	  virtual void WriteMsg(RA_Msg *msg);
+  private:
+	  pblock *m_pb;
+	  Session *m_sn;
+	  Request *m_rq;
+};
+
+#endif /* NK_SESSION_H */
diff --git a/pki/base/tps/src/include/tus/tus_db.h b/pki/base/tps/src/include/tus/tus_db.h
new file mode 100644
index 000000000..092b16a51
--- /dev/null
+++ b/pki/base/tps/src/include/tus/tus_db.h
@@ -0,0 +1,229 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef TUS_DB_H
+#define TUS_DB_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#include "ldap.h"
+#include "ldap_ssl.h"
+#include "pk11func.h"
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "base64.h"
+#include "nssb64.h"
+#include "prlock.h"
+
+#define I_TOKEN_ID          0
+#define TOKEN_ID            "cn"
+#define I_TOKEN_USER        1
+#define TOKEN_USER          "tokenUserID"
+#define I_TOKEN_STATUS      2
+#define TOKEN_STATUS        "tokenStatus"
+#define I_TOKEN_APPLET      3
+#define TOKEN_APPLET        "tokenAppletID"
+#define I_TOKEN_KEY_INFO    4
+#define TOKEN_KEY_INFO      "keyInfo"
+#define I_TOKEN_MODS        5
+#define TOKEN_MODS          "modified"
+#define I_TOKEN_C_DATE      6
+#define TOKEN_C_DATE        "dateOfCreate"
+#define I_TOKEN_M_DATE      7
+#define TOKEN_M_DATE        "dateOfModify"
+#define I_TOKEN_RESETS      8
+#define TOKEN_RESETS        "numberOfResets"
+#define I_TOKEN_ENROLLMENTS 9
+#define TOKEN_ENROLLMENTS   "numberOfEnrollments"
+#define I_TOKEN_RENEWALS    10
+#define TOKEN_RENEWALS      "numberOfRenewals"
+#define I_TOKEN_RECOVERIES  11
+#define TOKEN_RECOVERIES    "numberOfRecoveries"
+#define I_TOKEN_POLICY  12
+#define TOKEN_POLICY    "tokenPolicy"
+
+#define I_TOKEN_CUID         13
+#define TOKEN_CUID           "tokenID"
+#define I_TOKEN_OP           14
+#define TOKEN_OP             "tokenOp"
+#define I_TOKEN_MSG          15
+#define TOKEN_MSG            "tokenMsg"
+#define I_TOKEN_RESULT          16
+#define TOKEN_RESULT            "tokenResult"
+#define I_TOKEN_IP          17
+#define TOKEN_IP            "tokenIP"
+#define I_TOKEN_CERT         18
+#define TOKEN_CERT           "userCertificate"
+#define I_TOKEN_SUBJECT      19
+#define TOKEN_SUBJECT         "tokenSubject"
+#define I_TOKEN_ISSUER       20 
+#define TOKEN_ISSUER         "tokenIssuer"
+#define I_TOKEN_ORIGIN       21 
+#define TOKEN_ORIGIN         "tokenOrigin"
+#define I_TOKEN_SERIAL       22 
+#define TOKEN_SERIAL         "tokenSerial"
+#define I_TOKEN_TYPE       23 
+#define TOKEN_TYPE         "tokenType"
+#define I_TOKEN_KEY_TYPE       24 
+#define TOKEN_KEY_TYPE         "tokenKeyType"
+#define I_TOKEN_REASON       13 
+#define TOKEN_REASON         "tokenReason"
+#define I_TOKEN_NOT_BEFORE       26 
+#define TOKEN_NOT_BEFORE         "tokenNotBefore"
+#define I_TOKEN_NOT_AFTER       27 
+#define TOKEN_NOT_AFTER         "tokenNotAfter"
+ 
+#define I_STATE_UNINITIALIZED 0
+#define STATE_UNINITIALIZED   "uninitialized"
+#define I_STATE_ACTIVE      1
+#define STATE_ACTIVE        "active"
+#define I_STATE_DISABLED    2
+#define STATE_DISABLED      "disabled"
+
+#define MAX_RETRIES         2
+
+TPS_PUBLIC void set_tus_db_port(int number);
+TPS_PUBLIC void set_tus_db_host(char *name);
+TPS_PUBLIC void set_tus_db_baseDN(char *dn);
+TPS_PUBLIC void set_tus_db_bindDN(char *dn);
+TPS_PUBLIC void set_tus_db_bindPass(char *p);
+
+TPS_PUBLIC int is_tus_db_initialized();
+TPS_PUBLIC int get_tus_db_config(char *name);
+TPS_PUBLIC int tus_db_init(char **errorMsg);
+TPS_PUBLIC int allow_token_reenroll(char *cn);
+TPS_PUBLIC int is_token_pin_resetable(char *cn);
+TPS_PUBLIC int is_update_pin_resetable_policy(char *cn);
+TPS_PUBLIC int is_token_present(char *cn);
+TPS_PUBLIC int update_token_policy (char *cn, char *policy);
+TPS_PUBLIC char *get_token_policy (char *cn);
+TPS_PUBLIC char *get_token_userid(char *cn);
+TPS_PUBLIC void tus_db_end();
+TPS_PUBLIC int is_tus_db_entry_disabled(char *cn);
+TPS_PUBLIC int add_default_tus_db_entry (const char *uid, const char *agentid, char *cn, const char *status, char *applet_version, char *key_info );
+TPS_PUBLIC int delete_tus_db_entry (char *userid, char *cn);
+TPS_PUBLIC int find_tus_db_entry (char *cn, int max, LDAPMessage **result);
+TPS_PUBLIC int find_tus_db_entries (const char *filter, int max, LDAPMessage **result);
+TPS_PUBLIC int find_tus_token_entries (char *filter, int max, LDAPMessage **result, int order);
+TPS_PUBLIC int find_tus_token_entries_no_vlv (char *filter, LDAPMessage **result, int order);
+TPS_PUBLIC int tus_has_active_tokens(char *userid);
+TPS_PUBLIC char *get_token_reason(LDAPMessage *e);
+
+TPS_PUBLIC int update_tus_db_entry (const char *agentid,
+                        char *cn, const char *uid, char *keyInfo,
+                        const char *status,
+                        char *applet_version, const char *reason);
+TPS_PUBLIC int update_tus_db_entry_with_mods (const char *agentid, const char *cn, LDAPMod **mods);
+TPS_PUBLIC int check_and_modify_tus_db_entry (char *userid, char *cn, char *check, LDAPMod **mods);
+TPS_PUBLIC int modify_tus_db_entry (char *userid, char *cn, LDAPMod **mods);
+TPS_PUBLIC int add_activity (char *ip, char *id, const char *op, const char *result, const char *msg, const char *userid);
+TPS_PUBLIC int find_tus_certificate_entries_by_order_no_vlv (char *filter,
+  LDAPMessage **result, int order);
+TPS_PUBLIC int find_tus_certificate_entries_by_order (char *filter, int max,
+  LDAPMessage **result, int order);
+TPS_PUBLIC int add_certificate (char *tokenid, char *origin, char *tokenType, char *userid, CERTCertificate *certificate, char *ktype, const char *status);
+TPS_PUBLIC int add_tus_db_entry (char *cn, LDAPMod **mods);
+TPS_PUBLIC int add_new_tus_db_entry (const char *userid, char *cn, const char *uid, int flag, const char *status, char *applet_version, char *key_info);
+TPS_PUBLIC int find_tus_activity_entries (char *filter, int max, LDAPMessage **result);
+TPS_PUBLIC int find_tus_activity_entries_no_vlv (char *filter, LDAPMessage **result, int order);
+TPS_PUBLIC int get_number_of_entries (LDAPMessage *result);
+TPS_PUBLIC int free_results (LDAPMessage *results);
+
+TPS_PUBLIC LDAPMessage *get_first_entry (LDAPMessage *result);
+TPS_PUBLIC LDAPMessage *get_next_entry (LDAPMessage *entry);
+TPS_PUBLIC CERTCertificate **get_certificates(LDAPMessage *entry);
+
+TPS_PUBLIC char **get_token_states();
+TPS_PUBLIC char **get_token_attributes();
+TPS_PUBLIC char **get_activity_attributes();
+TPS_PUBLIC char **get_attribute_values(LDAPMessage *entry, const char *attribute);
+TPS_PUBLIC void free_values(char **values, int ldapValues);
+TPS_PUBLIC char **get_token_users(LDAPMessage *entry);
+TPS_PUBLIC char *get_token_id(LDAPMessage *entry);
+TPS_PUBLIC char *get_cert_tokenType(LDAPMessage *entry);
+TPS_PUBLIC char *get_token_status(LDAPMessage *entry);
+TPS_PUBLIC char *get_cert_cn(LDAPMessage *entry);
+TPS_PUBLIC char *get_cert_status(LDAPMessage *entry);
+TPS_PUBLIC char *get_cert_type(LDAPMessage *entry);
+TPS_PUBLIC char *get_cert_serial(LDAPMessage *entry);
+TPS_PUBLIC char *get_cert_issuer(LDAPMessage *entry);
+TPS_PUBLIC char *get_cert_attr_byname(LDAPMessage *entry, char *name);
+TPS_PUBLIC char *get_applet_id(LDAPMessage *entry);
+TPS_PUBLIC char *get_key_info(LDAPMessage *entry);
+TPS_PUBLIC char *get_creation_date(LDAPMessage *entry);
+TPS_PUBLIC char *get_modification_date(LDAPMessage *entry);
+TPS_PUBLIC char *get_policy_name();
+TPS_PUBLIC char *get_reason_name();
+int find_tus_certificate_entries (char *filter, int max, LDAPMessage **result);
+TPS_PUBLIC char **get_certificate_attributes();
+
+TPS_PUBLIC int get_number_of_modifications(LDAPMessage *entry);
+TPS_PUBLIC int get_number_of_resets(LDAPMessage *entry);
+TPS_PUBLIC int get_number_of_enrollments(LDAPMessage *entry);
+TPS_PUBLIC int get_number_of_renewals(LDAPMessage *entry);
+TPS_PUBLIC int get_number_of_recoveries(LDAPMessage *entry);
+
+TPS_PUBLIC char *get_token_users_name();
+TPS_PUBLIC char *get_token_id_name();
+TPS_PUBLIC char *get_token_status_name();
+TPS_PUBLIC char *get_applet_id_name();
+TPS_PUBLIC char *get_key_info_name();
+TPS_PUBLIC char *get_creation_date_name();
+TPS_PUBLIC char *get_modification_date_name();
+TPS_PUBLIC char *get_number_of_modifications_name();
+TPS_PUBLIC char *get_number_of_resets_name();
+TPS_PUBLIC char *get_number_of_enrollments_name();
+TPS_PUBLIC char *get_number_of_renewals_name();
+TPS_PUBLIC char *get_number_of_recoveries_name();
+
+TPS_PUBLIC LDAPMod **allocate_modifications(int size);
+TPS_PUBLIC void free_modifications(LDAPMod **mods, int ldapValues);
+TPS_PUBLIC char **allocate_values(int size, int extra);
+TPS_PUBLIC char **create_modification_date_change();
+TPS_PUBLIC int base64_decode(char *src, unsigned char *dst);
+TPS_PUBLIC char *tus_authenticate(char *cert);
+TPS_PUBLIC int tus_authorize(const char *group, const char *userid);
+TPS_PUBLIC int update_cert_status(char *cn, const char *status);
+TPS_PUBLIC int update_token_status_reason(char *userid, char *cuid, 
+  const char *tokenStatus, const char *reason);
+TPS_PUBLIC int update_token_status_reason_userid(const char *userid, char *cuid,
+  const char *tokenStatus, const char *reason, int modifyDateOfCreate);
+
+#endif /* TUS_DB_H */
diff --git a/pki/base/tps/src/main/AttributeSpec.cpp b/pki/base/tps/src/main/AttributeSpec.cpp
new file mode 100644
index 000000000..23c2cd978
--- /dev/null
+++ b/pki/base/tps/src/main/AttributeSpec.cpp
@@ -0,0 +1,115 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <string.h>
+#include "prmem.h"
+#include "pk11func.h"
+#include "main/Buffer.h"
+#include "main/AttributeSpec.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+AttributeSpec::AttributeSpec ()
+{
+}
+
+AttributeSpec::~AttributeSpec ()
+{
+}
+
+AttributeSpec *AttributeSpec::Parse(Buffer *b, int offset)
+{
+	AttributeSpec *o = new AttributeSpec();
+	unsigned long id = (((unsigned char *)*b)[offset+0] << 24) + 
+		(((unsigned char *)*b)[offset+1] << 16) + 
+		(((unsigned char *)*b)[offset+2] << 8) + 
+		(((unsigned char *)*b)[offset+3]);
+	o->SetAttributeID(id);
+	// The following line generates the following known benign warning
+	// message on Windows platforms:
+	//
+	//    AttributeSpec.cpp(40) : warning C4244: 'argument' : conversion
+	//    from 'unsigned long' to 'unsigned char', possible loss of data
+	//
+	o->SetType((unsigned long)(((unsigned char *)*b)[offset+4]));
+	// DatatypeString contains two bytes for AttributeLen of AttributeData
+	Buffer data;
+	if (o->GetType() == (BYTE) 0)
+            data = b->substr(offset+5+2, b->size() - 5-2);
+	else
+            data = b->substr(offset+5, b->size() - 5);
+
+	o->SetData(data);
+        return o;
+}
+
+void AttributeSpec::SetAttributeID(unsigned long v)
+{
+	m_id = v;
+}
+
+unsigned long AttributeSpec::GetAttributeID()
+{
+	return m_id;
+}
+
+void AttributeSpec::SetType(BYTE v)
+{
+	m_type = v;
+}
+
+BYTE AttributeSpec::GetType()
+{
+	return m_type;
+}
+
+// sets AttributeData (for string type, contains AttributeLen+AttributeValue)
+void AttributeSpec::SetData(Buffer data)
+{
+	m_data = data;
+}
+
+// gets AttributeData
+Buffer AttributeSpec::GetValue()
+{
+  return m_data;
+}
+
+// gets AttributeSpec
+Buffer AttributeSpec::GetData()
+{
+	Buffer data = Buffer();
+	data += Buffer(1, (BYTE)(m_id >> 24) & 0xff);
+	data += Buffer(1, (BYTE)(m_id >> 16) & 0xff);
+	data += Buffer(1, (BYTE)(m_id >>  8) & 0xff);
+	data += Buffer(1, (BYTE)m_id & 0xff);
+	data += Buffer(1, m_type);
+	if (m_type == 0) { /* String */
+		data += Buffer(1, (m_data.size() >> 8) & 0xff);
+		data += Buffer(1, m_data.size() & 0xff);
+	}
+	data += m_data;
+	return data;
+}
+
diff --git a/pki/base/tps/src/main/AuthParams.cpp b/pki/base/tps/src/main/AuthParams.cpp
new file mode 100644
index 000000000..3a124252e
--- /dev/null
+++ b/pki/base/tps/src/main/AuthParams.cpp
@@ -0,0 +1,72 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "authentication/AuthParams.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+TPS_PUBLIC AuthParams::AuthParams () {
+}
+
+/**
+ * Destructs processor.
+ */
+AuthParams::~AuthParams () {
+}
+
+TPS_PUBLIC void AuthParams::SetUID(char *uid) {
+    Add("UID", uid);
+}
+
+TPS_PUBLIC char *AuthParams::GetUID() {
+    return GetValue("UID");
+}
+
+TPS_PUBLIC void AuthParams::SetPassword(char *pwd) {
+    Add("PASSWORD", pwd);
+}
+
+TPS_PUBLIC char *AuthParams::GetPassword() {
+    return GetValue("PASSWORD");
+}
+
+void AuthParams::SetSecuridValue(char *securidValue) {
+    Add("SECURID_VALUE", securidValue);
+}
+
+TPS_PUBLIC char *AuthParams::GetSecuridValue() {
+    return GetValue("SECURID_VALUE");
+}
+
+void AuthParams::SetSecuridPin(char *securidPin) {
+    Add("SECURID_PIN", securidPin);
+}
+
+TPS_PUBLIC char *AuthParams::GetSecuridPin() {
+    return GetValue("SECURID_PIN");
+}
+
diff --git a/pki/base/tps/src/main/Authentication.cpp b/pki/base/tps/src/main/Authentication.cpp
new file mode 100644
index 000000000..34ab76f0a
--- /dev/null
+++ b/pki/base/tps/src/main/Authentication.cpp
@@ -0,0 +1,105 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <math.h>
+#include "main/RA_Session.h"
+#include "main/Login.h"
+#include "main/SecureId.h"
+#include "main/Util.h"
+#include "main/Memory.h"
+#include "authentication/Authentication.h"
+#include "authentication/AuthParams.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a base authentication
+ */
+TPS_PUBLIC Authentication::Authentication ()
+{
+}
+
+/**
+ * Destructs processor.
+ */
+TPS_PUBLIC Authentication::~Authentication ()
+{
+}
+
+void Authentication::Initialize(int index)
+{
+}
+
+int Authentication::Authenticate(AuthParams *params)
+{
+    return -1;
+}
+
+int Authentication::GetNumOfRetries() {
+    return m_retries;
+}
+
+const char *Authentication::GetTitle(char *locale)
+{
+    return NULL;
+}
+                                                                                
+const char *Authentication::GetDescription(char *locale)
+{
+    return NULL;
+}
+
+int Authentication::GetNumOfParamNames()
+{
+    return 0;
+}
+
+char *Authentication::GetParamID(int index)
+{
+    return NULL;
+}
+
+const char *Authentication::GetParamName(int index, char *locale)
+{
+    return NULL;
+}
+
+char *Authentication::GetParamType(int index)
+{
+    return NULL;
+}
+
+const char *Authentication::GetParamDescription(int index, char *locale)
+{
+    return NULL;
+}
+
+char *Authentication::GetParamOption(int index)
+{
+    return NULL;
+}
+
diff --git a/pki/base/tps/src/main/AuthenticationEntry.cpp b/pki/base/tps/src/main/AuthenticationEntry.cpp
new file mode 100644
index 000000000..eb7f75419
--- /dev/null
+++ b/pki/base/tps/src/main/AuthenticationEntry.cpp
@@ -0,0 +1,91 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "plstr.h"
+#include "main/AuthenticationEntry.h"
+
+/**
+ * Constructs a base authentication
+ */
+AuthenticationEntry::AuthenticationEntry ()
+{
+    m_lib = NULL;
+    m_Id = NULL;
+    m_type = NULL; 
+    m_authentication = NULL;
+}
+
+/**
+ * Destructs processor.
+ */
+AuthenticationEntry::~AuthenticationEntry ()
+{
+    if (m_lib != NULL) {
+        PR_UnloadLibrary(m_lib);
+        m_lib = NULL; 
+    }
+
+    if( m_Id != NULL ) {
+        PL_strfree( m_Id ); 
+        m_Id = NULL; 
+    }
+
+    if( m_type != NULL ) {
+        PL_strfree( m_type ); 
+        m_type = NULL; 
+    }
+
+    m_authentication = NULL;
+}
+
+void AuthenticationEntry::SetLibrary(PRLibrary* lib) {
+    m_lib = lib;
+}
+
+PRLibrary *AuthenticationEntry::GetLibrary() {
+    return m_lib;
+}
+
+void AuthenticationEntry::SetId(const char *id) {
+    m_Id = PL_strdup(id);
+}
+
+char *AuthenticationEntry::GetId() {
+    return m_Id;
+}
+
+void AuthenticationEntry::SetAuthentication(Authentication *auth) {
+    m_authentication = auth;
+}
+
+Authentication *AuthenticationEntry::GetAuthentication() {
+    return m_authentication;
+}
+
+void AuthenticationEntry::SetType(const char *type) {
+    m_type = PL_strdup(type);
+}
+
+char *AuthenticationEntry::GetType() {
+    return m_type;
+}
diff --git a/pki/base/tps/src/main/Buffer.cpp b/pki/base/tps/src/main/Buffer.cpp
new file mode 100644
index 000000000..2a547feea
--- /dev/null
+++ b/pki/base/tps/src/main/Buffer.cpp
@@ -0,0 +1,243 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <memory.h>
+#include <assert.h>
+#include <stdio.h>
+
+#include "main/Buffer.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+TPS_PUBLIC Buffer::Buffer(const BYTE *buf_, unsigned int len_) : len(len_), res(len_)
+{
+    buf = new BYTE[len];
+    memcpy(buf, buf_, len);
+}
+
+TPS_PUBLIC Buffer::Buffer(const Buffer& cpy)
+{
+    buf = 0;
+    *this = cpy;
+}
+
+TPS_PUBLIC Buffer::Buffer(unsigned int len_) : len(len_), res(len_)
+{
+    buf = new BYTE[res];
+    memset(buf, 0, len_);
+}
+
+TPS_PUBLIC Buffer::Buffer(unsigned int len_, BYTE b) : len(len_), res(len_)
+{
+    if (len_ == 0) {
+      buf = NULL;
+    } else {
+      buf = new BYTE[res];
+      memset(buf, b, len);
+    }
+}
+
+TPS_PUBLIC Buffer::~Buffer()
+{
+    if( buf != NULL ) {
+        delete [] buf;
+        buf = NULL;
+    }
+}
+
+TPS_PUBLIC bool
+Buffer::operator==(const Buffer& cmp) const
+{
+    if( len != cmp.len ) return false;
+    for( unsigned int i=0; i < len; ++i ) {
+        if( buf[i] != cmp.buf[i] ) {
+            return false;
+        }
+    }
+    return true;
+}
+
+TPS_PUBLIC Buffer&
+Buffer::operator=(const Buffer& cpy)
+{
+    if( this == &cpy ) return *this;
+    len = cpy.len;
+    if( buf != NULL ) {
+        delete [] buf;
+        buf = NULL;
+    }
+    if (cpy.len == 0) {
+      buf = NULL;
+    } else {
+      buf = new BYTE[len];
+      memcpy(buf, cpy.buf, len);
+    }
+    res = len;
+
+    return *this;
+}
+
+TPS_PUBLIC void
+Buffer::zeroize()
+{
+    if( len > 0 ) {
+        memset( buf, 0, len );
+    }
+}
+
+TPS_PUBLIC Buffer
+Buffer::operator+(const Buffer& addend) const
+{
+    Buffer result(len + addend.len);
+    memcpy(result.buf, buf, len);
+    memcpy(result.buf+len, addend.buf, addend.len);
+    return result;
+}
+
+TPS_PUBLIC Buffer&
+Buffer::operator+=(const Buffer& addend)
+{
+    unsigned int oldLen = len;
+    resize(len + addend.len);
+    memcpy(buf+oldLen, addend.buf, addend.len);
+    return *this;
+}
+
+TPS_PUBLIC Buffer&
+Buffer::operator+=(BYTE b)
+{
+    resize(len+1);
+    buf[len-1] = b;
+    return *this;
+}
+
+TPS_PUBLIC void
+Buffer::reserve(unsigned int n)
+{
+    if( n > res ) {
+        BYTE *newBuf = new BYTE[n];
+        memcpy(newBuf, buf, len);
+        if( buf != NULL ) {
+            delete [] buf;
+            buf = NULL;
+        }
+        buf = newBuf;
+        res = n;
+    }
+}
+
+TPS_PUBLIC void
+Buffer::resize(unsigned int newLen)
+{
+    if( newLen == len ) {
+        return;
+    } else if( newLen < len ) {
+        len = newLen;
+    } else if( newLen <= res ) {
+        assert( newLen > len );
+        memset(buf+len, 0, newLen-len);
+        len = newLen;
+    } else {
+        assert( newLen > len && newLen > res );
+        BYTE *newBuf = new BYTE[newLen];
+        memcpy(newBuf, buf, len);
+        memset(newBuf+len, 0, newLen-len);
+        if( buf != NULL ) {
+            delete [] buf;
+            buf = NULL;
+        }
+        buf = newBuf;
+        len = newLen;
+        res = newLen;
+    }
+}
+
+TPS_PUBLIC Buffer
+Buffer::substr(unsigned int i, unsigned int n) const
+{
+    assert( i < len  && (i+n) <= len );
+    return Buffer( buf+i, n );
+}
+
+TPS_PUBLIC void
+Buffer::replace(unsigned int i, const BYTE* cpy, unsigned int n)
+{
+    if (len > i+n) {
+    resize( len);
+    }else {
+    resize( i+n );
+    }
+    memcpy(buf+i, cpy, n);
+}
+
+TPS_PUBLIC void
+Buffer::dump() const
+{
+    unsigned int i;
+
+    for( i=0; i < len; ++i ) {
+        printf("%02x ", buf[i]);
+        if( i % 16 == 15 )  printf("\n");
+    }
+    printf("\n");
+}
+
+/*
+ * if caller knows it's a string, pad with ending 0 and return.
+ * note:
+ *   It is the caller's responsibility to make sure it's a string.
+ *   Memory needs to be released by the caller.
+ */
+TPS_PUBLIC char *
+Buffer::string()
+{
+    unsigned int i;
+    char *s = (char *) PR_Malloc(len+1);
+    for (i = 0; i < len; i++) {
+      s[i] = buf[i];
+    }
+    s[i] = '\0';
+    return s;
+}
+
+TPS_PUBLIC char *
+Buffer::toHex()
+{
+    unsigned int i;
+
+    char *hx =  (char *)PR_Malloc(1024);
+    if (hx == NULL)
+	    return NULL;
+    for( i=0; i < len; ++i ) {
+      PR_snprintf(hx+(i*2),1024-(i*2),"%02x", (unsigned char)buf[i]);
+    }
+
+    return hx;
+}
+
+static const char hextbl[] = {
+    '0', '1', '2', '3', '4', '5', '6', '7',
+    '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'
+};
diff --git a/pki/base/tps/src/main/ConfigStore.cpp b/pki/base/tps/src/main/ConfigStore.cpp
new file mode 100644
index 000000000..26e74852f
--- /dev/null
+++ b/pki/base/tps/src/main/ConfigStore.cpp
@@ -0,0 +1,553 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "prmem.h"
+#include "prsystem.h"
+#include "plstr.h"
+#include "prio.h"
+#include "prprf.h"
+#include "main/ConfigStore.h"
+#include "main/Memory.h"
+#include "main/Util.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#ifdef XP_WIN32
+#define TOKENDB_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TOKENDB_PUBLIC
+#endif /* !XP_WIN32 */
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+static PR_CALLBACK void*
+_AllocTable(void* pool, PRSize size)
+{
+    return PR_MALLOC(size);
+}
+
+static PR_CALLBACK void
+_FreeTable(void* pool, void* item)
+{
+    PR_DELETE(item);
+}
+
+static PR_CALLBACK PLHashEntry*
+_AllocEntry(void* pool, const void* key)
+{
+    return PR_NEW(PLHashEntry);
+}
+
+static PR_CALLBACK void
+_FreeEntry(void* pool, PLHashEntry* he, PRUintn flag)
+{
+    if( he == NULL ) {
+        return;
+    }
+
+    if (flag == HT_FREE_VALUE) {
+        if( he->value != NULL ) {
+            PL_strfree( (char*) he->value );
+            he->value = NULL;
+        }
+    } else if (flag == HT_FREE_ENTRY) {
+        if( he->key != NULL ) {
+            PL_strfree( (char*) he->key );
+            he->key = NULL;
+        }
+        if( he->value != NULL ) {
+            PL_strfree( (char*) he->value );
+            he->value = NULL;
+        }
+        PR_DELETE(he);
+    }
+}
+
+static PLHashAllocOps _AllocOps = {
+    _AllocTable,
+    _FreeTable,
+    _AllocEntry,
+    _FreeEntry
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+///// ConfigStoreRoot
+
+ConfigStoreRoot::ConfigStoreRoot()
+{ 
+	m_set = PL_NewHashTable(3, PL_HashString, 
+			PL_CompareStrings, PL_CompareValues, 
+			&_AllocOps, NULL);
+
+	m_set_refcount = 0;
+}
+
+// If the ConfigStoreRoot goes out of scope, we can't destroy
+// the Hashtable because others maybe depending on the values
+// inside. 
+ConfigStoreRoot::~ConfigStoreRoot ()
+{
+    if( m_set != NULL ) { 
+		if (m_set_refcount==0) {
+        	PL_HashTableDestroy( m_set );
+        	m_set = NULL;
+		}
+    }
+}
+
+void ConfigStoreRoot::addref()
+{
+	m_set_refcount++;
+}
+
+void ConfigStoreRoot::release()
+{
+	m_set_refcount--;
+}
+
+PLHashTable *ConfigStoreRoot::getSet()
+{
+	return m_set;
+}
+
+
+// ConfigureStore
+
+ConfigStore::ConfigStore(ConfigStoreRoot* root, const char *subStoreName)
+{ 
+	m_substore_name = PL_strdup(subStoreName);
+	m_root = root;
+	root->addref();
+}
+
+ConfigStore::~ConfigStore ()
+{ 
+	if (m_substore_name != NULL) {
+		PR_Free(m_substore_name);
+	}
+	m_root->release();
+}
+
+
+
+/*
+ConfigStore::ConfigStore(const ConfigStore &X)
+{
+	m_substore_name = X.m_substore_name;
+	m_root = X.m_root;
+	m_root.addref();
+}
+
+*/
+
+
+
+ConfigStore ConfigStore::GetSubStore(const char *substore)
+{
+	char *newname=NULL;
+	const char *name = m_substore_name;
+	if (strlen(name)==0) {	  // this is the root
+		newname = PL_strdup(substore);
+	} else {
+		newname = PR_smprintf("%s.%s",name,substore);
+	}
+	return ConfigStore(m_root,newname);
+}
+
+
+/**
+ * Reads configuration file and puts name value
+ * pair into the global hashtable.
+ */
+static int ReadLine(PRFileDesc *f, char *buf, int buf_len, int *removed_return)
+{
+       char *cur = buf;
+       int sum = 0;
+       PRInt32 rc;
+
+       *removed_return = 0;
+       while (1) {
+         rc = PR_Read(f, cur, 1);
+         if (rc == -1 || rc == 0)
+             break;
+         if (*cur == '\r') {
+             continue;
+         }
+         if (*cur == '\n') {
+             *cur = '\0';
+             *removed_return = 1;
+             break;
+         }
+         sum++;
+         cur++;
+       }
+       return sum;
+}
+
+#define MAX_CFG_LINE_LEN 4096
+
+ConfigStore *ConfigStore::CreateFromConfigFile(const char *cfg_path)
+{
+        PRFileDesc *f = NULL;
+        int removed_return;
+        char line[MAX_CFG_LINE_LEN];
+		ConfigStoreRoot *root = NULL;
+		ConfigStore *cfg = NULL;
+
+        f = PR_Open(cfg_path, PR_RDWR, 00400|00200);
+        if (f == NULL)
+                goto loser;
+
+		root = new ConfigStoreRoot();
+		cfg = new ConfigStore(root,"");
+
+        while (1) {
+                int n = ReadLine(f, line, MAX_CFG_LINE_LEN, &removed_return);
+                if (n > 0) {
+                        if (line[0] == '#')  // handle comment line
+                                continue;
+                        int c = 0;
+                        while ((c < n) && (line[c] != '=')) {
+                                c++;
+                        }
+                        if (c < n) {
+                                line[c] = '\0';
+                        } else {
+                                continue; /* no '=', skip this line */
+                        }
+                        cfg->Add(line, &line[c+1]);
+                } else if (n == 0 && removed_return == 1) {
+                        continue; /* skip empty line */
+                } else {
+                        break;
+                }
+        }
+        if( f != NULL ) {
+            PR_Close( f );
+            f = NULL;
+        }
+
+loser:
+        return cfg;
+}
+
+/**
+ * Parses string of format "n1=v1&n2=v2..."
+ * into a ConfigStore.
+ */
+ConfigStore *ConfigStore::Parse(const char *s, const char *separator)
+{
+	char *pair;
+	char *line = NULL;
+	int i;
+        int len;
+	char *lasts = NULL;
+
+	if (s == NULL)
+		return NULL;
+	ConfigStoreRoot *root = new ConfigStoreRoot();
+	ConfigStore *set= new ConfigStore(root,"");
+
+	line = PL_strdup(s);
+	pair = PL_strtok_r(line, separator, &lasts);
+	while (pair != NULL) {
+                len = strlen(pair);
+	        i = 0;
+		while (1) {
+                        if (i >= len) {
+				goto skip;
+                        }
+			if (pair[i] == '\0') {
+				goto skip;
+			}
+			if (pair[i] == '=') {
+				pair[i] = '\0';
+				break;
+			}
+			i++;
+		}
+                set->Add(&pair[0], &pair[i+1]);
+skip:
+		pair = PL_strtok_r(NULL, separator, &lasts);
+	}
+    if( line != NULL ) {
+        PL_strfree( line );
+        line = NULL;
+    }
+	return set;
+} 
+
+typedef struct {
+	int index;
+	char *key;
+} Criteria;
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+static PRIntn CountLoop(PLHashEntry *he, PRIntn index, void *arg)
+{
+        Criteria *criteria = (Criteria *)arg;
+	criteria->index++;
+        return HT_ENUMERATE_NEXT;
+}
+
+static PRIntn Loop(PLHashEntry *he, PRIntn index, void *arg)
+{
+    Criteria *criteria = (Criteria *)arg;
+    if (criteria != NULL && index == criteria->index) {
+	    criteria->key = (char *)he->key;
+            return HT_ENUMERATE_STOP;
+    } else {
+            return HT_ENUMERATE_NEXT;
+    }
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+int ConfigStore::Size()
+{
+        Criteria criteria;
+	criteria.index = 0;
+	criteria.key = NULL;
+	PL_HashTableEnumerateEntries(m_root->getSet(), &CountLoop, &criteria);
+	return criteria.index;
+}
+
+const char *ConfigStore::GetNameAt(int pos)
+{
+        Criteria criteria;
+	criteria.index = pos;
+	criteria.key = NULL;
+	PL_HashTableEnumerateEntries(m_root->getSet(), &Loop, &criteria);
+	return criteria.key;
+}
+
+/**
+ * Checks if a key is defined. 
+ */
+int ConfigStore::IsNameDefined(const char *name)
+{ 
+	if (m_root->getSet()!= NULL) {
+	  if (GetConfig(name) != NULL)
+		return 1;
+	}
+	return 0; 
+}
+
+void ConfigStore::Add(const char *name, const char *value)
+{
+	if (IsNameDefined(name)) {
+	  PL_HashTableRemove(m_root->getSet(), name);
+	  PL_HashTableAdd(m_root->getSet(), PL_strdup(name), PL_strdup(value));
+	} else {
+	  PL_HashTableAdd(m_root->getSet(), PL_strdup(name), PL_strdup(value));
+	}
+}
+
+const char *ConfigStore::GetConfig(const char *name)
+{ 
+	char buf[256];
+	if (m_root->getSet() ==NULL) {
+		return NULL;
+	}
+	if (PL_strlen(m_substore_name) == 0) {
+		PL_strncpy(buf,name,256);
+	} else {
+		PR_snprintf(buf,256,"%s.%s",m_substore_name,name);
+	}
+	return (char *)PL_HashTableLookupConst(m_root->getSet(), buf);
+}
+
+/**
+ * Retrieves configuration value as integer.
+ */
+int ConfigStore::GetConfigAsInt(const char *name)
+{
+        char *value = NULL;
+
+        value = (char *)GetConfig(name);
+        if (value == NULL)
+          return 0;
+        return atoi(value);
+}
+
+/**
+ * Retrieves configuration value as integer. If name is
+ * not defined, default value is returned.
+ */
+TPS_PUBLIC int ConfigStore::GetConfigAsInt(const char *name, int def)
+{
+        char *value = NULL;
+
+        value = (char *)GetConfig(name);
+        if (value == NULL)
+          return def;
+        return atoi(value);
+}
+
+
+/**
+ * Retrieves configuration value as unsigned integer.
+ */
+unsigned int ConfigStore::GetConfigAsUnsignedInt(const char *name)
+{
+        char *value = NULL;
+		int i = 0;
+
+        value = (char *)GetConfig(name);
+        if (value == NULL) {
+          return 0;
+        }
+
+        i = atoi(value);
+        if (i < 0) {
+          return 0;
+        }
+        return i;
+}
+
+/**
+ * Retrieves configuration value as unsigned integer. If name is
+ * not defined, default value is returned.
+ */
+TPS_PUBLIC unsigned int ConfigStore::GetConfigAsUnsignedInt(const char *name, unsigned int def)
+{
+        char *value = NULL;
+		int i = 0;
+
+        value = (char *)GetConfig(name);
+        if (value == NULL) {
+          return def;
+        }
+
+        i = atoi(value);
+        if (i < 0) {
+          return def;
+        }
+        return i;
+}
+
+
+/**
+ * Retrieves configuration value as boolean.
+ */
+bool ConfigStore::GetConfigAsBool(const char *name)
+{
+        char *value = NULL;
+
+        value = (char *)GetConfig(name);
+        if (value == NULL)
+          return false;
+        if (PL_CompareStrings("true", value) != 0)
+          return true;
+        else
+          return false;
+}
+
+/**
+ * Retrieves configuration value as boolean. If name is
+ * not defined, default value is returned.
+ */
+TPS_PUBLIC bool ConfigStore::GetConfigAsBool(const char *name, bool def)
+{
+        char *value = NULL;
+
+        value = (char *)GetConfig(name);
+        if (value == NULL)
+                return def;
+
+        if (PL_CompareStrings("true", value) != 0)
+          return true;
+	else if (PL_CompareStrings("false", value) != 0)
+	  return false;
+	else
+	  return def;
+}
+
+/**
+ * Retrieves configuration value as string. If key is
+ * not defined, default value is returned.
+ */
+TOKENDB_PUBLIC const char *ConfigStore::GetConfigAsString(const char *name, const char *def)
+{
+        char *value = NULL;
+
+        value = (char *)GetConfig(name);
+        if (value == NULL)
+                return def;
+        return value;
+}
+
+/**
+ * Retrieves configuration value as string.
+ */
+TPS_PUBLIC const char *ConfigStore::GetConfigAsString(const char *name)
+{
+        return (char *)GetConfig(name);
+}
+
+
+/**
+ * Allow operator[] overloading for retrieval of config strings
+ */
+const char* ConfigStore::operator[](const char*name)
+{
+	return GetConfigAsString(name);
+}
+
+
+Buffer *ConfigStore::GetConfigAsBuffer(const char *key)
+{
+        return GetConfigAsBuffer(key, NULL);
+}
+
+Buffer *ConfigStore::GetConfigAsBuffer(const char *key, const char *def)
+{
+        const char *value = NULL;
+
+        value = (char *)GetConfig(key);
+        if (value == NULL) {
+                if (def == NULL) {
+                        return NULL;
+                } else {
+                  return Util::Str2Buf(def);
+                }
+        } else {
+                return Util::Str2Buf(value);
+        }
+}
+
diff --git a/pki/base/tps/src/main/Login.cpp b/pki/base/tps/src/main/Login.cpp
new file mode 100644
index 000000000..116ac7769
--- /dev/null
+++ b/pki/base/tps/src/main/Login.cpp
@@ -0,0 +1,72 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "plstr.h"
+#include "main/Base.h"
+#include "main/Login.h"
+#include "main/Memory.h"
+
+/**
+ * Constructs a login object.
+ */
+Login::Login (char *uid, char *pwd)
+{
+    if (uid == NULL) {
+	    m_uid = NULL;
+    } else {
+	    m_uid = PL_strdup(uid);
+    }
+    if (pwd == NULL) {
+	    m_pwd = NULL;
+    } else {
+	    m_pwd = PL_strdup(pwd);
+    }
+}
+
+/**
+ * Destructs login object.
+ */
+Login::~Login ()
+{
+    if( m_uid != NULL ) {
+        PL_strfree( m_uid );
+        m_uid = NULL;
+    }
+    if( m_pwd != NULL ) {
+        PL_strfree( m_pwd );
+        m_pwd = NULL;
+    }
+}
+
+/**
+ * Retrieves user id.
+ */
+char *Login::GetUID()
+{
+	return m_uid;
+}
+
+/**
+ * Retrieves password.
+ */
+char *Login::GetPassword()
+{
+	return m_pwd;
+}
diff --git a/pki/base/tps/src/main/Memory.cpp b/pki/base/tps/src/main/Memory.cpp
new file mode 100644
index 000000000..1ee5027d0
--- /dev/null
+++ b/pki/base/tps/src/main/Memory.cpp
@@ -0,0 +1,268 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "prmem.h"
+#include "prsystem.h"
+#include "plstr.h"
+#include "prio.h"
+#include "prprf.h"
+#include "plhash.h"
+#include "pk11func.h"
+
+#include "main/MemoryMgr.h"
+
+#ifdef MEM_PROFILING
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+typedef struct _ref_block
+{
+	int id;
+	void *ptr;
+	const char *file;
+	const char *func;
+	const char *type;
+	int line;
+	int size;
+	int used;
+	PRTime time;
+} ref_block;
+
+#define MAX_BLOCKS 8096
+static ref_block m_rb[MAX_BLOCKS];
+
+static PRLock *m_free_block_lock = NULL;
+static PRLock *m_dump_lock = NULL;
+static PRLock *m_audit_lock = NULL;
+
+ref_block *get_free_block()
+{
+	int i;
+	PR_Lock(m_free_block_lock);
+	for (i = 0; i < MAX_BLOCKS; i++) {
+		if (m_rb[i].used == 0) {
+			// lock
+			m_rb[i].used = 1;
+	                m_rb[i].time = PR_Now();
+	                PR_Unlock(m_free_block_lock);
+			return &m_rb[i];
+		}
+	}
+        PR_Unlock(m_free_block_lock);
+	return NULL;
+}
+
+ref_block *find_block(void *ptr)
+{
+	int i;
+	for (i = 0; i < MAX_BLOCKS; i++) {
+		if (m_rb[i].used == 1 && m_rb[i].ptr == ptr) {
+			return &m_rb[i];
+		}
+	}
+	return NULL;
+}
+
+void free_block(ref_block *rb)
+{
+	rb->used = 0;
+}
+
+static PRFileDesc *m_audit_f = NULL;
+static PRFileDesc *m_dump_f = NULL;
+
+void MEM_init(char *audit_file, char *dump_file)
+{
+       m_audit_f = PR_Open(audit_file, PR_RDWR|PR_CREATE_FILE|PR_APPEND, 
+		       00200|00400);
+       m_dump_f = PR_Open(dump_file,  PR_RDWR|PR_CREATE_FILE|PR_APPEND,
+		       00200|00400);
+
+       int i;
+       for (i = 0; i < MAX_BLOCKS; i++) {
+		m_rb[i].id = i;
+		m_rb[i].used = 0;
+       }
+       m_free_block_lock = PR_NewLock();
+       m_dump_lock = PR_NewLock();
+       m_audit_lock = PR_NewLock();
+}
+
+void MEM_shutdown()
+{
+       PR_DestroyLock(m_free_block_lock);
+       PR_DestroyLock(m_dump_lock);
+       PR_DestroyLock(m_audit_lock);
+       if (m_dump_f != NULL) {
+           PR_Close(m_dump_f);
+       }
+       if (m_audit_f != NULL) {
+           PR_Close(m_audit_f);
+       }
+}
+
+static void MEM_audit_block(ref_block *ref, const char *type, const char *func, const char *file, int line, PRFileDesc *f)
+{
+       PRTime now;
+       const char* time_fmt = "%Y-%m-%d %H:%M:%S";
+       char datetime[1024];
+       PRExplodedTime time;
+       char datetime1[1024];
+       PRExplodedTime time1;
+
+       now = PR_Now();
+       PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+       PR_FormatTimeUSEnglish(datetime, 1024, time_fmt, &time);
+
+       PR_ExplodeTime(ref->time, PR_LocalTimeParameters, &time1);
+       PR_FormatTimeUSEnglish(datetime1, 1024, time_fmt, &time1);
+
+       PR_Lock(m_audit_lock);
+       PR_fprintf(f, "[%s] ID='%d' Size='%d' Type='%s' Func='%s' File='%s' Line='%d' Time='%s'\n", 
+  	datetime, ref->id, ref->size, type, func, file, line, datetime1);
+       PR_Sync(f);
+       PR_Unlock(m_audit_lock);
+}
+
+void MEM_dump_unfree()
+{
+       int i;
+       PRTime now;
+       const char* time_fmt = "%Y-%m-%d %H:%M:%S";
+       char datetime[1024];
+       PRExplodedTime time;
+       char datetime1[1024];
+       PRExplodedTime time1;
+       int sum_count = 0;
+       int sum_mem = 0;
+
+       now = PR_Now();
+       PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+       PR_FormatTimeUSEnglish(datetime, 1024, time_fmt, &time);
+
+       PR_Lock(m_dump_lock);
+       PR_fprintf(m_dump_f, "--------------------------------------------\n");
+       PR_fprintf(m_dump_f, "Memory Report - '%s'\n", datetime);
+       PR_fprintf(m_dump_f, "1) Unfree Blocks:\n");
+       PR_fprintf(m_dump_f, "\n");
+       for (i = 0; i < MAX_BLOCKS; i++) {
+	       if (!m_rb[i].used)
+		       continue;
+               PR_ExplodeTime(m_rb[i].time, PR_LocalTimeParameters, &time1);
+               PR_FormatTimeUSEnglish(datetime1, 1024, time_fmt, &time1);
+       	       PR_fprintf(m_dump_f, "   ID='%d' Size='%d' Type='%s' Func='%s' File='%s' Line='%d' Time='%s'\n", m_rb[i].id, m_rb[i].size, m_rb[i].type, m_rb[i].func, m_rb[i].file, m_rb[i].line, datetime1);
+	       sum_mem += m_rb[i].size;
+	       sum_count += 1;
+       }
+       PR_fprintf(m_dump_f, "\n");
+       PR_fprintf(m_dump_f, "2) Total Unfree Memory Size:\n");
+       PR_fprintf(m_dump_f, "   %d bytes\n", sum_mem);
+       PR_fprintf(m_dump_f, "\n");
+       PR_fprintf(m_dump_f, "3) Total Unfree Memory Blocks:\n");
+       PR_fprintf(m_dump_f, "   %d\n", sum_count);
+       PR_fprintf(m_dump_f, "\n");
+       PR_fprintf(m_dump_f, "--------------------------------------------\n");
+       PR_Sync(m_dump_f);
+       PR_Unlock(m_dump_lock);
+}
+
+char *MEM_strdup(const char *s, const char *type, const char *func, const char *file, int line)
+{
+	ref_block *rb = get_free_block();
+	if (rb == NULL)
+		return NULL;
+
+	char *buf = strdup(s);
+
+	rb->ptr = buf;
+	rb->func = func;
+	rb->file = file;
+	rb->line = line;
+	rb->type = type;
+	rb->size = strlen(s) + 1;
+        MEM_audit_block(rb, rb->type, rb->func, rb->file, rb->line, m_audit_f);
+
+	return buf;
+}
+
+void *MEM_malloc(int size, const char *type, const char *func, const char *file, int line)
+{
+	ref_block *rb = get_free_block();
+	if (rb == NULL)
+		return NULL;
+	void *buf = malloc(size);
+
+	rb->ptr = buf;
+	rb->func = func;
+	rb->file = file;
+	rb->line = line;
+	rb->type = type;
+	rb->size = size;
+        MEM_audit_block(rb, rb->type, rb->func, rb->file, rb->line, m_audit_f);
+
+	return buf;
+}
+
+void MEM_free(void *p, const char *type, const char *func, const char *file, int line)
+{
+	if (p == NULL)
+		return;
+	ref_block *rb = find_block(p);
+	if (rb == NULL)
+		return;
+        MEM_audit_block(rb, type, func, file, line, m_audit_f);
+        free(p);
+        free_block(rb);
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#if 0
+void *operator new(size_t size, const char *func, const char *file, int line)  
+{
+	      return MEM_malloc(size, func, file, line);
+}
+
+void *operator new[](size_t size, const char *func, const char *file, int line)  
+{
+	      return MEM_malloc(size, func, file, line);
+}
+
+#endif
+void operator delete(void *p)
+{
+	      MEM_free(p,"delete","", "", 0);
+}
+
+void operator delete[](void *p)
+{
+	      MEM_free(p,"delete[]","", "", 0);
+}
+
+#endif /* MEM_PROFILING */
+
diff --git a/pki/base/tps/src/main/NameValueSet.cpp b/pki/base/tps/src/main/NameValueSet.cpp
new file mode 100644
index 000000000..bd95a8e4a
--- /dev/null
+++ b/pki/base/tps/src/main/NameValueSet.cpp
@@ -0,0 +1,322 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "prmem.h"
+#include "prsystem.h"
+#include "plstr.h"
+#include "prio.h"
+#include "prprf.h"
+#include "main/NameValueSet.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+static PR_CALLBACK void*
+_AllocTable(void* pool, PRSize size)
+{
+    return PR_MALLOC(size);
+}
+
+static PR_CALLBACK void
+_FreeTable(void* pool, void* item)
+{
+    PR_DELETE(item);
+}
+
+static PR_CALLBACK PLHashEntry*
+_AllocEntry(void* pool, const void* key)
+{
+    return PR_NEW(PLHashEntry);
+}
+
+static PR_CALLBACK void
+_FreeEntry(void* pool, PLHashEntry* he, PRUintn flag)
+{
+    if( he == NULL ) {
+        return;
+    }
+
+    if (flag == HT_FREE_VALUE) {
+        if( he->value != NULL ) {
+            PL_strfree( ( char* ) he->value );
+            he->value = NULL;
+        }
+    } else if (flag == HT_FREE_ENTRY) {
+        if( he->key != NULL ) {
+            PL_strfree( ( char* ) he->key );
+            he->key = NULL;
+        }
+        if( he->value != NULL ) {
+            PL_strfree( ( char* ) he->value );
+            he->value = NULL;
+        }
+        PR_DELETE(he);
+    }
+}
+
+static PLHashAllocOps _AllocOps = {
+    _AllocTable,
+    _FreeTable,
+    _AllocEntry,
+    _FreeEntry
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+TPS_PUBLIC NameValueSet::NameValueSet()
+{ 
+	m_set = PL_NewHashTable(3, PL_HashString, 
+			PL_CompareStrings, PL_CompareValues, 
+			&_AllocOps, NULL);
+}
+
+TPS_PUBLIC NameValueSet::~NameValueSet ()
+{ 
+    if( m_set != NULL ) { 
+        PL_HashTableDestroy( m_set );
+        m_set = NULL;
+    }
+
+    return;
+}
+
+/**
+ * Parsers string of format "n1=v1&n2=v2..."
+ * into a NameValueSet.
+ */
+TPS_PUBLIC NameValueSet *NameValueSet::Parse(const char *s, const char *separator)
+{
+	NameValueSet *set = NULL;
+	char *pair;
+	char *line = NULL;
+	int i;
+        int len;
+	char *lasts = NULL;
+
+	if (s == NULL)
+		return NULL;
+	set = new NameValueSet();
+	line = PL_strdup(s);
+	pair = PL_strtok_r(line, separator, &lasts);
+	while (pair != NULL) {
+                len = strlen(pair);
+	        i = 0;
+		while (1) {
+                        if (i >= len) {
+				goto skip;
+                        }
+			if (pair[i] == '\0') {
+				goto skip;
+			}
+			if (pair[i] == '=') {
+				pair[i] = '\0';
+				break;
+			}
+			i++;
+		}
+                set->Add(&pair[0], &pair[i+1]);
+skip:
+		pair = PL_strtok_r(NULL, separator, &lasts);
+	}
+    if( line != NULL ) {
+        PL_strfree( line );
+        line = NULL;
+    }
+	return set;
+} 
+
+typedef struct {
+	int index;
+	char *key;
+} Criteria;
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+static PRIntn CountLoop(PLHashEntry *he, PRIntn index, void *arg)
+{
+        Criteria *criteria = (Criteria *)arg;
+	criteria->index++;
+        return HT_ENUMERATE_NEXT;
+}
+
+static PRIntn Loop(PLHashEntry *he, PRIntn index, void *arg)
+{
+    Criteria *criteria = (Criteria *)arg;
+    if (criteria != NULL && index == criteria->index) {
+	    criteria->key = (char *)he->key;
+            return HT_ENUMERATE_STOP;
+    } else {
+            return HT_ENUMERATE_NEXT;
+    }
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+TPS_PUBLIC int NameValueSet::Size()
+{
+        Criteria criteria;
+	criteria.index = 0;
+	criteria.key = NULL;
+	PL_HashTableEnumerateEntries(m_set, &CountLoop, &criteria);
+	return criteria.index;
+}
+
+TPS_PUBLIC char *NameValueSet::GetNameAt(int pos)
+{
+        Criteria criteria;
+	criteria.index = pos;
+	criteria.key = NULL;
+	PL_HashTableEnumerateEntries(m_set, &Loop, &criteria);
+	return criteria.key;
+}
+
+/**
+ * Checks if a key is defined. 
+ */
+TPS_PUBLIC int NameValueSet::IsNameDefined(const char *name)
+{ 
+	if (GetValue(name) == NULL) 
+		return 0; 
+	else 
+		return 1;
+}
+
+TPS_PUBLIC void NameValueSet::Add(const char *name, const char *value)
+{
+	if (IsNameDefined(name)) {
+	  PL_HashTableAdd(m_set, PL_strdup(name), PL_strdup(value));
+	} else {
+	  PL_HashTableAdd(m_set, PL_strdup(name), PL_strdup(value));
+	}
+}
+
+TPS_PUBLIC void NameValueSet::Remove(const char *name)
+{
+	if (IsNameDefined(name)) {
+	  PL_HashTableRemove(m_set, name);
+    }
+}
+
+TPS_PUBLIC char *NameValueSet::GetValue(const char *name)
+{ 
+	return (char *)PL_HashTableLookupConst(m_set, name);
+}
+
+/**
+ * Retrieves configuration value as integer.
+ */
+TPS_PUBLIC int NameValueSet::GetValueAsInt(const char *name)
+{
+        char *value = NULL;
+
+        value = (char *)GetValue(name);
+        if (value == NULL)
+          return 0;
+        return atoi(value);
+}
+
+/**
+ * Retrieves configuration value as integer. If name is
+ * not defined, default value is returned.
+ */
+TPS_PUBLIC int NameValueSet::GetValueAsInt(const char *name, int def)
+{
+        char *value = NULL;
+
+        value = (char *)GetValue(name);
+        if (value == NULL)
+          return def;
+        return atoi(value);
+}
+
+
+/**
+ * Retrieves configuration value as boolean.
+ */
+TPS_PUBLIC int NameValueSet::GetValueAsBool(const char *name)
+{
+        char *value = NULL;
+
+        value = (char *)GetValue(name);
+        if (value == NULL)
+          return 0;
+        if (PL_CompareStrings("true", value) != 0)
+          return 1;
+        else
+          return 0;
+}
+
+/**
+ * Retrieves configuration value as boolean. If name is
+ * not defined, default value is returned.
+ */
+TPS_PUBLIC int NameValueSet::GetValueAsBool(const char *name, int def)
+{
+        char *value = NULL;
+
+        value = (char *)GetValue(name);
+        if (value == NULL)
+                return def;
+        if (PL_CompareStrings("true", value) != 0)
+          return 1;
+        else
+          return 0;
+}
+
+/**
+ * Retrieves configuration value as string. If key is
+ * not defined, default value is returned.
+ */
+TPS_PUBLIC char *NameValueSet::GetValueAsString(const char *name, char *def)
+{
+        char *value = NULL;
+
+        value = (char *)GetValue(name);
+        if (value == NULL)
+                return def;
+        return value;
+}
+
+/**
+ * Retrieves configuration value as string.
+ */
+TPS_PUBLIC char *NameValueSet::GetValueAsString(const char *name)
+{
+        return (char *)GetValue(name);
+}
+
diff --git a/pki/base/tps/src/main/ObjectSpec.cpp b/pki/base/tps/src/main/ObjectSpec.cpp
new file mode 100644
index 000000000..b53ced3ad
--- /dev/null
+++ b/pki/base/tps/src/main/ObjectSpec.cpp
@@ -0,0 +1,500 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <string.h>
+#include "prmem.h"
+#include "pk11func.h"
+#include "main/Buffer.h"
+#include "main/ObjectSpec.h"
+#include "engine/RA.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+ObjectSpec::ObjectSpec ()
+{
+        for (int i = 0; i < MAX_ATTRIBUTE_SPEC; i++) {
+              m_attributeSpec[i] = NULL;
+        }
+	m_fixedAttributes = 0;
+}
+
+ObjectSpec::~ObjectSpec ()
+{
+    for (int i = 0; i < MAX_ATTRIBUTE_SPEC; i++) {
+	      if (m_attributeSpec[i] != NULL) {
+	          delete m_attributeSpec[i];  
+	          m_attributeSpec[i] = NULL;
+	      }
+	}
+}
+
+#define DATATYPE_STRING       0
+#define DATATYPE_INTEGER      1
+#define DATATYPE_BOOL_FALSE   2
+#define DATATYPE_BOOL_TRUE    3
+
+/**
+ * Parse 'c' object.
+ */
+void ObjectSpec::ParseAttributes(char *objectID, ObjectSpec *ObjectSpec, Buffer *b)
+{
+	int curpos = 7;
+	unsigned long fixedAttrs = 0;
+	unsigned int xclass = 0;
+	unsigned int id = 0;
+
+	/* skip first 7 bytes */
+
+	while (curpos < ((int)(b->size()))) {
+		unsigned long attribute_id = 
+			(((BYTE*)*b)[curpos] << 24) +
+			(((BYTE*)*b)[curpos+1] << 16) +
+			(((BYTE*)*b)[curpos+2] << 8) +
+			((BYTE*)*b)[curpos+3];
+		unsigned short attribute_size = 
+			(((BYTE*)*b)[curpos+4] << 8) +
+			((BYTE*)*b)[curpos+5];
+		BYTE type = 0;
+		Buffer data;
+		int found = 0;
+		/* modify fixed attributes */
+
+		switch (attribute_id) {
+		case CKA_TOKEN:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00000080;
+			}
+			break;
+		case CKA_PRIVATE:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00000100;
+			} else {
+			}
+			break;
+		case CKA_MODIFIABLE:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00000200;
+			}
+			break;
+		case CKA_DERIVE:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00000400;
+			}
+			break;
+		case CKA_LOCAL:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00000800;
+			}
+			break;
+		case CKA_ENCRYPT:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00001000;
+			}
+			break;
+		case CKA_DECRYPT:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00002000;
+			}
+			break;
+		case CKA_WRAP:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00004000;
+			}
+			break;
+		case CKA_UNWRAP:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00008000;
+			}
+			break;
+		case CKA_SIGN:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00010000;
+			}
+			break;
+		case CKA_SIGN_RECOVER:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00020000;
+			}
+			break;
+		case CKA_VERIFY:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00040000;
+			}
+			break;
+		case CKA_VERIFY_RECOVER:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00080000;
+			}
+			break;
+		case CKA_SENSITIVE:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00100000;
+			}
+			break;
+		case CKA_ALWAYS_SENSITIVE:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00200000;
+			}
+			break;
+		case CKA_EXTRACTABLE:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00400000;
+			}
+			break;
+		case CKA_NEVER_EXTRACTABLE:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00800000;
+			}
+			break;
+		case CKA_SUBJECT:
+			type = DATATYPE_STRING;
+			data = b->substr(curpos+6, attribute_size);
+			/* build by PKCS11 */
+			break;
+		case CKA_LABEL:
+			type = DATATYPE_STRING;
+			data = b->substr(curpos+6, attribute_size);
+			found = 1;
+			break;
+		case CKA_MODULUS:
+			type = DATATYPE_STRING;
+			data = b->substr(curpos+6, attribute_size);
+			/* build by PKCS11 */
+			break;
+		case CKA_ID:
+			type = DATATYPE_STRING;
+			data = b->substr(curpos+6, attribute_size);
+			/* build by PKCS11 */
+			break;
+		case CKA_KEY_TYPE:
+			type = DATATYPE_INTEGER;
+			data = b->substr(curpos+6, 4);
+			/* build by PKCS11 */
+			break;
+		case CKA_CLASS:
+			type = DATATYPE_INTEGER;
+			data = b->substr(curpos+6, 4);
+			xclass = ((BYTE*)data)[0];
+			/* build by PKCS11 */
+			break;
+		case CKA_PUBLIC_EXPONENT:
+			type = DATATYPE_STRING;
+			data = b->substr(curpos+6, attribute_size);
+			/* build by PKCS11 */
+			break;
+		case CKA_CERTIFICATE_TYPE:
+			type = DATATYPE_INTEGER;
+			data = b->substr(curpos+6, 4);
+			/* build by PKCS11 */
+			break;
+		default:
+			RA::Debug("ObjectSpec::ParseKeyBlob", 
+				"skipped attribute_id = %lx", 
+			attribute_id);
+			break;
+		}
+
+
+		if (found) {
+			/* add attribute spec */
+			AttributeSpec *attrSpec = new AttributeSpec();
+			attrSpec->SetAttributeID(attribute_id);
+			attrSpec->SetType(type);
+
+			switch (type) {
+			case DATATYPE_STRING:
+				attrSpec->SetData(data);
+				break;
+			case DATATYPE_INTEGER:
+				attrSpec->SetData(data);
+				break;
+			case DATATYPE_BOOL_FALSE:
+				break;
+			case DATATYPE_BOOL_TRUE:
+				break;
+			default:
+				break;
+			}
+
+			ObjectSpec->AddAttributeSpec(attrSpec);
+		}
+
+
+		curpos += 4 + 2 + attribute_size;
+	}
+
+	int val = (objectID[1] - '0');
+	switch (objectID[0]) {
+        case 'c':		
+		id = val;
+#if 0
+		fixedAttrs |= 
+				0x00000080 /* CKA_TOKEN */
+			;
+#endif
+		break;
+        case 'k':		
+		if (val % 2) {
+			id = (val-1)/2;
+		} else {
+			id = (val/2);
+		}
+#if 0
+		if (xclass == CKO_PUBLIC_KEY) {
+			fixedAttrs |= 
+				0x00000800 /* CKA_LOCAL */ |
+				0x00000080 /* CKA_TOKEN */ 
+				;
+		} 
+		if (xclass == CKO_PRIVATE_KEY) {
+			fixedAttrs |= 
+				0x00000800 /* CKA_LOCAL */ |
+				0x00000080 /* CKA_TOKEN */ 
+				;
+		} 
+#endif
+		break;
+	}
+
+	ObjectSpec->SetFixedAttributes(fixedAttrs | (xclass << 4) | id);
+}
+
+/**
+ * Parse 'c' object.
+ */
+void ObjectSpec::ParseCertificateAttributes(char *objectID, ObjectSpec *ObjectSpec, Buffer *b)
+{
+	ParseAttributes(objectID, ObjectSpec, b);
+}
+
+/**
+ * Parse 'k' object.
+ */
+void ObjectSpec::ParseKeyAttributes(char *objectID, ObjectSpec *ObjectSpec, Buffer *b)
+{
+	ParseAttributes(objectID, ObjectSpec, b);
+}
+
+/**
+ * Parse 'C' object.
+ */
+void ObjectSpec::ParseCertificateBlob(char *objectID, ObjectSpec *ObjectSpec, Buffer *b)
+{
+	unsigned long fixedAttrs = 0;
+	unsigned int xclass = 0;
+	unsigned int id = 0;
+
+	AttributeSpec *value = new AttributeSpec();
+	value->SetAttributeID(CKA_VALUE);
+	value->SetType(DATATYPE_STRING);
+	value->SetData(*b);
+	ObjectSpec->AddAttributeSpec(value);
+
+	fixedAttrs = 0x00000080; /* CKA_TOKEN */
+	xclass = CKO_CERTIFICATE;
+	id = objectID[1] - '0';
+
+	ObjectSpec->SetFixedAttributes(fixedAttrs| (xclass << 4) | id);
+}
+
+/**
+ * Convert object from token into object spec.
+ *
+ * Reference:
+ * http://netkey/design/applet_readable_object_spec-0.1.txt
+ * http://netkey/design/pkcs11obj.txt
+ */
+ObjectSpec *ObjectSpec::ParseFromTokenData(unsigned long objid, Buffer *b)
+{
+        char objectID[4];
+
+        ObjectSpec *o = new ObjectSpec();
+	o->SetObjectID(objid);
+
+	objectID[0] = (char)((objid >> 24) & 0xff); 
+	objectID[1] = (char)((objid >> 16) & 0xff); 
+	objectID[2] = (char)((objid >> 8) & 0xff); 
+	objectID[3] = (char)((objid) & 0xff); 
+
+	switch (objectID[0]) {
+		case 'c': /* certificate attributes */
+			ParseCertificateAttributes(objectID, o, b);
+			break;
+		case 'k': /* public key or private key attributes */
+			ParseKeyAttributes(objectID, o, b);
+			break;
+		case 'C': /* certificate in DER */
+			ParseCertificateBlob(objectID, o, b);
+			break;
+		default: 
+			RA::Debug("ObjectSpec::ParseKeyBlob", 
+				"unknown objectID = %c", objectID[0]);
+			/* error */
+			break;
+	}
+
+	return o;
+}
+
+ObjectSpec *ObjectSpec::Parse(Buffer *b, int offset, int *nread)
+{
+	int sum = 0;
+
+        ObjectSpec *o = new ObjectSpec();
+	unsigned long id = 
+		(((unsigned char *)*b)[offset + 0] << 24) + 
+		(((unsigned char *)*b)[offset + 1] << 16) + 
+		(((unsigned char *)*b)[offset + 2] << 8) + 
+		(((unsigned char *)*b)[offset + 3]);
+	o->SetObjectID(id);
+	unsigned long attribute = 
+		(((unsigned char *)*b)[offset + 4] << 24) + 
+		(((unsigned char *)*b)[offset + 5] << 16) + 
+		(((unsigned char *)*b)[offset + 6] << 8) + 
+		(((unsigned char *)*b)[offset + 7]);
+	o->SetFixedAttributes(attribute);
+	unsigned short count = (((unsigned char *)*b)[offset + 8] << 8) + 
+		((unsigned char *)*b)[offset + 9];
+	sum += 10;
+	int curpos = offset + 10;
+	for (int i = 0; i < count; i++) {
+		int len = 0;
+		switch (((unsigned char *)*b)[curpos+4]) {
+                case DATATYPE_STRING:
+			len = 4 + 1 + 2 + (((unsigned char *)*b)[curpos+5]<<8) + ((unsigned char *)*b)[curpos+6];
+			break;
+                case DATATYPE_INTEGER:
+			len = 4 + 1 + 4;
+			break;
+                case DATATYPE_BOOL_FALSE:
+			len = 4 + 1;
+			break;
+                case DATATYPE_BOOL_TRUE:
+			len = 4 + 1;
+			break;
+		}
+		Buffer attr = b->substr(curpos, len);
+		AttributeSpec *attrSpec = AttributeSpec::Parse(&attr, 0);
+		o->AddAttributeSpec(attrSpec);
+		curpos += len;
+		sum += len;
+	}
+	*nread = sum;
+        return o;
+}
+
+void ObjectSpec::SetObjectID(unsigned long v)
+{
+	m_objectID = v;
+}
+
+unsigned long ObjectSpec::GetObjectID()
+{
+	return m_objectID;
+}
+
+void ObjectSpec::SetFixedAttributes(unsigned long v)
+{
+	m_fixedAttributes = v;
+}
+
+unsigned long ObjectSpec::GetFixedAttributes()
+{
+	return m_fixedAttributes;
+}
+
+
+int ObjectSpec::GetAttributeSpecCount()
+{
+        for (int i = 0; i < MAX_ATTRIBUTE_SPEC; i++) {
+                if (m_attributeSpec[i] == NULL) {
+                        return i;
+                }
+        }
+        return 0;
+}
+
+AttributeSpec *ObjectSpec::GetAttributeSpec(int p)
+{
+        if (p < MAX_ATTRIBUTE_SPEC) {
+                if (m_attributeSpec[p] != NULL) {
+                        return m_attributeSpec[p];
+                }
+        }
+        return NULL;
+}
+
+void ObjectSpec::AddAttributeSpec(AttributeSpec *p)
+{
+        for (int i = 0; i < MAX_ATTRIBUTE_SPEC; i++) {
+                if (m_attributeSpec[i] == NULL) {
+                        m_attributeSpec[i] = p;
+                        return;
+                }
+        }
+}
+
+void ObjectSpec::RemoveAttributeSpec(int p)
+{
+        if (p < MAX_ATTRIBUTE_SPEC) {
+                if (m_attributeSpec[p] != NULL) {
+                        delete m_attributeSpec[p];
+                        m_attributeSpec[p] = NULL;
+                }
+                // fill hole
+                int empty = p;
+                for (int x = p+1; x < MAX_ATTRIBUTE_SPEC; x++) {
+                        if (m_attributeSpec[x] != NULL) {
+                                m_attributeSpec[empty] = m_attributeSpec[x];
+                                m_attributeSpec[x] = NULL;
+                                empty++;
+                        }
+                }
+        }
+
+}
+
+Buffer ObjectSpec::GetData()
+{
+	Buffer data = Buffer();
+
+	data += Buffer(1, (BYTE)(m_objectID >> 24) & 0xff);
+	data += Buffer(1, (BYTE)(m_objectID >> 16) & 0xff);
+	data += Buffer(1, (BYTE)(m_objectID >> 8) & 0xff);
+	data += Buffer(1, (BYTE)(m_objectID & 0xff));
+	data += Buffer(1, (BYTE)(m_fixedAttributes >> 24) & 0xff);
+	data += Buffer(1, (BYTE)(m_fixedAttributes >> 16) & 0xff);
+	data += Buffer(1, (BYTE)(m_fixedAttributes >> 8) & 0xff);
+	data += Buffer(1, (BYTE)(m_fixedAttributes & 0xff));
+
+	unsigned short attributeCount = GetAttributeSpecCount();
+	data += Buffer(1, (attributeCount >> 8) & 0xff);
+	data += Buffer(1, attributeCount & 0xff);
+	for (int i = 0; i < attributeCount; i++) {
+		AttributeSpec *spec = GetAttributeSpec(i);
+		data += spec->GetData();
+	}
+
+	return data;
+}
diff --git a/pki/base/tps/src/main/PKCS11Obj.cpp b/pki/base/tps/src/main/PKCS11Obj.cpp
new file mode 100644
index 000000000..57d63d215
--- /dev/null
+++ b/pki/base/tps/src/main/PKCS11Obj.cpp
@@ -0,0 +1,454 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <string.h>
+#include "prmem.h"
+#include "pk11func.h"
+#include "zlib.h"
+#include "engine/RA.h"
+#include "main/Buffer.h"
+#include "main/PKCS11Obj.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+PKCS11Obj::PKCS11Obj ()
+{
+	for (int i = 0; i < MAX_OBJECT_SPEC; i++) {
+			m_objSpec[i] = NULL;
+	}
+}
+
+PKCS11Obj::~PKCS11Obj ()
+{
+	for (int i = 0; i < MAX_OBJECT_SPEC; i++) {
+		if (m_objSpec[i] != NULL) {
+			delete m_objSpec[i];
+			m_objSpec[i] = NULL;
+		}
+	}
+}
+
+PKCS11Obj *PKCS11Obj::Parse(Buffer *b, int offset)
+{
+	PKCS11Obj *o = new PKCS11Obj();
+
+	unsigned short formatVersion = (((BYTE *)*b)[offset + 0] << 8) + 
+		(((BYTE *)*b)[offset + 1]);
+	o->SetFormatVersion(formatVersion);
+	unsigned short objectVersion = (((BYTE *)*b)[offset + 2] << 8) + 
+
+		(((BYTE *)*b)[offset + 3]);
+	o->SetObjectVersion(objectVersion);
+	o->SetCUID(b->substr(offset + 4, 10));
+
+	unsigned short compressionType = 
+		(((BYTE *)*b)[offset + 14] << 8) + (((BYTE *)*b)[offset + 15]);
+	unsigned short compressedDataSize = 
+		(((BYTE *)*b)[offset + 16] << 8) + (((BYTE *)*b)[offset + 17]);
+#if 0
+	unsigned short compressedDataOffset = 
+		(unsigned short)(((unsigned char *)*b)[offset + 18] << 8) + (((unsigned char *)*b)[offset + 19]);
+#endif
+
+	Buffer data;
+       	if (compressionType == 0) { /* no compression */
+           data = b->substr(offset + 20, compressedDataSize);
+       	} else if (compressionType == 1) { /* zlib */
+           Buffer compressedData = b->substr(offset + 20, compressedDataSize);
+
+#define MAX_UNCOMPRESS_SIZE 20000
+	   unsigned char buf[MAX_UNCOMPRESS_SIZE];
+	   int len = MAX_UNCOMPRESS_SIZE;
+           uncompress((Bytef*)buf, (uLongf*)&len, 
+			   (Bytef*)((BYTE*)compressedData), 
+			   (uLong)compressedData.size());
+	   data = Buffer(buf, len);
+       	} else {
+		/* error */
+       	}
+
+
+	unsigned short objOffset = (((BYTE *)data)[0] << 8) + 
+		((BYTE *)data)[1];
+	unsigned short objCount = (((BYTE *)data)[2] << 8) + 
+		((BYTE *)data)[3];
+	Buffer tokenName = data.substr(5, ((BYTE *)data)[4]);
+	o->SetTokenName(tokenName);
+
+
+	int curpos = (int)objOffset;
+	int nread = 0;
+	for (int i = 0; i < objCount; i++) {
+		ObjectSpec *objSpec = ObjectSpec::Parse(&data, curpos, &nread);
+		o->AddObjectSpec(objSpec);
+
+		unsigned long oid = objSpec->GetObjectID();
+		char b[2];
+		b[0] = (char)((oid >> 24) & 0xff);
+		b[1] = (char)((oid >> 16) & 0xff);
+		
+		// add corresponding 'C' object for 'c'
+	        if (b[0] == 'c') { 
+			for (int j = 0; j < objSpec->GetAttributeSpecCount();
+						j++) {
+				AttributeSpec *as = objSpec->GetAttributeSpec(j);
+				if (as->GetAttributeID() == CKA_VALUE) {
+				  if (as->GetType() == (BYTE) 0) {
+                                        Buffer cert = as->GetValue();
+
+					unsigned long certid = 
+						('C' << 24) + (b[1] << 16);
+					ObjectSpec *certSpec = 
+						ObjectSpec::ParseFromTokenData(
+						certid, &cert);
+					o->AddObjectSpec(certSpec);
+
+					objSpec->RemoveAttributeSpec(j);
+					break;
+				  }
+				}
+			}
+
+		}	
+
+		Buffer objSpecData = objSpec->GetData();
+		curpos += nread;
+	}
+
+	return o;
+}
+
+
+void PKCS11Obj::SetFormatVersion(unsigned short v)
+{
+	m_formatVersion = v;
+}
+
+void PKCS11Obj::SetObjectVersion(unsigned short v)
+{
+	m_objectVersion = v;
+}
+
+unsigned short PKCS11Obj::GetFormatVersion()
+{
+	return m_formatVersion;
+}
+
+unsigned short PKCS11Obj::GetObjectVersion()
+{
+	return m_objectVersion;
+}
+
+void PKCS11Obj::SetCUID(Buffer CUID)
+{
+	m_CUID = CUID;
+}
+
+Buffer PKCS11Obj::GetCUID()
+{
+	return m_CUID;
+}
+
+void PKCS11Obj::SetTokenName(Buffer tokenName)
+{
+	m_tokenName = tokenName;
+}
+
+Buffer PKCS11Obj::GetTokenName()
+{
+	return m_tokenName;
+}
+
+int PKCS11Obj::GetObjectSpecCount()
+{
+	for (int i = 0; i < MAX_OBJECT_SPEC; i++) {
+		if (m_objSpec[i] == NULL) {
+			return i;
+		}
+	}
+        return 0;
+}
+
+ObjectSpec *PKCS11Obj::GetObjectSpec(int p)
+{
+	if (p < MAX_OBJECT_SPEC) {
+		if (m_objSpec[p] != NULL) {
+			return m_objSpec[p];
+		}
+	}
+        return NULL;
+}
+
+void PKCS11Obj::AddObjectSpec(ObjectSpec *p)
+{
+        for (int i = 0; i < MAX_OBJECT_SPEC; i++) {
+		if (m_objSpec[i] == NULL) {
+			m_objSpec[i] = p;
+			return;
+		} else {
+			// check duplicated
+		        if (p->GetObjectID() == m_objSpec[i]->GetObjectID()) {
+				delete m_objSpec[i];
+				m_objSpec[i] = p;
+				return;
+			}	
+		}
+	}
+}
+
+void PKCS11Obj::RemoveObjectSpec(int p)
+{
+	if (p < MAX_OBJECT_SPEC) {
+		if (m_objSpec[p] != NULL) {
+			delete m_objSpec[p];
+			m_objSpec[p] = NULL;
+		}
+		// fill hole
+		int empty = p;
+	        for (int x = p+1; x < MAX_OBJECT_SPEC; x++) {
+			if (m_objSpec[x] != NULL) {
+				m_objSpec[empty] = m_objSpec[x];
+				m_objSpec[x] = NULL;
+				empty++;
+			}
+		}	
+	}
+}
+
+Buffer PKCS11Obj::GetData()
+{
+	Buffer data = Buffer();
+
+	unsigned short objectOffset = m_tokenName.size() + 2 + 3;
+	data += Buffer(1, (objectOffset >> 8) & 0xff);
+	data += Buffer(1, objectOffset & 0xff);
+	unsigned short objectCount = GetObjectSpecCount();
+	unsigned short objectCountX = objectCount;
+	if (objectCountX == 0) {
+		objectCountX = 0;
+	} else {
+		objectCountX = objectCountX - (objectCountX / 4);
+	}
+	data += Buffer(1, (objectCountX >> 8) & 0xff);
+	data += Buffer(1, objectCountX & 0xff);
+	data += Buffer(1, m_tokenName.size() & 0xff);
+	data += m_tokenName;
+	for (int i = 0; i < objectCount; i++) {
+	    ObjectSpec *spec = GetObjectSpec(i);
+	    unsigned long objectID = spec->GetObjectID();
+	    char c = (char)((objectID >> 24) & 0xff);
+	    unsigned long fixedAttrs = spec->GetFixedAttributes();
+	    unsigned int xclass = (fixedAttrs & 0x70) >> 4;
+	    unsigned int id = (fixedAttrs & 0x0f);
+	    /* locate all certificate objects */
+	    if (c == 'c' && xclass == CKO_CERTIFICATE) {
+		/* locate the certificate object */
+	        for (int u = 0; u < objectCount; u++) {
+	    		ObjectSpec *u_spec = GetObjectSpec(u);
+	    		unsigned long u_objectID = u_spec->GetObjectID();
+	    		char u_c = (char)((u_objectID >> 24) & 0xff);
+	    		unsigned long u_fixedAttrs = 
+				u_spec->GetFixedAttributes();
+	    		unsigned int u_xclass = (u_fixedAttrs & 0x70) >> 4;
+	    		unsigned int u_id = (u_fixedAttrs & 0x0f);
+	    		if (u_c == 'C' && u_xclass == CKO_CERTIFICATE && u_id == id) {
+	    			AttributeSpec * u_attr = 
+					u_spec->GetAttributeSpec(0);
+	    		AttributeSpec * n_attr = new AttributeSpec();
+                n_attr->SetAttributeID(u_attr->GetAttributeID());
+                n_attr->SetType(u_attr->GetType());
+                n_attr->SetData(u_attr->GetValue());
+				spec->AddAttributeSpec(n_attr);
+			}
+		}
+
+	    	data += spec->GetData();
+
+		/* locate public object */
+	        for (int x = 0; x < objectCount; x++) {
+	    		ObjectSpec *x_spec = GetObjectSpec(x);
+	    		unsigned long x_fixedAttrs = 
+				x_spec->GetFixedAttributes();
+	    		unsigned int x_xclass = (x_fixedAttrs & 0x70) >> 4;
+	    		unsigned int x_id = (x_fixedAttrs & 0x0f);
+	    		if (x_xclass == CKO_PUBLIC_KEY && x_id == id) {
+	    			data += x_spec->GetData();
+			}
+		}
+
+		/* locate private object */
+	        for (int y = 0; y < objectCount; y++) {
+	    		ObjectSpec *y_spec = GetObjectSpec(y);
+	    		unsigned long y_fixedAttrs = 
+				y_spec->GetFixedAttributes();
+	    		unsigned int y_xclass = (y_fixedAttrs & 0x70) >> 4;
+	    		unsigned int y_id = (y_fixedAttrs & 0x0f);
+	    		if (y_xclass == CKO_PRIVATE_KEY && y_id == id) {
+	    			data += y_spec->GetData();
+			}
+		}
+	    }
+	}
+
+	Buffer header = Buffer();
+	header += Buffer(1, (m_formatVersion >> 8) & 0xff);
+	header += Buffer(1, m_formatVersion & 0xff);
+	header += Buffer(1, (m_objectVersion >> 8) & 0xff);
+	header += Buffer(1, m_objectVersion & 0xff);
+	header += m_CUID;
+	// COMP_NONE = 0x00
+	// COMP_ZLIB = 0x01
+	unsigned short compressionType = 0x00;
+	header += Buffer(1, (compressionType >> 8) & 0xff);
+	header += Buffer(1, compressionType & 0xff);
+	unsigned short compressedDataSize = data.size();
+	header += Buffer(1, (compressedDataSize >> 8) & 0xff);
+	header += Buffer(1, compressedDataSize & 0xff);
+	unsigned short compressedDataOffset = 20;
+	header += Buffer(1, (compressedDataOffset >> 8) & 0xff);
+	header += Buffer(1, compressedDataOffset & 0xff);
+
+	return header + data;
+}
+
+Buffer PKCS11Obj::GetCompressedData()
+{
+	Buffer data = Buffer();
+
+	unsigned short objectOffset = m_tokenName.size() + 2 + 3;
+	data += Buffer(1, (objectOffset >> 8) & 0xff);
+	data += Buffer(1, objectOffset & 0xff);
+	unsigned short objectCount = GetObjectSpecCount();
+	unsigned short objectCountX = objectCount;
+	if (objectCountX == 0) {
+		objectCountX = 0;
+	} else {
+		objectCountX = objectCountX - (objectCountX / 4);
+	}
+	data += Buffer(1, (objectCountX >> 8) & 0xff);
+	data += Buffer(1, objectCountX & 0xff);
+	data += Buffer(1, m_tokenName.size() & 0xff);
+	data += m_tokenName;
+
+	for (int i = 0; i < objectCount; i++) {
+	    ObjectSpec *spec = GetObjectSpec(i);
+	    unsigned long objectID = spec->GetObjectID();
+	    char c = (char)((objectID >> 24) & 0xff);
+	    unsigned long fixedAttrs = spec->GetFixedAttributes();
+	    unsigned int xclass = (fixedAttrs & 0x70) >> 4;
+	    unsigned int id = (fixedAttrs & 0x0f);
+	    /* locate all certificate objects */
+	    if (c == 'c' && xclass == CKO_CERTIFICATE) {
+
+		/* locate the certificate object */
+	        for (int u = 0; u < objectCount; u++) {
+	    		ObjectSpec *u_spec = GetObjectSpec(u);
+	    		unsigned long u_objectID = u_spec->GetObjectID();
+	    		char u_c = (char)((u_objectID >> 24) & 0xff);
+	    		unsigned long u_fixedAttrs = 
+				u_spec->GetFixedAttributes();
+	    		unsigned int u_xclass = (u_fixedAttrs & 0x70) >> 4;
+	    		unsigned int u_id = (u_fixedAttrs & 0x0f);
+	    		if (u_c == 'C' && u_xclass == CKO_CERTIFICATE && u_id == id) {
+	    			AttributeSpec * u_attr = 
+					u_spec->GetAttributeSpec(0);
+	    		AttributeSpec * n_attr = new AttributeSpec();
+                n_attr->SetAttributeID(u_attr->GetAttributeID());
+                n_attr->SetType(u_attr->GetType());
+                n_attr->SetData(u_attr->GetValue());
+				spec->AddAttributeSpec(n_attr);
+			}
+		}
+
+		/* output certificate attribute object */
+	    	data += spec->GetData();
+
+		/* locate public object */
+	        for (int x = 0; x < objectCount; x++) {
+	    		ObjectSpec *x_spec = GetObjectSpec(x);
+	    		unsigned long x_fixedAttrs = 
+				x_spec->GetFixedAttributes();
+	    		unsigned int x_xclass = (x_fixedAttrs & 0x70) >> 4;
+	    		unsigned int x_id = (x_fixedAttrs & 0x0f);
+	    		if (x_xclass == CKO_PUBLIC_KEY && x_id == id) {
+	    			data += x_spec->GetData();
+			}
+		}
+
+		/* locate private object */
+	        for (int y = 0; y < objectCount; y++) {
+	    		ObjectSpec *y_spec = GetObjectSpec(y);
+	    		unsigned long y_fixedAttrs = 
+				y_spec->GetFixedAttributes();
+	    		unsigned int y_xclass = (y_fixedAttrs & 0x70) >> 4;
+	    		unsigned int y_id = (y_fixedAttrs & 0x0f);
+	    		if (y_xclass == CKO_PRIVATE_KEY && y_id == id) {
+	    			data += y_spec->GetData();
+			}
+		}
+	    }
+	}
+
+#define MAX_COMPRESS_SIZE 50000
+	char buffer[MAX_COMPRESS_SIZE];
+	unsigned long len = MAX_COMPRESS_SIZE ;
+
+    int rc = 0;
+  
+    RA::Debug("PKCS11Obj", "before compress length = %d", len);
+
+    BYTE *src_buffer = (BYTE*)data;
+
+    RA::Debug("PKCS11Obj", "sizeof src_buffer = %d", sizeof(src_buffer));
+    RA::Debug("PKCS11Obj", "data size = %d", data.size());
+
+    rc = compress((Bytef*)buffer, (uLongf*)&len, (Bytef*)src_buffer,
+               (uLong)data.size());
+
+    RA::Debug("PKCS11Obj", "after compress length = %d", len);
+    RA::Debug("PKCS11Obj", "rc = %d", rc);
+
+	Buffer compressedData = Buffer((BYTE*)buffer, len);
+
+	Buffer header = Buffer();
+	header += Buffer(1, (m_formatVersion >> 8) & 0xff);
+	header += Buffer(1, m_formatVersion & 0xff);
+	header += Buffer(1, (m_objectVersion >> 8) & 0xff);
+	header += Buffer(1, m_objectVersion & 0xff);
+	header += m_CUID;
+	// COMP_NONE = 0x00
+	// COMP_ZLIB = 0x01
+	unsigned short compressionType = 0x01;
+	header += Buffer(1, (compressionType >> 8) & 0xff);
+	header += Buffer(1, compressionType & 0xff);
+	unsigned short compressedDataSize = compressedData.size();
+	header += Buffer(1, (compressedDataSize >> 8) & 0xff);
+	header += Buffer(1, compressedDataSize & 0xff);
+	unsigned short compressedDataOffset = 20;
+	header += Buffer(1, (compressedDataOffset >> 8) & 0xff);
+	header += Buffer(1, compressedDataOffset & 0xff);
+
+	return header + compressedData;
+}
+
diff --git a/pki/base/tps/src/main/RA_Context.cpp b/pki/base/tps/src/main/RA_Context.cpp
new file mode 100644
index 000000000..e3a66cdbb
--- /dev/null
+++ b/pki/base/tps/src/main/RA_Context.cpp
@@ -0,0 +1,56 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "main/RA_Msg.h"
+#include "main/RA_Context.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a session that represents the
+ * connection between RA and the netkey client.
+ */
+TPS_PUBLIC RA_Context::RA_Context ()
+{
+}
+
+/**
+ * Destructs the session.
+ */
+TPS_PUBLIC RA_Context::~RA_Context ()
+{
+}
+
+void RA_Context::LogError(const char *func, int line, const char *fmt,...)
+{
+}
+
+void RA_Context::LogInfo(const char *func, int line, const char *fmt,...)
+{
+}
+
+void RA_Context::InitializationError(const char *func, int line)
+{
+}
+
diff --git a/pki/base/tps/src/main/RA_Msg.cpp b/pki/base/tps/src/main/RA_Msg.cpp
new file mode 100644
index 000000000..d54db69fb
--- /dev/null
+++ b/pki/base/tps/src/main/RA_Msg.cpp
@@ -0,0 +1,45 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "main/RA_Msg.h"
+#include "main/Memory.h"
+
+/**
+ * Constructs a message that represents the
+ * message between RA and the netkey client.
+ */
+RA_Msg::RA_Msg ()
+{
+}
+
+/**
+ * Destructs the message.
+ */
+RA_Msg::~RA_Msg ()
+{
+}
+
+/**
+ * Retrieves the message type.
+ */
+RA_Msg_Type RA_Msg::GetType ()
+{
+	return MSG_UNDEFINED;
+}
diff --git a/pki/base/tps/src/main/RA_Session.cpp b/pki/base/tps/src/main/RA_Session.cpp
new file mode 100644
index 000000000..57f7e4efa
--- /dev/null
+++ b/pki/base/tps/src/main/RA_Session.cpp
@@ -0,0 +1,75 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "engine/RA.h"
+#include "main/RA_Msg.h"
+#include "main/RA_Session.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a session that represents the
+ * connection between RA and the netkey client.
+ */
+TPS_PUBLIC RA_Session::RA_Session ()
+{
+}
+
+/**
+ * Destructs the session.
+ */
+TPS_PUBLIC RA_Session::~RA_Session ()
+{
+}
+
+char *RA_Session::GetRemoteIP()
+{
+	return NULL;
+}
+
+RA_pblock *RA_Session::create_pblock( char *data )
+{
+    // Since this method is virtual,
+    // report an error if no subclass method has been defined.
+    RA::Error( "RA_pblock::find_val",
+               "No subclass method has been defined for this virtual method!" );
+	return NULL;
+}
+
+/**
+ * Reads a message that is sent by 
+ * the client.
+ */
+RA_Msg *RA_Session::ReadMsg()
+{
+	return NULL;
+}
+
+/**
+ * Sends a message to the client.
+ */
+void RA_Session::WriteMsg(RA_Msg *msg)
+{
+}
diff --git a/pki/base/tps/src/main/RA_pblock.cpp b/pki/base/tps/src/main/RA_pblock.cpp
new file mode 100644
index 000000000..bea84363a
--- /dev/null
+++ b/pki/base/tps/src/main/RA_pblock.cpp
@@ -0,0 +1,176 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "prmem.h"
+
+#ifdef __cplusplus
+}
+#endif
+
+#include <string.h>
+#include "engine/RA.h"
+#include "main/Buffer.h"
+#include "main/Memory.h"
+#include "main/Util.h"
+#include "main/RA_pblock.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+TPS_PUBLIC RA_pblock::RA_pblock( int tm_nargs, Buffer_nv** tm_nvs )
+{
+    m_nargs = tm_nargs;
+
+    if( tm_nvs != NULL ) {
+        for( int i = 0; i < MAX_NVS; i++ ) {
+            m_nvs[i] = tm_nvs[i];
+        }
+    } else {
+        for( int i = 0; i < MAX_NVS; i++ ) {
+            m_nvs[i] = NULL;
+        }
+    }
+}
+
+TPS_PUBLIC RA_pblock::~RA_pblock()
+{
+    free_pblock();
+}
+
+Buffer_nv **RA_pblock::GetNVs()
+{
+    return m_nvs;
+}
+
+// returns url-decoded value
+TPS_PUBLIC Buffer *RA_pblock::find_val( const char * name )
+{
+    for( int i = 0; i < m_nargs; i++ ) {
+        if( i >= MAX_NVS ) {
+          continue;
+        }
+
+        if( ( m_nvs[i] == NULL )       ||
+            ( m_nvs[i]->name == NULL ) ||
+            ( m_nvs[i]->value == NULL ) ) {
+            continue;
+        }
+
+        if( PR_CompareStrings( m_nvs[i]->name, name ) == 1 ) {
+            return m_nvs[i]->value;
+        }
+    }
+
+    return NULL;
+}
+
+TPS_PUBLIC char *RA_pblock::get_name( int i )
+{
+    return m_nvs[i]->name; 
+}
+
+TPS_PUBLIC int RA_pblock::get_num_of_names()
+{
+    return m_nargs;
+}
+
+// returns non-urldecoded value
+TPS_PUBLIC char* RA_pblock::find_val_s( const char * name )
+{
+    RA::Debug( LL_PER_PDU, "RA_pblock::find_val_s",
+               "searching for name= %s", name );
+
+    int end = m_nargs;
+
+    if( MAX_NVS < m_nargs ) {
+        RA::Error( "RA_pblock::find_val_s",
+                   "MAX_NVS too small, needs increasing... "
+                   "m_nargs= %d, MAX_NVS=%d", m_nargs, MAX_NVS );
+        end = MAX_NVS;
+    }
+
+    for( int i = 0; i < end; i++ ) {
+        if( ( m_nvs[i] == NULL )       ||
+            ( m_nvs[i]->name == NULL ) ||
+            ( m_nvs[i]->value_s == NULL ) ) {
+            continue;
+        }
+
+        /* RA::Debug( LL_PER_PDU, "RA_pblock::find_val_s", */
+        /*            "found %s", m_nvs[i]->name );        */
+
+        if( PR_CompareStrings( m_nvs[i]->name, name ) == 1 ) {
+            return m_nvs[i]->value_s;
+        }
+    }
+
+    return NULL;
+}
+
+void RA_pblock::free_pblock()
+{
+    RA::Debug( LL_PER_PDU, "RA_pblock::free_pblock", "in free_pblock" );
+
+    int end = m_nargs;
+
+    if( MAX_NVS < m_nargs ) {
+        RA::Error( "RA_pblock::free_pblock",
+                   "MAX_NVS too small, needs increasing... "
+                   "m_nargs= %d, MAX_NVS=%d", m_nargs, MAX_NVS );
+        end = MAX_NVS;
+    }
+
+    for( int i = 0; i < end ; i++ ) {
+        if( m_nvs[i] == NULL ) {
+            continue;
+        }
+
+        if( m_nvs[i]->value ) {
+            delete( m_nvs[i]->value );
+            m_nvs[i]->value = NULL;
+        }
+
+        if( m_nvs[i]->value_s ) {
+            delete( m_nvs[i]->value_s );
+            m_nvs[i]->value_s = NULL;
+        }
+
+        if( m_nvs[i]->name != NULL ) {
+            PL_strfree( m_nvs[i]->name );
+            m_nvs[i]->name = NULL;
+        }
+
+        if( m_nvs[i] != NULL ) {
+            PR_Free( m_nvs[i] );
+            m_nvs[i] = NULL;
+        }
+    }
+
+    RA::Debug( LL_PER_PDU, "RA_pblock::free_pblock", "in free_pblock done" );
+}
+
diff --git a/pki/base/tps/src/main/SecureId.cpp b/pki/base/tps/src/main/SecureId.cpp
new file mode 100644
index 000000000..46394100e
--- /dev/null
+++ b/pki/base/tps/src/main/SecureId.cpp
@@ -0,0 +1,71 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "plstr.h"
+#include "main/SecureId.h"
+#include "main/Memory.h"
+
+/**
+ * Creates a Secure ID object.
+ */
+SecureId::SecureId (char *value, char *pin)
+{
+    if (value == NULL) {
+	    m_value = NULL;
+    } else {
+	    m_value = PL_strdup(value);
+    }
+    if (pin == NULL) {
+	    m_pin = NULL;
+    } else {
+	    m_pin = PL_strdup(pin);
+    }
+}
+
+/**
+ * Destructs a Secure ID object.
+ */
+SecureId::~SecureId ()
+{
+    if( m_value != NULL ) {
+        PL_strfree( m_value );
+        m_value = NULL;
+    }
+    if( m_pin != NULL ) {
+        PL_strfree( m_pin );
+        m_pin = NULL;
+    }
+}
+
+/**
+ * Retrieves the optional Secure ID value.
+ */
+char *SecureId::GetValue()
+{
+	return m_value;
+}
+
+/**
+ * Retrieves the Secure ID PIN.
+ */ 
+char *SecureId::GetPIN()
+{
+	return m_pin;
+}
diff --git a/pki/base/tps/src/main/Util.cpp b/pki/base/tps/src/main/Util.cpp
new file mode 100644
index 000000000..45d52c269
--- /dev/null
+++ b/pki/base/tps/src/main/Util.cpp
@@ -0,0 +1,1139 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <string.h>
+#include "prmem.h"
+#include "pk11func.h"
+#include "main/Util.h"
+#include "main/Buffer.h"
+#include "engine/RA.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+TPS_PUBLIC Util::Util ()
+{
+}
+
+TPS_PUBLIC Util::~Util ()
+{
+}
+
+TPS_PUBLIC int Util::ascii2numeric (char c) 
+{
+    int num;
+    switch (c) {
+        case '0': case '1': case '2':case '3':case '4':case '5':
+        case '6': case '7': case '8': case '9':
+            num = c - '0';
+            break;
+        default:
+            num = -1;
+            break; 
+    } 
+    return num;
+}
+
+static BYTE ZERO[1] = { 0 };
+static BYTE ONE[1] = { 1 };
+
+TPS_PUBLIC BYTE* Util::bool2byte(bool b) {
+    if (b)
+        return ONE;
+    else
+        return ZERO;
+}
+
+static int isAlphaNumeric (char ch)
+{
+    return ((ch >='a') && (ch <= 'z') ||   /* logical AND &&, OR || */ 
+  	    (ch >='A') && (ch <= 'Z') || 
+	    (ch >='0') && (ch <= '9') );
+}
+
+static char bin2hex (BYTE ch)
+{
+    ch = ch & 0x0f; 
+    ch += '0';
+    if (ch > '9')
+            ch += 7;
+    return (ch);
+}
+
+static BYTE hex2bin (BYTE ch)
+{
+      if (ch > '9')
+            ch = ch - 'A' + 10;
+      else
+            ch = ch - '0';
+      return (ch);
+}
+
+
+TPS_PUBLIC char *Util::SpecialURLEncode(Buffer &data) {
+        int i;
+        BYTE *buf = (BYTE*)data;
+        int len = (int)data.size();
+        char *ret = NULL;
+	int sum = 0;
+
+        for (i = 0; i < len; i ++) {
+                if (buf[i] == ' ') {
+                        sum+=1;
+                } else if (isAlphaNumeric(buf[i])) {
+                        sum+=1;
+                } else {
+                        sum+=3;
+                }
+        }
+	ret = (char *)PR_Malloc(sum + 1); // allocate more than we may need
+	if (ret == NULL)
+		return NULL;
+        char *cur = ret;
+
+        for (i = 0; i < len; i ++) {
+                if (buf[i] == ' ') {
+                        *cur++ = '+';
+                } else if (isAlphaNumeric(buf[i])) {
+                        *cur++ = buf[i];
+                } else {
+                        *cur++ = '#';
+                        *cur++ = bin2hex(buf[i] >> 4);
+                        *cur++ = bin2hex(buf[i]);
+                }
+        }
+        *cur = '\0'; // null-terminated
+        return ret;
+}
+
+TPS_PUBLIC char *Util::URLEncode (Buffer &data)
+{
+	int i;
+	BYTE *buf = (BYTE*)data;
+        int len = (int)data.size();
+	int sum = 0;
+
+	for (i = 0; i < len; i ++) {
+                if (buf[i] == ' ') { 
+			sum+=1;
+		} else if (isAlphaNumeric(buf[i])) { 
+			sum+=1;
+		} else { 
+			sum+=3;
+		}
+	}
+	char *ret = (char *)PR_Malloc(sum + 1); // allocate more than we may need
+	char *cur = ret;
+
+	for (i = 0; i < len; i ++) {
+                if (buf[i] == ' ') { 
+			*cur++ = '+'; 
+		} else if (isAlphaNumeric(buf[i])) { 
+			*cur++ = buf[i]; 
+		} else { 
+			*cur++ = '%'; 
+			*cur++ = bin2hex(buf[i] >> 4); 
+			*cur++ = bin2hex(buf[i]); 
+		}
+	}
+	*cur = '\0'; // null-terminated
+	return ret;
+}
+
+TPS_PUBLIC char *Util::URLEncodeInHex (Buffer &data)
+{
+	int i;
+	BYTE *buf = (BYTE*)data;
+        int len = (int)data.size();
+	int sum = 0;
+
+	for (i = 0; i < len; i ++) {
+		sum+=3;
+	}
+
+	char *ret = (char *)PR_Malloc(sum + 1); // allocate more than we may need
+	char *cur = ret;
+
+	for (i = 0; i < len; i ++) {
+		*cur++ = '%'; 
+		*cur++ = bin2hex(buf[i] >> 4); 
+		*cur++ = bin2hex(buf[i]); 
+	}
+	*cur = '\0'; // null-terminated
+	return ret;
+}
+
+TPS_PUBLIC char * Util::URLEncode1(const char *str)
+{
+	int sum = 0;
+  if (str == NULL)
+    return NULL;
+
+    // URL-encode the base-64 encoded public key. This code copies
+    // From input buffer str[] to output buffer encoded_str[]
+    int i = 0;
+    int j = 0;
+    char c;
+
+    i = 0;
+    j = 0;
+    while (1) {
+        c = str[j];
+        if (c == '/') {
+            sum+=3;
+        } else if (c == '=') {
+            sum+=3;
+        } else if (c == '\r') {
+            sum+=3;
+        } else if (c == '\n') {
+            sum+=3;
+        } else if (c == '+') {
+            sum+=3;
+        } else if (c == '&') {
+            sum+=3;
+        } else if (c == ' ') {
+            sum+=1;
+        } else {
+            sum+=1;
+        }
+        if (c == '\0') {
+            break;
+        }
+        i++;
+        j++;
+    }
+
+  char *encoded_str = (char *)PR_Malloc(sum); //allocate more than we may need
+  
+  if (encoded_str == NULL)
+	  return NULL;
+
+    i = 0;
+    j = 0;
+    while (1) {
+        c = str[j];
+        if (c == '/') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '2';
+            encoded_str[i] = 'F';
+        } else if (c == '&') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '2';
+            encoded_str[i] = '6';
+        } else if (c == '=') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '3';
+            encoded_str[i] = 'D';
+        } else if (c == '\r') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '0';
+            encoded_str[i] = 'D';
+        } else if (c == '\n') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '0';
+            encoded_str[i] = 'A';
+        } else if (c == '+') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '2';
+            encoded_str[i] = 'B';
+        } else if (c == ' ') {
+            encoded_str[i] = '+';
+        } else {
+            encoded_str[i] = str[j];
+        }
+        if (encoded_str[i] == '\0') {
+            break;
+        }
+        i++;
+        j++;
+    }
+    encoded_str[i] = '\0';
+
+    // DONT print, some of the sensitive information get printed.
+    /*
+    RA::Debug(LL_PER_PDU, "CertEnroll::urlEncode",
+          "URL-encoded encoded_str =%s",encoded_str);
+    */
+
+    return encoded_str;
+}
+/**
+ * this urlEncode function takes a char string
+ */
+TPS_PUBLIC char * Util::URLEncode(const char *str)
+{
+	int sum = 0;
+  if (str == NULL)
+    return NULL;
+
+    // URL-encode the base-64 encoded public key. This code copies
+    // From input buffer str[] to output buffer encoded_str[]
+    int i = 0;
+    int j = 0;
+    char c;
+
+    i = 0;
+    j = 0;
+    while (1) {
+        c = str[j];
+        if (c == '/') {
+            sum+=3;
+        } else if (c == '=') {
+            sum+=3;
+        } else if (c == '\r') {
+            sum+=3;
+        } else if (c == '\n') {
+            sum+=3;
+        } else if (c == '+') {
+            sum+=3;
+        } else if (c == ' ') {
+            sum+=1;
+        } else {
+            sum+=1;
+        }
+        if (c == '\0') {
+            break;
+        }
+        i++;
+        j++;
+    }
+
+  char *encoded_str = (char *)PR_Malloc(sum); //allocate more than we may need
+  
+  if (encoded_str == NULL)
+	  return NULL;
+
+    i = 0;
+    j = 0;
+    while (1) {
+        c = str[j];
+        if (c == '/') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '2';
+            encoded_str[i] = 'F';
+        } else if (c == '=') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '3';
+            encoded_str[i] = 'D';
+        } else if (c == '\r') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '0';
+            encoded_str[i] = 'D';
+        } else if (c == '\n') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '0';
+            encoded_str[i] = 'A';
+        } else if (c == '+') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '2';
+            encoded_str[i] = 'B';
+        } else if (c == ' ') {
+            encoded_str[i] = '+';
+        } else {
+            encoded_str[i] = str[j];
+        }
+        if (encoded_str[i] == '\0') {
+            break;
+        }
+        i++;
+        j++;
+    }
+    encoded_str[i] = '\0';
+
+    // DONT print, some of the sensitive information get printed.
+    /*
+    RA::Debug(LL_PER_PDU, "CertEnroll::urlEncode",
+          "URL-encoded encoded_str =%s",encoded_str);
+    */
+
+    return encoded_str;
+}
+
+/* s Format: 01AFEE */
+TPS_PUBLIC Buffer *Util::Str2Buf (const char *s)
+{
+	int len = strlen(s) / 2;
+        BYTE *ret = (BYTE *)PR_Malloc(len);
+        if (ret == NULL)
+                return NULL;
+
+        for (int i = 0; i < len; i ++) {
+               ret[i] = hex2bin(s[i*2]) * 16 + hex2bin(s[i*2+1]);
+        }
+
+	Buffer *newbuf = new Buffer(ret, len);
+        if( ret != NULL ) {
+            PR_Free( ret );
+            ret = NULL;
+        }
+        return newbuf;
+}
+
+TPS_PUBLIC char *Util::Buffer2String (Buffer &data)
+{
+	int i;
+	BYTE *buf = (BYTE*)data;
+        int len = (int)data.size();
+	int sum = 0;
+
+	for (i = 0; i < len; i ++) {
+		sum+=2;
+	}
+	char *ret = (char *)PR_Malloc(sum + 1); // allocate more than we may need
+	if (ret == NULL)
+		return NULL;
+	char *cur = ret;
+
+	for (i = 0; i < len; i ++) {
+		*cur++ = bin2hex(buf[i] >> 4); 
+		*cur++ = bin2hex(buf[i]); 
+	}
+	*cur = '\0'; // null-terminated
+	return ret;
+}
+
+TPS_PUBLIC Buffer *Util::SpecialURLDecode(const char *data)
+{
+        int i;
+        Buffer buf;
+        Buffer *ret = NULL;
+        int len = strlen(data);
+        BYTE *tmp = NULL;
+        int sum = 0;
+
+        if (len == 0)
+            return NULL;
+        tmp = (BYTE *)malloc(len);
+	if (tmp == NULL)
+		return NULL;
+        for (i = 0; i < len; i++) {
+                if (data[i] == '+') {
+                        tmp[sum++] = ' ';
+                } else if (data[i] == '#') {
+                        tmp[sum++] = (hex2bin(data[i+1]) << 4) + hex2bin(data[i+2]);
+                        i+=2;
+                } else {
+                        tmp[sum++] = (BYTE)data[i];
+                }
+        }
+
+        ret = new Buffer(tmp, sum);
+        if( tmp != NULL ) {
+            free( tmp );
+            tmp = NULL;
+        }
+        return ret;
+}
+
+TPS_PUBLIC Buffer *Util::URLDecode(const char *data)
+{
+	int i;
+	Buffer buf;
+        Buffer *ret = NULL;
+	int len = strlen(data);
+	BYTE *tmp = NULL;
+	int sum = 0;
+
+        if (len == 0)
+            return NULL;
+        tmp = (BYTE *)PR_Malloc(len);
+	for (i = 0; i < len; i++) {
+		if (data[i] == '+') {
+			tmp[sum++] = ' ';
+		} else if (data[i] == '%') {
+			tmp[sum++] = (hex2bin(data[i+1]) << 4) + hex2bin(data[i+2]);
+			i+=2;
+		} else {
+			tmp[sum++] = (BYTE)data[i];
+		}
+	}	
+
+        ret = new Buffer(tmp, sum);
+        if( tmp != NULL ) {
+            PR_Free( tmp );
+            tmp = NULL;
+        }
+	return ret;
+}
+
+
+TPS_PUBLIC PRStatus Util::GetRandomChallenge(Buffer &random)
+{
+        PRStatus rv = PR_FAILURE;
+	SECStatus status;
+
+	status = PK11_GenerateRandom(random, random.size()); 
+	if (status != SECSuccess) {
+                goto loser;
+        }
+	rv = PR_SUCCESS;
+loser:
+        return rv;
+} /* GetRandomChallenge */
+
+#define DES2_WORKAROUND
+
+TPS_PUBLIC PK11SymKey *Util::DiversifyKey(PK11SymKey *masterKey, Buffer &data, PK11SlotInfo *slot)
+{
+    PK11SymKey *key = NULL;
+    PRStatus status = PR_FAILURE ;
+    PK11Context *context = NULL;
+#ifdef DES2_WORKAROUND
+    unsigned char keyData[24];
+#else
+    unsigned char keyData[16];
+#endif
+    SECItem keyItem = { siBuffer, keyData, sizeof keyData };
+    SECStatus s;
+    int i;
+    int len;
+    static SECItem noParams = { siBuffer, 0, 0 };
+
+    /* XXX 
+           - masterKey could be just a double-length 
+             DES Key (16 bytes).
+           - we may need to add the first 8 bytes to
+             the end to make the key 24 bytes long (DES3 Key)
+     */
+    context = PK11_CreateContextBySymKey(CKM_DES3_ECB, CKA_ENCRYPT, 
+                    masterKey,
+                    &noParams);
+    if (!context) goto done;
+
+    /* Part 1 */
+    s = PK11_CipherOp(context, &keyData[0], &len, 8, &((BYTE*)data)[0], 8);
+    if (s != SECSuccess) goto done;
+
+    /* Part 2 */
+    s = PK11_CipherOp(context, &keyData[8], &len, 8, &((BYTE*)data)[8], 8);
+    if (s != SECSuccess) goto done;
+
+#ifdef DES2_WORKAROUND
+    /* Part 3 */
+    for(i = 0;i < 8;i++)
+    {
+        keyData[i+16] = keyData[i];
+    }
+#endif
+
+    key = PK11_ImportSymKeyWithFlags(
+                slot,
+                CKM_DES3_ECB, 
+                PK11_OriginGenerated,
+                CKA_ENCRYPT, 
+                &keyItem, CKF_SIGN | CKF_ENCRYPT, PR_FALSE, 0);
+
+    status = PR_SUCCESS;
+    
+done:
+
+    return key;
+}
+
+TPS_PUBLIC PRStatus Util::ComputeKeyCheck(const Buffer& newKey, Buffer& output)
+{
+    PK11SymKey *key = NULL;
+    PRStatus status = PR_FAILURE ;
+    PK11SlotInfo *slot = PK11_GetInternalKeySlot();
+    PK11Context *context = NULL;
+    SECStatus s = SECFailure;
+    int len;
+    static SECItem noParams = { siBuffer, 0, 0 };
+#ifdef DES2_WORKAROUND
+    unsigned char keyData[24];
+#else
+    unsigned char keyData[16];
+#endif
+    SECItem keyItem = {siBuffer, keyData, sizeof(keyData) };
+    unsigned char value[8];
+    // convert 16-byte to 24-byte triple-DES key
+    memcpy(keyData, newKey, 16);
+#ifdef DES2_WORKAROUND
+    memcpy(keyData+16, newKey, 8);
+#endif
+
+    memset(value, 0, sizeof value);
+
+    key = PK11_ImportSymKeyWithFlags(slot, CKM_DES3_ECB,
+                   PK11_OriginGenerated, CKA_ENCRYPT, &keyItem,
+                   CKF_ENCRYPT, PR_FALSE, 0);
+    if( ! key ) {
+        goto done;
+    }
+
+    context = PK11_CreateContextBySymKey(CKM_DES3_ECB, CKA_ENCRYPT, key,
+                    &noParams);
+    if (!context) {
+        goto done;
+    }
+    s = PK11_CipherOp(context, &value[0], &len, 8, &value[0], 8);
+    if (s != SECSuccess) {
+        goto done;
+    }
+
+    output.resize(3);
+    output.replace(0, value, 3);
+
+    status = PR_SUCCESS;
+done:
+    memset(keyData, 0, sizeof keyData);
+    if( context != NULL ) {
+        PK11_DestroyContext( context, PR_TRUE );
+        context = NULL;
+    }
+    if( slot != NULL ) {
+        PK11_FreeSlot( slot );
+        slot = NULL;
+    }
+    if( key != NULL ) {
+        PK11_FreeSymKey( key );
+        key = NULL;
+    }
+
+    return status;
+}
+
+TPS_PUBLIC PRStatus Util::ComputeCryptogram(PK11SymKey *key, 
+	const Buffer &card_challenge, const Buffer &host_challenge,
+	Buffer &output)
+{
+	Buffer icv(8, (BYTE)0);
+	Buffer input = card_challenge + host_challenge;
+
+	return ComputeMAC(key, input, icv, output);
+} /* ComputeCryptogram */
+
+
+TPS_PUBLIC PRStatus Util::ComputeMAC(PK11SymKey *key, Buffer &x_input, 
+		const Buffer &icv, Buffer &output)
+{
+    PRStatus rv = PR_SUCCESS;
+    PK11Context *context = NULL;
+//    NetkeyICV temp;
+    unsigned char result[8];
+    int i;
+    SECStatus s;
+    int len;
+#ifdef USE_DESMAC
+    CK_ULONG macLen = sizeof result;
+    SECItem params = { siBuffer, (unsigned char *)&macLen, sizeof macLen };
+#endif
+    static SECItem noParams = { siBuffer, 0, 0 };
+    static unsigned char macPad[] = {
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    };
+    BYTE *input = (BYTE *) x_input;	
+    int inputLen = x_input.size();
+
+#ifdef USE_DESMAC
+    context = PK11_CreateContextBySymKey(CKM_DES3_MAC_GENERAL, CKA_SIGN,
+                                key, &params);
+    if (!context) { rv = PR_FAILURE; goto done; }
+
+    s = PK11_DigestBegin(context);
+    if (s != SECSuccess) { rv = PR_FAILURE; goto done; }
+
+    s = PK11_DigestOp(context, icv, 8);
+    if (s != SECSuccess) { rv = PR_FAILURE; goto done; }
+
+    while(inputLen >= 8)
+    {
+        s = PK11_DigestOp(context, input, 8);
+        if (s != SECSuccess) { rv = PR_FAILURE; goto done; }
+
+        input += 8;
+        inputLen -= 8;
+    }
+
+    for (i = 0;i < inputLen;i++)
+    {
+        result[i] = input[i];
+    }
+
+    input = macPad;
+    for(;i < 8;i++)
+    {
+        result[i] = *input++;
+    }
+
+    s = PK11_DigestOp(context, result, sizeof result);
+    if (s != SECSuccess) { rv = PR_FAILURE; goto done; }
+
+    s = PK11_DigestFinal(context, output, (unsigned int *)&len, sizeof output);
+    if (1 != SECSuccess) { rv = PR_FAILURE; goto done; }
+
+#else
+
+    context = PK11_CreateContextBySymKey(CKM_DES3_ECB, CKA_ENCRYPT, key, &noParams);
+    if (!context) { rv = PR_FAILURE; goto done; }
+
+    memcpy(result, icv, sizeof result);
+
+    /* Process whole blocks */
+    while(inputLen >= 8)
+    {
+        for(i = 0;i < 8;i++)
+        {
+            result[i] ^= input[i];
+        }
+
+        s = PK11_CipherOp(context, result, &len, sizeof result, result, sizeof result);
+        if (s != SECSuccess) { rv = PR_FAILURE; goto done; }
+        if (len != sizeof result) /* assert? */
+        {
+            //PR_SetError(PR_UNKNOWN_ERROR, 0);
+            rv = PR_FAILURE;
+            goto done;
+        }
+
+        input += 8;
+        inputLen -= 8;
+    }
+
+    /*
+     * Fold in remaining data (if any)
+     * Set i to number of bytes processed
+     */
+    for(i = 0;i < inputLen;i++)
+    {
+        result[i] ^= input[i];
+    }
+
+    /*
+     * Fill remainder of last block. There
+     * will be at least one byte handled here.
+     */
+    input = macPad;
+    while(i < 8)
+    {
+        result[i] ^= *input++;
+        i++;
+    }
+
+    s = PK11_CipherOp(context, result, &len, sizeof result, result, sizeof result);
+    if (s != SECSuccess) { rv = PR_FAILURE; goto done; }
+    if (len != sizeof result)
+    {
+        //PR_SetError(PR_UNKNOWN_ERROR, 0);
+        rv = PR_FAILURE;
+        goto done;
+    }
+
+    output.replace(0, result, sizeof result);
+#endif
+
+done:
+    if( context != NULL )
+    {
+        PK11_Finalize( context );
+        PK11_DestroyContext( context, PR_TRUE );
+        context = NULL;
+    }
+    memset(result, 0, sizeof result);
+
+    return rv;
+} /* ComputeMAC */
+
+TPS_PUBLIC PK11SymKey *Util::DeriveKey(const Buffer& permKey,
+                        const Buffer& hostChallenge,
+                        const Buffer& cardChallenge)
+{
+    PK11SymKey *key = NULL, *master = NULL;
+    PK11SlotInfo *slot = PK11_GetInternalKeySlot();
+    PK11Context *context = NULL;
+    unsigned char derivationData[16];
+#ifdef DES2_WORKAROUND
+    unsigned char keyData[24];
+#else
+    unsigned char keyData[16];
+#endif
+    int i;
+    SECStatus s;
+    int len;
+    SECItem keyItem = { siBuffer, keyData, sizeof keyData };
+    static SECItem noParams = { siBuffer, 0, 0 };
+    BYTE masterKeyData[24];
+    SECItem masterKeyItem = {siBuffer, masterKeyData, sizeof(masterKeyData) };
+
+    // convert 16-byte to 24-byte triple-DES key
+    memcpy(masterKeyData, permKey, 16);
+    memcpy(masterKeyData+16, permKey, 8);
+
+    master = PK11_ImportSymKeyWithFlags(slot, CKM_DES3_ECB,
+                   PK11_OriginGenerated, CKA_ENCRYPT, &masterKeyItem,
+                   CKF_ENCRYPT, PR_FALSE, 0);
+    if( ! master ) goto done;
+
+    for(i = 0;i < 4;i++)
+    {
+        derivationData[i] = cardChallenge[i+4];
+        derivationData[i+4] = hostChallenge[i];
+        derivationData[i+8] = cardChallenge[i];
+        derivationData[i+12] = hostChallenge[i+4];
+    }
+    context = PK11_CreateContextBySymKey(CKM_DES3_ECB, CKA_ENCRYPT, master,
+                    &noParams);
+    if (!context) goto done;
+
+    /* Part 1 */
+    s = PK11_CipherOp(context, &keyData[0], &len, 8, &derivationData[0], 8);
+    if (s != SECSuccess) goto done;
+
+    /* Part 2 */
+    s = PK11_CipherOp(context, &keyData[8], &len, 8, &derivationData[8], 8);
+    if (s != SECSuccess) goto done;
+
+#ifdef DES2_WORKAROUND
+    /* Part 3 */
+    for(i = 0;i < 8;i++)
+    {
+        keyData[i+16] = keyData[i];
+    }
+#endif
+
+    key = PK11_ImportSymKeyWithFlags(slot, CKM_DES3_ECB, PK11_OriginGenerated,
+                   CKA_ENCRYPT, &keyItem, CKF_SIGN | CKF_ENCRYPT, PR_FALSE, 0);
+
+done:
+    memset(keyData, 0, sizeof keyData);
+    if( context != NULL ) {
+        PK11_DestroyContext( context, PR_TRUE );
+        context = NULL;
+    }
+    if( slot != NULL ) {
+        PK11_FreeSlot( slot );
+        slot = NULL;
+    }
+    if( master != NULL ) {
+        PK11_FreeSymKey( master );
+        master = NULL;
+    }
+
+    return key;
+}
+
+/**
+ *
+ * 01 
+ * 81 10 B4 BA A8 9A 8C D0 29 2B 45 21 0E    (AUTH KEY)
+ * 1B C8 4B 1C 31 
+ * 03 8B AF 47
+ * 81 10 B4 BA A8 9A 8C D0 29 2B 45 21 0E    (MAC KEY) 
+ * 1B C8 4B 1C 31 
+ * 03 8B AF 47  
+ * 81 10 B4 BA A8 9A 8C D0 29 2B 45 21 0E    (KEK KEY)
+ * 1B C8 4B 1C 31 
+ * 03 8B AF 47 
+ *
+ */
+TPS_PUBLIC PRStatus Util::CreateKeySetData(Buffer &newMasterVer, Buffer &old_kek_key, Buffer &new_auth_key, Buffer &new_mac_key, Buffer &new_kek_key, Buffer &output)
+{
+    PRStatus rv = PR_FAILURE;
+
+    Buffer result;
+
+    Buffer encrypted_auth_key(16);
+    Util::EncryptData(old_kek_key, new_auth_key, encrypted_auth_key);
+    Buffer kc_auth_key(3);
+    Util::ComputeKeyCheck(new_auth_key, kc_auth_key);
+    Buffer encrypted_mac_key(16);
+    Util::EncryptData(old_kek_key, new_mac_key, encrypted_mac_key);
+    Buffer kc_mac_key(3);
+    Util::ComputeKeyCheck(new_mac_key, kc_mac_key);
+    Buffer encrypted_kek_key(16);
+    Util::EncryptData(old_kek_key, new_auth_key, encrypted_kek_key);
+    Buffer kc_kek_key(3);
+    Util::ComputeKeyCheck(new_kek_key, kc_kek_key);
+
+    result = newMasterVer +
+          Buffer(1, (BYTE)0x81) +
+          Buffer(1, (BYTE)0x10) +
+          encrypted_auth_key +
+          Buffer(1, (BYTE)0x03) +
+          kc_auth_key +
+          Buffer(1, (BYTE)0x81) +
+          Buffer(1, (BYTE)0x10) +
+          encrypted_mac_key +
+          Buffer(1, (BYTE)0x03) +
+          kc_mac_key +
+          Buffer(1, (BYTE)0x81) +
+          Buffer(1, (BYTE)0x10) +
+          encrypted_kek_key +
+          Buffer(1, (BYTE)0x03) +
+          kc_kek_key;
+
+    output = result;
+
+    rv = PR_SUCCESS;
+    return rv;
+}
+
+
+/*
+ * for Secure Messaging in Secure Channel
+ */
+TPS_PUBLIC PRStatus Util::EncryptData(PK11SymKey *encSessionKey,
+			   Buffer &input, Buffer &output)
+{
+    PRStatus rv = PR_FAILURE;
+    SECStatus s = SECFailure;
+    //static SECItem noParams = { siBuffer, 0, 0 };
+    static unsigned char d[8] = { 0,0,0,0,0,0,0,0 };
+    static SECItem ivParams = { siBuffer, d, 8 };
+    PK11Context *context = NULL;
+    unsigned char result[8];
+    int len;
+    int i;
+
+    /* this is ECB mode
+    context = PK11_CreateContextBySymKey(CKM_DES3_ECB, CKA_ENCRYPT, encSessionKey,
+                    &noParams);
+    */
+    // use CBC mode
+    context = PK11_CreateContextBySymKey(CKM_DES3_CBC, CKA_ENCRYPT, encSessionKey,
+                    &ivParams);
+    if (!context) {
+        goto done;
+    }
+
+    for(i = 0;i < (int)input.size();i += 8) {
+        s = PK11_CipherOp(context, result, &len, 8,
+                (unsigned char *)(((BYTE*)input)+i), 8);
+
+        if (s != SECSuccess) {
+            goto done;
+        }
+	output.replace(i, result, 8);
+    }
+
+    rv = PR_SUCCESS;
+//    RA::Debug("Util::EncryptData", "success");
+done:
+
+    //#define VRFY_ENC_SESSION_KEY
+    // fix this to use CBC mode later
+#ifdef VRFY_ENC_SESSION_KEY
+    Buffer enc_key_buffer = Buffer((BYTE *) PK11_GetKeyData(encSessionKey)->data, PK11_GetKeyData(encSessionKey)->len);
+        RA::DebugBuffer("Util::EncryptData", "Verifying Encrypted Data",
+		&output);
+        Buffer out1 = Buffer(16, (BYTE)0);
+	PRStatus status = Util::DecryptData(enc_key_buffer, output, out1);
+        RA::DebugBuffer("Util::EncryptData", "Decrypted Data",
+		&out1);
+#endif
+
+
+    if( context != NULL ) {
+        PK11_DestroyContext( context, PR_TRUE );
+        context = NULL;
+    }
+
+    return rv;
+}
+
+
+TPS_PUBLIC PRStatus Util::EncryptData(Buffer &kek_key, Buffer &input, Buffer &output)
+{
+    PRStatus rv = PR_FAILURE;
+
+    PK11SymKey *master = NULL;
+    PK11SlotInfo *slot = PK11_GetInternalKeySlot();
+    PK11Context *context = NULL;
+    int i;
+    SECStatus s = SECFailure;
+    int len;
+    static SECItem noParams = { siBuffer, 0, 0 };
+#ifdef DES2_WORKAROUND
+    unsigned char masterKeyData[24];
+#else
+    unsigned char masterKeyData[16];
+#endif
+    SECItem masterKeyItem = {siBuffer, masterKeyData, sizeof(masterKeyData) };
+    unsigned char result[8];
+
+    // convert 16-byte to 24-byte triple-DES key
+    memcpy(masterKeyData, (BYTE*)kek_key, 16);
+#ifdef DES2_WORKAROUND
+    memcpy(masterKeyData+16, (BYTE*)kek_key, 8);
+#endif
+
+    master = PK11_ImportSymKeyWithFlags(slot, CKM_DES3_ECB,
+                   PK11_OriginGenerated, CKA_ENCRYPT, &masterKeyItem,
+                   CKF_ENCRYPT, PR_FALSE, 0);
+    if( ! master ) {
+        goto done;
+    }
+
+    context = PK11_CreateContextBySymKey(CKM_DES3_ECB, CKA_ENCRYPT, master,
+                    &noParams);
+    if (!context) {
+        goto done;
+    }
+
+    for(i = 0;i < (int)input.size();i += 8) {
+        s = PK11_CipherOp(context, result, &len, 8,
+                (unsigned char *)(((BYTE*)input)+i), 8);
+
+        if (s != SECSuccess) {
+            goto done;
+        }
+	output.replace(i, result, 8);
+    }
+
+    rv = PR_SUCCESS;
+
+done:
+
+    memset(masterKeyData, 0, sizeof masterKeyData);
+    if( context != NULL ) {
+        PK11_DestroyContext( context, PR_TRUE );
+        context = NULL;
+    }
+    if( slot != NULL ) {
+        PK11_FreeSlot( slot );
+        slot = NULL;
+    }
+    if( master != NULL ) {
+        PK11_FreeSymKey( master );
+        master = NULL;
+    }
+
+    return rv;
+}
+
+TPS_PUBLIC PRStatus Util::DecryptData(Buffer &kek_key, Buffer &input, Buffer &output)
+{
+    PRStatus rv = PR_FAILURE;
+
+    PK11SymKey *master = NULL;
+    PK11SlotInfo *slot = PK11_GetInternalKeySlot();
+    PK11Context *context = NULL;
+    int i;
+    SECStatus s = SECFailure;
+    int len;
+    static SECItem noParams = { siBuffer, 0, 0 };
+#ifdef DES2_WORKAROUND
+    unsigned char masterKeyData[24];
+#else
+    unsigned char masterKeyData[16];
+#endif
+    SECItem masterKeyItem = {siBuffer, masterKeyData, sizeof(masterKeyData) };
+    unsigned char result[8];
+
+    // convert 16-byte to 24-byte triple-DES key
+    memcpy(masterKeyData, (BYTE*)kek_key, 16);
+#ifdef DES2_WORKAROUND
+    memcpy(masterKeyData+16, (BYTE*)kek_key, 8);
+#endif
+
+    master = PK11_ImportSymKeyWithFlags(slot, CKM_DES3_ECB,
+                   PK11_OriginGenerated, CKA_DECRYPT, &masterKeyItem,
+                   CKF_DECRYPT, PR_FALSE, 0);
+    if( ! master ) {
+        goto done;
+    }
+
+    context = PK11_CreateContextBySymKey(CKM_DES3_ECB, CKA_DECRYPT, master,
+                    &noParams);
+    if (!context) {
+        goto done;
+    }
+
+    for(i = 0;i < (int)input.size();i += 8) {
+        s = PK11_CipherOp(context, result, &len, 8,
+                (unsigned char *)(((BYTE *)input)+i), 8);
+
+        if (s != SECSuccess) {
+            goto done;
+        }
+	output.replace(i, result, 8);
+    }
+
+    rv = PR_SUCCESS;
+
+done:
+
+    memset(masterKeyData, 0, sizeof masterKeyData);
+    if( context != NULL ) {
+        PK11_DestroyContext( context, PR_TRUE );
+        context = NULL;
+    }
+    if( slot != NULL ) {
+        PK11_FreeSlot( slot );
+        slot = NULL;
+    }
+    if( master != NULL ) {
+        PK11_FreeSymKey( master );
+        master = NULL;
+    }
+
+    return rv;
+}
+
+// this one takes PK11SymKey instead
+TPS_PUBLIC PRStatus Util::DecryptData(PK11SymKey* enc_key, Buffer &input, Buffer &output)
+{
+    PRStatus rv = PR_FAILURE;
+
+    PK11Context *context = NULL;
+    int i;
+    SECStatus s = SECFailure;
+    int len;
+    //    static SECItem noParams = { siBuffer, 0, 0 };
+    static unsigned char d[8] = { 0,0,0,0,0,0,0,0 };
+    static SECItem ivParams = { siBuffer, d, 8 };
+    unsigned char result[8];
+
+    if( ! enc_key ) {
+        goto done;
+    }
+
+    context = PK11_CreateContextBySymKey(CKM_DES3_CBC, CKA_DECRYPT, enc_key,
+                    &ivParams);
+    if (!context) {
+        goto done;
+    }
+
+    for(i = 0;i < (int)input.size();i += 8) {
+        s = PK11_CipherOp(context, result, &len, 8,
+                (unsigned char *)(((BYTE *)input)+i), 8);
+
+        if (s != SECSuccess) {
+            goto done;
+        }
+	output.replace(i, result, 8);
+    }
+
+    rv = PR_SUCCESS;
+
+done:
+
+    if( context != NULL ) {
+        PK11_DestroyContext( context, PR_TRUE );
+        context = NULL;
+    }
+
+    return rv;
+}
+
diff --git a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp
new file mode 100644
index 000000000..0e67e4fc2
--- /dev/null
+++ b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp
@@ -0,0 +1,4439 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#ifdef XP_WIN32
+#define TOKENDB_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TOKENDB_PUBLIC
+#endif /* !XP_WIN32 */
+
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Headers
+**  _________________________________________________________________
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifndef XP_WIN32
+#include <unistd.h>  /* sleep */
+#else /* XP_WIN32 */
+#include <windows.h>
+#endif /* XP_WIN32 */
+
+#include "nspr.h"
+#include "prio.h"
+#include "plstr.h"
+#include "prmem.h"
+#include "prtime.h"
+
+#include "httpd/httpd.h"
+#include "httpd/http_config.h"
+#include "httpd/http_log.h"
+#include "httpd/http_protocol.h"
+#include "httpd/http_main.h"
+
+#include "apr_strings.h"
+
+#include "cms/CertEnroll.h"
+#include "engine/RA.h"
+#include "tus/tus_db.h"
+
+extern TOKENDB_PUBLIC char *nss_var_lookup( apr_pool_t *p, server_rec *s,
+                                            conn_rec *c, request_rec *r,
+                                            char *var );
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Definitions
+**  _________________________________________________________________
+*/
+
+#define JS_START "<SCRIPT LANGUAGE=\"JavaScript\">\n<!--\n"
+#define JS_STOP  "//-->\n</SCRIPT>\n"
+#define CMS_TEMPLATE_TAG "<CMS_TEMPLATE>"
+
+#define MAX_INJECTION_SIZE 5120
+#define MAX_OVERLOAD       20
+
+#define BASE64_HEADER "-----BEGIN CERTIFICATE-----\n"
+#define BASE64_FOOTER "-----END CERTIFICATE-----\n"
+
+#define TOKENDB_AGENTS_IDENTIFIER         "TUS Agents"
+#define TOKENDB_ADMINISTRATORS_IDENTIFIER "TUS Administrators"
+
+/**
+ * Provide reasonable defaults for some defines.
+ */
+enum MOD_TOKENDB_BOOL {
+    MOD_TOKENDB_FALSE = 0,
+    MOD_TOKENDB_TRUE = 1
+}; 
+
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Request Data
+**  _________________________________________________________________
+*/
+
+static PRFileDesc *debug_fd                  = NULL;
+static char *templateDir                     = NULL;
+static char *errorTemplate                   = NULL;
+static char *indexTemplate                   = NULL;
+static char *indexAdminTemplate              = NULL;
+static char *newTemplate                     = NULL;
+static char *searchTemplate                  = NULL;
+static char *searchResultTemplate            = NULL;
+static char *searchAdminTemplate             = NULL;
+static char *searchAdminResultTemplate       = NULL;
+static char *searchActivityTemplate          = NULL;
+static char *searchCertificateTemplate       = NULL;
+static char *searchCertificateResultTemplate = NULL;
+static char *searchActivityResultTemplate    = NULL;
+static char *editAdminTemplate               = NULL;
+static char *editAdminResultTemplate         = NULL;
+static char *editTemplate                    = NULL;
+static char *editResultTemplate              = NULL;
+static char *showTemplate                    = NULL;
+static char *showCertTemplate                = NULL;
+static char *showAdminTemplate               = NULL;
+static char *deleteTemplate                  = NULL;
+static char *doTokenTemplate                 = NULL;
+static char *doTokenConfirmTemplate          = NULL;
+static char *revokeTemplate                  = NULL;
+static char *addResultTemplate               = NULL;
+static char *deleteResultTemplate            = NULL;
+
+static int sendInPieces = 0;
+
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Command Data
+**  _________________________________________________________________
+*/
+
+static const char MOD_TOKENDB_CONFIGURATION_FILE_PARAMETER[] =
+"TokendbConfigPathFile";
+
+static const char MOD_TOKENDB_CONFIGURATION_FILE_USAGE[] =
+"Tokendb Configuration Filename prefixed by a complete path, or\n"
+"a path that is relative to the Apache server root.";
+
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Server Configuration Creation Data
+**  _________________________________________________________________
+*/
+
+typedef struct {
+    char *Tokendb_Configuration_File;
+    MOD_TOKENDB_BOOL enabled;
+} mod_tokendb_server_configuration;
+
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Registration Data
+**  _________________________________________________________________
+*/
+
+#define MOD_TOKENDB_CONFIG_KEY tokendb_module
+
+static const char MOD_TOKENDB_CONFIG_KEY_NAME[] = "tokendb_module";
+
+extern module TOKENDB_PUBLIC MOD_TOKENDB_CONFIG_KEY;
+
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Helper Functions
+**  _________________________________________________________________
+*/
+
+/**
+ * Terminate Apache
+ */
+void tokendb_die( void )
+{
+    /*
+     * This is used for fatal errors and here
+     * it is common module practice to really
+     * exit from the complete program.
+     */
+    exit( 1 );
+}
+
+
+void tokendbDebug( const char* msg )
+{
+    RA::Debug( "mod_tokendb::mod_tokendb_handler",
+               msg);
+#if 0
+    if( debug_fd ) {
+        PR_fprintf( debug_fd, msg );
+    }
+#endif
+}
+
+
+char *getTemplateFile( char *fileName, int *injectionTagOffset )
+{
+    char *buf = NULL;
+    char *s   = NULL;
+    PRFileDesc *fd = NULL;
+    char fullFileName[4096];
+    PRFileInfo info;
+    PRUint32   fileSize;
+    PRUint32   size;
+    PRInt32    k, n;
+
+    *injectionTagOffset = -1;
+
+    PR_snprintf( fullFileName, 4096, "%s/%s", templateDir, fileName );
+
+    if( PR_GetFileInfo( fullFileName, &info ) != PR_SUCCESS ) {
+        return buf;
+    }
+
+    fileSize = info.size;
+    size = fileSize + 1;
+
+    buf = ( char * ) PR_Malloc( size );
+    if( buf == NULL ) {
+        return buf;
+    }
+
+    fd = PR_Open( fullFileName, PR_RDONLY, 00400 );
+    if( fd == NULL ) {
+        if( buf != NULL ) {
+            PR_Free( buf );
+            buf = NULL;
+        }
+        return NULL;
+    }
+
+    k = 0;
+    while( ( n = PR_Read( fd, &buf[k], fileSize-k ) ) > 0 ) {
+        k += n;
+        if( ( PRUint32 ) k >= fileSize ) {
+            break;
+        }
+    }
+
+    if( fd != NULL ) {
+        PR_Close( fd );
+        fd = NULL;
+    }
+
+    if( n < 0 || ( ( PRUint32 ) k > fileSize ) ) {
+        if( buf != NULL ) {
+            PR_Free( buf );
+            buf = NULL;
+        }
+        return NULL;
+    }
+
+    buf[k] = '\0';
+
+    if( ( s = PL_strstr( buf, CMS_TEMPLATE_TAG ) ) != NULL ) {
+        *injectionTagOffset = PL_strlen( buf ) - PL_strlen( s );
+    }
+
+    return buf;
+}
+
+
+char *getData( char *fileName, char *injection )
+{
+    char *buf = NULL;
+    char *s   = NULL;
+    PRFileDesc *fd = NULL;
+    char fullFileName[4096];
+    PRFileInfo info;
+    PRUint32   fileSize;
+    PRUint32   size, len;
+    PRUint32   injectionSize;
+    PRInt32    k, n;
+
+    PR_snprintf( fullFileName, 4096, "%s/%s", templateDir, fileName );
+
+    if( PR_GetFileInfo( fullFileName, &info ) != PR_SUCCESS ) {
+        return buf;
+    }
+
+    fileSize = info.size;
+    size = fileSize;
+    injectionSize = 0;
+
+    if( injection != NULL && PL_strlen( injection ) > 0 ) {
+        injectionSize = PL_strlen( injection );
+        size += injectionSize;
+    }
+
+    size++;
+
+    buf = ( char * ) PR_Malloc( size );
+    if( buf == NULL ) {
+        return buf;
+    }
+
+    fd = PR_Open( fullFileName, PR_RDONLY, 00400 );
+    if( fd == NULL ) {
+        if( buf != NULL ) {
+            PR_Free( buf );
+            buf = NULL;
+        }
+        return NULL;
+    }
+
+    k = 0;
+    while( ( n = PR_Read( fd, &buf[k], fileSize-k ) ) > 0 ) {
+        k += n;
+        if( ( PRUint32 ) k >= fileSize ) {
+            break;
+        }
+    }
+
+    if( fd != NULL ) {
+        PR_Close( fd );
+        fd = NULL;
+    }
+
+    if( n < 0 || ( ( PRUint32 ) k > fileSize ) ) {
+        if( buf != NULL ) {
+            PR_Free( buf );
+            buf = NULL;
+        }
+        return NULL;
+    }
+
+    buf[k] = '\0';
+    if( injectionSize > 0 ) {
+        if( ( s = PL_strstr( buf, CMS_TEMPLATE_TAG ) ) != NULL ) {
+            len = PL_strlen( s ) - PL_strlen( CMS_TEMPLATE_TAG );
+            memmove( s + injectionSize, 
+                     s + PL_strlen( CMS_TEMPLATE_TAG ),
+                     len + 1 );
+            memcpy( s, injection, injectionSize );
+        }
+    }
+
+    return buf;
+}
+
+
+void getCertificateFilter( char *filter, char *query )
+{
+    char *uid  = NULL;
+    char *tid  = NULL;
+    char *end  = NULL;
+    char *cn  = NULL;
+    char *view = NULL;
+    int  len   = 0;
+    int  i     = 0;
+
+    tid  = PL_strstr( query, "tid=" );
+    uid  = PL_strstr( query, "uid=" );
+    cn  = PL_strstr( query, "cn=" );
+    view = PL_strstr( query, "op=view" );
+
+    if( view == NULL ) {
+      view = PL_strstr( query, "op=show" );
+    }
+
+    filter[0] = '\0';
+
+    if( tid == NULL && uid == NULL && cn == NULL ) {
+      PL_strcat( filter, "(tokenID=*)" );
+      return;
+    }
+
+    if( tid != NULL && uid != NULL &&  view != NULL ) {
+        PL_strcat( filter, "(&" );
+    }
+
+    if( tid != NULL ) {
+        PL_strcat( filter, "(tokenID=" );
+        end = PL_strchr( tid, '&' );
+        len = PL_strlen( filter );
+        if( end != NULL ) {
+            i = end - tid - 4;
+
+            if( i > 0 ) {
+                memcpy( filter+len, tid+4, i );
+            }
+            filter[len+i] = '\0';
+        } else {
+            PL_strcat( filter, tid+4 );
+        }
+        if( view != NULL ) {
+            PL_strcat( filter, "*)" );
+        } else {
+            PL_strcat( filter, ")" );
+        }
+    }
+
+    if( uid != NULL && view != NULL ) {
+        PL_strcat( filter, "(tokenUserID=" );
+        end = PL_strchr( uid, '&' );
+        len = PL_strlen( filter );
+        if( end != NULL ) {
+            i = end - uid - 4;
+            if( i > 0 ) {
+                memcpy( filter+len, uid+4, i );
+            }
+
+            filter[len+i] = '\0';
+        } else {
+            PL_strcat( filter, uid+4 );
+        }
+
+        PL_strcat( filter, "*)" );
+        /* PL_strcat( filter, ")" ); */
+    }
+
+    if( cn != NULL ) {
+        PL_strcat( filter, "(cn=" );
+        end = PL_strchr( cn, '&' );
+        len = PL_strlen( filter );
+        if( end != NULL ) {
+            i = end - cn - 3;
+            if( i > 0 ) {
+                memcpy( filter+len, cn+3, i );
+            }
+
+            filter[len+i] = '\0';
+        } else {
+            PL_strcat( filter, cn+3 );
+        }
+
+        PL_strcat( filter, "*)" );
+        /* PL_strcat( filter, ")" ); */
+    }
+
+    if(tid != NULL && uid != NULL && view != NULL) {
+        PL_strcat( filter, ")" );
+    }
+}
+
+
+void getActivityFilter( char *filter, char *query )
+{
+    char *uid  = NULL;
+    char *tid  = NULL;
+    char *end  = NULL;
+    char *view = NULL;
+    int  len   = 0;
+    int  i     = 0;
+
+    tid  = PL_strstr( query, "tid=" );
+    uid  = PL_strstr( query, "uid=" );
+    view = PL_strstr( query, "op=view" );
+    filter[0] = '\0';
+
+    if( tid == NULL && uid == NULL ) {
+      PL_strcat( filter, "(tokenID=*)" );
+    }
+
+    if( tid != NULL && uid != NULL && view != NULL ) {
+        PL_strcat( filter, "(&" );
+    }
+
+    if( tid != NULL ) {
+        PL_strcat( filter, "(tokenID=" );
+        end = PL_strchr( tid, '&' );
+        len = PL_strlen( filter );
+
+        if( end != NULL ) {
+            i = end - tid - 4;
+            if( i > 0 ) {
+                memcpy( filter+len, tid+4, i );
+            }
+            filter[len+i] = '\0';
+        } else {
+            PL_strcat( filter, tid+4 );
+        }
+
+        if( view != NULL ) {
+            PL_strcat( filter, "*)" );
+        } else {
+            PL_strcat( filter, ")" );
+        }
+    }
+
+    if( uid != NULL && view != NULL ) {
+        PL_strcat( filter, "(tokenUserID=" );
+        end = PL_strchr( uid, '&' );
+        len = PL_strlen( filter );
+        if( end != NULL ) {
+            i = end - uid - 4;
+            if( i > 0 ) {
+                memcpy( filter+len, uid+4, i );
+            }
+
+            filter[len+i] = '\0';
+        } else {
+            PL_strcat( filter, uid+4 );
+        }
+
+        PL_strcat( filter, "*)" );
+        /* PL_strcat( filter, ")" ); */
+    }
+
+    if( tid != NULL && uid != NULL && view != NULL) {
+        PL_strcat( filter, ")" );
+    }
+}
+
+
+void getFilter( char *filter, char *query )
+{
+    char *uid  = NULL;
+    char *tid  = NULL;
+    char *end  = NULL;
+    char *view = NULL;
+    int  len   = 0;
+    int  i     = 0;
+
+    tid  = PL_strstr( query, "tid=" );
+    uid  = PL_strstr( query, "uid=" );
+    view = PL_strstr( query, "op=view" );
+    filter[0] = '\0';
+
+    if( tid == NULL && uid == NULL ) {
+      PL_strcat( filter, "(cn=*)" );
+    }
+
+    if( tid != NULL && uid != NULL && view != NULL ) {
+        PL_strcat( filter, "(&" );
+    }
+
+    if( tid != NULL ) {
+        PL_strcat( filter, "(cn=" );
+        end = PL_strchr( tid, '&' );
+        len = PL_strlen( filter );
+
+        if( end != NULL ) {
+            i = end - tid - 4;
+            if( i > 0 ) {
+                memcpy( filter+len, tid+4, i );
+            }
+
+            filter[len+i] = '\0';
+        } else {
+            PL_strcat( filter, tid+4 );
+        }
+
+        if (view != NULL) {
+            PL_strcat( filter, "*)" );
+        } else {
+            PL_strcat( filter, ")" );
+        }
+    }
+
+    if( uid != NULL && view != NULL ) {
+        PL_strcat( filter, "(tokenUserID=" );
+        end = PL_strchr( uid, '&' );
+        len = PL_strlen( filter );
+        if( end != NULL ) {
+            i = end - uid - 4;
+            if( i > 0 ) {
+                memcpy( filter+len, uid+4, i );
+            }
+
+            filter[len+i] = '\0';
+        } else {
+            PL_strcat( filter, uid+4 );
+        }
+
+        PL_strcat( filter, "*)" );
+        /* PL_strcat( filter, ")" ); */
+    }
+
+    if( tid != NULL && uid != NULL && view != NULL ) {
+        PL_strcat( filter, ")" );
+    }
+}
+
+
+void getCN( char *cn, char *query )
+{
+    char *tid = NULL;
+    char *end = NULL;
+    int  i    = 0;
+
+    cn[0] = '\0';
+    tid  = PL_strstr( query, "tid=" );
+    if( tid != NULL ) {
+        end = PL_strchr( tid, '&' );
+
+        if( end != NULL ) {
+            i = end - tid - 4;
+
+            if( i > 0 ) {
+                memcpy( cn, tid+4, i );
+            }
+
+            cn[i] = '\0';
+        } else {
+            PL_strcat( cn, tid+4 );
+        }
+    }
+}
+
+
+void getTemplateName( char *cn, char *query )
+{
+    char *tid = NULL;
+    char *end = NULL;
+    int  i    = 0;
+
+    cn[0] = '\0';
+    tid  = PL_strstr( query, "template=" );
+
+    if( tid != NULL ) {
+        end = PL_strchr( tid, '&' );
+
+        if( end != NULL ) {
+            i = end - tid - 4;
+
+            if( i > 0 ) {
+                memcpy( cn, tid+4, i );
+            }
+
+            cn[i] = '\0';
+        } else {
+            PL_strcat( cn, tid+4 );
+        }
+    }
+}
+
+
+char *parse_modification_number( char *s )
+{
+    char *end = NULL;
+    int  n;
+
+    if( ( s = PL_strstr( s, "m=" ) ) == NULL ) {
+        return NULL;
+    }
+
+    s += 2;
+    end = PL_strchr( s, '&' );
+
+    if( end != NULL ) {
+        n = end - s;
+    } else {
+        n = PL_strlen( s );
+    }
+    
+    return PL_strndup( s, n );
+}
+
+
+char **parse_modification_number_change( char *s )
+{
+    char *end = NULL;
+    char **v  = NULL;
+    char tmp[32];
+    int  n, m;
+
+    end = PL_strchr( s, '&' );
+
+    if( end != NULL ) {
+        n = end - s;
+        if( n > 0 ) {
+            memcpy( tmp, s, n );
+        }
+        tmp[n] = '\0';
+    } else {
+        n = PL_strlen( s );
+        PL_strcpy( tmp, s );
+    }
+
+    m = atoi( tmp );
+    m++;
+    PR_snprintf( tmp, 32, "%d", m );
+    n = PL_strlen( tmp );
+
+    if( ( v = allocate_values( 1, n+1 ) ) == NULL ) {
+        return NULL;
+    }
+
+    PL_strcpy( v[0], tmp );
+
+    return v;
+}
+
+
+char **parse_status_change( char *s )
+{
+    char *end = NULL;
+    char **v  = NULL;
+    int  n;
+
+    end = PL_strchr( s, '&' );
+    if( end != NULL ) {
+        n = end - s;
+    } else {
+        n = PL_strlen( s );
+    }
+
+    if( ( v = allocate_values( 1, n+1 ) ) == NULL ) {
+        return NULL;
+    }
+    PL_strncpy( v[0], s, n );
+
+    return v;
+}
+
+
+char **parse_uid_change( char *s )
+{
+    char *end = NULL;
+    char *p   = NULL;
+    char *q   = NULL;
+    char **v  = NULL;
+    int   i, k, n, m;
+
+    end = PL_strchr( s, '&' );
+    if( end != NULL ) {
+        n = end - s;
+    } else {
+        n = PL_strlen( s );
+    }
+
+    k = n;
+    p = s;
+    m = 1;
+
+    while( k > 0 ) {
+        if( ( p = PL_strnchr( p, ',', k ) ) == NULL ) {
+            break;
+        }
+
+        p++;
+        k = n - ( p - s );
+        m++;
+    }
+        
+    if( ( v = allocate_values( m, n+1 ) ) == NULL ) {
+        return NULL;
+    }
+
+    if( m > 1 ) {
+        k = n;
+        p = s;
+        i = 0;
+
+        while( k > 0 ) {
+            if( ( q = PL_strnchr( p, ',', k ) ) != NULL ) {
+                PL_strncpy( v[i], p, q-p );
+                q++;
+                p = q;
+                k = n - ( p - s );
+                i++;
+                v[i] = v[i-1] + PL_strlen( v[i-1] ) + 1;
+            } else {
+                PL_strncpy( v[i], p, k );
+                break;
+            }
+        }
+    } else {
+        PL_strncpy( v[0], s, n );
+    }
+    
+    return v;
+}
+
+
+char **parse_reason_change( char *s )
+{
+    char *end = NULL;
+    char **v  = NULL;
+    int  n;
+
+    end = PL_strchr( s, '&' );
+    if( end != NULL ) {
+        n = end - s;
+    } else {
+        n = PL_strlen( s );
+    }
+
+    if( ( v = allocate_values( 1, n+1 ) ) == NULL ) {
+        return NULL;
+    }
+    PL_strncpy( v[0], s, n );
+
+    return v;
+}
+
+
+char **parse_policy_change( char *s )
+{
+    char *end = NULL;
+    char **v  = NULL;
+    int  n;
+
+    end = PL_strchr( s, '&' );
+
+    if( end != NULL ) {
+        n = end - s;
+    } else {
+        n = PL_strlen( s );
+    }
+
+    if( ( v = allocate_values( 1, n+1 ) ) == NULL ) {
+        return NULL;
+    }
+
+    PL_strncpy( v[0], s, n );
+
+    return v;
+}
+
+
+LDAPMod **getModifications( char *query )
+{
+    LDAPMod **mods = NULL;
+    char **v = NULL;
+    int  n   = 0;
+    int  k   = 0;
+    char *s;
+
+    s  = query;
+
+    while( ( s = PL_strchr( s, '&' ) ) != NULL ) {
+        s++;
+        n++;
+    }
+
+    if( n > 0 && PL_strstr( query, "&tid=" ) != NULL ) {
+        n--;
+    }
+
+    if( n > 0 ) {
+        n++;
+    } else {
+        return NULL;
+    }
+
+
+    mods = allocate_modifications( n );
+
+    if( mods == NULL ) {
+        return NULL;
+    }
+
+    mods = allocate_modifications( n );
+
+    if( ( v = create_modification_date_change() ) == NULL ) {
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+        return NULL;
+    }
+
+    mods[0]->mod_op = LDAP_MOD_REPLACE;
+    mods[0]->mod_type = get_modification_date_name();
+    mods[0]->mod_values = v;
+    k = 1;
+
+    if( k < n && ( ( s = PL_strstr( query, "m=" ) ) != NULL ) ) {
+        s += 2;
+        if( ( v = parse_modification_number_change( s ) ) == NULL ) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return NULL;
+        }
+
+        mods[k]->mod_op = LDAP_MOD_REPLACE;
+        mods[k]->mod_type = get_number_of_modifications_name();
+        mods[k]->mod_values = v;
+        k++;
+    }
+
+    if( k < n && ( ( s = PL_strstr( query, "s=" ) ) != NULL ) ) {
+        s += 2;
+
+        if( ( v = parse_status_change( s ) ) == NULL ) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return NULL;
+        }
+
+        mods[k]->mod_op = LDAP_MOD_REPLACE;
+        mods[k]->mod_type = get_token_status_name();
+        mods[k]->mod_values = v;
+        k++;
+    }
+
+    if( k < n && ( ( s = PL_strstr( query, "uid=" ) ) != NULL ) ) {
+        s += 4;
+        if( ( v = parse_uid_change( s ) ) == NULL ) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return NULL;
+        }
+
+        mods[k]->mod_op = LDAP_MOD_REPLACE;
+        mods[k]->mod_type = get_token_users_name();
+        mods[k]->mod_values = v;
+        k++;
+    }
+
+    if( k < n && ( ( s = PL_strstr( query, "tokenPolicy=" ) ) != NULL ) ) {
+        s += 12;
+
+        if( ( v = parse_policy_change( s ) ) == NULL ) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return NULL;
+        }
+
+        mods[k]->mod_op = LDAP_MOD_REPLACE;
+        mods[k]->mod_type = get_policy_name();
+        mods[k]->mod_values = v;
+        k++;
+    }
+
+    if( k < n && ( ( s = PL_strstr( query, "tokenReason=" ) ) != NULL ) ) {
+        s += 12;
+
+        if( ( v = parse_reason_change( s ) ) == NULL ) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return NULL;
+        }
+
+        mods[k]->mod_op = LDAP_MOD_REPLACE;
+        mods[k]->mod_type = get_reason_name();
+        mods[k]->mod_values = v;
+        k++;
+    }
+
+    return mods;
+}
+
+
+int get_tus_config( char *name )
+{
+    PRFileDesc *fd = NULL;
+    char *buf = NULL;
+    char *s   = NULL;
+    char *v   = NULL;
+    PRFileInfo info;
+    PRUint32   size;
+    int  k, n;
+
+    if( PR_GetFileInfo( name, &info ) != PR_SUCCESS ) {
+        return 0;
+    }
+
+    size = info.size;
+    size++;
+    buf = (char *)PR_Malloc( size );
+
+    if( buf == NULL ) {
+        return 0;
+    }
+
+    fd = PR_Open( name, PR_RDONLY, 00400 );
+    if( fd == NULL ) {
+        if( buf != NULL ) {
+            PR_Free( buf );
+            buf = NULL;
+        }
+        return 0;
+    }
+
+    k = 0;
+    while( ( n = PR_Read( fd, &buf[k], size-k-1 ) ) > 0 ) {
+        k += n;
+        if( ( PRUint32 ) ( k+1 ) >= size ) {
+            break;
+        }
+    }
+
+    if( fd != NULL ) {
+        PR_Close( fd );
+        fd = NULL;
+    }
+
+    if( n < 0 || ( ( PRUint32 ) ( k+1 ) > size ) ) {
+        if( buf != NULL ) {
+            PR_Free( buf );
+            buf = NULL;
+        }
+        return 0;
+    }
+
+    buf[k] = '\0';
+
+    if( ( s = PL_strstr( buf, "tokendb.templateDir=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.templateDir=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( templateDir != NULL ) {
+                PL_strfree( templateDir );
+                templateDir = NULL;
+            }
+            templateDir = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.errorTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.errorTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( errorTemplate != NULL ) {
+                PL_strfree( errorTemplate );
+                errorTemplate = NULL;
+            }
+            errorTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.indexTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.indexTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( indexTemplate != NULL ) {
+                PL_strfree( indexTemplate );
+                indexTemplate = NULL;
+            }
+            indexTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.indexAdminTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.indexAdminTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( indexAdminTemplate != NULL ) {
+                PL_strfree( indexAdminTemplate );
+                indexAdminTemplate = NULL;
+            }
+            indexAdminTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.newTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.newTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 )( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( newTemplate != NULL ) {
+                PL_strfree( newTemplate );
+                newTemplate = NULL;
+            }
+            newTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.searchTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.searchTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( searchTemplate != NULL ) {
+                PL_strfree( searchTemplate );
+                searchTemplate = NULL;
+            }
+            searchTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.searchCertificateTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.searchCertificateTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( searchCertificateTemplate != NULL ) {
+                PL_strfree( searchCertificateTemplate );
+                searchCertificateTemplate = NULL;
+            }
+            searchCertificateTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.searchAdminTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.searchAdminTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( searchAdminTemplate != NULL ) {
+                PL_strfree( searchAdminTemplate );
+                searchAdminTemplate = NULL;
+            }
+            searchAdminTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.searchActivityTemplate=" ) ) != NULL) {
+        s += PL_strlen( "tokendb.searchActivityTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( searchActivityTemplate != NULL ) {
+                PL_strfree( searchActivityTemplate );
+                searchActivityTemplate = NULL;
+            }
+            searchActivityTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.searchCertificateResultTemplate=" ) ) !=
+        NULL ) {
+        s += PL_strlen( "tokendb.searchCertificateResultTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( searchCertificateResultTemplate != NULL ) {
+                PL_strfree( searchCertificateResultTemplate );
+                searchCertificateResultTemplate = NULL;
+            }
+            searchCertificateResultTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.searchActivityResultTemplate=" ) ) !=
+        NULL ) {
+        s += PL_strlen( "tokendb.searchActivityResultTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( searchActivityResultTemplate != NULL ) {
+                PL_strfree( searchActivityResultTemplate );
+                searchActivityResultTemplate = NULL;
+            }
+            searchActivityResultTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.searchAdminResultTemplate=" ) ) !=
+        NULL ) {
+        s += PL_strlen( "tokendb.searchAdminResultTemplate=" );
+        v = s;
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( searchAdminResultTemplate != NULL ) {
+                PL_strfree( searchAdminResultTemplate );
+                searchAdminResultTemplate = NULL;
+            }
+            searchAdminResultTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.searchResultTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.searchResultTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( searchResultTemplate != NULL ) {
+                PL_strfree( searchResultTemplate );
+                searchResultTemplate = NULL;
+            }
+            searchResultTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.deleteTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.deleteTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( deleteTemplate != NULL ) {
+                PL_strfree( deleteTemplate );
+                deleteTemplate = NULL;
+            }
+            deleteTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.doTokenConfirmTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.doTokenConfirmTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' &&
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( doTokenConfirmTemplate != NULL ) {
+                PL_strfree( doTokenConfirmTemplate );
+                revokeTemplate = NULL;
+            }
+            doTokenConfirmTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.doTokenTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.doTokenTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( doTokenTemplate != NULL ) {
+                PL_strfree( doTokenTemplate );
+                revokeTemplate = NULL;
+            }
+            doTokenTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.revokeTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.revokeTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( revokeTemplate != NULL ) {
+                PL_strfree( revokeTemplate );
+                revokeTemplate = NULL;
+            }
+            revokeTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.showAdminTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.showAdminTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( showAdminTemplate != NULL ) {
+                PL_strfree( showAdminTemplate );
+                showAdminTemplate = NULL;
+            }
+            showAdminTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.showCertTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.showCertTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if (s != NULL) {
+            if( showCertTemplate != NULL ) {
+                PL_strfree( showCertTemplate );
+                showCertTemplate = NULL;
+            }
+            showCertTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.showTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.showTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( showTemplate != NULL ) {
+                PL_strfree( showTemplate );
+                showTemplate = NULL;
+            }
+            showTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.editAdminTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.editAdminTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( editAdminTemplate != NULL ) {
+                PL_strfree( editAdminTemplate );
+                editAdminTemplate = NULL;
+            }
+            editAdminTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.editTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.editTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( editTemplate != NULL ) {
+                PL_strfree( editTemplate );
+                editTemplate = NULL;
+            }
+            editTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.editAdminResultTemplate=" ) ) !=
+        NULL ) {
+        s += PL_strlen( "tokendb.editAdminResultTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( editAdminResultTemplate != NULL ) {
+                PL_strfree( editAdminResultTemplate );
+                editAdminResultTemplate = NULL;
+            }
+            editAdminResultTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.editResultTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.editResultTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( editResultTemplate != NULL ) {
+                PL_strfree( editResultTemplate );
+                editResultTemplate = NULL;
+            }
+            editResultTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.addResultTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.addResultTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( addResultTemplate != NULL ) {
+                PL_strfree( addResultTemplate );
+                addResultTemplate = NULL;
+            }
+            addResultTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.deleteResultTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.deleteResultTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( deleteResultTemplate != NULL ) {
+                PL_strfree( deleteResultTemplate );
+                deleteResultTemplate = NULL;
+            }
+            deleteResultTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.tokendb.sendInPieces=" ) ) != NULL ) {
+        s += 13;
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            sendInPieces = atoi( s );
+            PL_strfree( s );
+            s = NULL;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( buf != NULL ) {
+        PR_Free( buf );
+        buf = NULL;
+    }
+
+    tus_db_end();
+
+    return 1;
+}
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Request Phase
+**  _________________________________________________________________
+*/
+
+/**
+ * Terminate the Tokendb module
+ */
+static apr_status_t
+mod_tokendb_terminate( void *data )
+{
+    /* This routine is ONLY called when this server's */
+    /* pool has been cleared or destroyed.            */
+
+    /* Log Tokendb module debug information. */
+    RA::Debug( "mod_tokendb::mod_tokendb_terminate",
+               "The Tokendb module has been terminated!" );
+
+    tus_db_end();
+
+    /* Since all members of mod_tokendb_server_configuration are allocated */
+    /* from a pool, there is no need to unset any of these members.        */
+
+    /* Shutdown all APR library routines.                     */
+    /* NOTE:  This automatically destroys all memory pools.   */
+    /*        Allow the TPS/NSS Modules to perform this task. */
+    /* apr_terminate(); */
+
+    /* Terminate the entire Apache server                     */
+    /* NOTE:  Allow the TPS/NSS Modules to perform this task. */
+
+    return OK;
+}
+
+
+/**
+ * Initialize the Tokendb module
+ */
+static int
+mod_tokendb_initialize( apr_pool_t *p,
+                        apr_pool_t *plog,
+                        apr_pool_t *ptemp,
+                        server_rec *sv )
+{
+    mod_tokendb_server_configuration *sc = NULL;
+    char *cfg_path_file = NULL;
+    char *error = NULL;
+    int status;
+
+    /* Retrieve the Tokendb module. */
+    sc = ( ( mod_tokendb_server_configuration * )
+           ap_get_module_config( sv->module_config,
+                                 &MOD_TOKENDB_CONFIG_KEY ) );
+
+    /* Check to see if the Tokendb module has been loaded. */
+    if( sc->enabled == MOD_TOKENDB_TRUE ) {
+        return OK;
+    }
+
+    /* Load the Tokendb module. */
+
+#ifdef DEBUG_Tokendb
+    debug_fd = PR_Open( "/tmp/tus-debug.log",
+                        PR_RDWR | PR_CREATE_FILE | PR_APPEND,
+                        00400 | 00200 );
+#endif
+
+    /* Retrieve the path to where the configuration files are located, and */
+    /* insure that the Tokendb module configuration file is located here.  */
+    if( sc->Tokendb_Configuration_File != NULL ) {
+        /* provide Tokendb Config File from     */
+        /* <apache_server_root>/conf/httpd.conf */
+        if( sc->Tokendb_Configuration_File[0] == '/' ) {
+            /* Complete path to Tokendb Config File is denoted */
+            cfg_path_file = apr_psprintf( p,
+                                          "%s",
+                                          ( char * )
+                                          sc->Tokendb_Configuration_File );
+        } else {
+            /* Tokendb Config File is located relative */
+            /* to the Apache server root               */
+            cfg_path_file = apr_psprintf( p,
+                                          "%s/%s",
+                                          ( char * ) ap_server_root,
+                                          ( char * )
+                                          sc->Tokendb_Configuration_File );
+        }
+   } else {
+        /* Log information regarding this failure. */
+        ap_log_error( "mod_tokendb_initialize",
+                      __LINE__, APLOG_ERR, 0, sv,
+                      "The tokendb module was installed incorrectly since the "
+                      "parameter named '%s' is missing from the Apache "
+                      "Configuration file!",
+                      ( char * ) MOD_TOKENDB_CONFIGURATION_FILE_PARAMETER );
+
+        /* Display information on the screen regarding this failure. */
+        printf( "\nUnable to start Apache:\n"
+                "    The tokendb module is missing the required parameter named"
+                "    \n'%s' in the Apache Configuration file!\n",
+                ( char * ) MOD_TOKENDB_CONFIGURATION_FILE_PARAMETER );
+
+        goto loser;
+   }
+
+    /* Initialize the Token DB. */
+    if( get_tus_config( cfg_path_file ) &&
+        get_tus_db_config( cfg_path_file ) ) {
+        RA::Debug( "mod_tokendb::mod_tokendb_initialize",
+                           "Initializing TUS database");
+        if( ( status = tus_db_init( &error ) ) != LDAP_SUCCESS ) {
+            if( error != NULL ) {
+                RA::Debug( "mod_tokendb::mod_tokendb_initialize",
+                           "Token DB initialization failed: '%s'",
+                           error );
+                PR_smprintf_free( error );
+                error = NULL;
+            } else {
+                RA::Debug( "mod_tokendb::mod_tokendb_initialize",
+                           "Token DB initialization failed" );
+            }
+
+#if 0
+            goto loser;
+#endif
+        } else {
+                RA::Debug( "mod_tokendb::mod_tokendb_initialize",
+                           "Token DB initialization succeeded" );
+        }
+    } else {
+        RA::Debug( "mod_tokendb::mod_tokendb_initialize",
+                   "Error reading tokendb config file: '%s'",
+                   cfg_path_file );
+    }
+
+    /* Initialize the "server" member of mod_tokendb_server_configuration. */
+    sc->enabled = MOD_TOKENDB_TRUE;
+
+    /* Register a server termination routine. */
+    apr_pool_cleanup_register( p,
+                               sv,
+                               mod_tokendb_terminate,
+                               apr_pool_cleanup_null );
+
+    /* Log Tokendb module debug information. */
+    RA::Debug( "mod_tokendb::mod_tokendb_initialize",
+               "The Tokendb module has been successfully loaded!" );
+
+    return OK;
+
+loser:
+    /* Log Tokendb module debug information. */
+    RA::Debug( "mod_tokendb::mod_tokendb_initialize",
+               "Failed loading the Tokendb module!" );
+
+    /* Since all members of mod_tokendb_server_configuration are allocated */
+    /* from a pool, there is no need to unset any of these members.        */
+
+    /* Shutdown all APR library routines.                   */
+    /* NOTE:  This automatically destroys all memory pools. */
+    apr_terminate();
+
+    /* Terminate the entire Apache server */
+    tokendb_die();
+
+    return DECLINED;
+}
+
+
+char *stripBase64HeaderAndFooter( char *cert )
+{
+    char *base64_data = NULL;
+    char *data = NULL;
+    char *footer = NULL;
+
+    if( ( cert != NULL ) &&
+        ( strlen( cert ) > strlen( BASE64_HEADER ) ) ) {
+        /* Strip off the base64 header. */
+        data = ( char * ) ( cert + strlen( BASE64_HEADER ) );
+
+        /* Find base64 footer. */
+        footer = ( char * ) strstr( ( const char * ) data,
+                                    ( const char * ) BASE64_FOOTER );
+        if( footer != NULL ) {
+            /* Strip off the base64 footer. */
+            footer[0] = '\0';
+        }
+
+        /* Finally, store data in the base64_data storage area. */
+        base64_data = strdup( data );
+    }
+
+    return base64_data;
+}
+
+
+/**
+ * mod_tokendb_handler handles the protocol between the tokendb and the RA
+ */
+static int
+mod_tokendb_handler( request_rec *rq )
+{
+    int sendPieces = 0;
+    int rc = 0;
+    LDAPMessage *result = NULL;
+    LDAPMessage *e      = NULL;
+    LDAPMod     **mods  = NULL;
+    char *injection     = NULL;
+    char *mNum          = NULL;
+    char *buf           = NULL;
+    char *uri           = NULL;
+    char *query         = NULL;
+    char *cert          = NULL;
+    char *base64_cert   = NULL;
+    char *userid        = NULL;
+    char *error         = NULL;
+    char *tid           = NULL;
+    char *question      = NULL;
+    char **a            = NULL;
+    char **vals         = NULL;
+    int maxReturns;
+    int q;
+    int i, n, len, maxEntries, nEntries, entryNum;
+    int status = LDAP_SUCCESS;
+    int size, tagOffset, statusNum;
+    char fixed_injection[MAX_INJECTION_SIZE];
+    char configname[512];
+    char filter[512];
+    char msg[512];
+    char template1[512];
+    char question_no[100];
+    char cuid[256];
+    char cuidUserId[100];
+    char serial[100];
+    char *statusString;
+    char *s1, *s2;
+    char *end;
+    char **attr_values;
+
+    RA::Debug( "mod_tokendb_handler::mod_tokendb_handler",
+               "mod_tokendb_handler::mod_tokendb_handler" );
+
+    RA::Debug( "mod_tokendb::mod_tokendb_handler",
+               "uri '%s'", rq->uri);
+                                                                                
+    /* XXX: We need to change "tus" to "tokendb" */
+    if (strcmp(rq->handler, "tus") != 0) {
+      RA::Debug( "mod_tokendb::mod_tokendb_handler", "DECLINED uri '%s'", rq->uri);
+         return DECLINED;
+    }
+
+    RA::Debug( "mod_tokendb::mod_tokendb_handler",
+               "uri '%s' DONE", rq->uri);
+
+    tokendbDebug( "tokendb request arrived...serving tokendb\n" );
+
+    injection = fixed_injection;
+
+    ap_set_content_type( rq, "text/html" );
+
+    if( !is_tus_db_initialized() ) {
+      tokendbDebug( "token DB was not initialized \n" );
+
+        if( ( status = tus_db_init( &error ) ) != LDAP_SUCCESS ) {
+            if( error != NULL ) {
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s%s", JS_START,
+                             "var error = \"", error,
+                             "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+
+                PR_smprintf_free( error );
+                error = NULL;
+            } else {
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s%s", JS_START,
+                             "var error = \"", "NULL",
+                             "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+            }
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            return DECLINED;
+        }
+    } else {
+        tokendbDebug( "token DB was initialized\n" );
+    }
+
+    tokendbDebug( "authentication\n" );
+
+    cert = nss_var_lookup( rq->pool,
+                           rq->server,
+                           rq->connection,
+                           rq,
+                           ( char * ) "SSL_CLIENT_CERT" );
+    if( cert == NULL ) {
+          PR_snprintf( injection, MAX_INJECTION_SIZE,
+                       "%s%s%s%s%s", JS_START,
+                       "var error = \"Error: ",
+                       "Authentication Failure",
+                       "\";\n", JS_STOP );
+
+          buf = getData( errorTemplate, injection );
+
+          ap_log_error( ( const char * ) "tus", __LINE__,
+                        APLOG_ERR, 0, rq->server,
+                        ( const char * ) "Failed to authenticate request" );
+
+          ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+          if( buf != NULL ) {
+              PR_Free( buf );
+              buf = NULL;
+          }
+
+          return DECLINED;
+    }
+
+    tokendbDebug( cert );
+    tokendbDebug( "\n" );
+
+    base64_cert = stripBase64HeaderAndFooter( cert );
+
+    tokendbDebug( base64_cert );
+    tokendbDebug( "\n" );
+
+    userid = tus_authenticate( base64_cert );
+    if( userid == NULL ) {
+          PR_snprintf( injection, MAX_INJECTION_SIZE,
+                       "%s%s%s%s%s", JS_START,
+                       "var error = \"Error: ",
+                       "Authentication Failure",
+                       "\";\n", JS_STOP );
+
+          buf = getData( errorTemplate, injection );
+
+          ap_log_error( ( const char * ) "tus", __LINE__,
+                        APLOG_ERR, 0, rq->server,
+                        ( const char * ) "Failed to authenticate request" );
+
+          ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+          if( buf != NULL ) {
+              PR_Free( buf );
+              buf = NULL;
+          }
+
+          return DECLINED;
+    }
+
+    if( rq->uri != NULL ) {
+        uri = PL_strdup( rq->uri );
+    }
+
+    if( rq->args != NULL ) {
+        query = PL_strdup( rq->args );
+    }
+
+    RA::Debug( "mod_tokendb_handler::mod_tokendb_handler",
+               "uri='%s' params='%s'",
+               uri, ( query==NULL?"":query ) );
+
+    if( query == NULL ) {
+        tokendbDebug( "authorization\n" );
+        if( !tus_authorize( TOKENDB_AGENTS_IDENTIFIER, userid ) ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                         "var error = \"Error: ",
+                         "Authorization Failure",
+                         "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "Failed to authorize request" );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n", 
+                     "var userid = \"", userid,
+                     "\";\n", JS_STOP );
+
+        buf = getData( indexTemplate, injection );
+    } else if( ( PL_strstr( query, "op=index_admin" ) ) ) {
+        tokendbDebug( "authorization\n" );
+        if( !tus_authorize( TOKENDB_AGENTS_IDENTIFIER, userid ) ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                        "var error = \"Error: ",
+                        "Authorization Failure",
+                        "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "Failed to authorize request" );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n", 
+                     "var userid = \"", userid,
+                     "\";\n", JS_STOP );
+
+        buf = getData( indexAdminTemplate, injection );
+    } else if( ( PL_strstr( query, "op=do_token" ) ) ) {
+        tokendbDebug( "authorization\n" );
+
+        if( !tus_authorize( TOKENDB_AGENTS_IDENTIFIER, userid ) ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                         "var error = \"Error: ",
+                         "Authorization Failure",
+                         "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "Failed to authorize request" );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        /* XXX - chrisho */
+        /* op=do_token */
+        /* question=1|2|... */
+        /* tid=cuid */
+
+        tokendbDebug( "print query\n" );
+        tokendbDebug( query );
+        tokendbDebug( "\n" );
+
+        tid = PL_strstr( query, "tid=" );
+        if( tid != NULL ) {
+            end = PL_strchr( tid, '&' );
+            if( end != NULL ) { 
+                i = end - tid - 4;
+                if( i > 0 ) {
+                    memcpy( cuid, tid+4, i );
+                }                
+                cuid[i] = '\0';
+            } else {
+                PL_strcpy( cuid, tid+4 );
+            }
+        }
+
+        tokendbDebug( cuid );
+        tokendbDebug( "\n" );
+        question = PL_strstr( query, "question=" );
+        q = question[9] - '0';
+
+        PR_snprintf( question_no, 256, "%d", q );
+
+        tokendbDebug( question_no );
+
+        rc = find_tus_db_entry( cuid, 1, &result );
+        if( rc == 0 ) {
+            e = get_first_entry( result );    
+            if( e != NULL ) {
+                attr_values = get_attribute_values( e, "tokenUserID" );
+                PL_strcpy( cuidUserId, attr_values[0] );
+                tokendbDebug( cuidUserId );
+            }
+        }
+
+        /* Is this token physically damaged */
+        if( q == 1 ) {
+
+            PR_snprintf((char *)msg, 256,
+              "'%s' marked token physically damaged", userid);
+            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated",
+                     msg, cuidUserId);
+
+            /* get the certificates on this lost token */
+            PR_snprintf( ( char * ) filter, 256,
+                         "(&(tokenID=%s)(tokenUserID=%s))",
+                         cuid, cuidUserId );
+            rc = find_tus_certificate_entries_by_order_no_vlv( filter,
+                                                               &result, 1 );
+            if( rc == 0 ) {
+                CertEnroll *certEnroll = new CertEnroll();
+                for( e = get_first_entry( result );
+                     e != NULL;
+                     e = get_next_entry( e ) ) {
+                    char *attr_status = get_cert_status( e );
+
+                    if( strcmp( attr_status, "revoked" ) == 0 ) {
+                        if( attr_status != NULL ) {
+                            PL_strfree( attr_status );
+                            attr_status = NULL;
+                        }
+
+                        continue;
+                    }
+
+                    char *attr_serial= get_cert_serial( e );
+                    char *attr_tokenType = get_cert_tokenType( e );
+                    char *attr_keyType = get_cert_type( e );
+
+                    PR_snprintf( ( char * ) configname, 256,
+                                 "op.enroll.%s.keyGen.%s.recovery."
+                                 "destroyed.revokeCert",
+                                 attr_tokenType, attr_keyType );
+
+                    bool revokeCert = RA::GetConfigStore()->
+                                      GetConfigAsBool( configname, true );
+
+                    PR_snprintf( ( char * ) configname, 256,
+                                 "op.enroll.%s.keyGen.%s.recovery."
+                                 "destroyed.revokeCert.reason",
+                                 attr_tokenType, attr_keyType );
+
+                    char *revokeReason = ( char * )
+                                         ( RA::GetConfigStore()->
+                                         GetConfigAsString( configname,
+                                                            "0" ) );
+
+                    if( revokeCert ) {
+                        char *attr_cn = get_cert_cn( e );
+
+                        PR_snprintf( ( char * ) configname, 256,
+                                     "op.enroll.%s.keyGen.%s.ca.conn",
+                                     attr_tokenType, attr_keyType ); 
+
+                        char *connid = ( char * )
+                                       ( RA::GetConfigStore()->
+                                         GetConfigAsString( configname ) );
+
+                        PR_snprintf( serial, 100, "0x%s", attr_serial );
+
+                        statusNum = certEnroll->RevokeCertificate(revokeReason,
+                                    serial, connid, statusString );
+
+                        // update certificate status
+                        if( strcmp( revokeReason, "6" ) == 0 ) {
+                            PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked_on_hold", attr_cn);
+                            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId);
+                            update_cert_status( attr_cn, "revoked_on_hold" );
+                        } else {
+                            PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked", attr_cn);
+                            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId);
+                            update_cert_status( attr_cn, "revoked" );
+                        }
+
+                        if( attr_cn != NULL ) {
+                            PL_strfree( attr_cn );
+                            attr_cn = NULL;
+                        }
+                    }
+
+                    if( attr_status != NULL ) {
+                        PL_strfree( attr_status );
+                        attr_status = NULL;
+                    }
+
+                    if( attr_serial != NULL ) {
+                        PL_strfree( attr_serial );
+                        attr_serial = NULL;
+                    }
+
+                    if( attr_tokenType != NULL ) {
+                        PL_strfree( attr_tokenType );
+                        attr_tokenType = NULL;
+                    }
+
+                    if( attr_keyType != NULL ) {
+                        PL_strfree( attr_keyType );
+                        attr_keyType = NULL;
+                    }
+                }
+
+                if( result != NULL ) {
+                    ldap_msgfree( result );
+                }
+            }
+
+            /* change the tokenStatus to lost (reason: destroyed). */
+            rc = update_token_status_reason( cuidUserId, cuid,
+                                             "lost", "destroyed" );
+            if( rc == -1 ) {
+                tokendbDebug( "token is physically damaged. rc = -1\n" );
+
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s", JS_START,
+                             "var error = \"Failed to create LDAPMod: ",
+                             "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ap_log_error( ( const char * ) "tus", __LINE__,
+                              APLOG_ERR, 0, rq->server,
+                              ( const char * ) "Failed to create LDAPMod" );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+
+                if( buf != NULL ) {
+                    PR_Free( buf );
+                    buf = NULL;
+                }
+
+                if( uri != NULL ) {
+                    PR_Free( uri );
+                    uri = NULL;
+                }
+
+                if( query != NULL ) {
+                    PR_Free( query );
+                    query = NULL;
+                }
+
+                return DECLINED;
+            } else if( rc > 0 ) {
+                tokendbDebug( "token is physically damaged. rc > 0\n" );
+
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s%s", JS_START,
+                             "var error = \"LDAP mod error: ",
+                             ldap_err2string( rc ),
+                             "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ap_log_error( ( const char * ) "tus", __LINE__,
+                              APLOG_ERR, 0, rq->server,
+                              ( const char * ) "LDAP error: %s", 
+                              ldap_err2string( rc ) );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+
+                if( buf != NULL ) {
+                    PR_Free( buf );
+                    buf = NULL;
+                }
+
+                if( uri != NULL ) {
+                    PR_Free( uri );
+                    uri = NULL;
+                }
+
+                if( query != NULL ) {
+                    PR_Free( query );
+                    query = NULL;
+                }
+
+                return DECLINED;
+            }
+
+        /* Is this token permanently lost? */
+        } else if( q == 2 || q == 6) {
+            if (q == 2) {
+              PR_snprintf((char *)msg, 256,
+                "'%s' marked token permanently lost", userid);             
+            } else {
+              PR_snprintf((char *)msg, 256,
+                "'%s' marked token terminated", userid);             
+            }
+            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated",
+                     msg, cuidUserId);
+
+            /* get the certificates on this lost token */
+            PR_snprintf( ( char * ) filter, 256,
+                         "(&(tokenID=%s)(tokenUserID=%s))",
+                         cuid, cuidUserId );
+
+            rc = find_tus_certificate_entries_by_order_no_vlv( filter,
+                                                               &result, 1 );
+            if( rc == 0 ) {
+                CertEnroll *certEnroll = new CertEnroll();
+                for( e = get_first_entry( result );
+                     e != NULL;
+                     e = get_next_entry( e ) ) { 
+                    char *attr_status = get_cert_status( e );
+
+                    if( strcmp( attr_status, "revoked" ) == 0 ) {
+                        if( attr_status != NULL ) {
+                            PL_strfree( attr_status );
+                            attr_status = NULL;
+                        }
+
+                        continue;
+                    }
+
+                    char *attr_serial= get_cert_serial( e );
+                    char *attr_tokenType = get_cert_tokenType( e );
+                    char *attr_keyType = get_cert_type( e );
+
+                    PR_snprintf( ( char * ) configname, 256,
+                                 "op.enroll.%s.keyGen.%s.recovery."
+                                 "keyCompromise.revokeCert",
+                                 attr_tokenType, attr_keyType );
+
+                    bool revokeCert = RA::GetConfigStore()->
+                                      GetConfigAsBool( configname, true );
+
+                    PR_snprintf( ( char * ) configname, 256,
+                                 "op.enroll.%s.keyGen.%s.recovery."
+                                 "keyCompromise.revokeCert.reason",
+                                 attr_tokenType, attr_keyType );
+
+                    char *revokeReason = ( char * )
+                                         ( RA::GetConfigStore()->
+                                           GetConfigAsString( configname,
+                                                              "1" ) );
+
+                    if( revokeCert ) {
+                        char *attr_cn = get_cert_cn( e );
+
+                        PR_snprintf( ( char * ) configname, 256,
+                                     "op.enroll.%s.keyGen.%s.ca.conn",
+                                     attr_tokenType, attr_keyType ); 
+
+                        char *connid = ( char * )
+                                       ( RA::GetConfigStore()->
+                                         GetConfigAsString( configname ) );
+
+                        PR_snprintf( serial, 100, "0x%s", attr_serial );
+
+                        statusNum = certEnroll->
+                                    RevokeCertificate( revokeReason,
+                                                       serial,
+                                                       connid,
+                                                       statusString );
+
+                        // update certificate status
+                        if( strcmp(revokeReason, "6" ) == 0 ) {
+                            PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked_on_hold", attr_cn);
+                            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId);
+                            update_cert_status( attr_cn, "revoked_on_hold" );
+                        } else {
+                            PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked", attr_cn);
+                            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId);
+                            update_cert_status( attr_cn, "revoked" );
+                        }
+
+                        if( attr_cn != NULL ) {
+                            PL_strfree( attr_cn );
+                            attr_cn = NULL;
+                        }
+                    }
+
+                    if( attr_status != NULL ) {
+                        PL_strfree( attr_status );
+                        attr_status = NULL;
+                    }
+
+                    if( attr_serial != NULL ) {
+                        PL_strfree( attr_serial );
+                        attr_serial = NULL;
+                    }
+
+                    if( attr_tokenType != NULL ) {
+                        PL_strfree( attr_tokenType );
+                        attr_tokenType = NULL;
+                    }
+
+                    if( attr_keyType != NULL ) {
+                        PL_strfree( attr_keyType );
+                        attr_keyType = NULL;
+                    }
+                }
+
+                if( result != NULL ) {
+                    ldap_msgfree( result );
+                }
+            }
+
+            /* revoke all the certs on the token. make http connection to CA */
+         
+            /* change the tokenStatus to lost (reason: keyCompromise) */
+            tokendbDebug( "Revoke all the certs on this token "
+                          "(reason: keyCompromise)\n" );
+
+            if (q == 6) { /* terminated */
+              rc = update_token_status_reason( cuidUserId, cuid,
+                                             "terminated", "keyCompromise" );
+            } else {
+              rc = update_token_status_reason( cuidUserId, cuid,
+                                             "lost", "keyCompromise" );
+            }
+            if( rc == -1 ) {
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s", JS_START,
+                             "var error = \"Failed to create LDAPMod: ",
+                             "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ap_log_error( ( const char * ) "tus", __LINE__,
+                              APLOG_ERR, 0, rq->server,
+                              ( const char * ) "Failed to create LDAPMod" );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+
+                if( buf != NULL ) {
+                    PR_Free( buf );
+                    buf = NULL;
+                }
+
+                if( uri != NULL ) {
+                    PR_Free( uri );
+                    uri = NULL;
+                }
+
+                if( query != NULL ) {
+                    PR_Free( query );
+                    query = NULL;
+                }
+
+                return DECLINED;
+            } else if( rc > 0 ) {
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s%s", JS_START,
+                             "var error = \"LDAP mod error: ",
+                             ldap_err2string( rc ),
+                             "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ap_log_error( ( const char * ) "tus", __LINE__,
+                              APLOG_ERR, 0, rq->server,
+                              ( const char * ) "LDAP error: %s",
+                              ldap_err2string( rc ) );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+
+                if( buf != NULL ) {
+                    PR_Free( buf );
+                    buf = NULL;
+                }
+
+                if( uri != NULL ) {
+                    PR_Free( uri );
+                    uri = NULL;
+                }
+
+                if( query != NULL ) {
+                    PR_Free( query );
+                    query = NULL;
+                }
+
+                return DECLINED;
+            }
+
+        /* Is this token temporarily lost? */
+        } else if( q == 3 ) {
+
+            PR_snprintf((char *)msg, 256,
+              "'%s' marked token temporarily lost", userid);
+            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated",
+                     msg, cuidUserId);
+
+            /* all certs on the token are revoked (onHold) */
+            tokendbDebug( "Revoke all the certs on this token "
+                          "(reason: onHold)\n" );
+
+            /* get the certificates on this lost token */
+            PR_snprintf( ( char * ) filter, 256,
+                         "(&(tokenID=%s)(tokenUserID=%s))",
+                         cuid, cuidUserId );
+
+            rc = find_tus_certificate_entries_by_order_no_vlv( filter,
+                                                               &result, 1 );
+            if( rc == 0 ) {
+                CertEnroll *certEnroll = new CertEnroll();
+                for( e = get_first_entry( result );
+                     e != NULL;
+                     e = get_next_entry( e ) ) { 
+                    char *attr_status = get_cert_status( e );
+                    if( strcmp( attr_status, "revoked" ) == 0 || 
+                        strcmp( attr_status, "revoked_on_hold" ) == 0 ) {
+                        if( attr_status != NULL ) {
+                            PL_strfree( attr_status );
+                            attr_status = NULL; 
+                        }
+
+                        continue;
+                    }
+
+                    char *attr_serial= get_cert_serial( e );
+                    char *attr_tokenType = get_cert_tokenType( e );
+                    char *attr_keyType = get_cert_type( e );
+
+                    PR_snprintf( ( char * ) configname, 256,
+                                 "op.enroll.%s.keyGen.%s.recovery."
+                                 "onHold.revokeCert",
+                                 attr_tokenType, attr_keyType );
+
+                    bool revokeCert = RA::GetConfigStore()->
+                                      GetConfigAsBool( configname, true );
+
+                    PR_snprintf( ( char * ) configname, 256,
+                                 "op.enroll.%s.keyGen.%s.recovery.onHold."
+                                 "revokeCert.reason",
+                                 attr_tokenType, attr_keyType );
+
+                    char *revokeReason = ( char * )
+                                         ( RA::GetConfigStore()->
+                                           GetConfigAsString( configname,
+                                                              "0" ) );
+
+                    if( revokeCert ) {
+                        char *attr_cn = get_cert_cn( e );
+
+                        PR_snprintf( ( char * ) configname, 256,
+                                     "op.enroll.%s.keyGen.%s.ca.conn",
+                                     attr_tokenType, attr_keyType );
+
+                        char *connid = ( char * )
+                                       ( RA::GetConfigStore()->
+                                         GetConfigAsString( configname ) );
+
+                        PR_snprintf( serial, 100, "0x%s", attr_serial );
+
+                        statusNum = certEnroll->
+                                    RevokeCertificate( revokeReason,
+                                                       serial,
+                                                       connid,
+                                                       statusString );
+
+                        if( strcmp( revokeReason, "6" ) == 0 ) {
+                            PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked_on_hold", attr_cn);
+                            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId);
+                            update_cert_status( attr_cn, "revoked_on_hold" );
+                        } else {
+                            PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked", attr_cn);
+                            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId);
+                            update_cert_status( attr_cn, "revoked" );
+                        }
+                    }
+
+                    if( attr_status != NULL ) {
+                        PL_strfree( attr_status );
+                        attr_status = NULL;
+                    }
+
+                    if( attr_serial != NULL ) {
+                        PL_strfree( attr_serial );
+                        attr_serial = NULL;
+                    }
+
+                    if( attr_tokenType != NULL ) {
+                        PL_strfree( attr_tokenType );
+                        attr_tokenType = NULL;
+                    }
+
+                    if( attr_keyType != NULL ) {
+                        PL_strfree( attr_keyType );
+                        attr_keyType = NULL;
+                    }
+                }
+
+                if (result != NULL) {
+                    ldap_msgfree( result );
+                }
+            }
+
+            rc = update_token_status_reason( cuidUserId, cuid,
+                                             "lost", "onHold" );
+            if( rc == -1 ) {
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s", JS_START,
+                             "var error = \"Failed to create LDAPMod: ",
+                             "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ap_log_error( ( const char * ) "tus", __LINE__,
+                              APLOG_ERR, 0, rq->server,
+                              ( const char * ) "Failed to create LDAPMod" );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+                if( buf != NULL ) {
+                    PR_Free( buf );
+                    buf = NULL;
+                }
+
+                if( uri != NULL ) {
+                    PR_Free( uri );
+                    uri = NULL;
+                }
+
+                if( query != NULL ) {
+                    PR_Free( query );
+                    query = NULL;
+                }
+
+                return DECLINED;
+            } else if( rc > 0 ) {
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s%s", JS_START,
+                             "var error = \"LDAP mod error: ",
+                             ldap_err2string( rc ),
+                             "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ap_log_error( ( const char * ) "tus", __LINE__,
+                              APLOG_ERR, 0, rq->server,
+                              ( const char * ) "LDAP error: %s",
+                              ldap_err2string( rc ) );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+
+                if( buf != NULL ) {
+                    PR_Free( buf );
+                    buf = NULL;
+                }
+
+                if( uri != NULL ) {
+                    PR_Free( uri );
+                    uri = NULL;
+                }
+
+                if( query != NULL ) {
+                    PR_Free( query );
+                    query = NULL;
+                }
+
+                return DECLINED;
+            }
+
+        /* Is this temporarily lost token found? */
+        } else if( q == 4 ) {
+
+            PR_snprintf((char *)msg, 256,
+              "'%s' marked lost token found", userid);
+            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated",
+                     msg, cuidUserId);
+
+            tokendbDebug( "The temporarily lost token is found.\n" );
+            
+            // to find out the tokenType on this lost token
+            PR_snprintf( ( char * ) filter, 256,
+                         "(&(tokenID=%s)(tokenUserID=%s))",
+                         cuid, cuidUserId );
+
+            /* all certs on the token are unrevoked (offHold) */
+            /* get the certificates on this lost token        */
+            tokendbDebug( "Offhold all the certificates on "
+                          "the temp lost token." );
+
+            rc = find_tus_certificate_entries_by_order_no_vlv( filter,
+                                                               &result, 1 );
+            if( rc == 0 ) {
+                CertEnroll *certEnroll = new CertEnroll();
+                for( e = get_first_entry( result );
+                     e != NULL;
+                     e = get_next_entry( e ) ) { 
+                    char *attr_status = get_cert_status( e );
+                    if( strcmp( attr_status, "active" ) == 0 || 
+                        strcmp( attr_status, "revoked" ) == 0 ) {
+                        if( attr_status != NULL ) {
+                            PL_strfree( attr_status );
+                            attr_status = NULL;
+                        }
+
+                        continue;
+                    }
+
+                    char *attr_serial= get_cert_serial( e );
+                    char *attr_tokenType = get_cert_tokenType( e );
+                    char *attr_keyType = get_cert_type( e );
+
+                    PR_snprintf( ( char * ) configname, 256,
+                                 "op.enroll.%s.keyGen.%s.recovery."
+                                 "onHold.revokeCert",
+                                 attr_tokenType, attr_keyType );
+
+                    bool revokeCert = RA::GetConfigStore()->
+                                      GetConfigAsBool( configname, true );
+                    if( revokeCert ) {
+                        char *attr_cn = get_cert_cn( e );
+
+                        PR_snprintf( ( char * ) configname, 256,
+                                     "op.enroll.%s.keyGen.%s.ca.conn",
+                                     attr_tokenType, attr_keyType );
+
+                         char *connid = ( char * )
+                                         ( RA::GetConfigStore()->
+                                           GetConfigAsString( configname ) );
+                         
+
+                        PR_snprintf( serial, 100, "0x%s", attr_serial );
+
+                         int statusNum = certEnroll->
+                                          UnrevokeCertificate( serial,
+                                                               connid,
+                                                               statusString );
+                         
+
+                          PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as active", attr_cn);
+                          RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId);
+                        update_cert_status( attr_cn, "active" );
+                        
+                        if( attr_cn != NULL ) {
+                            PL_strfree( attr_cn );
+                            attr_cn = NULL;
+                        }
+                    }
+
+                    if( attr_serial != NULL ) {
+                        PL_strfree( attr_serial );
+                        attr_serial = NULL;
+                    }
+
+                    if( attr_tokenType != NULL ) {
+                        PL_strfree( attr_tokenType );
+                        attr_tokenType = NULL;
+                    }
+
+                    if( attr_keyType != NULL ) {
+                        PL_strfree( attr_keyType );
+                        attr_keyType = NULL;
+                    }
+                } // end of for loop
+             
+                if( result != NULL ) {
+                    ldap_msgfree( result );
+                }
+
+                if( certEnroll != NULL ) {
+                    delete certEnroll;
+                    certEnroll = NULL;
+                }
+            }
+
+            update_token_status_reason( cuidUserId, cuid, "active", NULL );
+
+            if( rc == -1 ) {
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s", JS_START,
+                             "var error = \"Failed to create LDAPMod: ",
+                             "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ap_log_error( ( const char * ) "tus", __LINE__,
+                              APLOG_ERR, 0, rq->server,
+                              ( const char * ) "Failed to create LDAPMod" );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+
+                if( buf != NULL ) {
+                    PR_Free( buf );
+                    buf = NULL;
+                }
+
+                if( uri != NULL ) {
+                    PR_Free( uri );
+                    uri = NULL;
+                }
+
+                if( query != NULL ) {
+                    PR_Free( query );
+                    query = NULL;
+                }
+
+                return DECLINED;
+            } else if( rc > 0 ) {
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s%s", JS_START,
+                             "var error = \"LDAP mod error: ",
+                             ldap_err2string( rc ),
+                             "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ap_log_error( ( const char * ) "tus", __LINE__,
+                              APLOG_ERR, 0, rq->server,
+                              ( const char * ) "LDAP error: %s",
+                              ldap_err2string( rc ) );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+
+                if( buf != NULL ) {
+                    PR_Free( buf );
+                    buf = NULL;
+                }
+
+                if( uri != NULL ) {
+                    PR_Free( uri );
+                    uri = NULL;
+                }
+
+                if( query != NULL ) {
+                    PR_Free( query );
+                    query = NULL;
+                }
+
+                return DECLINED;
+            }
+
+        /* Does this temporarily lost token become permanently lost? */
+        } else if (q == 5) {
+
+            PR_snprintf((char *)msg, 256,
+              "'%s' marked lost token permanently lost", userid);
+            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated",
+                     msg, cuidUserId);
+
+            tokendbDebug( "Change the revocation reason from onHold "
+                          "to keyCompromise\n" );
+
+            // to find out the tokenType on this lost token
+            PR_snprintf( ( char * ) filter, 256,
+                         "(&(tokenID=%s)(tokenUserID=%s))",
+                         cuid, cuidUserId );
+
+            /* revoke all the certs on this token (reason: keyCompromise) */
+            tokendbDebug( "Revoke all the certs on this token "
+                          "(reason: keyCompromise)\n" );
+
+            /* get the certificates on this lost token */
+            PR_snprintf( ( char * ) filter, 256,
+                         "(&(tokenID=%s)(tokenUserID=%s))",
+                         cuid, cuidUserId );
+
+            rc = find_tus_certificate_entries_by_order_no_vlv( filter,
+                                                               &result, 1 );
+            if( rc == 0 ) {
+                CertEnroll *certEnroll = new CertEnroll();
+                for( e = get_first_entry(result);
+                     e != NULL;
+                     e = get_next_entry( e ) ) { 
+                    char *attr_status = get_cert_status( e );
+                    if( strcmp( attr_status, "revoked" ) == 0 ) {
+                        if( attr_status != NULL ) {
+                            PL_strfree( attr_status );
+                            attr_status = NULL;
+                        }
+                        continue;
+                    }
+
+                    char *attr_serial= get_cert_serial( e );
+                    char *attr_tokenType = get_cert_tokenType( e );
+                    char *attr_keyType = get_cert_type( e );
+
+                    PR_snprintf( ( char * ) configname, 256,
+                                 "op.enroll.%s.keyGen.%s.recovery."
+                                 "keyCompromise.revokeCert",
+                                 attr_tokenType, attr_keyType );
+
+                    bool revokeCert = RA::GetConfigStore()->
+                                      GetConfigAsBool( configname, true );
+
+                    PR_snprintf( ( char * ) configname, 256,
+                                 "op.enroll.%s.keyGen.%s.recovery."
+                                 "keyCompromise.revokeCert.reason",
+                                 attr_tokenType, attr_keyType );
+
+                    char *revokeReason = ( char * )
+                                         ( RA::GetConfigStore()->
+                                           GetConfigAsString( configname,
+                                                              "1" ) );
+
+                    if( revokeCert ) {
+                        char *attr_cn = get_cert_cn( e );
+
+                        PR_snprintf( ( char * ) configname, 256,
+                                     "op.enroll.%s.keyGen.%s.ca.conn",
+                                     attr_tokenType, attr_keyType );
+
+                        char *connid = ( char * )
+                                       ( RA::GetConfigStore()->
+                                         GetConfigAsString( configname ) );
+
+                        PR_snprintf( serial, 100, "0x%s", attr_serial );
+
+                        int statusNum = 0;
+                        if( strcmp( attr_status, "revoked_on_hold" ) == 0 ) {
+                            statusNum = certEnroll->
+                                        UnrevokeCertificate( serial,
+                                                             connid,
+                                                             statusString );
+                        }
+
+                        if( statusNum == 0 ) {
+                            statusNum = certEnroll->
+                                        RevokeCertificate( revokeReason,
+                                                           serial,
+                                                           connid, 
+                                                           statusString );
+                        }
+
+                        if( strcmp( revokeReason, "6" ) == 0 ) {
+                          PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked_on_hold", attr_cn);
+                          RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId);
+                            update_cert_status( attr_cn, "revoked_on_hold" );
+                        } else {
+                          PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked", attr_cn);
+                          RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId);
+                            update_cert_status( attr_cn, "revoked" );
+                        }
+
+                        if( attr_cn != NULL ) {
+                            PL_strfree( attr_cn );
+                            attr_cn = NULL;
+                        }
+                    }
+
+                    if( attr_serial != NULL ) {
+                        PL_strfree( attr_serial );
+                        attr_serial = NULL;
+                    }
+
+                    if( attr_tokenType != NULL ) {
+                        PL_strfree( attr_tokenType );
+                        attr_tokenType = NULL;
+                    }
+
+                    if( attr_keyType != NULL ) {
+                        PL_strfree( attr_keyType );
+                        attr_keyType = NULL;
+                    }
+                } // end of the for loop
+
+                if( result != NULL ) {
+                    ldap_msgfree( result );
+                }
+
+                if( certEnroll != NULL ) {
+                    delete certEnroll;
+                    certEnroll = NULL;
+                }
+            }
+
+            rc = update_token_status_reason( cuidUserId, cuid,
+                                             "lost", "keyCompromise" );
+        }
+        
+        tokendbDebug( "do_token: rc = 0\n" );
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%d%s%s%s%s%s%s%s%s", JS_START,
+                     "var rc = \"", rc, "\";\n",
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid,
+                     "\";\n", JS_STOP );
+
+        buf = getData( doTokenTemplate, injection );
+    } else if( ( PL_strstr( query, "op=revoke" ) ) ) {
+        tokendbDebug("authorization\n");
+
+        if( !tus_authorize( TOKENDB_AGENTS_IDENTIFIER, userid ) ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                        "var error = \"Error: ",
+                        "Authorization Failure",
+                        "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "Failed to authorize request" );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        /* XXX - chrisho */
+        /* op=revoke */
+        /* tid=cuid */
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s", JS_START,
+                    "var uriBase = \"", uri, "\";\n",
+                    "var userid = \"", userid,
+                    "\";\n", JS_STOP );
+
+        buf = getData( revokeTemplate, injection );
+    } else if( ( PL_strstr( query, "op=search_activity" ) ) ) {
+        tokendbDebug( "authorization\n" );
+
+        if( !tus_authorize( TOKENDB_AGENTS_IDENTIFIER, userid ) ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                         "var error = \"Error: ",
+                         "Authorization Failure",
+                         "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "Failed to authorize request" );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid,
+                     "\";\n", JS_STOP );
+
+        buf = getData( searchActivityTemplate, injection );
+    } else if( ( PL_strstr( query, "op=search_admin" ) ) ) {
+        tokendbDebug( "authorization\n" );
+
+        if( !tus_authorize( TOKENDB_ADMINISTRATORS_IDENTIFIER, userid ) ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                         "var error = \"Error: ",
+                         "Authorization Failure",
+                         "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "Failed to authorize request" );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid,
+                     "\";\n", JS_STOP );
+
+        buf = getData( searchAdminTemplate, injection );
+    } else if( ( PL_strstr( query, "op=search_certificate" ) ) ) {
+        tokendbDebug( "authorization\n" );
+        if( !tus_authorize( TOKENDB_AGENTS_IDENTIFIER, userid ) ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                         "var error = \"Error: ",
+                         "Authorization Failure",
+                         "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "Failed to authorize request" );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid,
+                     "\";\n", JS_STOP );
+
+        buf = getData( searchCertificateTemplate, injection );
+    } else if( ( PL_strstr( query, "op=search" ) ) ) {
+        tokendbDebug( "authorization\n" );
+        if( !tus_authorize( TOKENDB_AGENTS_IDENTIFIER, userid ) ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                         "var error = \"Error: ",
+                         "Authorization Failure",
+                         "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "Failed to authorize request" );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid,
+                     "\";\n", JS_STOP );
+
+        buf = getData( searchTemplate, injection );
+    } else if( ( PL_strstr( query, "op=new" ) ) ) {
+        tokendbDebug( "authorization\n" );
+        if( !tus_authorize( TOKENDB_ADMINISTRATORS_IDENTIFIER, userid ) ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                         "var error = \"Error: ",
+                         "Authorization Failure",
+                         "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "Failed to authorize request" );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n", 
+                     "var userid = \"", userid,
+                     "\";\n", JS_STOP );
+
+        buf = getData( newTemplate,injection );
+    } else if( ( PL_strstr( query, "op=view_admin" ) )       ||
+               ( PL_strstr( query, "op=view_certificate" ) ) ||
+               ( PL_strstr( query, "op=view_activity" ) )    ||
+               ( PL_strstr( query, "op=view" ) )             ||
+               ( PL_strstr( query, "op=edit_admin" ) )       ||
+               ( PL_strstr( query, "op=edit" ) )             ||
+               ( PL_strstr( query, "op=show_certificate" ) ) ||
+               ( PL_strstr( query, "op=show" ) )             ||
+               ( PL_strstr( query, "op=do_confirm_token" ) ) ||
+               ( PL_strstr( query, "op=confirm" ) ) ) {
+        if( ( PL_strstr( query, "op=confirm" ) )    ||
+            ( PL_strstr( query, "op=view_admin" ) ) ||
+            ( PL_strstr( query, "op=show_admin" ) ) ||
+            ( PL_strstr( query, "op=edit_admin" ) ) ) {
+            tokendbDebug( "authorization\n" );
+
+            if( !tus_authorize( TOKENDB_ADMINISTRATORS_IDENTIFIER, userid ) ) {
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s%s", JS_START,
+                             "var error = \"Error: ",
+                             "Authorization Failure",
+                             "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ap_log_error( ( const char * ) "tus", __LINE__,
+                              APLOG_ERR, 0, rq->server,
+                              ( const char * ) "Failed to authorize request" );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+
+                if( buf != NULL ) {
+                  PR_Free( buf );
+                  buf = NULL;
+                }
+
+                if( uri != NULL ) {
+                    PR_Free( uri );
+                    uri = NULL;
+                }
+
+                if( query != NULL ) {
+                    PR_Free( query );
+                    query = NULL;
+                }
+
+                return DECLINED;
+            }
+        } else {
+            tokendbDebug( "authorization\n" );
+
+            if( !tus_authorize( TOKENDB_AGENTS_IDENTIFIER, userid ) ) 
+            {
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s%s", JS_START,
+                            "var error = \"Error: ",
+                            "Authorization Failure",
+                            "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ap_log_error( ( const char * ) "tus", __LINE__,
+                              APLOG_ERR, 0, rq->server,
+                              ( const char * ) "Failed to authorize request" );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+
+                if( buf != NULL ) {
+                    PR_Free( buf );
+                    buf = NULL;
+                }
+
+                if( uri != NULL ) {
+                    PR_Free( uri );
+                    uri = NULL;
+                }
+
+                if( query != NULL ) {
+                    PR_Free( query );
+                    query = NULL;
+                }
+
+                return DECLINED;
+            }
+        }
+
+        if( PL_strstr( query, "op=view_activity" ) ) {
+            getActivityFilter( filter, query );
+        } else if( PL_strstr( query, "op=view_certificate" ) ) {
+            getCertificateFilter( filter, query );
+        } else if( PL_strstr( query, "op=show_certificate" ) ) {
+            getCertificateFilter( filter, query );
+        } else {
+            getFilter( filter, query );
+        }
+
+        tokendbDebug( "looking for filter:" );
+        tokendbDebug( filter );
+        tokendbDebug( "\n" );
+
+        /*  retrieve maxCount */
+        s1 = PL_strstr( query, "maxCount=" );
+        if( s1 == NULL ) {
+            maxReturns = 20;
+        } else {
+            s2 = PL_strchr( ( const char * ) s1, '&' );
+            if( s2 == NULL ) {
+                maxReturns = atoi( s1+9 );
+            } else {
+                *s2 = '\0'; 
+                maxReturns = atoi( s1+9 );
+                *s2 = '&'; 
+            }
+        }
+
+        if( PL_strstr( query, "op=view_activity" ) ) {
+            status = find_tus_activity_entries_no_vlv( filter, &result, 0 );
+        } else if( PL_strstr( query, "op=view_certificate" ) ) {
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "LDAP filter: %s", filter);
+
+            status = find_tus_certificate_entries_by_order_no_vlv( filter,
+                                                                   &result,
+                                                                   0 );
+        } else if( PL_strstr( query, "op=show_certificate" ) ||
+                   PL_strstr( query, "op=view_certificate" ) ) {
+            /* status = find_tus_certificate_entries( filter,
+                                                      maxReturns,
+                                                      &result ); */
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "LDAP filter: %s", filter);
+
+            status = find_tus_certificate_entries_by_order_no_vlv( filter,
+                                                                   &result,
+                                                                   0 );
+        } else if( PL_strstr( query, "op=show_admin" ) ||
+                   PL_strstr( query, "op=show" )       ||
+                   PL_strstr( query, "op=edit_admin" ) ||
+                   PL_strstr( query, "op=confirm" )    ||
+                   PL_strstr( query, "op=do_confirm_token" ) ) {
+            status = find_tus_token_entries_no_vlv( filter, &result, 0 );
+        } else {
+            status = find_tus_db_entries( filter, maxReturns, &result );
+        }
+
+        if( status != LDAP_SUCCESS ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                         "var error = \"LDAP search error: ",
+                         ldap_err2string( status ),
+                         "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "LDAP search error: %s",
+                          ldap_err2string( status ) );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        nEntries = get_number_of_entries( result );
+        entryNum = 0;
+        maxEntries = 0;
+        size = 0;
+
+        PL_strcpy( injection, JS_START );
+        PL_strcat( injection, "var userid = \"" );
+        PL_strcat( injection, userid );
+        PL_strcat( injection, "\";\n" );
+        PL_strcat( injection, "var uriBase = \"" );
+        PL_strcat( injection, uri );
+        PL_strcat( injection, "\";\n" );
+
+        if( nEntries > 1 ) {
+            if( sendInPieces && PL_strstr( query, "op=view_activity" ) ) {
+                buf = getTemplateFile( searchActivityResultTemplate,
+                                       &tagOffset );
+                if( buf != NULL && tagOffset >= 0 ) {
+                    ( void ) ap_rwrite( ( const void * ) buf, tagOffset, rq );
+                    sendPieces = 1;
+                }
+            } else if( sendInPieces &&
+                       PL_strstr( query, "op=view_certificate" ) ) {
+                buf = getTemplateFile( searchCertificateResultTemplate,
+                                       &tagOffset );
+                if( buf != NULL && tagOffset >= 0 ) {
+                    ( void ) ap_rwrite( ( const void * ) buf, tagOffset, rq );
+                    sendPieces = 1;
+                }
+            } else if( sendInPieces && PL_strstr( query, "op=view" ) ) {
+                buf = getTemplateFile( searchResultTemplate, &tagOffset );
+                if( buf != NULL && tagOffset >= 0 ) {
+                    ( void ) ap_rwrite( ( const void * ) buf, tagOffset, rq );
+                    sendPieces = 1;
+                }
+            }
+
+            PL_strcat( injection, "var total = \"" );
+
+            len = PL_strlen( injection );
+
+            PR_snprintf( &injection[len], ( MAX_INJECTION_SIZE-len ),
+                         "%d", nEntries );
+
+            PL_strcat( injection, "\";\n" );
+        } else {
+            if( ( vals = get_token_states() ) != NULL ) {
+                PL_strcat( injection, "var tokenStates = \"" );
+                for( i = 0; vals[i] != NULL; i++ ) {
+                    if( i > 0 ) {
+                        PL_strcat( injection, "," );
+                    }
+
+                    PL_strcat( injection, vals[i] );
+                }
+
+                if( i > 0 ) {
+                    PL_strcat( injection, "\";\n" );
+                } else {
+                    PL_strcat( injection, "null;\n" );
+                }
+            }
+        }
+
+        PL_strcat( injection, "var results = new Array();\n" );
+        PL_strcat( injection, "var item = 0;\n" );
+
+        if( PL_strstr( query, "op=do_confirm_token" ) ) {
+                question = PL_strstr( query, "question=" );
+
+                q = question[9] - '0';
+
+                PR_snprintf( question_no, 256, "%d", q );
+
+                PL_strcat( injection, "var question = \"" );
+                PL_strcat( injection, question_no );
+                PL_strcat( injection, "\";\n" );
+        }
+
+        if( PL_strstr( query, "op=view_activity" ) ) {
+            a = get_activity_attributes();
+        } else if( PL_strstr( query, "op=view_certificate" ) ) {
+            a = get_certificate_attributes();
+        } else if( PL_strstr( query, "op=show_certificate" ) ) {
+            a = get_certificate_attributes();
+        } else {
+            a = get_token_attributes();
+        }
+
+        for( e = get_first_entry( result );
+             ( maxReturns > 0 ) && ( e != NULL );
+             e = get_next_entry( e ) ) {
+            maxReturns--;
+
+            PL_strcat( injection, "var o = new Object();\n" );
+
+            for( n = 0; a[n] != NULL; n++ ) {
+                /* Get the values of the attribute. */
+                if( ( vals = get_attribute_values( e, a[n] ) ) != NULL ) {
+                    PL_strcat( injection, "o." );
+                    PL_strcat( injection, a[n] );
+                    PL_strcat( injection, " = " );
+
+                    for( i = 0; vals[i] != NULL; i++ ) {
+                        if( i > 0 ) {
+                            PL_strcat( injection, "#" );
+                        } else {
+                            PL_strcat( injection, "\"" );
+                        }
+
+                        PL_strcat( injection, vals[i] );
+                    }
+
+                    if( i > 0 ) {
+                        PL_strcat( injection, "\";\n" );
+                    } else {
+                        PL_strcat( injection, "null;\n" );
+                    }
+
+                    /* Free the attribute values from memory when done. */
+                    if( vals != NULL ) {
+                        free_values( vals, 1 );
+                        vals = NULL;
+                    }
+                }
+            }
+
+            PL_strcat( injection, "results[item++] = o;\n" );
+
+            len = PL_strlen( injection );
+
+            entryNum++;
+
+            if( entryNum == 1 && nEntries > 1 && sendPieces == 0 ) {
+                if( ( nEntries * len ) > MAX_INJECTION_SIZE ) {
+                    size = nEntries;
+                    if( ( nEntries * len ) >
+                        ( MAX_OVERLOAD * MAX_INJECTION_SIZE ) ) {
+                        maxEntries = ( MAX_OVERLOAD * MAX_INJECTION_SIZE ) /
+                                     len;
+                        size = maxEntries;
+                    }
+
+                    size *= len;
+
+                    injection = ( char* ) PR_Malloc( size );
+
+                    if( injection != NULL ) {
+                        PL_strcpy( injection, fixed_injection );
+                    } else {
+                        injection = fixed_injection;
+                        maxEntries = MAX_INJECTION_SIZE / len;
+                        size = MAX_INJECTION_SIZE;
+                    }
+                }
+            }
+
+            if( sendPieces ) {
+                ( void ) ap_rwrite( ( const void * ) injection,
+                                    PL_strlen( injection ), rq );
+                injection[0] = '\0';
+            }
+
+            if( maxEntries > 0 && entryNum >= maxEntries ) {
+                break;
+            }
+        }
+
+        if( result != NULL ) {
+            free_results( result );
+            result = NULL;
+        }
+
+        if( maxEntries > 0 && nEntries > 1 ) {
+            PL_strcat( injection, "var limited = \"" );
+
+            len = PL_strlen( injection );
+
+            PR_snprintf( &injection[len], ( size-len ), "%d", entryNum );
+
+            PL_strcat( injection, "\";\n" );
+        }
+
+        PL_strcat( injection, JS_STOP );
+
+        if( sendPieces ) {
+            ( void ) ap_rwrite( ( const void * ) injection,
+                                PL_strlen( injection ), rq );
+
+            mNum = buf + tagOffset + PL_strlen( CMS_TEMPLATE_TAG );
+
+            ( void ) ap_rwrite( ( const void * ) mNum,
+                                PL_strlen( mNum ), rq );
+
+            mNum = NULL;
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+        } else {
+            if( PL_strstr( query, "op=view_activity" ) ) {
+                buf = getData( searchActivityResultTemplate, injection );
+            } else if( PL_strstr( query, "op=view_certificate" ) ) {
+                buf = getData( searchCertificateResultTemplate, injection );
+            } else if( PL_strstr( query, "op=edit_admin" ) ) {
+                buf = getData( editAdminTemplate, injection );
+            } else if( PL_strstr( query, "op=show_admin" ) ) {
+                buf = getData( showAdminTemplate, injection );
+            } else if( PL_strstr( query, "op=view_admin" ) ) {
+                buf = getData( searchAdminResultTemplate, injection );
+            } else if( PL_strstr( query, "op=view" ) ) {
+                buf = getData( searchResultTemplate, injection );
+            } else if( PL_strstr( query, "op=edit" ) ) {
+                buf = getData( editTemplate, injection );
+            } else if( PL_strstr( query, "op=show_certificate" ) ) {
+                buf = getData( showCertTemplate, injection );
+            } else if( PL_strstr( query, "op=do_confirm_token" ) ) {
+                buf = getData( doTokenConfirmTemplate, injection );
+            } else if( PL_strstr( query, "op=show" ) ) {
+                buf = getData( showTemplate, injection );
+            } else if( PL_strstr( query, "op=confirm" ) ) {
+                buf = getData( deleteTemplate, injection );
+            }
+        }
+
+        if( injection != fixed_injection ) {
+            if( injection != NULL ) {
+                PR_Free( injection );
+                injection = NULL;
+            }
+
+            injection = fixed_injection;
+        }
+    } else if( PL_strstr( query, "op=save_admin" ) ) {
+        tokendbDebug( "authorization\n" );
+
+        if( !tus_authorize( TOKENDB_ADMINISTRATORS_IDENTIFIER, userid ) ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                         "var error = \"Error: ",
+                         "Authorization Failure",
+                         "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "Failed to authorize request" );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        getCN( filter, query );
+
+        mNum = parse_modification_number( query );
+
+        mods = getModifications( query );
+
+        if( mNum != NULL ) {
+            status = check_and_modify_tus_db_entry( userid, filter,
+                                                    mNum, mods );
+
+            PL_strfree( mNum );
+
+            mNum = NULL;
+        } else {
+            status = modify_tus_db_entry( userid, filter, mods );
+        }
+
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+
+            mods = NULL;
+        }
+
+        if( status != LDAP_SUCCESS ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                         "var error = \"LDAP modify error: ",
+                         ldap_err2string( status ),
+                         "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "LDAP error: %s",
+                          ldap_err2string( status ) );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n",
+                     "var tid = \"", filter, "\";\n", JS_STOP );
+
+        buf = getData( editAdminResultTemplate, injection );
+    } else if( PL_strstr( query, "op=save" ) ) {
+        tokendbDebug( "authorization\n" );
+
+        if( !tus_authorize( TOKENDB_AGENTS_IDENTIFIER, userid ) ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                         "var error = \"Error: ",
+                         "Authorization Failure",
+                         "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "Failed to authorize request" );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        getCN( filter, query );
+        mNum = parse_modification_number( query );
+        mods = getModifications( query );
+
+        if( mNum != NULL ) {
+            status = check_and_modify_tus_db_entry( userid, filter,
+                                                    mNum, mods );
+
+            PL_strfree( mNum );
+
+            mNum = NULL;
+        } else {
+            status = modify_tus_db_entry( userid, filter, mods );
+        }
+
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+
+        if( status != LDAP_SUCCESS ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                         "var error = \"LDAP modify error: ",
+                         ldap_err2string( status ),
+                         "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "LDAP error: %s",
+                          ldap_err2string( status ) );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n",
+                     "var tid = \"", filter, "\";\n", JS_STOP );
+
+        buf = getData( editResultTemplate, injection );
+
+    } else if( PL_strstr( query, "op=add" ) ) {
+        tokendbDebug( "authorization\n" );
+
+        if( !tus_authorize( TOKENDB_ADMINISTRATORS_IDENTIFIER, userid ) ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                         "var error = \"Error: ",
+                         "Authorization Failure",
+                         "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "Failed to authorize request" );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        getCN( filter, query );
+
+        PR_snprintf((char *)msg, 256,
+            "'%s' has created new token", userid);
+        RA::tdb_activity(rq->connection->remote_ip, filter, "add", "token", msg, "");
+
+        if( strcmp( filter, "" ) == 0 ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                          "var error = \"Error: ",
+                          "No Token ID Found",
+                          "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "Failed to authorize request" );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        status = add_default_tus_db_entry( NULL, userid,
+                                           filter, "uninitialized",
+                                           NULL, NULL );
+
+        if( status != LDAP_SUCCESS ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                        "var error = \"LDAP add error: ",
+                        ldap_err2string( status ),
+                        "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "LDAP error: %s",
+                          ldap_err2string( status ) );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n",
+                     "var tid = \"", filter, "\";\n", JS_STOP );
+
+        buf = getData( addResultTemplate, injection );
+    } else if( PL_strstr( query, "op=delete" ) ) {
+        tokendbDebug( "authorization\n" );
+
+        if( !tus_authorize( TOKENDB_ADMINISTRATORS_IDENTIFIER, userid ) ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                         "var error = \"Error: ",
+                         "Authorization Failure", "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "Failed to authorize request" );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        getCN( filter, query );
+
+        PR_snprintf((char *)msg, 256,
+            "'%s' has deleted token", userid);
+        RA::tdb_activity(rq->connection->remote_ip, filter, "delete", "token", msg, "");
+
+        status = delete_tus_db_entry( userid, filter );
+
+        if( status != LDAP_SUCCESS ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                         "var error = \"LDAP delete error: ",
+                         ldap_err2string( status ),
+                         "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "LDAP error: %s",
+                          ldap_err2string( status ) );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n",
+                     "var tid = \"", filter, "\";\n", JS_STOP );
+
+        buf = getData( deleteResultTemplate, injection );
+    } else if( PL_strstr( query, "op=load" ) ) {
+        tokendbDebug( "authorization\n" );
+
+        if( !tus_authorize( TOKENDB_AGENTS_IDENTIFIER, userid ) ) {
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                         "%s%s%s%s%s", JS_START,
+                         "var error = \"Error: ",
+                         "Authorization Failure", "\";\n", JS_STOP );
+
+            buf = getData( errorTemplate, injection );
+
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "Failed to authorize request" );
+
+            ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            if( uri != NULL ) {
+                PR_Free( uri );
+                uri = NULL;
+            }
+
+            if( query != NULL ) {
+                PR_Free( query );
+                query = NULL;
+            }
+
+            return DECLINED;
+        }
+
+        getTemplateName( template1, query );
+
+        buf = getData( template1, injection );
+    }
+
+    if( buf != NULL ) {
+        len = PL_strlen( buf );
+
+        ( void ) ap_rwrite( ( const void * ) buf, len, rq );
+
+        if( buf != NULL ) {
+            PR_Free( buf );
+            buf = NULL;
+        }
+    }
+
+    if( uri != NULL ) {
+        PR_Free( uri );
+        uri = NULL;
+    }
+
+    if( query != NULL ) {
+        PR_Free( query );
+        query = NULL;
+    }
+
+    return OK;
+}
+
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Command Phase
+**  _________________________________________________________________
+*/
+
+static const char *mod_tokendb_get_config_path_file( cmd_parms *cmd,
+                                                     void *mconfig,
+                                                     const char *tokendbconf )
+{
+    if( cmd->path ) {
+        ap_log_error( APLOG_MARK, APLOG_ERR, 0, NULL,
+                      "The %s config param cannot be specified "
+                      "in a Directory section.",
+                      cmd->directive->directive );
+    } else {
+        mod_tokendb_server_configuration *sc = NULL;
+
+        /* Retrieve the Tokendb module. */
+        sc = ( ( mod_tokendb_server_configuration * )
+               ap_get_module_config( cmd->server->module_config,
+                                     &MOD_TOKENDB_CONFIG_KEY ) );
+
+        /* Initialize the "Tokendb Configuration File" */
+        /* member of mod_tokendb_server_configuration. */
+        sc->Tokendb_Configuration_File = apr_pstrdup( cmd->pool, tokendbconf );
+    }
+
+    return NULL;
+}
+
+
+static const command_rec mod_tokendb_config_cmds[] = {
+    AP_INIT_TAKE1( MOD_TOKENDB_CONFIGURATION_FILE_PARAMETER,
+                   ( const char*(*)() ) mod_tokendb_get_config_path_file,
+                   NULL,
+                   RSRC_CONF,
+                   MOD_TOKENDB_CONFIGURATION_FILE_USAGE ),
+   { NULL }
+};
+
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Server Configuration Creation Phase
+**  _________________________________________________________________
+*/
+
+/**
+ * Create Tokendb module server configuration
+ */
+static void *
+mod_tokendb_config_server_create( apr_pool_t *p, server_rec *sv )
+{
+    /* Initialize all APR library routines. */
+    apr_initialize();
+
+    /* Create a memory pool for this server. */
+    mod_tokendb_server_configuration *sc = ( mod_tokendb_server_configuration * )
+                                           apr_pcalloc( p,
+                                                        ( apr_size_t )
+                                                        sizeof( *sc ) );
+    
+    /* Initialize all members of mod_tokendb_server_configuration. */
+    sc->Tokendb_Configuration_File = NULL;
+    sc->enabled = MOD_TOKENDB_FALSE;
+
+    return sc;
+}
+
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Registration Phase
+**  _________________________________________________________________
+*/
+                                                                                
+static void
+mod_tokendb_register_hooks( apr_pool_t *p )
+{
+    static const char *const mod_tokendb_preloaded_modules[]  = { "mod_nss.c",
+                                                                  "mod_tps.cpp",
+                                                                  NULL };
+    static const char *const mod_tokendb_postloaded_modules[] = { NULL };
+                                                                                
+    ap_hook_post_config( mod_tokendb_initialize,
+                         mod_tokendb_preloaded_modules,
+                         mod_tokendb_postloaded_modules,
+                         APR_HOOK_MIDDLE );
+
+    ap_hook_handler( mod_tokendb_handler,
+                     mod_tokendb_preloaded_modules,
+                     mod_tokendb_postloaded_modules,
+                     APR_HOOK_MIDDLE );
+}
+
+
+module TOKENDB_PUBLIC MOD_TOKENDB_CONFIG_KEY = {
+    STANDARD20_MODULE_STUFF,
+    NULL,                             /* create per-dir    config structures */
+    NULL,                             /* merge  per-dir    config structures */
+    mod_tokendb_config_server_create, /* create per-server config structures */
+    NULL,                             /* merge  per-server config structures */
+    mod_tokendb_config_cmds,          /* table of configuration directives   */
+    mod_tokendb_register_hooks        /* register hooks */
+};
+
+
+
+#ifdef __cplusplus
+}
+#endif
+
diff --git a/pki/base/tps/src/modules/tps/AP_Context.cpp b/pki/base/tps/src/modules/tps/AP_Context.cpp
new file mode 100644
index 000000000..cde314254
--- /dev/null
+++ b/pki/base/tps/src/modules/tps/AP_Context.cpp
@@ -0,0 +1,83 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "httpd/httpd.h"
+#include "httpd/http_log.h"
+#include "nspr.h"
+
+#include "modules/tps/AP_Context.h"
+
+#define MAX_LOG_MSG_SIZE               4096
+
+
+AP_Context::AP_Context( server_rec *sv )
+{
+    m_sv = sv;
+}
+
+
+AP_Context::~AP_Context()
+{
+    /* no clean up */
+}
+
+
+void AP_Context::LogError( const char *func, int line, const char *fmt, ... )
+{
+    char buf[MAX_LOG_MSG_SIZE];
+
+    va_list argp; 
+    va_start( argp, fmt );
+    PR_vsnprintf( buf, MAX_LOG_MSG_SIZE, fmt, argp );
+    va_end( argp );
+
+    ap_log_error( func, line, APLOG_ERR, 0, m_sv, buf );
+}
+
+
+void AP_Context::LogInfo( const char *func, int line, const char *fmt, ... )
+{
+    char buf[MAX_LOG_MSG_SIZE];
+
+    va_list argp; 
+    va_start( argp, fmt );
+    PR_vsnprintf( buf, MAX_LOG_MSG_SIZE, fmt, argp );
+    va_end( argp );
+
+    ap_log_error( func, line, APLOG_INFO, 0, m_sv, buf );
+}
+
+
+void AP_Context::InitializationError( const char *func, int line )
+{
+    ap_log_error( func, line, APLOG_INFO, 0, m_sv,
+                  "The nss module must be initialized "
+                  "prior to calling the tps module." );
+}
+
+#ifdef __cplusplus
+}
+#endif
+
diff --git a/pki/base/tps/src/modules/tps/AP_Session.cpp b/pki/base/tps/src/modules/tps/AP_Session.cpp
new file mode 100644
index 000000000..ff33330b9
--- /dev/null
+++ b/pki/base/tps/src/modules/tps/AP_Session.cpp
@@ -0,0 +1,1146 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include "nspr.h"
+#include "httpd/httpd.h"
+#include "httpd/http_protocol.h"
+
+#include "engine/RA.h"
+#include "main/Util.h"
+#include "main/RA_Msg.h"
+#include "main/RA_pblock.h"
+#include "main/RA_Session.h"
+#include "msg/RA_Begin_Op_Msg.h"
+#include "msg/RA_Login_Response_Msg.h"
+#include "msg/RA_Extended_Login_Response_Msg.h"
+#include "msg/RA_SecureId_Response_Msg.h"
+#include "msg/RA_ASQ_Response_Msg.h"
+#include "msg/RA_New_Pin_Response_Msg.h"
+#include "msg/RA_Token_PDU_Response_Msg.h"
+#include "msg/RA_Login_Request_Msg.h"
+#include "msg/RA_Extended_Login_Request_Msg.h"
+#include "msg/RA_SecureId_Request_Msg.h"
+#include "msg/RA_ASQ_Request_Msg.h"
+#include "msg/RA_New_Pin_Request_Msg.h"
+#include "msg/RA_Token_PDU_Request_Msg.h"
+#include "msg/RA_End_Op_Msg.h"
+#include "msg/RA_Status_Update_Request_Msg.h"
+#include "msg/RA_Status_Update_Response_Msg.h"
+#include "modules/tps/AP_Session.h"
+#include "main/Memory.h"
+
+/**
+ * http parameters used in the protocol 
+ */
+#define PARAM_MSG_TYPE                "msg_type"
+#define PARAM_OPERATION               "operation"
+#define PARAM_INVALID_PW              "invalid_pw"
+#define PARAM_BLOCKED                 "blocked"
+#define PARAM_SCREEN_NAME             "screen_name"
+#define PARAM_PASSWORD                "password"
+#define PARAM_PIN_REQUIRED            "pin_required"
+#define PARAM_NEXT_VALUE              "next_value"
+#define PARAM_VALUE                   "value"
+#define PARAM_PIN                     "pin"
+#define PARAM_QUESTION                "question"
+#define PARAM_ANSWER                  "answer"
+#define PARAM_MINIMUM_LENGTH          "minimum_length"
+#define PARAM_MAXIMUM_LENGTH          "maximum_length"
+#define PARAM_NEW_PIN                 "new_pin"
+#define PARAM_PDU_SIZE                "pdu_size"
+#define PARAM_PDU_DATA                "pdu_data"
+#define PARAM_RESULT                  "result"
+#define PARAM_MESSAGE                 "message"
+#define PARAM_STATUS                  "current_state"
+#define PARAM_INFO                    "next_task_name"
+#define PARAM_EXTENSIONS              "extensions"
+
+#define MAX_RA_MSG_SIZE               4096
+#define MAX_LOG_MSG_SIZE              4096
+
+// maximum number of digits for message length
+#define MAX_LEN_DIGITS                4
+
+
+static int contains_sensitive_keywords(char *msg)
+{
+    if (strstr(msg, "password" ) != NULL ) {
+      return 1;
+    }
+    if (strstr(msg, "PASSWORD" ) != NULL ) {
+      return 1;
+    }
+    if (strstr(msg, "new_pin" ) != NULL ) {
+      return 1;
+    }
+    return 0;
+}
+
+
+/**
+ * AP_Session represents an active connection between the
+ * Registration authority and the token client.
+ *
+ * Note that AP_Session encapsulates all the glue logic 
+ * between Apache and the RA. If we need to go to anther platform 
+ * (i.e. NPE, NES, or other web servers) later, we just need 
+ * to implement a new Session implementation.
+ */
+AP_Session::AP_Session( request_rec *rq )
+{
+    m_rq = rq;
+    /* REQUEST_CHUNKED_DECHUNK  If chunked, remove the chunks for me */
+    ap_setup_client_block( rq, REQUEST_CHUNKED_DECHUNK);
+}
+
+
+AP_Session::~AP_Session()
+{
+    /* no clean up */
+}
+
+
+char *AP_Session::GetRemoteIP()
+{
+    return ( m_rq->connection->remote_ip );
+}
+
+
+/**
+ * reads from network "s=xx" where xx is the length of the message
+ * that follows.  The length is returned as int.
+ * @return length in int
+ */
+static int GetMsgLen( request_rec *rq )
+{
+    int len=0;
+    char msg_len[MAX_LEN_DIGITS]; // msg_len can't take more than 4 digits
+    char *p_msg_len = msg_len;
+    int sum = 0;
+
+    /* read msg size */
+    len = ( int ) ap_get_client_block( rq, p_msg_len,
+                                       ( apr_size_t ) 1 ); /* s */
+    if( len != 1 ) {
+        RA::Error( "AP_Session::GetMsgLen",
+                   "ap_get_client_block returned error: %d", len );
+
+        return 0;
+    }
+
+    len = ( int ) ap_get_client_block( rq, p_msg_len,
+                                       ( apr_size_t ) 1 ); /* = */
+
+    if( len != 1 ) {
+        RA::Error( "AP_Session::GetMsgLen",
+                   "ap_get_client_block returned error: %d", len );
+
+        return 0;
+    }
+
+    while( 1 ) {
+        if( sum > ( MAX_LEN_DIGITS -1 ) ) {
+            /* the length is too large */
+            RA::Error( "AP_Session::ReadMsg", "Message Size is too large." );
+            return -1;
+        }
+
+        len = ( int ) ap_get_client_block( rq, p_msg_len, ( apr_size_t ) 1 );
+
+        if( len != 1 ) {
+            break;   
+        }
+
+        if( len != 0 ) {
+            if( *p_msg_len == '&' ) {
+                break;
+            }
+
+            p_msg_len++;
+            sum++;
+        }
+    }
+
+    *p_msg_len = '\0';
+
+    return atoi( msg_len );
+}
+
+static int GetMsg( request_rec *rq, char *buf, int size )
+{
+    int len;
+    int sum = 0;
+    char *p_msg = buf;
+
+    while( 1 ) {
+        len = ( int ) ap_get_client_block( rq, p_msg, ( apr_size_t ) 1 );
+        if( len != 1 ) {
+            return -1;
+        }
+        p_msg += len;
+        sum += len;
+        buf[sum] = '\0';
+        if( sum == size ) {
+            break;
+        }
+    }
+
+    buf[sum] = '\0';
+
+    return sum;
+}
+
+char *stripEmptyArgs( char *data )
+{
+    char *n_data = ( char * ) PR_Malloc( strlen( data ) + 2 );
+    n_data[0] = '\0';
+    int nv_count = 0;
+
+    if( data != NULL && strlen( data ) > 0 ) {
+        char *lasts = NULL;
+        char *tok = PL_strtok_r( data, " ", &lasts ); 
+
+        while( tok != NULL ) {
+            if( tok[strlen( tok )-1] != '=' ) {
+                n_data = strcat( n_data, tok );
+                n_data = strcat( n_data, " " );
+                nv_count++;
+            }
+
+            tok = PL_strtok_r( NULL, " ", &lasts ); 
+        }
+        int len = strlen( n_data );
+        n_data[len-1] = '\0';
+    }
+
+    if( ( nv_count > MAX_NVS ) || ( n_data[0] == '\0' ) ) {
+        PR_Free( n_data );
+        n_data = NULL;
+    }
+
+    return n_data;
+}
+
+
+int pblock_str2pblock( char *n_data, apr_array_header_t *tm_pblock )
+{
+    int element = 0;
+
+    if( n_data != NULL && strlen( n_data ) > 0 ) {
+        char *lasts = NULL;
+        char *tok = PL_strtok_r( n_data, " ", &lasts ); 
+
+        /* store each name/value pair in the string into the pblock array */
+        while( tok != NULL ) {
+            char name[4096];
+            char value[4096];
+
+            for( int i = 0; i < ( int ) strlen( tok ); i++ ) {
+                if( tok[i] != '=' ) {
+                    /* extract and add to the name portion */
+                    name[i] = tok[i];
+                } else {
+                    /* null terminate the name portion */
+                    name[i] = '\0';
+                    /* extract the entire value portion */
+                    strcpy( value, &tok[i+1] );
+                    break;
+                }
+            }
+
+            /* store the name/value pair as an entry in the pblock array */
+            ( ( apr_table_entry_t * ) tm_pblock->elts )[element].key =
+              PL_strdup(name);
+            ( ( apr_table_entry_t * ) tm_pblock->elts )[element].val =
+              PL_strdup(value);
+
+            /* increment the entry to the pblock array */
+            element++;
+
+            /* get the next name/value pair from the string */
+            tok = PL_strtok_r( NULL, " ", &lasts ); 
+        }
+    }
+
+    return element;
+}
+
+
+/**
+ * Parses the data and creates an RA_pblock to store name/value pairs
+ * @param data null-terminated string containing a string with format:
+ *        n1=v1&n2=v2&n3=v3&...
+ * @return
+ *        pointer to RA_pblock if success
+ *        NULL if failure;
+ */
+RA_pblock *AP_Session::create_pblock( char *data )
+{
+    if( ( data == NULL ) || ( data[0] == '\0' ) ) {
+        RA::Error( "AP_Session::create_pblock",
+                   "data is NULL" );
+        return NULL;
+    }
+
+    if(contains_sensitive_keywords(data)) {
+      RA::Debug( LL_PER_PDU,
+               "AP_Session::create_pblock",
+               "Data '(sensitive)'");
+    } else {
+      RA::Debug( LL_PER_PDU,
+               "AP_Session::create_pblock",
+               "Data '%s'", data);
+    }
+
+    //
+    // The data contains a set of name value pairs separated by an '&'
+    // (i. e. - n1=v1&n2=v2...).  Replace each '&' with a ' '.
+    //
+    // Note that since the values are expected to have been url-encoded,
+    // they must be url-decoded within the subclass method.
+    //
+    int i, j;
+    int len = strlen( data );
+
+    for( i = 0; i < len; i++ ) {
+        // need to check if data[i] is a valid url-encoded char...later
+        if( data[i] == '&' ) {
+            data[i] = ' ';
+        }
+    }
+
+    apr_array_header_t *tm_pblock = apr_array_make( m_rq->pool,
+                                                    MAX_NVS,
+                                                    sizeof( apr_table_entry_t )
+                                                  );
+
+    if( tm_pblock == NULL ) {
+        RA::Error( "AP_Session::create_pblock",
+                   "apr_array_make returns NULL" );
+        return NULL;
+    }
+
+    //
+    // The data is in the format of "name=v1 name=v2 name=v3".  If the data
+    // has content like "name=v1 name= name=v3", the pblock_str2pblock will
+    // return (-1).  This is because pblock_str2pblock does not know how to
+    // handle the case of an empty value.  Therefore, before we invoke
+    // pblock_str2pblock, we make sure to remove any input data which
+    // contains an empty value.
+    //
+    char *n_data = stripEmptyArgs( data );
+    if( n_data == NULL ) {
+        RA::Error( "AP_Session::create_pblock",
+                   "stripEmptyArgs was either empty or "
+                   "contained more than %d name/value pairs!",
+                   MAX_NVS );
+        return NULL;
+    }
+
+    int tm_nargs = pblock_str2pblock( n_data, tm_pblock );
+    apr_table_entry_t *pe = NULL;
+
+    RA::Debug( LL_PER_PDU,
+               "AP_Session::create_pblock",
+               "Found Arguments=%d, nalloc=%d",
+               tm_nargs,
+               tm_pblock->nalloc );
+
+    // url decode all values and place into Buffer_nv's
+    Buffer_nv *tm_nvs[MAX_NVS];
+
+    for( i = 0, j = 0; i < tm_nargs; i++, j++ ) {
+        tm_nvs[j] = NULL;
+
+        pe = ( apr_table_entry_t * ) tm_pblock->elts;
+
+        if( pe == NULL ) {
+            continue;
+        }
+
+        if( ( pe[i].key == NULL ) ||
+            ( ( PR_CompareStrings( pe[i].key, "" ) == 1 ) ) ||
+            ( pe[i].val == NULL ) ||
+            ( ( PR_CompareStrings( pe[i].val, "" ) == 1 ) ) ) {
+            RA::Debug( LL_ALL_DATA_IN_PDU,
+                       "AP_Session::create_pblock",
+                       "name/value pair contains NULL...skip" );
+            continue;
+        }
+
+        if(contains_sensitive_keywords(pe[i].key)) {
+            RA::Debug( LL_PER_PDU,
+                       "AP_Session::create_pblock",
+                       "entry name=%s, value=<...do not print...>",
+                       pe[i].key );
+        } else {
+            RA::Debug( LL_PER_PDU,
+                       "AP_Session::create_pblock",
+                       "entry name=%s, value=%s",
+                       pe[i].key,
+                       pe[i].val );
+        }
+
+        Buffer *decoded = NULL;
+
+        decoded = Util::URLDecode( pe[i].val );
+
+        tm_nvs[j] = ( struct Buffer_nv * )
+                    PR_Malloc( sizeof( struct Buffer_nv ) );
+
+        if( tm_nvs[j] != NULL ) {
+            tm_nvs[j]->name = PL_strdup( pe[i].key );
+            tm_nvs[j]->value_s =  PL_strdup( pe[i].val );
+            tm_nvs[j]->value = decoded;
+        } else {
+            RA::Debug( LL_PER_PDU,
+                       "AP_Session::create_pblock",
+                       "tm_nvs[%d] is NULL",
+                       j );
+        }
+    } // for
+
+    RA_pblock *ra_pb = new RA_pblock( tm_nargs, tm_nvs );
+
+    if( n_data != NULL ) {
+        PR_Free( n_data );
+        n_data = NULL;
+    }
+
+    if( ra_pb == NULL ) {
+        RA::Error( "AP_Session::create_pblock",
+                   "RA_pblock is NULL" );
+        return NULL;
+    }
+
+    return ra_pb;
+}
+
+RA_Msg *AP_Session::ReadMsg()
+{
+    int len;
+    int msg_len = 0;
+    char msg[MAX_RA_MSG_SIZE];
+    char *msg_type = NULL;
+    int i_msg_type;
+    Buffer *msg_type_b = NULL;
+
+    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+               "========== ReadMsg Begins =======" );
+
+    msg_len = GetMsgLen( m_rq );
+
+    if( ( msg_len <= 0 ) || ( msg_len > MAX_RA_MSG_SIZE ) ) {
+        RA::Error( "AP_Session::ReadMsg",
+                   "Message Size not in range. size =%d. Operation may have been cancelled.", msg_len );
+        return NULL;
+    }
+
+    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", "msg_len=%d", msg_len );
+
+    len = GetMsg( m_rq, msg, msg_len );
+
+    if( len != msg_len ) {
+        RA::Error( "AP_Session::ReadMsg", 
+                   "Message Size Mismatch. Expected '%d' Received '%d'", 
+                   msg_len, len );
+        return NULL;
+    }
+
+    if(!contains_sensitive_keywords(msg)) {
+        RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                   "Received len='%d' msg='%s'", len, msg );
+    } else {
+        RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                   "Received len='%d' msg='<Password or new pin>'", len );
+    }
+
+    RA_Msg *ret_msg = NULL;
+
+    // format into array of name/value pair with value Buffer's
+    RA_pblock *ra_pb = ( RA_pblock * ) create_pblock( msg );
+
+    if( ra_pb == NULL ) {
+        goto loser;
+    }
+
+    // msg_type_b will be freed by destructor of RA_pblock
+    msg_type_b =  ra_pb->find_val( PARAM_MSG_TYPE );
+    if( msg_type_b == NULL ) {
+        goto loser;
+    }
+
+    // msg_type should be freed when done using
+    msg_type = msg_type_b->string();
+
+    if( msg_type == NULL ) {
+        RA::Error( "AP_Session::ReadMsg",
+                   "Parameter Not Found %s", PARAM_MSG_TYPE );
+        goto loser;
+    }
+
+    i_msg_type = atoi( msg_type );
+
+    switch( i_msg_type )
+    {
+        case MSG_BEGIN_OP: /* BEGIN_OP */
+        {
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "Found %s=%s (%s)", PARAM_MSG_TYPE,
+                       "BEGIN_OP", msg_type );
+
+            Buffer *opB = ra_pb->find_val( PARAM_OPERATION );
+
+            if( opB == NULL ) {
+                goto loser;
+            }
+
+            RA::DebugBuffer( "AP_Session::ReadMsg", "content=", opB );
+
+            char *op_c = opB->string();
+
+            if( op_c == NULL ) {
+                goto loser;
+            }
+
+            int i_op = atoi( op_c );
+
+            if( op_c != NULL ) {
+                PR_Free( op_c );
+                op_c = NULL;
+            }
+
+            NameValueSet *exts = NULL;
+
+            Buffer *opE = ra_pb->find_val( PARAM_EXTENSIONS ); // optional
+
+            if( opE != NULL ) {
+                char *op_e = opE->string();
+                if( op_e == NULL ) {
+                    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                               "No extensions" );
+                } else {
+                    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", 
+                               "Extensions %s", op_e );
+                    exts = NameValueSet::Parse( op_e, "&" );
+                    if( op_e != NULL ) {
+                        PR_Free( op_e );
+                        op_e = NULL;
+                    }
+                }
+            }
+
+            switch( i_op )
+            {
+                case OP_ENROLL:
+                {
+                    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", 
+                               "begin_op_msg msg_type=ENROLL" );
+                    ret_msg = new RA_Begin_Op_Msg( OP_ENROLL, exts );
+                    break;
+                }
+                case OP_UNBLOCK:
+                {
+                    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", 
+                               "begin_op_msg msg_type=UNBLOCK" );
+                    ret_msg = new RA_Begin_Op_Msg( OP_UNBLOCK, exts );
+                    break;
+                }
+                case OP_RESET_PIN:
+                {
+                    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", 
+                               "begin_op_msg msg_type=RESET_PIN" );
+                    ret_msg = new RA_Begin_Op_Msg( OP_RESET_PIN, exts );
+                    break;
+                }
+                case OP_RENEW:
+                {
+                    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", 
+                               "begin_op_msg msg_type=RENEW" );
+                    ret_msg = new RA_Begin_Op_Msg( OP_RENEW, exts );
+                    break;
+                }
+                case OP_FORMAT:
+                {
+                    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", 
+                               "begin_op_msg msg_type=FORMAT" );
+                    ret_msg = new RA_Begin_Op_Msg( OP_FORMAT, exts );
+                    break;
+                }
+                default:
+                {
+                    break;
+                    /* error */
+                }
+            } // switch( i_op )
+
+            break;
+        }
+        case MSG_EXTENDED_LOGIN_RESPONSE: /* LOGIN_RESPONSE */
+        {
+            char *name = NULL;
+            Buffer* value = NULL;
+            AuthParams *params = new AuthParams();
+            int i;
+
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "Found %s=%s (%s)", PARAM_MSG_TYPE,
+                       "EXTENDED_LOGIN_RESPONSE", msg_type );
+
+            i = ra_pb->get_num_of_names();
+
+            for( i = 0; i < ra_pb->get_num_of_names(); i++ ) {
+                name = ra_pb->get_name( i );
+                if( name != NULL ) {
+                    value = ra_pb->find_val( ( const char * ) name );
+                    if( value != NULL ) {
+                        params->Add( name, value->string() );
+                    }
+                }
+            }
+
+            ret_msg = new RA_Extended_Login_Response_Msg( params );
+
+            break;
+        }
+        case MSG_LOGIN_RESPONSE: /* LOGIN_RESPONSE */
+        {
+            char *uid = NULL, *password = NULL;
+            Buffer *uid_b, *pwd_b = NULL;
+
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "Found %s=%s (%s)", PARAM_MSG_TYPE,
+                       "LOGIN_RESPONSE", msg_type );
+
+            uid_b = ra_pb->find_val( PARAM_SCREEN_NAME );
+
+            if( uid_b == NULL ) {
+                goto aloser;
+            }
+
+            uid = uid_b->string();
+
+            if( uid == NULL ) {
+                goto aloser;
+            }
+
+            pwd_b = ra_pb->find_val( PARAM_PASSWORD );
+
+            if( pwd_b == NULL ) {
+                goto aloser;
+            }
+
+            password = pwd_b->string();
+
+            if( password == NULL ) {
+                goto aloser;
+            }
+
+            ret_msg = new RA_Login_Response_Msg( uid, password );
+
+        aloser:
+            if( uid != NULL ) {
+                PR_Free( uid );
+                uid = NULL;
+            }
+
+            if( password != NULL ) {
+                PR_Free( password );
+                password = NULL;
+            }
+
+            goto loser;
+        
+            break;
+        }
+        case MSG_STATUS_UPDATE_RESPONSE: /* SECUREID_RESPONSE */
+        {
+            char *value = NULL;
+            Buffer *value_b;
+
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "Found %s=%s (%s)", PARAM_MSG_TYPE,
+                       "STATUS_UPDATE_RESPONSE", msg_type );
+
+            value_b = ra_pb->find_val( PARAM_STATUS );
+
+            if( value_b == NULL ) {
+                goto zloser;
+            }
+
+            value = value_b->string();
+
+            if( value == NULL ) {
+                goto zloser;
+            }
+
+            ret_msg = new RA_Status_Update_Response_Msg( atoi( value ) );
+
+        zloser:
+            if( value != NULL ) {
+                PR_Free( value );
+                value = NULL;
+            }
+
+            goto loser;
+
+            break;
+        }
+        case MSG_SECUREID_RESPONSE: /* SECUREID_RESPONSE */
+        {
+            char *value = NULL, *pin = NULL;
+            Buffer *value_b = NULL, *pin_b = NULL;
+
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "Found %s=%s (%s)", PARAM_MSG_TYPE,
+                       "SECUREID_RESPONSE", msg_type );
+
+            value_b = ra_pb->find_val( PARAM_VALUE );
+
+            if( value_b == NULL ) {
+                goto bloser;
+            }
+
+            value = value_b->string();
+
+            if( value == NULL ) {
+                goto bloser;
+            }
+
+            pin_b = ra_pb->find_val( PARAM_PIN );
+
+            if( pin_b == NULL ) {
+                goto bloser;
+            }
+
+            pin = pin_b->string();
+
+            if( pin == NULL ) {
+                pin_b->zeroize();
+                goto bloser;
+            }
+
+            ret_msg = new RA_SecureId_Response_Msg( value, pin );
+
+            if( pin != NULL ) {
+                // zeroize memory before releasing
+                unsigned int i = 0;
+                for( i = 0; i < strlen( pin ); i++ ) {
+                    pin[i] = '\0';
+                }
+                if( pin != NULL ) {
+                    PR_Free( pin );
+                    pin = NULL;
+                }
+            }
+
+            pin_b->zeroize();
+
+        bloser:
+            if( value != NULL ) {
+                PR_Free( value );
+                value = NULL;
+            }
+
+            if( pin != NULL ) {
+                PR_Free( pin );
+                pin = NULL;
+            }
+
+            goto loser;
+
+            break;
+        }
+        case MSG_ASQ_RESPONSE: /* ASQ_RESPONSE */
+        {
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "Found %s=%s (%s)", PARAM_MSG_TYPE,
+                       "ASQ_RESPONSE", msg_type );
+
+            Buffer *ans_b = ra_pb->find_val( PARAM_ANSWER );
+
+            if( ans_b == NULL ) {
+                goto loser;
+            }
+
+            char *answer = ans_b->string();
+
+            if( answer == NULL ) {
+                goto loser;
+            }
+
+            ret_msg = new RA_ASQ_Response_Msg( answer );
+
+            if( answer != NULL ) {
+                PR_Free( answer );
+                answer = NULL;
+            }
+
+            break;
+        }
+        case MSG_TOKEN_PDU_RESPONSE: /* TOKEN_PDU_RESPONSE */
+        {
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "Found %s=%s (%s)", PARAM_MSG_TYPE,
+                       "TOKEN_PDU_RESPONSE", msg_type );
+
+            unsigned int pdu_size =0;
+
+            Buffer *pdu_size_b = ra_pb->find_val( PARAM_PDU_SIZE );
+
+            if( pdu_size_b == NULL ) {
+                goto loser;
+            }
+
+            char *p = pdu_size_b->string();
+
+            pdu_size = atoi( p );
+
+            if( p != NULL ) {
+                PR_Free( p );
+                p = NULL;
+            }
+
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "Found %s=%d", PARAM_PDU_SIZE, pdu_size );
+
+            if( pdu_size > 261 ) {
+                RA::Error( LL_PER_PDU, "AP_Session::ReadMsg",
+                           "%s exceeds limit", PARAM_PDU_SIZE );
+                goto loser;
+            }
+
+            Buffer *decoded_pdu = ra_pb->find_val( PARAM_PDU_DATA );
+
+            if( decoded_pdu == NULL ) {
+                goto loser;
+            }
+
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "decoded_pdu size= %d", decoded_pdu->size() );
+
+            if( pdu_size != decoded_pdu->size() ) {
+                goto loser;
+            }
+
+            RA::DebugBuffer( "AP_Session::ReadMsg",
+                             "decoded pdu = ", decoded_pdu );
+
+            APDU_Response *response = new APDU_Response( *decoded_pdu );
+
+            ret_msg = new RA_Token_PDU_Response_Msg( response );
+
+            break;
+        }
+        case MSG_NEW_PIN_RESPONSE: /* NEW_PIN_RESPONSE */
+        {
+            char *new_pin = NULL;
+            Buffer *new_pin_b = NULL;
+
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "Found %s=%s (%s)", PARAM_MSG_TYPE,
+                       "NEW_PIN_RESPONSE", msg_type );
+
+            new_pin_b = ra_pb->find_val( PARAM_NEW_PIN );
+
+            if( new_pin_b == NULL ) {
+                goto loser;
+            }
+
+            new_pin = new_pin_b->string();
+
+            if( new_pin == NULL ) {
+                new_pin_b->zeroize();
+                goto loser;
+            }
+
+            ret_msg = new RA_New_Pin_Response_Msg( new_pin );
+
+            if( new_pin != NULL ) {
+                // zeroize memory before releasing
+                unsigned int i = 0;
+
+                for( i = 0; i< strlen( new_pin ); i++ ) {
+                    new_pin[i] = '\0';
+                }
+
+                if( new_pin != NULL ) {
+                    PR_Free( new_pin );
+                    new_pin = NULL;
+                }
+            }
+
+            new_pin_b->zeroize();
+
+            break;
+        }
+        default:
+        {
+            RA::Error( "AP_Session::ReadMsg", "Found %s=%s", 
+                       PARAM_MSG_TYPE, "UNDEFINED" );
+            /* error */
+            break;
+        }
+    } // switch( i_msg_type )
+
+loser:
+    if( msg_type != NULL ) {
+        PR_Free( msg_type );
+        msg_type = NULL;
+    }
+
+    if( ra_pb != NULL ) {
+        delete ra_pb;
+        ra_pb = NULL;
+    }
+
+    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+               "========= ReadMsg Ends =========" );
+
+    return ret_msg;
+}
+
+static void CreateChunk( char *msgbuf, char *buf, int buflen )
+{
+    int len;
+
+    len = strlen( msgbuf );
+    sprintf( buf, "s=%d&%s", len, msgbuf );
+}
+
+void AP_Session::WriteMsg( RA_Msg *msg )
+{
+    char msgbuf[MAX_RA_MSG_SIZE];
+    char buf[MAX_RA_MSG_SIZE];
+
+    switch( msg->GetType() )
+    {
+        case MSG_EXTENDED_LOGIN_REQUEST:
+        {
+            RA_Extended_Login_Request_Msg *login_request_msg = 
+            ( RA_Extended_Login_Request_Msg * ) msg;
+            int invalid_password = login_request_msg->IsInvalidPassword();
+            int is_blocked = login_request_msg->IsBlocked();
+
+            sprintf( msgbuf, "%s=%d&%s=%d&%s=%d&%s=%s&%s=%s", 
+                     PARAM_MSG_TYPE, MSG_EXTENDED_LOGIN_REQUEST,
+                     "invalid_login", invalid_password,
+                     PARAM_BLOCKED, is_blocked,
+                     "title", Util::URLEncode( login_request_msg->GetTitle() ),
+                     "description", 
+                     Util::URLEncode( login_request_msg->GetDescription() ) );
+
+            for( int i = 0; i < login_request_msg->GetLen(); i++ ) {
+                char *p = login_request_msg->GetParam( i );
+                sprintf( msgbuf, "%s&required_parameter%d=%s", 
+                         msgbuf, i, Util::URLEncode1( p ) );
+            }
+
+            CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE );
+
+            RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf );
+
+            ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq );
+            break;
+        }
+        case MSG_LOGIN_REQUEST:
+        {
+            RA_Login_Request_Msg *login_request_msg = 
+            ( RA_Login_Request_Msg * ) msg;
+            int invalid_password = login_request_msg->IsInvalidPassword();
+            int is_blocked = login_request_msg->IsBlocked();
+
+            sprintf( msgbuf, "%s=%d&%s=%d&%s=%d", 
+                     PARAM_MSG_TYPE, MSG_LOGIN_REQUEST,
+                     PARAM_INVALID_PW, invalid_password,
+                     PARAM_BLOCKED, is_blocked );
+
+            CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE );
+
+            RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf );
+
+            ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq );
+
+            break;
+        }
+        case MSG_END_OP:
+        {
+            RA_End_Op_Msg *end_op = ( RA_End_Op_Msg * ) msg;
+            int result = end_op->GetResult();
+            int local_msg = end_op->GetMsg();
+            int op = end_op->GetOpType();
+
+            sprintf( msgbuf, "%s=%d&%s=%d&%s=%d&%s=%d", 
+                     PARAM_MSG_TYPE, MSG_END_OP,
+                     PARAM_OPERATION, op,
+                     PARAM_RESULT, result,
+                     PARAM_MESSAGE, local_msg );
+
+            CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE );
+
+            RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf );
+
+            ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq );
+
+            break;
+        }
+        case MSG_STATUS_UPDATE_REQUEST:
+        {
+            RA_Status_Update_Request_Msg *status_update_request_msg = 
+            ( RA_Status_Update_Request_Msg * ) msg;
+            int status = status_update_request_msg->GetStatus();
+            char *info = status_update_request_msg->GetInfo();
+
+            sprintf( msgbuf, "%s=%d&%s=%d&%s=%s", 
+                     PARAM_MSG_TYPE, MSG_STATUS_UPDATE_REQUEST,
+                     PARAM_STATUS, status,
+                     PARAM_INFO, info );
+
+            CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE );
+
+            RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf );
+
+            ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq );
+
+            break;
+        }
+        case MSG_SECUREID_REQUEST:
+        {
+            RA_SecureId_Request_Msg *secureid_request_msg = 
+            ( RA_SecureId_Request_Msg * ) msg;
+            int is_pin_required = secureid_request_msg->IsPinRequired();
+            int is_next_value = secureid_request_msg->IsNextValue();
+
+            sprintf( msgbuf, "%s=%d&%s=%d&%s=%d", 
+                     PARAM_MSG_TYPE, MSG_SECUREID_REQUEST,
+                     PARAM_PIN_REQUIRED, is_pin_required,
+                     PARAM_NEXT_VALUE, is_next_value );
+
+            CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE );
+
+            RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf );
+
+            ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq );
+
+            break;
+        }
+        case MSG_ASQ_REQUEST:
+        {
+            RA_ASQ_Request_Msg *asq_request_msg = ( RA_ASQ_Request_Msg * ) msg;
+            char *question = asq_request_msg->GetQuestion();
+
+            sprintf( msgbuf, "%s=%d&%s=%s", 
+                     PARAM_MSG_TYPE, MSG_ASQ_REQUEST,
+                     PARAM_QUESTION, question );
+
+            CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE );
+
+            RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf );
+
+            ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq );
+
+            break;
+        }
+        case MSG_NEW_PIN_REQUEST:
+        {
+            RA_New_Pin_Request_Msg *new_pin_request_msg = 
+            ( RA_New_Pin_Request_Msg * ) msg;
+            int min = new_pin_request_msg->GetMinLen();
+            int max = new_pin_request_msg->GetMaxLen();
+
+            sprintf( msgbuf, "%s=%d&%s=%d&%s=%d", 
+                     PARAM_MSG_TYPE, MSG_NEW_PIN_REQUEST,
+                     PARAM_MINIMUM_LENGTH, min,
+                     PARAM_MAXIMUM_LENGTH, max );
+
+            CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE );
+
+            RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf );
+
+            ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq );
+
+            break;
+        }
+        case MSG_TOKEN_PDU_REQUEST:
+        {
+            RA_Token_PDU_Request_Msg *token_pdu_request_msg = 
+            ( RA_Token_PDU_Request_Msg * ) msg;
+            APDU *apdu = token_pdu_request_msg->GetAPDU();
+            Buffer encoding;
+
+            apdu->GetEncoding( encoding );
+
+            int pdu_len = encoding.size();
+
+            RA::Debug( LL_PER_CONNECTION, "AP_Session::WriteMsg",
+                       "pdu_len='%d'", pdu_len );
+
+            Buffer pdu = encoding;
+            char *pdu_encoded = NULL;
+
+            if( RA::GetConfigStore()->GetConfigAsBool( "pdu_encoding.hex_mode",
+                                                       1 ) ) {
+                // pdu will be encoded in Hex mode which is easier to read
+                pdu_encoded = Util::URLEncodeInHex( pdu );
+            } else {
+                pdu_encoded = Util::URLEncode( pdu );
+            }
+
+            sprintf( msgbuf, "%s=%d&%s=%d&%s=%s", 
+                     PARAM_MSG_TYPE, MSG_TOKEN_PDU_REQUEST,
+                     PARAM_PDU_SIZE, pdu_len,
+                     PARAM_PDU_DATA, pdu_encoded );
+
+            CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE );
+
+            if( pdu_encoded != NULL ) {
+                PR_Free( pdu_encoded );
+                pdu_encoded = NULL;
+            }
+
+            RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf );
+
+            ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq );
+
+            break;
+        }
+        default:
+        {
+            break;
+            /* error */
+        }
+    } // switch( msg->GetType() )
+
+    ap_rflush(m_rq);
+
+}
+
+#ifdef __cplusplus
+}
+#endif
+
diff --git a/pki/base/tps/src/modules/tps/mod_tps.cpp b/pki/base/tps/src/modules/tps/mod_tps.cpp
new file mode 100644
index 000000000..47e3194fb
--- /dev/null
+++ b/pki/base/tps/src/modules/tps/mod_tps.cpp
@@ -0,0 +1,584 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+
+
+/*  _________________________________________________________________
+**
+**  TPS Module Headers
+**  _________________________________________________________________
+*/
+
+#include <stdio.h>
+#include "nspr.h"
+
+#include "httpd/httpd.h"
+#include "httpd/http_config.h"
+#include "httpd/http_log.h"
+#include "httpd/http_protocol.h"
+#include "httpd/http_main.h"
+
+#include "apr_strings.h"
+
+#include "engine/RA.h"
+#include "main/Memory.h"
+#include "main/RA_Msg.h"
+#include "main/RA_Session.h"
+#include "modules/tps/AP_Context.h"
+#include "modules/tps/AP_Session.h"
+#include "msg/RA_Begin_Op_Msg.h"
+#include "msg/RA_End_Op_Msg.h"
+#include "processor/RA_Enroll_Processor.h"
+#include "processor/RA_Format_Processor.h"
+#include "processor/RA_Pin_Reset_Processor.h"
+#include "processor/RA_Renew_Processor.h"
+#include "processor/RA_Unblock_Processor.h"
+
+
+/*  _________________________________________________________________
+**
+**  TPS Module Request Data
+**  _________________________________________________________________
+*/
+
+/**
+ * Processors for different operations.
+ */
+static RA_Enroll_Processor m_enroll_processor;
+static RA_Unblock_Processor m_unblock_processor;
+static RA_Pin_Reset_Processor m_pin_reset_processor;
+static RA_Renew_Processor m_renew_processor;
+static RA_Format_Processor m_format_processor;
+
+
+/*  _________________________________________________________________
+**
+**  TPS Module Command Data
+**  _________________________________________________________________
+*/
+
+static const char MOD_TPS_CONFIGURATION_FILE_PARAMETER[] = "TPSConfigPathFile";
+
+static const char MOD_TPS_CONFIGURATION_FILE_USAGE[] =
+"TPS Configuration Filename prefixed by a complete path, or\n"
+"a path that is relative to the Apache server root.";
+
+
+
+/*  _________________________________________________________________
+**
+**  TPS Module Server Configuration Creation Data
+**  _________________________________________________________________
+*/
+
+typedef struct {
+    char *TPS_Configuration_File;
+    AP_Context *context;
+} mod_tps_server_configuration;
+
+
+
+/*  _________________________________________________________________
+**
+**  TPS Module Registration Data
+**  _________________________________________________________________
+*/
+
+#define MOD_TPS_CONFIG_KEY tps_module
+
+static const char MOD_TPS_CONFIG_KEY_NAME[] = "tps_module";
+
+extern module TPS_PUBLIC MOD_TPS_CONFIG_KEY;
+
+
+
+/*  _________________________________________________________________
+**
+**  TPS Module Helper Functions
+**  _________________________________________________________________
+*/
+
+/**
+ * Terminate Apache
+ */
+void tps_die( void )
+{
+    /*
+     * This is used for fatal errors and here
+     * it is common module practice to really
+     * exit from the complete program.
+     */
+    exit( 1 );
+}
+
+
+/**
+ * Creates an RA_Session from the RA framework.
+ *
+ * Centralize the allocation of the session object here so that
+ * we can provide our own session management here in the future.
+ */
+static RA_Session *
+mod_tps_create_session( request_rec *rq )
+{
+    return new AP_Session( rq );
+} /* mod_tps_create_session */
+
+
+/**
+ * Returns RA_Session to the RA framework.
+ */
+static void
+mod_tps_destroy_session( RA_Session *session )
+{
+    if( session != NULL ) {
+        delete session;
+        session = NULL;
+    }
+} /* mod_tps_destroy_session */
+
+
+
+/*  _________________________________________________________________
+**
+**  TPS Module Request Phase
+**  _________________________________________________________________
+*/
+
+/**
+ * Terminate the TPS module
+ */
+static apr_status_t
+mod_tps_terminate( void *data )
+{
+    /* This routine is ONLY called when this server's */
+    /* pool has been cleared or destroyed.            */
+
+    /* Log TPS module debug information. */
+    RA::Debug( "mod_tps::mod_tps_terminate",
+               "The TPS module has been terminated!" );
+
+    /* Free TPS resources. */
+    RA::Shutdown();
+
+    /* Since all members of mod_tps_server_configuration are allocated */
+    /* from a pool, there is no need to unset any of these members.    */
+
+#ifdef MEM_PROFILING
+    /* If memory profiling is enabled, turn off memory profiling. */
+    MEM_shutdown();
+#endif
+
+    /* Shutdown all APR library routines.                   */
+    /* NOTE:  This automatically destroys all memory pools. */
+    /*        Allow the NSS Module to perform this task.    */
+    /* apr_terminate(); */
+
+
+    /* Terminate the entire Apache server                */
+    /* NOTE:  Allow the NSS Module to perform this task. */
+    /* tps_die(); */ 
+
+    return OK;
+}
+
+
+/**
+ * Initialize the TPS module (Context)
+ */
+static int
+mod_tps_initialize( apr_pool_t *p,
+                    apr_pool_t *plog,
+                    apr_pool_t *ptemp,
+                    server_rec *sv )
+{
+    mod_tps_server_configuration *sc = NULL;
+    char *cfg_path_file = NULL;
+    int status;
+
+    /* Retrieve the TPS module. */
+    sc = ( ( mod_tps_server_configuration * )
+           ap_get_module_config( sv->module_config,
+                                 &MOD_TPS_CONFIG_KEY ) );
+
+    /* Check to see if the TPS module has been loaded. */
+    if( sc->context != NULL ) {
+        return OK;
+    }
+
+    /* Load the TPS module. */
+
+#ifdef MEM_PROFILING
+    /* If memory profiling is enabled, turn on memory profiling. */
+    MEM_init( MEM_AUDIT_FILE, MEM_DUMP_FILE );
+#endif
+
+    /* Retrieve the path to where the configuration files are located,    */
+    /* and insure that the TPS module configuration file is located here. */
+    if( sc->TPS_Configuration_File != NULL ) {
+        /* provide TPS Config File from <apache_server_root>/conf/httpd.conf */
+        if( sc->TPS_Configuration_File[0] == '/' ) {
+            /* Complete path to TPS Config File is denoted */
+            cfg_path_file = apr_psprintf( p,
+                                          "%s",
+                                          ( char * )
+                                          sc->TPS_Configuration_File );
+        } else {
+            /* TPS Config File is located relative to the Apache server root */
+            cfg_path_file = apr_psprintf( p,
+                                          "%s/%s",
+                                          ( char * ) ap_server_root,
+                                          ( char * )
+                                          sc->TPS_Configuration_File );
+        }
+   } else {
+        /* Log information regarding this failure. */
+        ap_log_error( "mod_tps_initialize",
+                      __LINE__, APLOG_ERR, 0, sv,
+                      "The tps module was installed incorrectly since the "
+                      "parameter named '%s' is missing from the Apache "
+                      "Configuration file!",
+                      ( char * ) MOD_TPS_CONFIGURATION_FILE_PARAMETER );
+
+        /* Display information on the screen regarding this failure. */
+        printf( "\nUnable to start Apache:\n"
+                "    The tps module is missing the required parameter named\n"
+                "    '%s' in the Apache Configuration file!\n",
+                ( char * ) MOD_TPS_CONFIGURATION_FILE_PARAMETER );
+
+        goto loser;
+   }
+
+    /* Initialize the "server" member of mod_tps_server_configuration. */
+    sc->context = new AP_Context( sv );
+
+    status = RA::Initialize( cfg_path_file, sc->context );
+    if( status != RA_INITIALIZATION_SUCCESS ) {
+        /* Log information regarding this failure. */
+        ap_log_error( "mod_tps_initialize",
+                      __LINE__, APLOG_ERR, 0, sv,
+                      "The tps module was installed incorrectly "
+                      "since the file named '%s' does not exist!",
+                      cfg_path_file );
+
+        /* Display information on the screen regarding this failure. */
+        printf( "\nUnable to start Apache:\n"
+                "    The tps module configuration file called\n"
+                "    '%s' does not exist!\n",
+                cfg_path_file );
+
+        /* Since all members of mod_tps_server_configuration are allocated */
+        /* from a pool, there is no need to unset any of these members.    */
+
+        goto loser;
+    }
+
+    /* Register a server termination routine. */
+    apr_pool_cleanup_register( p,
+                               sv,
+                               mod_tps_terminate,
+                               apr_pool_cleanup_null );
+
+    /* Log TPS module debug information. */
+    RA::Debug( "mod_tps::mod_tps_initialize",
+               "The TPS module has been successfully loaded!" );
+
+    return OK;
+
+loser:
+    /* Log TPS module debug information. */
+    RA::Debug( "mod_tps::mod_tps_initialize",
+               "Failed loading the TPS module!" );
+
+    if( sc->context != NULL ) {
+        /* Free TPS resources. */
+        RA::Shutdown();
+
+        /* Since all members of mod_tps_server_configuration are allocated */
+        /* from a pool, there is no need to unset any of these members.    */
+    }
+
+#ifdef MEM_PROFILING
+    /* If memory profiling is enabled, turn off memory profiling. */
+    MEM_shutdown();
+#endif
+
+    /* Shutdown all APR library routines.                   */
+    /* NOTE:  This automatically destroys all memory pools. */
+    apr_terminate();
+
+    /* Terminate the entire Apache server */
+    tps_die();
+
+    return DECLINED;
+}
+
+
+/**
+ * mod_tps_handler handles the protocol between the token client
+ * and the RA (Session)
+ */
+static int
+mod_tps_handler( request_rec *rq )
+{
+    char buf[1024];
+    int ret_code = DECLINED;
+    int status = DECLINED;
+    RA_Session *session = NULL;
+    RA_Begin_Op_Msg *begin_op_msg = NULL;
+    NameValueSet *extensions = NULL;
+    const char *tenc = apr_table_get(rq->headers_in, "Transfer-Encoding");
+
+    /* Log TPS module debug information. */
+    RA::Debug( "mod_tps::mod_tps_handler",
+               "mod_tps::mod_tps_handler" );
+
+    RA::Debug( "mod_tps::mod_tps_handler",
+               "uri '%s'", rq->uri);
+
+    /* XXX: We need to change "nk_service" to "tps", 
+            and need to update ESC. */
+    if (strcmp(rq->handler,"nk_service") != 0) {
+      RA::Debug( "mod_tps::mod_tps_handler",
+               "DECLINED uri '%s'", rq->uri);
+      return DECLINED;
+    }
+
+    RA::Debug( "mod_tps::mod_tps_handler",
+               "uri '%s' DONE", rq->uri);
+
+    /* 
+     * check to see if the http request contains 
+     * "transfer-encoding: chunked"
+     */  
+    /* XXX: rq->chunked not set to true even in the chunked mode */
+    if(!tenc || PL_strcasecmp(tenc, "chunked") != 0) {
+        /* print the following when browser accesses directly */
+        strcpy( buf, "<HTML>Registration Authority</HTML>" );
+
+        /* write out the data */
+        ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), rq );
+
+        ret_code = OK;
+
+        return ret_code;
+    } 
+
+    /* request contains chunked encoding */
+    session = mod_tps_create_session( rq );
+
+    /* read in the data present on the connection */
+    begin_op_msg = ( RA_Begin_Op_Msg * ) session->ReadMsg();
+    if( begin_op_msg == NULL ) {
+        /* Log TPS module error information. */
+        RA::Error( "mod_tps::mod_tps_handler",
+                   "no begin op found" );
+        goto loser;
+    }
+
+    /* retrieve the extensions */
+    extensions = begin_op_msg->GetExtensions();
+
+    /* perform the appropriate processing based upon the type of operation */
+    if( begin_op_msg->GetOpType() == OP_ENROLL ) {
+        status = m_enroll_processor.Process( session, extensions );
+    } else if( begin_op_msg->GetOpType() == OP_UNBLOCK ) {
+        status = m_unblock_processor.Process( session, extensions );
+    } else if( begin_op_msg->GetOpType() == OP_RESET_PIN ) {
+        status = m_pin_reset_processor.Process( session, extensions );
+    } else if( begin_op_msg->GetOpType() == OP_RENEW ) {
+        status = m_renew_processor.Process( session, extensions );
+    } else if( begin_op_msg->GetOpType() == OP_FORMAT ) {
+        status = m_format_processor.Process( session, extensions );
+    } else {
+        /* Log TPS module error information. */
+        RA::Error( "mod_tps::mod_tps_handler",
+                   "unknown operation requested (op='%d')", 
+                   begin_op_msg->GetOpType() );
+        goto loser;
+    } /* if */
+
+    ret_code = OK;
+
+loser:
+    /* determine the results of the operation and report it */
+    if( begin_op_msg != NULL ) {
+        int result;         
+
+        if( status  == 0 ) {
+            result = RESULT_GOOD;
+        } else {
+            result = RESULT_ERROR;
+        }
+
+        RA_End_Op_Msg *end_op = new RA_End_Op_Msg( begin_op_msg->GetOpType(), 
+                                                   result, 
+                                                   status );
+
+        session->WriteMsg( end_op );
+
+        if( end_op != NULL ) {
+            delete end_op;
+            end_op = NULL;
+        }
+    }
+
+    /* remove any operational messages */
+    if( begin_op_msg != NULL ) {
+        delete begin_op_msg;
+        begin_op_msg = NULL;
+    }
+
+    /* remove any sessions */
+    if( session != NULL ) {
+        mod_tps_destroy_session( session );
+        session = NULL;
+    }
+
+    return ret_code;
+} /* mod_tps_handler */
+
+
+
+/*  _________________________________________________________________
+**
+**  TPS Module Command Phase
+**  _________________________________________________________________
+*/
+
+static const char *mod_tps_get_config_path_file( cmd_parms *cmd,
+                                                 void *mconfig,
+                                                 const char *tpsconf )
+{
+    if( cmd->path ) {
+        ap_log_error( APLOG_MARK, APLOG_ERR, 0, NULL,
+                      "The %s config param cannot be specified "
+                      "in a Directory section.",
+                      cmd->directive->directive );
+    } else {
+        mod_tps_server_configuration *sc = NULL;
+
+        /* Retrieve the TPS module. */
+        sc = ( ( mod_tps_server_configuration * )
+               ap_get_module_config( cmd->server->module_config,
+                                     &MOD_TPS_CONFIG_KEY ) );
+
+        /* Initialize the "TPS Configuration File" */
+        /* member of mod_tps_server_configuration. */
+        sc->TPS_Configuration_File = apr_pstrdup( cmd->pool, tpsconf );
+    }
+
+    return NULL;
+}
+
+
+static const command_rec mod_tps_config_cmds[] = {
+    AP_INIT_TAKE1( MOD_TPS_CONFIGURATION_FILE_PARAMETER,
+                   ( const char*(*)() ) mod_tps_get_config_path_file,
+                   NULL,
+                   RSRC_CONF,
+                   MOD_TPS_CONFIGURATION_FILE_USAGE ),
+   { NULL }
+};
+
+
+
+/*  _________________________________________________________________
+**
+**  TPS Module Server Configuration Creation Phase
+**  _________________________________________________________________
+*/
+
+/**
+ * Create TPS module server configuration
+ */
+static void *
+mod_tps_config_server_create( apr_pool_t *p, server_rec *sv )
+{
+    /* Initialize all APR library routines. */
+    apr_initialize();
+
+    /* Create a memory pool for this server. */
+    mod_tps_server_configuration *sc = ( mod_tps_server_configuration * )
+                                       apr_pcalloc( p,
+                                                    ( apr_size_t )
+                                                    sizeof( *sc ) );
+    
+    /* Initialize all members of mod_tps_server_configuration. */
+    sc->TPS_Configuration_File = NULL;
+    sc->context = NULL;
+
+    return sc;
+}
+
+
+
+/*  _________________________________________________________________
+**
+**  TPS Module Registration Phase
+**  _________________________________________________________________
+*/
+                                                                                
+static void
+mod_tps_register_hooks( apr_pool_t *p )
+{
+    static const char *const mod_tps_preloaded_modules[]  = { "mod_nss.c",
+                                                              NULL };
+    static const char *const mod_tps_postloaded_modules[] = { NULL };
+
+    ap_hook_post_config( mod_tps_initialize,
+                         mod_tps_preloaded_modules,
+                         mod_tps_postloaded_modules,
+                         APR_HOOK_MIDDLE );
+
+    ap_hook_handler( mod_tps_handler,
+                     mod_tps_preloaded_modules,
+                     mod_tps_postloaded_modules,
+                     APR_HOOK_MIDDLE );
+}
+
+
+module TPS_PUBLIC MOD_TPS_CONFIG_KEY = {
+    STANDARD20_MODULE_STUFF,
+    NULL,                           /* create per-dir    config structures */
+    NULL,                           /* merge  per-dir    config structures */
+    mod_tps_config_server_create,   /* create per-server config structures */
+    NULL,                           /* merge  per-server config structures */
+    mod_tps_config_cmds,            /* table of configuration directives   */
+    mod_tps_register_hooks          /* register hooks */
+};
+
+
+
+#ifdef __cplusplus
+}
+#endif
+
diff --git a/pki/base/tps/src/msg/RA_ASQ_Request_Msg.cpp b/pki/base/tps/src/msg/RA_ASQ_Request_Msg.cpp
new file mode 100644
index 000000000..112c42152
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_ASQ_Request_Msg.cpp
@@ -0,0 +1,70 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "plstr.h"
+#include "main/Base.h"
+#include "msg/RA_ASQ_Request_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs A Security Question (ASQ) request message.
+ */
+TPS_PUBLIC RA_ASQ_Request_Msg::RA_ASQ_Request_Msg (char *question)
+{
+    if (question == NULL)
+        m_question = NULL; 
+    else 
+        m_question = PL_strdup(question);
+}
+
+
+/**
+ * Destructs a ASQ request message.
+ */
+TPS_PUBLIC RA_ASQ_Request_Msg::~RA_ASQ_Request_Msg ()
+{
+    if( m_question != NULL ) { 
+        PL_strfree( m_question );
+        m_question = NULL;
+    }
+}
+
+/**
+ * Retrieves the message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_ASQ_Request_Msg::GetType ()
+{
+    return MSG_ASQ_REQUEST;
+}
+
+/**
+ * Retrieves the security question for
+ * the end user. 
+ */
+TPS_PUBLIC char *RA_ASQ_Request_Msg::GetQuestion()
+{
+    return m_question;
+}
diff --git a/pki/base/tps/src/msg/RA_ASQ_Response_Msg.cpp b/pki/base/tps/src/msg/RA_ASQ_Response_Msg.cpp
new file mode 100644
index 000000000..5e480c1f1
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_ASQ_Response_Msg.cpp
@@ -0,0 +1,68 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "plstr.h"
+#include "msg/RA_ASQ_Response_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs A Security Question (ASQ) response.
+ */
+TPS_PUBLIC RA_ASQ_Response_Msg::RA_ASQ_Response_Msg (char *answer)
+{
+    if (answer == NULL)
+        m_answer = NULL;
+    else
+        m_answer = PL_strdup(answer);
+}
+
+/**
+ * Destructs a ASQ response.
+ */
+TPS_PUBLIC RA_ASQ_Response_Msg::~RA_ASQ_Response_Msg ()
+{
+    if( m_answer != NULL ) { 
+        PL_strfree( m_answer );
+        m_answer = NULL;
+    }
+}
+
+/**
+ * Retrieves message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_ASQ_Response_Msg::GetType ()
+{
+    return MSG_ASQ_RESPONSE;
+}
+
+/**
+ * Retrieves the answer to the security question
+ * from the end user.
+ */
+TPS_PUBLIC char *RA_ASQ_Response_Msg::GetAnswer()
+{
+    return m_answer;
+}
diff --git a/pki/base/tps/src/msg/RA_Begin_Op_Msg.cpp b/pki/base/tps/src/msg/RA_Begin_Op_Msg.cpp
new file mode 100644
index 000000000..44d568bd9
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_Begin_Op_Msg.cpp
@@ -0,0 +1,72 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "msg/RA_Begin_Op_Msg.h"
+#include "main/Memory.h"
+#include "main/NameValueSet.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a begin op message. Each operation
+ * transaction (i.e. enrollment, reset pin) 
+ * starts with a Begin Op message.
+ */
+TPS_PUBLIC RA_Begin_Op_Msg::RA_Begin_Op_Msg (RA_Op_Type op, NameValueSet *exts)
+{
+    m_op = op;
+    m_exts = exts;
+}
+
+/**
+ * Destructs a begin op message.
+ */
+TPS_PUBLIC RA_Begin_Op_Msg::~RA_Begin_Op_Msg ()
+{
+    if( m_exts != NULL ) {
+        delete m_exts;
+        m_exts = NULL;
+    }
+}
+
+/**
+ * Retrieves message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_Begin_Op_Msg::GetType ()
+{
+    return MSG_BEGIN_OP;
+}
+
+TPS_PUBLIC NameValueSet *RA_Begin_Op_Msg::GetExtensions()
+{
+    return m_exts;
+}
+
+/**
+ * Retrieves operation type.
+ */
+TPS_PUBLIC RA_Op_Type RA_Begin_Op_Msg::GetOpType()
+{
+    return m_op;
+}
diff --git a/pki/base/tps/src/msg/RA_End_Op_Msg.cpp b/pki/base/tps/src/msg/RA_End_Op_Msg.cpp
new file mode 100644
index 000000000..232122d49
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_End_Op_Msg.cpp
@@ -0,0 +1,73 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "msg/RA_End_Op_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a begin op message. Each operation
+ * transaction (i.e. enrollment, reset pin) 
+ * starts with a Begin Op message.
+ */
+TPS_PUBLIC RA_End_Op_Msg::RA_End_Op_Msg (RA_Op_Type op, int result, int msg)
+{
+    m_op = op;
+    m_result = result;
+    m_msg = msg;
+}
+
+/**
+ * Destructs a begin op message.
+ */
+TPS_PUBLIC RA_End_Op_Msg::~RA_End_Op_Msg ()
+{
+}
+
+/**
+ * Retrieves message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_End_Op_Msg::GetType ()
+{
+    return MSG_END_OP;
+}
+
+/**
+ * Retrieves operation type.
+ */
+TPS_PUBLIC RA_Op_Type RA_End_Op_Msg::GetOpType()
+{
+    return m_op;
+}
+
+TPS_PUBLIC int RA_End_Op_Msg::GetResult()
+{ 
+    return m_result;
+}
+
+TPS_PUBLIC int RA_End_Op_Msg::GetMsg()
+{
+    return m_msg;	 
+}
diff --git a/pki/base/tps/src/msg/RA_Extended_Login_Request_Msg.cpp b/pki/base/tps/src/msg/RA_Extended_Login_Request_Msg.cpp
new file mode 100644
index 000000000..9da2f6d8f
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_Extended_Login_Request_Msg.cpp
@@ -0,0 +1,114 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+                                                                                
+#include "plstr.h"
+#include "main/Base.h"
+#include "msg/RA_Extended_Login_Request_Msg.h"
+#include "engine/RA.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a login request message that requests
+ * user id and password from the end user.
+ */
+TPS_PUBLIC RA_Extended_Login_Request_Msg::RA_Extended_Login_Request_Msg (int invalid_pw, int blocked, char **parameters, int len, char *title, char *description)
+{
+    m_invalid_pw = invalid_pw;
+    m_blocked = blocked;
+    m_title = PL_strdup(title);
+    m_description = PL_strdup(description);
+    if (parameters != NULL) {
+      if (len > 0) {
+        m_parameters = (char **) PR_Malloc (len);
+        for (int i = 0; i < len; i++) {
+          m_parameters[i] = PL_strdup(parameters[i]);
+        }
+      } else {
+        m_parameters = NULL;
+      }
+    }
+    m_len = len;
+}
+
+/**
+ * Destructs a login request message.
+ */
+TPS_PUBLIC RA_Extended_Login_Request_Msg::~RA_Extended_Login_Request_Msg ()
+{
+    for (int i = 0; i < m_len; i++) {
+        PL_strfree(m_parameters[i]);
+    }
+    if (m_parameters != NULL) {
+        PR_Free(m_parameters);
+    }
+}
+
+TPS_PUBLIC int RA_Extended_Login_Request_Msg::GetLen ()
+{
+    return m_len;
+}
+
+TPS_PUBLIC char *RA_Extended_Login_Request_Msg::GetTitle()
+{
+    return m_title;
+}
+
+TPS_PUBLIC char *RA_Extended_Login_Request_Msg::GetDescription()
+{
+    return m_description;
+}
+
+TPS_PUBLIC char *RA_Extended_Login_Request_Msg::GetParam (int i)
+{
+    return m_parameters[i];
+}
+
+/**
+ * Retrieves message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_Extended_Login_Request_Msg::GetType ()
+{
+    return MSG_EXTENDED_LOGIN_REQUEST;
+}
+
+/**
+ * Is the password invalid in the previous login
+ * request.
+ */
+TPS_PUBLIC int RA_Extended_Login_Request_Msg::IsInvalidPassword()
+{
+    return m_invalid_pw;
+}
+
+/**
+ * Should the client block due to the previous
+ * invalid login.
+ */
+TPS_PUBLIC int RA_Extended_Login_Request_Msg::IsBlocked()
+{
+    return m_blocked;
+}
diff --git a/pki/base/tps/src/msg/RA_Extended_Login_Response_Msg.cpp b/pki/base/tps/src/msg/RA_Extended_Login_Response_Msg.cpp
new file mode 100644
index 000000000..dca44a98e
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_Extended_Login_Response_Msg.cpp
@@ -0,0 +1,61 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "plstr.h"
+#include "msg/RA_Extended_Login_Response_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a login response message.
+ */
+TPS_PUBLIC RA_Extended_Login_Response_Msg::RA_Extended_Login_Response_Msg (AuthParams *params)
+{
+    m_params = params;
+}
+
+/**
+ * Destructs a login response message.
+ */
+TPS_PUBLIC RA_Extended_Login_Response_Msg::~RA_Extended_Login_Response_Msg ()
+{
+}
+
+/**
+ * Retrieves message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_Extended_Login_Response_Msg::GetType ()
+{
+    return MSG_EXTENDED_LOGIN_RESPONSE;
+}
+
+/**
+ * Retrieves null-pointer terminated 
+ * user ID given by the end user.
+ */
+TPS_PUBLIC AuthParams *RA_Extended_Login_Response_Msg::GetAuthParams()
+{
+    return m_params;
+}
diff --git a/pki/base/tps/src/msg/RA_Login_Request_Msg.cpp b/pki/base/tps/src/msg/RA_Login_Request_Msg.cpp
new file mode 100644
index 000000000..7bad331d7
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_Login_Request_Msg.cpp
@@ -0,0 +1,71 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "msg/RA_Login_Request_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a login request message that requests
+ * user id and password from the end user.
+ */
+TPS_PUBLIC RA_Login_Request_Msg::RA_Login_Request_Msg (int invalid_pw, int blocked)
+{
+    m_invalid_pw = invalid_pw;
+    m_blocked = blocked;
+}
+
+/**
+ * Destructs a login request message.
+ */
+TPS_PUBLIC RA_Login_Request_Msg::~RA_Login_Request_Msg ()
+{
+}
+
+/**
+ * Retrieves message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_Login_Request_Msg::GetType ()
+{
+    return MSG_LOGIN_REQUEST;
+}
+
+/**
+ * Is the password invalid in the previous login
+ * request.
+ */
+TPS_PUBLIC int RA_Login_Request_Msg::IsInvalidPassword()
+{
+    return m_invalid_pw;
+}
+
+/**
+ * Should the client block due to the previous
+ * invalid login.
+ */
+TPS_PUBLIC int RA_Login_Request_Msg::IsBlocked()
+{
+    return m_blocked;
+}
diff --git a/pki/base/tps/src/msg/RA_Login_Response_Msg.cpp b/pki/base/tps/src/msg/RA_Login_Response_Msg.cpp
new file mode 100644
index 000000000..67d796e6e
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_Login_Response_Msg.cpp
@@ -0,0 +1,85 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "plstr.h"
+#include "msg/RA_Login_Response_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a login response message.
+ */
+TPS_PUBLIC RA_Login_Response_Msg::RA_Login_Response_Msg (char *uid, char *password)
+{
+    if (uid == NULL)
+        m_uid = NULL;
+    else
+        m_uid = PL_strdup(uid);
+    if (password == NULL)
+        m_password = NULL;
+    else
+        m_password = PL_strdup(password);
+}
+
+/**
+ * Destructs a login response message.
+ */
+TPS_PUBLIC RA_Login_Response_Msg::~RA_Login_Response_Msg ()
+{
+    if( m_uid != NULL ) {
+        PL_strfree( m_uid );
+        m_uid = NULL;
+    }
+    if( m_password != NULL ) {
+        PL_strfree( m_password );
+        m_password = NULL;
+    }
+}
+
+/**
+ * Retrieves message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_Login_Response_Msg::GetType ()
+{
+    return MSG_LOGIN_RESPONSE;
+}
+
+/**
+ * Retrieves null-pointer terminated 
+ * user ID given by the end user.
+ */
+TPS_PUBLIC char *RA_Login_Response_Msg::GetUID()
+{
+    return m_uid;
+}
+
+/**
+ * Retrieves null-pointer terminated password 
+ * given by the end user.
+ */
+TPS_PUBLIC char *RA_Login_Response_Msg::GetPassword()
+{
+    return m_password;
+}
diff --git a/pki/base/tps/src/msg/RA_New_Pin_Request_Msg.cpp b/pki/base/tps/src/msg/RA_New_Pin_Request_Msg.cpp
new file mode 100644
index 000000000..71889359e
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_New_Pin_Request_Msg.cpp
@@ -0,0 +1,70 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "msg/RA_New_Pin_Request_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a new pin request for the token.
+ */
+TPS_PUBLIC RA_New_Pin_Request_Msg::RA_New_Pin_Request_Msg (int min_len, int max_len)
+{
+    m_min_len = min_len;
+    m_max_len = max_len;
+}
+
+
+/**
+ * Destructs a new pin request.
+ */
+TPS_PUBLIC RA_New_Pin_Request_Msg::~RA_New_Pin_Request_Msg ()
+{
+}
+
+/**
+ * Retrieves the message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_New_Pin_Request_Msg::GetType ()
+{
+    return MSG_NEW_PIN_REQUEST;
+}
+
+/**
+ * Retrieves the minimium length required for the new password.
+ */
+TPS_PUBLIC int RA_New_Pin_Request_Msg::GetMinLen()
+{
+    return m_min_len;
+}
+
+
+/**
+ * Retrieves the maximium length required for the new password.
+ */
+TPS_PUBLIC int RA_New_Pin_Request_Msg::GetMaxLen()
+{
+    return m_max_len;
+}
diff --git a/pki/base/tps/src/msg/RA_New_Pin_Response_Msg.cpp b/pki/base/tps/src/msg/RA_New_Pin_Response_Msg.cpp
new file mode 100644
index 000000000..69b63f934
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_New_Pin_Response_Msg.cpp
@@ -0,0 +1,68 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "plstr.h"
+#include "msg/RA_New_Pin_Response_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a new pin response.
+ */
+TPS_PUBLIC RA_New_Pin_Response_Msg::RA_New_Pin_Response_Msg (char *new_pin)
+{
+    if (new_pin == NULL)
+        m_new_pin = NULL;
+    else
+        m_new_pin = PL_strdup(new_pin);
+}
+
+/**
+ * Destructs a new pin response.
+ */
+TPS_PUBLIC RA_New_Pin_Response_Msg::~RA_New_Pin_Response_Msg ()
+{
+    if( m_new_pin != NULL ) {
+        PL_strfree( m_new_pin );
+        m_new_pin = NULL;
+    }
+}
+
+/**
+ * Retrieves the message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_New_Pin_Response_Msg::GetType ()
+{
+    return MSG_NEW_PIN_RESPONSE;
+}
+
+/**
+ * Retrieves the null-pointer terminated new pin 
+ * from the end user.
+ */
+TPS_PUBLIC char *RA_New_Pin_Response_Msg::GetNewPIN()
+{
+    return m_new_pin;
+}
diff --git a/pki/base/tps/src/msg/RA_SecureId_Request_Msg.cpp b/pki/base/tps/src/msg/RA_SecureId_Request_Msg.cpp
new file mode 100644
index 000000000..064461225
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_SecureId_Request_Msg.cpp
@@ -0,0 +1,69 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "msg/RA_SecureId_Request_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a Secure ID request message for requesting
+ * Secure ID input from the end user.
+ */
+TPS_PUBLIC RA_SecureId_Request_Msg::RA_SecureId_Request_Msg (int pin_required, int next_value)
+{
+    m_pin_required = pin_required;
+    m_next_value = next_value;
+}
+
+/**
+ * Destructs a Secure ID request.
+ */
+TPS_PUBLIC RA_SecureId_Request_Msg::~RA_SecureId_Request_Msg ()
+{
+}
+
+/**
+ * Retrieves the message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_SecureId_Request_Msg::GetType ()
+{
+    return MSG_SECUREID_REQUEST;
+}
+
+/**
+ * Is PIN required?
+ */
+TPS_PUBLIC int RA_SecureId_Request_Msg::IsPinRequired()
+{
+    return m_pin_required;
+}
+
+/**
+ * Is next value required?
+ */
+TPS_PUBLIC int RA_SecureId_Request_Msg::IsNextValue()
+{
+    return m_next_value;
+}
diff --git a/pki/base/tps/src/msg/RA_SecureId_Response_Msg.cpp b/pki/base/tps/src/msg/RA_SecureId_Response_Msg.cpp
new file mode 100644
index 000000000..ff4191a61
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_SecureId_Response_Msg.cpp
@@ -0,0 +1,83 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "plstr.h"
+#include "msg/RA_SecureId_Response_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a Secure ID response.
+ */
+TPS_PUBLIC RA_SecureId_Response_Msg::RA_SecureId_Response_Msg (char *value, char *pin)
+{
+    if (value == NULL) 
+        m_value = NULL;
+    else 
+        m_value = PL_strdup(value);
+    if (pin == NULL)
+        m_pin = NULL;
+    else
+        m_pin = PL_strdup(pin);
+}
+
+/**
+ * Destructs a Secure ID response.
+ */
+TPS_PUBLIC RA_SecureId_Response_Msg::~RA_SecureId_Response_Msg ()
+{
+    if( m_value != NULL ) {
+        PL_strfree( m_value );
+        m_value = NULL;
+    }
+    if( m_pin != NULL ) {
+        PL_strfree( m_pin );
+        m_pin = NULL;
+    }
+}
+
+/**
+ * Retrieves the message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_SecureId_Response_Msg::GetType ()
+{
+    return MSG_SECUREID_RESPONSE;
+}
+
+/**
+ * Retrieves the value.
+ */
+TPS_PUBLIC char *RA_SecureId_Response_Msg::GetValue()
+{
+    return m_value;
+}
+
+/**
+ * Retrieves the PIN.
+ */
+TPS_PUBLIC char *RA_SecureId_Response_Msg::GetPIN()
+{
+    return m_pin;
+}
diff --git a/pki/base/tps/src/msg/RA_Status_Update_Request_Msg.cpp b/pki/base/tps/src/msg/RA_Status_Update_Request_Msg.cpp
new file mode 100644
index 000000000..7bb0baefc
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_Status_Update_Request_Msg.cpp
@@ -0,0 +1,66 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "msg/RA_Status_Update_Request_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a Token PDU request.
+ */
+TPS_PUBLIC RA_Status_Update_Request_Msg::RA_Status_Update_Request_Msg (int status, const char *info)
+{
+    m_status = status;
+    m_info = PL_strdup((char *) info);
+}
+
+/**
+ * Destructs a Token PDU request.
+ */
+TPS_PUBLIC RA_Status_Update_Request_Msg::~RA_Status_Update_Request_Msg ()
+{
+    if( m_info != NULL ) {
+        PL_strfree( m_info );
+        m_info = NULL;
+    }
+}
+
+/**
+ * Retrieves the message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_Status_Update_Request_Msg::GetType ()
+{
+    return MSG_STATUS_UPDATE_REQUEST;
+}
+
+TPS_PUBLIC int RA_Status_Update_Request_Msg::GetStatus()
+{
+    return m_status;
+}
+
+TPS_PUBLIC char *RA_Status_Update_Request_Msg::GetInfo()
+{
+    return m_info;
+}
diff --git a/pki/base/tps/src/msg/RA_Status_Update_Response_Msg.cpp b/pki/base/tps/src/msg/RA_Status_Update_Response_Msg.cpp
new file mode 100644
index 000000000..6053c9af6
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_Status_Update_Response_Msg.cpp
@@ -0,0 +1,56 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "msg/RA_Status_Update_Response_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a Token PDU request.
+ */
+TPS_PUBLIC RA_Status_Update_Response_Msg::RA_Status_Update_Response_Msg (int status)
+{
+    m_status = status;
+}
+
+/**
+ * Destructs a Token PDU request.
+ */
+TPS_PUBLIC RA_Status_Update_Response_Msg::~RA_Status_Update_Response_Msg ()
+{
+}
+
+/**
+ * Retrieves the message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_Status_Update_Response_Msg::GetType ()
+{
+    return MSG_STATUS_UPDATE_RESPONSE;
+}
+
+TPS_PUBLIC int RA_Status_Update_Response_Msg::GetStatus()
+{
+    return m_status;
+}
diff --git a/pki/base/tps/src/msg/RA_Token_PDU_Request_Msg.cpp b/pki/base/tps/src/msg/RA_Token_PDU_Request_Msg.cpp
new file mode 100644
index 000000000..34b3d584b
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_Token_PDU_Request_Msg.cpp
@@ -0,0 +1,63 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "msg/RA_Token_PDU_Request_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a Token PDU request.
+ */
+TPS_PUBLIC RA_Token_PDU_Request_Msg::RA_Token_PDU_Request_Msg (APDU *apdu)
+{
+    m_apdu = apdu;
+}
+
+/**
+ * Destructs a Token PDU request.
+ */
+TPS_PUBLIC RA_Token_PDU_Request_Msg::~RA_Token_PDU_Request_Msg ()
+{
+    if( m_apdu != NULL ) {
+        delete m_apdu;
+        m_apdu = NULL;
+    }
+}
+
+/**
+ * Retrieves the message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_Token_PDU_Request_Msg::GetType ()
+{
+    return MSG_TOKEN_PDU_REQUEST;
+}
+
+/**
+ * Retrieves the APDU that is targeted for the token.
+ */
+TPS_PUBLIC APDU *RA_Token_PDU_Request_Msg::GetAPDU()
+{
+    return m_apdu;
+}
diff --git a/pki/base/tps/src/msg/RA_Token_PDU_Response_Msg.cpp b/pki/base/tps/src/msg/RA_Token_PDU_Response_Msg.cpp
new file mode 100644
index 000000000..41b11388c
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_Token_PDU_Response_Msg.cpp
@@ -0,0 +1,68 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "apdu/APDU_Response.h"
+#include "msg/RA_Token_PDU_Response_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a Token PDU response.
+ */
+TPS_PUBLIC RA_Token_PDU_Response_Msg::RA_Token_PDU_Response_Msg (APDU_Response *response)
+{
+    m_response = response;
+}
+
+/**
+ * Destructs a Token PDU response.
+ */
+TPS_PUBLIC RA_Token_PDU_Response_Msg::~RA_Token_PDU_Response_Msg ()
+{
+    if( m_response != NULL ) {
+        delete m_response;
+        m_response = NULL;
+    }
+}
+
+/**
+ * Retrieves the message type. 
+ */
+TPS_PUBLIC RA_Msg_Type RA_Token_PDU_Response_Msg::GetType ()
+{
+    return MSG_TOKEN_PDU_RESPONSE;
+}
+
+/**
+ * Retrieves the response from the token.
+ * This response does not follow the standard
+ * APDU format. It is just a sequence of data
+ * with 2 bytes, at the end, that indicates 
+ * the status.
+ */
+TPS_PUBLIC APDU_Response *RA_Token_PDU_Response_Msg::GetResponse()
+{
+    return m_response;
+}
diff --git a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp
new file mode 100644
index 000000000..a8a8bb9ac
--- /dev/null
+++ b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp
@@ -0,0 +1,3370 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/**
+ *  RA_Enroll_Processor handles initialization and enrollment of the token
+ */
+
+
+/* variable naming convention:
+ * a_ passed as an 'in' argument to a method
+ * o_ passed as an 'out' argument to a method
+ * m_ member variable
+ */
+
+
+#include <string.h>
+#include "pkcs11.h"
+
+// for public key processing
+#include "secder.h"
+#include "pk11func.h"
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "base64.h"
+#include "nssb64.h"
+#include "prlock.h"
+
+#include "cert.h"
+#include "main/RA_Session.h"
+#include "main/RA_Msg.h"
+#include "main/Buffer.h"
+#include "main/Util.h"
+#include "main/PKCS11Obj.h"
+#include "engine/RA.h"
+#include "channel/Secure_Channel.h"
+#include "msg/RA_SecureId_Request_Msg.h"
+#include "msg/RA_SecureId_Response_Msg.h"
+#include "msg/RA_New_Pin_Request_Msg.h"
+#include "msg/RA_New_Pin_Response_Msg.h"
+#include "processor/RA_Processor.h"
+#include "processor/RA_Enroll_Processor.h"
+#include "tus/tus_db.h"
+
+#include "cms/CertEnroll.h"
+#include "httpClient/httpc/response.h"
+#include "main/Memory.h"
+
+#define OP_PREFIX "op.enroll"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+SECStatus PK11_GenerateRandom(unsigned char *,int);
+
+
+// This parameter is read from the config file. It is the
+// applet build ID which the administrator wants to set as
+// the 'latest applet' to upgrade to.
+static const char *g_applet_target_version = NULL;
+
+
+/**
+ * this function returns a new allocated string
+ * @param cuid a 20 character string. Usually this is 20 hex
+ *  digits representing a token CUID.
+ * @returns a new string which is basically a copy of the input, but 
+ *   with extra colons. The caller is responsible for freeing the 
+ *   returned string with PR_Free().
+ */
+
+static char *GetPrettyPrintCUID(const char *cuid)
+{
+	int i,j;
+	char *ret = NULL;
+
+	if (cuid == NULL)
+		return NULL;
+	if (strlen(cuid) != 20) 
+		return NULL;
+	ret = (char *)PR_Malloc(20+4+1);
+	j = 0;
+	for (i = 0; i < 24; i++) {
+		if (i == 4 || i == 9 || i == 14 || i == 19) {
+		    ret[i] = '-';
+		} else {
+		    ret[i] = cuid[j];
+		    j++;
+		}
+	}
+	ret[24] = '\0';
+	return ret;
+}
+
+static SECItem *
+PK11_GetPubIndexKeyID(CERTCertificate *cert) {
+    SECKEYPublicKey *pubk;
+    SECItem *newItem = NULL;
+                                                                                
+    pubk = CERT_ExtractPublicKey(cert);
+    if (pubk == NULL) return NULL;
+                                                                                
+    switch (pubk->keyType) {
+    case rsaKey:
+    newItem = SECITEM_DupItem(&pubk->u.rsa.modulus);
+    break;
+    case dsaKey:
+        newItem = SECITEM_DupItem(&pubk->u.dsa.publicValue);
+    break;
+    case dhKey:
+        newItem = SECITEM_DupItem(&pubk->u.dh.publicValue);
+    break;
+    case ecKey:
+        newItem = SECITEM_DupItem(&pubk->u.ec.publicValue);
+    break;
+    case fortezzaKey:
+    default:
+    newItem = NULL; /* Fortezza Fix later... */
+    }
+    SECKEY_DestroyPublicKey(pubk);
+    /* make hash of it */
+    return newItem;
+}
+
+
+/**
+ * Constructs a processor for handling enrollment operation.
+ */
+TPS_PUBLIC RA_Enroll_Processor::RA_Enroll_Processor ()
+{
+}
+
+/**
+ * Destructs enrollment processor.
+ */
+TPS_PUBLIC RA_Enroll_Processor::~RA_Enroll_Processor ()
+{
+}
+
+RA_Status RA_Enroll_Processor::DoEnrollment(AuthParams *login, RA_Session *session, 
+                CERTCertificate **certificates,
+                char **origins,
+                char **ktypes,
+		    int pkcs11obj_enable,
+		PKCS11Obj *pkcs_objx,
+		NameValueSet *extensions,
+		int index, int keyTypeNum,
+		int start_progress,
+		int end_progress,
+		Secure_Channel *channel, Buffer *wrapped_challenge,
+		const char *tokenType,
+		const char *keyType,
+		Buffer *key_check, 
+		Buffer *plaintext_challenge,
+		const char *cuid,
+		const char *msn,
+		const char *khex, 
+		TokenKeyType key_type,
+		const char *profileId,
+		const char *userid, 
+		const char *cert_id, 
+                const char *publisher_id,
+		const char *cert_attr_id, 
+		const char *pri_attr_id,
+		const char *pub_attr_id, 
+		BYTE se_p1, BYTE se_p2, int keysize, const char *connid, const char *keyTypePrefix,char * applet_version)
+{
+    RA_Status status = STATUS_NO_ERROR;
+    int rc = -1;
+    int len = 0;
+    int publish_result = -1;
+    Buffer *public_key = NULL;
+    SECItem si_mod;
+    Buffer *modulus=NULL;
+    SECItem *si_kid = NULL;
+    Buffer *keyid=NULL;
+    SECItem si_exp;
+    Buffer *exponent=NULL;
+    CertEnroll *certEnroll = NULL;
+    Buffer *cert = NULL;
+    Buffer CUID = channel->GetKeyDiversificationData();
+    const char *label = NULL;
+    const char *cuid_label = NULL;
+    const char *pattern;
+    char configname[256];
+    NameValueSet nv;
+    const char *pretty_cuid = NULL;
+
+    const char *FN="RA_Enroll_Processor::DoEnrollment";
+
+    char *cert_string = NULL;
+    SECItem* encodedPublicKeyInfo = NULL;
+    SECItem **ppEncodedPublicKeyInfo = NULL;
+	CERTSubjectPublicKeyInfo*  spkix = NULL;
+
+    char *pKey = NULL;
+    char *ivParam = NULL;
+    char *wrappedPrivKey = NULL;
+
+    const char *drmconnid = NULL;
+    bool serverKeygen = false;
+    SECKEYPublicKey *pk_p = NULL;
+
+    float progress_block_size = (float) (end_progress - start_progress) / keyTypeNum;
+    RA::Debug(LL_PER_CONNECTION,FN,
+	            "Start of keygen/certificate enrollment");
+
+    // check if we need to do key generation (by default, overwrite everything)
+    PR_snprintf((char *)configname, 256, "%s.%s.keyGen.%s.overwrite", 
+		    OP_PREFIX, tokenType, keyType);
+      RA::Debug(LL_PER_CONNECTION,FN,
+	            "looking for config %s", configname);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 1)) {
+	    // do nothing
+      RA::Debug(LL_PER_CONNECTION,FN,
+	            "do overwrite");
+    } else {
+      RA::Debug(LL_PER_CONNECTION,FN,
+	            "do not overwrite, if %s exists", cert_id);
+      int num_objs = pkcs_objx->PKCS11Obj::GetObjectSpecCount();
+      char b[3];
+      bool foundObj = false;
+      for (int i = 0; i< num_objs; i++) {
+	ObjectSpec* os = pkcs_objx->GetObjectSpec(i);
+	unsigned long oid = os->GetObjectID();
+	b[0] = (char)((oid >> 24) & 0xff);
+	b[1] = (char)((oid >> 16) & 0xff);
+	b[2] = '\0';
+	/*
+	RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+		   "object id =%c:%c  b=%s",b[0], b[1], b);
+	*/
+	if (PL_strcasecmp(cert_id, b) == 0) {
+	  foundObj = true;
+	  break;
+	}
+      }
+
+
+      if (foundObj) {
+		// we already have a certificate there, skip enrollment
+                RA::Debug(LL_PER_CONNECTION,FN,
+	            "Found certficate. Will not overwrite. Skipped enrollment");
+		return status;
+	} else {
+                RA::Debug(LL_PER_CONNECTION,FN,
+	            "Certficate not found. Continuing with enrollment");
+	}
+    }
+    
+    StatusUpdate(session, extensions, 
+		 start_progress + (index * progress_block_size) + 
+		 (progress_block_size * 15/100) /* progress */, 
+		 "PROGRESS_KEY_GENERATION");
+
+    if (key_type == KEY_TYPE_ENCRYPTION) {// do serverSide keygen?
+                                                                                
+      PR_snprintf((char *)configname, 256, "%s.serverKeygen.enable", keyTypePrefix);
+      RA::Debug(LL_PER_CONNECTION,FN,
+		"looking for config %s", configname);
+      serverKeygen = RA::GetConfigStore()->GetConfigAsBool(configname, false);
+    }
+
+    certEnroll = new CertEnroll();
+
+    if (serverKeygen) {
+      RA::Debug(LL_PER_CONNECTION,FN,
+		"Private key is to be generated on server");
+
+      PR_snprintf((char *)configname, 256, "%s.serverKeygen.drm.conn", keyTypePrefix);
+      RA::Debug(LL_PER_CONNECTION,FN,
+		"looking for config %s", configname);
+      drmconnid = RA::GetConfigStore()->GetConfigAsString(configname);
+
+      PR_snprintf((char *)configname, 256, "%s.serverKeygen.archive", keyTypePrefix);
+      bool archive = RA::GetConfigStore()->GetConfigAsBool(configname, true);
+
+      RA::Debug(LL_PER_CONNECTION,FN,
+		"calling ServerSideKeyGen with userid =%s, archive=%s", userid, archive? "true":"false");
+
+      RA::ServerSideKeyGen(session, cuid, userid,
+                           channel->getDrmWrappedDESKey(), &pKey,
+                           &wrappedPrivKey, &ivParam, drmconnid,
+                           archive, keysize);
+
+      if (pKey == NULL) {
+	    RA::Error(LL_PER_CONNECTION,FN,
+		"Failed to generate key on server. Please check DRM.");
+	RA::Debug(LL_PER_CONNECTION,FN,
+		"ServerSideKeyGen called, pKey is NULL");
+	  status = STATUS_ERROR_MAC_ENROLL_PDU;
+	goto loser;
+      } else
+	RA::Debug(LL_PER_CONNECTION,FN,
+		"key value = %s", pKey);
+
+
+      if (wrappedPrivKey == NULL) {
+	RA::Debug(LL_PER_CONNECTION,FN,
+		"ServerSideKeyGen called, wrappedPrivKey is NULL");
+	status = STATUS_ERROR_MAC_ENROLL_PDU;
+	goto loser;
+      } else
+	RA::Debug(LL_PER_CONNECTION,FN,
+		"wrappedPrivKey = %s", wrappedPrivKey);
+
+      if (ivParam == NULL) {
+	RA::Debug(LL_PER_CONNECTION,FN,
+		"ServerSideKeyGen called, ivParam is NULL");
+	status = STATUS_ERROR_MAC_ENROLL_PDU;
+	goto loser;
+      } else
+	RA::Debug(LL_PER_CONNECTION,FN,
+		"ivParam = %s", ivParam);
+
+      /*
+       * the following code converts b64-encoded public key info into SECKEYPublicKey
+       */
+      SECStatus rv;
+      SECItem der;
+      CERTSubjectPublicKeyInfo* spki = NULL;
+               
+      der.type = (SECItemType) 0; /* initialize it, since convertAsciiToItem does not set it */
+      rv = ATOB_ConvertAsciiToItem (&der, pKey);
+      if (rv != SECSuccess){
+	RA::Debug(LL_PER_CONNECTION,FN,
+		"failed to convert b64 private key to binary");
+	SECITEM_FreeItem(&der, PR_FALSE);
+	  status = STATUS_ERROR_MAC_ENROLL_PDU;
+	goto loser;
+      }else {
+	RA::Debug(LL_PER_CONNECTION,FN,
+		"decoded private key as: secitem (len=%d)",der.len);
+
+	spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&der);
+
+	if (spki != NULL) {
+	  RA::Debug(LL_PER_CONNECTION,FN,
+		"Successfully decoded DER SubjectPublicKeyInfo structure");
+	  pk_p = SECKEY_ExtractPublicKey(spki);
+	  if (pk_p != NULL)
+	    RA::Debug(LL_PER_CONNECTION,FN,
+		"Successfully extracted public key from SPKI structure");
+	  else
+	    RA::Debug(LL_PER_CONNECTION,FN,
+		"Failed to extract public key from SPKI");
+	} else {
+	  RA::Debug(LL_PER_CONNECTION,FN,
+		"Failed to decode SPKI structure");
+	}
+
+	SECITEM_FreeItem(&der, PR_FALSE);
+    	SECKEY_DestroySubjectPublicKeyInfo(spki);
+	
+      }
+
+    } else { //generate keys on token
+
+      RA::Debug(LL_PER_CONNECTION,FN,
+		"Private key is to be generated on token");
+
+      len = channel->StartEnrollment(
+        se_p1, se_p2,		     
+        wrapped_challenge,
+        key_check,
+        0x01 /* alg */, keysize,
+        0x00 /* option */);
+
+      RA::Debug(LL_PER_CONNECTION,FN,
+		"channel->StartEnrollment returned length of public key blob: len=%d", len);
+
+	StatusUpdate(session, extensions,
+			start_progress + (index * progress_block_size) + 
+			(progress_block_size * 45/100) /* progress */, 
+			"PROGRESS_READ_PUBLIC_KEY");
+
+      /* read the public key from buffer */
+      if (len <= 0) {
+	RA::Error(LL_PER_CONNECTION,FN,
+		  "Error generating key on token.");
+        status = STATUS_ERROR_MAC_ENROLL_PDU;
+        goto loser;
+      }
+
+      RA::Debug(LL_PER_CONNECTION,FN,
+		"Reading public key buffer from token");
+
+      BYTE iobuf[4];
+      iobuf[0] = 0xff;
+      iobuf[1] = 0xff;
+      iobuf[2] = 0xff;
+      iobuf[3] = 0xff;
+      /* use ReadObject to read IO buffer */
+      public_key = channel->ReadObject(iobuf, 0, len);
+      if (public_key == NULL) {
+	RA::Error(LL_PER_CONNECTION,FN,
+		  "Unable to read public key buffer from token");
+        status = STATUS_ERROR_MAC_ENROLL_PDU;
+        goto loser;
+      }
+      RA::Debug(LL_PER_CONNECTION,FN,
+	      "Successfully read public key buffer");
+      
+      RA::DebugBuffer(LL_PER_CONNECTION,FN,
+		"public_key = ", public_key);
+
+      //got public key blob
+      // parse public key blob and check POP
+
+      RA::Debug(LL_PER_CONNECTION,FN,
+	      "challenge size=%d",plaintext_challenge->size());
+      RA::DebugBuffer("RA_Enroll_Processor::process", "challenge = ", 
+          plaintext_challenge);
+
+
+      // send status update to the client
+	StatusUpdate(session, extensions,
+			start_progress + (index * progress_block_size) + 
+			(progress_block_size * 55/100) /* progress */, 
+			"PROGRESS_PARSE_PUBLIC_KEY");
+
+      RA::Debug(LL_PER_CONNECTION,FN,
+		"About to Parse Public Key");
+
+      pk_p = certEnroll->ParsePublicKeyBlob(
+                (unsigned char *)(BYTE *)*public_key /*blob*/, 
+                plaintext_challenge);
+
+      if (pk_p == NULL) {
+	    RA::Error(LL_PER_CONNECTION,FN,
+		  "Failed to parse public key");
+        status = STATUS_ERROR_MAC_ENROLL_PDU;
+        goto loser;
+      }
+
+    } //serverKeygen or not
+
+    RA::Debug(LL_PER_CONNECTION,FN,
+		"Keys generated. Proceeding with certificate enrollment");
+
+    if(publisher_id != NULL)
+    {
+        ppEncodedPublicKeyInfo = &encodedPublicKeyInfo;
+
+    }
+
+    pretty_cuid = GetPrettyPrintCUID(cuid);
+
+    nv.Add("pretty_cuid", pretty_cuid);
+    nv.Add("cuid", cuid);
+    nv.Add("msn", msn);
+    nv.Add("userid", userid);
+    nv.Add("profileId", profileId);
+
+    /* populate auth parameters output to nv also */
+    /* so we can reference to the auth parameter by */
+    /* using $auth.cn$, or $auth.mail$ */
+    if (login != NULL) {
+      int s = login->Size();
+      for (int x = 0; x < s; x++) {
+         char namebuf[2048];
+         char *name = login->GetNameAt(x);
+         sprintf(namebuf, "auth.%s", name);
+         nv.Add(namebuf, login->GetValue(name));
+      }
+    }
+
+    PR_snprintf((char *)configname, 256, "%s.%s.keyGen.%s.cuid_label", 
+		    OP_PREFIX, tokenType, keyType);
+
+    RA::Debug(LL_PER_CONNECTION,FN,
+		"Certificate label '%s'", configname);
+
+    pattern = RA::GetConfigStore()->GetConfigAsString(configname, "$cuid$");
+    cuid_label = MapPattern(&nv, (char *) pattern);
+
+	StatusUpdate(session, extensions,
+			start_progress + (index * progress_block_size) + 
+			(progress_block_size * 60/100) /* progress */, 
+			"PROGRESS_ENROLL_CERT");
+
+    cert = certEnroll->EnrollCertificate(
+                    pk_p, profileId, userid, cuid_label, 
+		    connid, ppEncodedPublicKeyInfo);
+
+    if (cert == NULL) {
+        status = STATUS_ERROR_MAC_ENROLL_PDU;
+        goto loser;
+    }
+
+    /* fill in keyid, modulus, and exponent */
+
+    si_mod = pk_p->u.rsa.modulus;
+    modulus = new Buffer((BYTE*) si_mod.data, si_mod.len);
+
+    /* 
+     * RFC 3279
+     * The keyIdentifier is composed of the 160-bit SHA-1 hash of the
+     * value of the BIT STRING subjectPublicKey (excluding the tag,
+     * length, and number of unused bits).
+     */
+	spkix = SECKEY_CreateSubjectPublicKeyInfo(pk_p);
+
+    /* 
+     * NSS magically multiply the length with 2^3 in cryptohi/seckey.c 
+     * Hack: 
+     */
+    spkix->subjectPublicKey.len >>= 3;
+    si_kid = PK11_MakeIDFromPubKey(&spkix->subjectPublicKey);
+    spkix->subjectPublicKey.len <<= 3;
+
+
+    keyid = new Buffer((BYTE*) si_kid->data, si_kid->len);
+    si_exp = pk_p->u.rsa.publicExponent;
+    exponent =  new Buffer((BYTE*) si_exp.data, si_exp.len);
+
+    RA::Debug(LL_PER_CONNECTION,FN,
+	      "Keyid, modulus and exponent have been extracted from public key");
+
+    SECKEY_DestroySubjectPublicKeyInfo(spkix);
+
+    cert_string = (char *) cert->string();
+    certificates[index] = CERT_DecodeCertFromPackage((char *) cert_string, 
+      (int) cert->size());
+    if (certificates[index] != NULL) {
+      RA::Debug("DoEnrollment", "Received Certificate 0x%x",
+              DER_GetInteger(&certificates[index]->serialNumber));
+    }
+    free(cert_string);
+    ktypes[index] = strdup(keyType);
+    origins[index] = strdup(cuid);
+
+    if (serverKeygen) {
+      //do PKCS#8
+
+      BYTE objid[4];
+
+      objid[0] = 0xFF;
+      objid[1] = 0x00;
+      objid[2] = 0xFF;
+      objid[3] = 0xF3;
+      Buffer priv_keyblob;
+      /* url decode wrappedPrivKey */
+      {
+	Buffer *decodeKey = Util::URLDecode(wrappedPrivKey);
+	// RA::DebugBuffer("cfu debug"," private key =",decodeKey);
+	priv_keyblob =
+	  Buffer(1, 0x01) + // encryption
+	  Buffer(1, 0x09)+ // keytype is RSAPKCS8Pair
+	  Buffer(1,(BYTE)(keysize/256)) + // keysize is two bytes
+	  Buffer(1,(BYTE)(keysize%256)) +
+	  Buffer((BYTE*) *decodeKey, decodeKey->size());
+	delete decodeKey;
+      }
+
+      //inject PKCS#8 private key
+      BYTE perms[6];
+
+      perms[0] = 0x40;
+      perms[1] = 0x00;
+      perms[2] = 0x40;
+      perms[3] = 0x00;
+      perms[4] = 0x40;
+      perms[5] = 0x00;
+
+      if (channel->CreateObject(objid, perms, priv_keyblob.size()) != 1) {
+	status = STATUS_ERROR_MAC_ENROLL_PDU;
+	goto loser;
+      }
+
+
+      if (channel->WriteObject(objid, (BYTE*)priv_keyblob, priv_keyblob.size()) != 1) {
+	status = STATUS_ERROR_MAC_ENROLL_PDU;
+	goto loser;
+      }
+
+
+      /* url decode the wrapped kek session key and keycheck*/
+      Buffer data;
+      {
+
+	/*
+	  RA::Debug(LL_PER_PDU, "", "getKekWrappedDESKey() returns =%s", channel->getKekWrappedDESKey());
+	  RA::Debug(LL_PER_PDU, "", "getKeycheck() returns =%s", channel->getKeycheck());
+	*/
+	Buffer *decodeKey = Util::URLDecode(channel->getKekWrappedDESKey());
+
+	/*
+	  RA::Debug(LL_PER_PDU, "", "des key item len=%d",
+	  decodeKey->size());
+	  RA::DebugBuffer("cfu debug", "DES key =", decodeKey);
+	*/
+	char *keycheck = channel->getKeycheck();
+	Buffer *decodeKeyCheck = Util::URLDecode(keycheck);
+	if (keycheck)
+	  PL_strfree(keycheck);
+
+	/*
+	  RA::Debug(LL_PER_PDU, "", "keycheck item len=%d",
+	  decodeKeyCheck->size());
+	  RA::DebugBuffer("cfu debug", "key check=", decodeKeyCheck);
+	*/
+
+	//XXX need randomize this later
+
+	//	  BYTE iv[] = {0x01, 0x01,0x01,0x01,0x01,0x01,0x01,0x01};
+	// get ivParam
+	Buffer *iv_decoded = Util::URLDecode(ivParam);
+	if (ivParam) {
+	  PL_strfree(ivParam);
+	}
+
+	data =
+	  Buffer((BYTE*)objid, 4)+ // object id
+	  Buffer(1, 0x08) + // key type is DES3: 8
+	  Buffer(1, (BYTE) decodeKey->size()) + // 1 byte length
+	  Buffer((BYTE *) *decodeKey, decodeKey->size())+ // key -encrypted to 3des block
+	  // check size
+	  // key check
+	  Buffer(1, (BYTE) decodeKeyCheck->size()) + //keycheck size
+	  Buffer((BYTE *) *decodeKeyCheck , decodeKeyCheck->size())+ // keycheck
+	  Buffer(1, iv_decoded->size())+ // IV_Length
+	  Buffer((BYTE*)*iv_decoded, iv_decoded->size());
+
+	delete iv_decoded;
+	//      RA::DebugBuffer("cfu debug", "ImportKeyEnc data buffer =", &data);
+
+	delete decodeKey;
+	delete decodeKeyCheck;
+      }
+
+      if (channel->ImportKeyEnc(se_p1, se_p2, &data) != 1) {
+	status = STATUS_ERROR_MAC_ENROLL_PDU;
+	goto loser;
+      }
+
+      /*
+       * After keys are injected successfully, then write certificate object apdu
+       * to token
+       */
+
+    } // serverKeygen
+
+
+    StatusUpdate(session, extensions,
+		 start_progress + (index * progress_block_size) + 
+		 (progress_block_size * 70/100) /* progress */, 
+		 "PROGRESS_PUBLISH_CERT");
+
+    //Attempt publish if relevant
+    if(ppEncodedPublicKeyInfo)
+      { 
+
+        publish_result = DoPublish(cuid,encodedPublicKeyInfo,cert,publisher_id,applet_version); 
+
+      }
+
+    if(ppEncodedPublicKeyInfo)
+      {
+	RA::Debug(LL_PER_CONNECTION,FN,
+			"Deleting PublicKeyInfo object.");
+
+	SECITEM_FreeItem(*ppEncodedPublicKeyInfo, PR_TRUE);
+      }
+
+    if(publish_result == 0)
+      {
+        status = STATUS_ERROR_PUBLISH;
+
+        RA::Error(LL_PER_CONNECTION,FN,
+		 "Enroll Certificate Publish Failure %d", status);
+
+        RA::Debug(LL_PER_CONNECTION,FN,
+		"Enroll Certificate Publish Failure %d",status);
+        goto loser;
+      }
+
+    if (cert != NULL) {
+      RA::Debug(LL_PER_CONNECTION,FN,
+		"Enroll Certificate Finished");
+    } else {
+      RA::Error(LL_PER_CONNECTION,FN,
+	"Enroll Certificate Failure");
+
+        status = STATUS_ERROR_MAC_ENROLL_PDU;
+        goto loser;
+    }
+
+	StatusUpdate(session, extensions,
+			start_progress + (index * progress_block_size) + 
+			(progress_block_size * 80/100) /* progress */, 
+			"PROGRESS_IMPORT_CERT");
+
+    /* write certificate from CA to netkey */
+    if (pkcs11obj_enable) {
+	ObjectSpec *objSpec = 
+		ObjectSpec::ParseFromTokenData(
+				(cert_id[0] << 24) +
+				(cert_id[1] << 16),
+				cert);
+	pkcs_objx->AddObjectSpec(objSpec);
+    } else {
+    	RA::Debug(LL_PER_CONNECTION,FN,
+		"About to create certificate object on token");
+    	rc = channel->CreateCertificate(cert_id, cert);
+    	if (rc == -1) {
+       	 	RA::Error(LL_PER_CONNECTION,FN,
+		"Failed to create certificate object on token");
+
+        	status = STATUS_ERROR_MAC_ENROLL_PDU;
+        	goto loser;
+    	}
+    }
+
+    // build label
+    PR_snprintf((char *)configname, 256, "%s.%s.keyGen.%s.label", 
+		    OP_PREFIX, tokenType, keyType);
+    RA::Debug(LL_PER_CONNECTION,FN,
+		"label '%s'", configname);
+    pattern = RA::GetConfigStore()->GetConfigAsString(configname);
+    label = MapPattern(&nv, (char *) pattern);
+
+    if (pkcs11obj_enable) {
+    	Buffer b = channel->CreatePKCS11CertAttrsBuffer(
+			key_type, cert_attr_id, label, keyid);
+	ObjectSpec *objSpec = 
+		ObjectSpec::ParseFromTokenData(
+				(cert_attr_id[0] << 24) +
+				(cert_attr_id[1] << 16),
+				&b);
+	pkcs_objx->AddObjectSpec(objSpec);
+    } else {
+    	RA::Debug(LL_PER_CONNECTION,FN,
+		"About to create PKCS#11 certificate Attributes");
+    	rc = channel->CreatePKCS11CertAttrs(key_type, cert_attr_id, label, keyid);
+    	if (rc == -1) {
+       	 RA::Error(LL_PER_CONNECTION,FN,
+		"PKCS11 Certificate attributes creation failed");
+        	status = STATUS_ERROR_MAC_ENROLL_PDU;
+        	goto loser;
+    	}
+    }
+
+    if (pkcs11obj_enable) {
+    	RA::Debug(LL_PER_CONNECTION,FN,
+		"Create PKCS11 Private Key Attributes Buffer");
+    	Buffer b = channel->CreatePKCS11PriKeyAttrsBuffer(key_type, 
+			pri_attr_id, label, keyid, modulus, OP_PREFIX, 
+			tokenType, keyTypePrefix);
+	ObjectSpec *objSpec = 
+		ObjectSpec::ParseFromTokenData(
+				(pri_attr_id[0] << 24) +
+				(pri_attr_id[1] << 16),
+				&b);
+	pkcs_objx->AddObjectSpec(objSpec);
+    } else {
+    	RA::Debug(LL_PER_CONNECTION,FN,
+		"Create PKCS11 Private Key Attributes");
+    	rc = channel->CreatePKCS11PriKeyAttrs(key_type, pri_attr_id, label, keyid, modulus, OP_PREFIX, tokenType, keyTypePrefix);
+    	if (rc == -1) {
+        	RA::Error(LL_PER_CONNECTION,FN,
+		"PKCS11 private key attributes creation failed");
+        	status = STATUS_ERROR_MAC_ENROLL_PDU;
+        	goto loser;
+    	}
+    }
+
+    if (pkcs11obj_enable) {
+    	Buffer b = channel->CreatePKCS11PubKeyAttrsBuffer(key_type, 
+			pub_attr_id, label, keyid, 
+           exponent, modulus, OP_PREFIX, tokenType, keyTypePrefix);
+	ObjectSpec *objSpec = 
+		ObjectSpec::ParseFromTokenData(
+				(pub_attr_id[0] << 24) +
+				(pub_attr_id[1] << 16),
+				&b);
+	pkcs_objx->AddObjectSpec(objSpec);
+    } else {
+    	RA::Debug(LL_PER_CONNECTION,FN,
+		"Create PKCS11 Public Key Attributes");
+    	rc = channel->CreatePKCS11PubKeyAttrs(key_type, pub_attr_id, label, keyid, 
+           exponent, modulus, OP_PREFIX, tokenType, keyTypePrefix);
+    	if (rc == -1) {
+        	RA::Error(LL_PER_CONNECTION,FN,
+			"PKCS11 public key attributes creation failed");
+        	status = STATUS_ERROR_MAC_ENROLL_PDU;
+        	goto loser;
+    	}
+    }
+    RA::Debug(LL_PER_CONNECTION,FN, "End of keygen/certificate enrollment");
+
+loser:
+    if( modulus != NULL ) {
+        delete modulus;
+        modulus = NULL;
+    }
+    if( keyid != NULL ) {
+        delete keyid;
+        keyid = NULL;
+    }
+    if( exponent != NULL ) {
+        delete exponent;
+        exponent = NULL;
+    }
+    if( cert != NULL ) {
+        delete cert;
+        cert = NULL;
+    }
+    if( public_key != NULL ) {
+        delete public_key;
+        public_key = NULL;
+    }
+  
+    if (pKey !=NULL)
+        PR_Free(pKey);
+
+    if (wrappedPrivKey !=NULL)
+        PR_Free(wrappedPrivKey);
+
+    if( si_kid != NULL ) {
+        SECITEM_FreeItem( si_kid, PR_TRUE );
+        si_kid = NULL;
+    }
+    if( certEnroll != NULL ) {
+        delete certEnroll;
+        certEnroll = NULL;
+    }
+    if( label != NULL ) {
+        PL_strfree( (char *) label );
+        label = NULL;
+    }
+    if( cuid_label != NULL ) {
+        PL_strfree( (char *) cuid_label );
+        cuid_label = NULL;
+    }
+    if( pretty_cuid != NULL ) {
+        PR_Free( (char *) pretty_cuid );
+        pretty_cuid = NULL;
+    }
+
+    return status;
+}
+
+SECStatus getRandomNumber(unsigned long *number) {
+  SECStatus rv;
+
+  if (number == NULL) {
+    return SECFailure;
+  }
+
+  rv = PK11_GenerateRandom((unsigned char *) number, sizeof(unsigned long));
+  return rv;
+}
+
+
+/**
+ * @return true if successfull
+ */
+bool RA_Enroll_Processor::GetCardManagerAppletInfo(
+    RA_Session *a_session,   /* in */
+	Buffer *a_cardmanagerAID,  /* in */
+    RA_Status &a_status,     /* out */
+    char * &msn,             /* out */
+    char * &cuid,            /* out */
+    Buffer &token_cuid       /* out */
+)
+{
+	bool r = true;  // result
+    Buffer *cplc_data = NULL;
+    Buffer token_msn;
+
+    SelectApplet(a_session, 0x04, 0x00, a_cardmanagerAID);
+    cplc_data = GetData(a_session);
+    if (cplc_data == NULL) {
+          RA::Error("RA_Enroll_Processor::Process", 
+			"Get Data Failed");
+          a_status = STATUS_ERROR_SECURE_CHANNEL;		 
+		  r = false;
+          goto loser;
+    }
+    RA::DebugBuffer("RA_Enroll_Processor::process", "CPLC Data = ", 
+		    	cplc_data);
+    if (cplc_data->size() < 47) {
+          RA::Error("RA_Format_Processor::Process",
+                        "Invalid CPLC Size");
+          a_status = STATUS_ERROR_SECURE_CHANNEL;
+		  r = false;
+          goto loser;
+    }
+    token_cuid =  Buffer(cplc_data->substr(3,4)) + 
+	     Buffer(cplc_data->substr(19,2)) + 
+	     Buffer(cplc_data->substr(15,4));
+    RA::DebugBuffer("RA_Enroll_Processor::process", "Token CUID= ", 
+		    	&token_cuid);
+    cuid = Util::Buffer2String(token_cuid);
+    RA::Debug("RA_Enroll_Processor::process", "CUID(String)= '%s'", 
+		    	cuid);
+    token_msn = Buffer(cplc_data->substr(41, 4));
+    RA::DebugBuffer("RA_Enroll_Processor::process", "Token MSN= ", 
+		    	&token_msn);
+    msn = Util::Buffer2String(token_msn);
+    RA::Debug("RA_Enroll_Processor::process", "MSN(String)= '%s'", 
+		    	msn);
+	loser:
+    if( cplc_data != NULL ) {
+        delete cplc_data;
+    }
+
+	return r;
+}
+
+bool RA_Enroll_Processor::GetAppletInfo(
+	RA_Session *a_session,   /* in */
+    Buffer *a_aid ,  /* in */
+    BYTE &o_major_version,
+    BYTE &o_minor_version,
+    BYTE &o_app_major_version,
+    BYTE &o_app_minor_version)
+{
+    Buffer *token_status = NULL;
+    SelectApplet(a_session, 0x04, 0x00, a_aid);
+    token_status = GetStatus(a_session, 0x00, 0x00);
+    if (token_status == NULL) {
+      o_major_version = 0x0;
+      o_minor_version = 0x0;
+      o_app_major_version = 0x0;
+      o_app_minor_version = 0x0;
+    } else {
+      o_major_version = ((BYTE*)*token_status)[0];     // is this protocol version?
+      o_minor_version = ((BYTE*)*token_status)[1];
+      o_app_major_version = ((BYTE*)*token_status)[2]; // and this applet version?
+      o_app_minor_version = ((BYTE*)*token_status)[3];
+      delete token_status;
+    }
+    RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+	      "Major=%d Minor=%d Applet Major=%d Applet Minor=%d", 
+			o_major_version, o_minor_version, o_app_major_version, o_app_minor_version);
+	return true;
+}
+
+
+/**
+ * Query applet for build ID info
+ * 'Pretty'-print it into useful format, along with version info
+ * example input:
+ *  a_app_major_version = 1
+ *  a_app_minor_version = 3
+ * Examples for the following outputs:
+ * o_av   = "1.3.45FC0218"
+ * The caller is responsible for free'ing (o_av)
+ */
+bool RA_Enroll_Processor::FormatAppletVersionInfo(
+    RA_Session *a_session,
+	const char *a_tokenType,
+	char *a_cuid,
+    BYTE a_app_major_version,
+    BYTE a_app_minor_version,
+	RA_Status &o_status,            // out
+	char * &o_av // out.  
+)
+{
+	bool r=true;
+	char configname[256];
+	char *av=NULL;
+	
+	// retrieve the 4-byte applet ID from the token
+	Buffer *tokenBuildID = GetAppletVersion(a_session);
+
+	if (tokenBuildID == NULL) {
+		// If there was no applet on the token
+		PR_snprintf((char *)configname, 256, "%s.%s.update.applet.emptyToken.enable", OP_PREFIX,
+				a_tokenType);
+	// XXX checks if emptyToken is enabled. This should probably get moved
+    // to the applet update function, and leave this fn only for getting
+    // the version information
+		if (!RA::GetConfigStore()->GetConfigAsBool(configname, 0)) {
+			RA::Error("RA_Enroll_Processor::Process", 
+					"no applet found and applet upgrade not enabled");
+			o_status = STATUS_ERROR_SECURE_CHANNEL;  // XXX  incorrect error message
+			r=false;
+			RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "secure channel not established", ""); // XXX incorrect error message
+			goto loser;
+		}
+	} else {
+		// if there was an applet on the token:
+		char * bid_string =  Util::Buffer2String(*tokenBuildID);
+		RA::Debug("RA_Enroll_Processor", "buildid = %s", bid_string);
+		av = PR_smprintf( "%x.%x.%s", 
+			a_app_major_version, a_app_minor_version, bid_string);
+		PR_Free(bid_string);
+	}
+	o_av = (av == NULL) ? strdup("") : av;
+
+	RA::Debug("RA_Enroll_Processor", "final_applet_version = %s", o_av);
+loser:
+	if( tokenBuildID != NULL ) {
+		delete tokenBuildID;
+	}
+	return r;
+}
+
+/**
+ * Checks if we need to upgrade applet. 
+ * The version of the current token is passed IN to this function
+ * in o_current_applet_on_token. If the applet is upgraded, this
+ * out parameter will be set to the new applet version id.
+ * maj/minor versions will be also updated if the applet was updated.
+ */
+bool RA_Enroll_Processor::CheckAndUpgradeApplet(
+		RA_Session *a_session,
+		NameValueSet *a_extensions,
+		char *a_cuid,
+		const char *a_tokenType,
+		char *&o_current_applet_on_token,
+		BYTE &o_major_version,
+		BYTE &o_minor_version,
+		Buffer *a_aid,
+		RA_Status &o_status )
+{
+	const char *FN = "RA_Enroll_Processor::CheckAndUpgradeApplet";
+	bool r = true;
+	const char *applet_dir=NULL;
+    const char *connid = NULL;
+    Buffer *token_status = NULL;
+	char configname[256];
+
+	// You specify the following parameters to get applet upgrade working
+	// *.update.applet.enable=true
+	// *.update.applet.requiredVersion=maj.min.xxxxxxxx
+	PR_snprintf((char *)configname, 256, "%s.%s.update.applet.encryption", OP_PREFIX, a_tokenType);
+	SecurityLevel security_level = SECURE_MSG_MAC;
+	if (RA::GetConfigStore()->GetConfigAsBool(configname, true))
+			security_level = SECURE_MSG_MAC_ENC;
+
+    PR_snprintf((char *)configname, 256, "%s.%s.update.applet.enable", OP_PREFIX, a_tokenType);
+	if (RA::GetConfigStore()->GetConfigAsBool(configname, 0)) {
+		PR_snprintf((char *)configname, 256, "%s.%s.update.applet.requiredVersion", OP_PREFIX, a_tokenType);
+		if (g_applet_target_version == NULL) {
+			g_applet_target_version = RA::GetConfigStore()->GetConfigAsString(configname);
+		}
+		if (g_applet_target_version == NULL) {
+			RA::Error(FN, "upgrade.version not found");
+			o_status = STATUS_ERROR_MISCONFIGURATION;		 
+			r = false;
+			goto loser;
+		}
+		/* Bugscape #55826: used case-insensitive check below */
+		if (PL_strcasecmp(g_applet_target_version, o_current_applet_on_token) != 0) {
+			RA::Debug(LL_PER_CONNECTION, FN, "tokenType=%s before updating applet", a_tokenType);
+			/* upgrade applet */
+			PR_snprintf((char *)configname, 256, "%s.%s.update.applet.directory", OP_PREFIX, a_tokenType);
+			applet_dir = RA::GetConfigStore()->GetConfigAsString(configname);
+			if (applet_dir == NULL) {
+				RA::Error(LL_PER_CONNECTION, FN,
+						"Failed to read applet directory parameter %s", configname);
+				o_status = STATUS_ERROR_MISCONFIGURATION;		 
+				r = false;
+				goto loser;
+			}
+			PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, a_tokenType);
+			connid = RA::GetConfigStore()->GetConfigAsString(configname);
+			RA::Debug(FN, "TKS connection id =%s", connid);
+			//StatusUpdate(a_session, a_extensions, 5, "PROGRESS_UPGRADE_APPLET");
+
+			if (UpgradeApplet(a_session, OP_PREFIX, (char*) a_tokenType,
+				o_major_version, o_minor_version, 
+				g_applet_target_version, 
+				applet_dir, security_level, 
+				connid, a_extensions, 
+				5, 
+				12) != 1) {
+
+				RA::Debug(FN, "applet upgrade failed");
+				/**
+				 * Bugscape #55709: Re-select Net Key Applet ONLY on failure.
+				 */
+				SelectApplet(a_session, 0x04, 0x00, a_aid);
+				RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "applet upgrade error", "");
+				o_status = STATUS_ERROR_UPGRADE_APPLET;		 
+				r = false;
+				goto loser;
+			} else {
+				// there may be a better place to do this, but worth testing here
+				// RA::tdb_update(a_cuid, g_applet_target_version);
+			}
+
+			// Upgrade Applet reported success
+			RA::Audit("Enrollment", "op='applet_upgrade' app_ver='%s' new_app_ver='%s'",
+					o_current_applet_on_token, g_applet_target_version);
+			o_current_applet_on_token = strdup(g_applet_target_version);
+
+			token_status = GetStatus(a_session, 0x00, 0x00);
+			if (token_status == NULL) {
+				RA::Error(FN, "Get Status Failed");
+				o_status = STATUS_ERROR_SECURE_CHANNEL;		 // XXX
+				RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "secure channel error", "");
+				r = false;
+				goto loser;
+			}
+
+			o_major_version = ((BYTE*)*token_status)[2]; // applet version
+			o_minor_version = ((BYTE*)*token_status)[3]; // not protocol version
+loser:
+    		if( token_status != NULL ) {
+        		delete token_status;
+    		}
+		}
+	} else {
+        RA::Debug(FN, "Applet Upgrade has been disabled.");
+    }
+	return r;
+}
+
+
+
+/**
+ * Authenticate user with LDAP plugin
+ * @return true if authentication was successful
+ */
+bool RA_Enroll_Processor::AuthenticateUserLDAP(
+		RA_Session *a_session,
+                NameValueSet *a_extensions,
+		char *a_cuid,
+		AuthenticationEntry *a_auth,
+		AuthParams *&login,
+		RA_Status &o_status
+)
+{
+	const char *FN = "RA_Enroll_Processor::AuthenticateUserLDAP";
+	int retry_limit = a_auth->GetAuthentication()->GetNumOfRetries();
+	int retries = 0;
+	int rc;
+	bool r=false;
+
+	RA::Debug(LL_PER_PDU, FN, "LDAP_Authentication is invoked.");
+	rc = a_auth->GetAuthentication()->Authenticate(login);
+
+	RA::Debug(FN, "Authenticate returned: %d", rc);
+
+	// rc: (0:login correct) (-1:LDAP error)  (-2:User not found) (-3:Password error)
+
+	// XXX replace with proper enums
+	// XXX evaluate rc==0 as specific case - this is success, it shouldn't be the default
+
+	while ((rc == TPS_AUTH_ERROR_USERNOTFOUND || 
+			rc == TPS_AUTH_ERROR_PASSWORDINCORRECT ) 
+				&& (retries < retry_limit)) {
+		login = RequestLogin(a_session, 0 /* invalid_pw */, 0 /* blocked */);
+		retries++;
+        if (login != NULL)
+		    rc = a_auth->GetAuthentication()->Authenticate(login);
+	}
+
+	switch (rc) {
+	case TPS_AUTH_OK:
+		RA::Debug(LL_PER_PDU, FN, "Authentication successful.");
+		r=true;
+		break;
+	case TPS_AUTH_ERROR_LDAP:
+		RA::Error(FN, "Authentication failed. LDAP Error");
+		o_status = STATUS_ERROR_LDAP_CONN;
+		RA::Debug(LL_PER_PDU, FN, "Authentication status=%d rc=%d", o_status,rc);
+		RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "authentication error", "");
+		r = false;
+		break;
+	case TPS_AUTH_ERROR_USERNOTFOUND:
+		RA::Error(FN, "Authentication failed. User not found");
+		o_status = STATUS_ERROR_LOGIN;
+		RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "authentication error",  "");
+		r = false;
+		break;
+	case TPS_AUTH_ERROR_PASSWORDINCORRECT:
+		RA::Error(FN, "Authentication failed. Password Incorrect");
+		o_status = STATUS_ERROR_LOGIN;
+		RA::Debug(LL_PER_PDU, FN, "Authentication status=%d rc=%d", o_status,rc);
+		RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "authentication error", "");
+		r = false;
+		break;
+	default:
+		RA::Error(FN, "Undefined LDAP Auth Error.");
+		r = false;
+		break;
+	}
+
+	return r;
+}
+
+/**
+ * Request Login info and user id from user, if necessary
+ * This call will allocate a new Login structure,
+ * and a char* for the user id. The caller is responsible
+ * for freeing this memory
+ * @return true of success, false if failure
+ */
+bool RA_Enroll_Processor::RequestUserId(
+			RA_Session * a_session,
+                        NameValueSet *a_extensions,
+			const char * a_configname, 
+			const char * a_tokenType, 
+			char *a_cuid,
+			AuthParams *& o_login, const char *&o_userid, RA_Status &o_status) 
+{
+
+	if (RA::GetConfigStore()->GetConfigAsBool(a_configname, 1)) {
+		if (a_extensions != NULL && 
+		    a_extensions->GetValue("extendedLoginRequest") != NULL) 
+                {
+                   // XXX - extendedLoginRequest
+                   RA::Debug("RA_Enroll_Processor::RequestUserId",
+				"Extended Login Request detected");
+                   AuthenticationEntry *entry = GetAuthenticationEntry(
+			OP_PREFIX, a_configname, a_tokenType);
+                   char **params = NULL;
+                   char pb[1024];
+                   char *locale = NULL;
+		   if (a_extensions != NULL && 
+		       a_extensions->GetValue("locale") != NULL) 
+                   {
+                           locale = a_extensions->GetValue("locale");
+                   } else {
+                           locale = ( char * ) "en"; /* default to english */
+                   }
+                   int n = entry->GetAuthentication()->GetNumOfParamNames();
+                   if (n > 0) {
+                       RA::Debug("RA_Enroll_Processor::RequestUserId",
+				"Extended Login Request detected n=%d", n);
+                       params = (char **) PR_Malloc(n);
+                       for (int i = 0; i < n; i++) {
+                         sprintf(pb,"id=%s&name=%s&desc=%s&type=%s&option=%s",
+                             entry->GetAuthentication()->GetParamID(i),
+                             entry->GetAuthentication()->GetParamName(i, locale),
+                             entry->GetAuthentication()->GetParamDescription(i, locale),
+                             entry->GetAuthentication()->GetParamType(i),
+                             entry->GetAuthentication()->GetParamOption(i)
+                             );
+                         params[i] = PL_strdup(pb);
+                   RA::Debug("RA_Enroll_Processor::RequestUserId", 
+				"params[i]=%s", params[i]);
+                       }
+                   }
+                   RA::Debug("RA_Enroll_Processor::RequestUserId", "Extended Login Request detected calling RequestExtendedLogin() locale=%s", locale);
+
+                   char *title = PL_strdup(entry->GetAuthentication()->GetTitle(locale));
+                   RA::Debug("RA_Enroll_Processor::RequestUserId", "title=%s", title);
+                   char *description = PL_strdup(entry->GetAuthentication()->GetDescription(locale));
+                   RA::Debug("RA_Enroll_Processor::RequestUserId", "description=%s", description);
+		   o_login = RequestExtendedLogin(a_session, 0 /* invalid_pw */, 0 /* blocked */, params, n, title, description);
+		  if (o_login == NULL) {
+			RA::Error("RA_Enroll_Processor::Process", 
+					"login not provided");
+			o_status = STATUS_ERROR_LOGIN;
+			RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, 
+					"enrollment", "failure", "login not found", "");
+			return false;
+		  }
+
+                   RA::Debug("RA_Enroll_Processor::RequestUserId",
+	"Extended Login Request detected calling RequestExtendedLogin() login=%x", o_login);
+		  o_userid = PL_strdup( o_login->GetUID() );
+		  RA::Debug("RA_Enroll_Processor::Process", 
+				"userid = '%s'", o_userid);
+                } else {
+		  o_login = RequestLogin(a_session, 0 /* invalid_pw */, 0 /* blocked */);
+		  if (o_login == NULL) {
+			RA::Error("RA_Enroll_Processor::Process", 
+					"login not provided");
+			o_status = STATUS_ERROR_LOGIN;
+			RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, 
+					"enrollment", "failure", "login not found", o_userid);
+			return false;
+		  }
+		  o_userid = PL_strdup( o_login->GetUID() );
+		  RA::Debug("RA_Enroll_Processor::Process", 
+				"userid = '%s'", o_userid);
+                }
+	}
+	return true;
+}
+
+/**
+ *  Authenticate the user with the configured authentication plugin
+ * @return true if authentication successful
+ */
+
+bool RA_Enroll_Processor::AuthenticateUser(
+			RA_Session * a_session,
+			const char * a_configname, 
+			char *a_cuid,
+			NameValueSet *a_extensions,
+			const char *a_tokenType,
+			AuthParams *& a_login, const char *&o_userid, RA_Status &o_status
+			)
+{
+	bool r=false;
+
+	RA::Debug("RA_Enroll_Processor::AuthenticateUser", "started");
+	if (RA::GetConfigStore()->GetConfigAsBool(a_configname, false)) {
+		if (a_login == NULL) {
+			RA::Error("RA_Enroll_Processor::AuthenticateUser", "Login Request Disabled. Authentication failed.");
+			o_status = STATUS_ERROR_LOGIN;
+			goto loser;
+		}
+
+		RA::Debug("RA_Enroll_Processor::AuthenticateUser",
+				"Authentication enabled");
+		char configname[256];
+		PR_snprintf((char *)configname, 256, "%s.%s.auth.id", OP_PREFIX, a_tokenType);
+		const char *authid = RA::GetConfigStore()->GetConfigAsString(configname);
+		if (authid == NULL) {
+			o_status = STATUS_ERROR_LOGIN;
+			RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "login not found", "");
+			goto loser;
+		}
+		AuthenticationEntry *auth = RA::GetAuth(authid);
+
+		if (auth == NULL) {
+			o_status = STATUS_ERROR_LOGIN;
+			RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "authentication error", "");
+			goto loser;
+		}
+
+		StatusUpdate(a_session, a_extensions, 2, "PROGRESS_START_AUTHENTICATION");
+
+		char *type = auth->GetType();
+		if (type == NULL) {
+			o_status = STATUS_ERROR_LOGIN;
+			RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "authentication is missing param type", "");
+			r = false;
+			goto loser;
+		}
+
+		if (strcmp(type, "LDAP_Authentication") == 0) {
+	                RA::Debug("RA_Enroll_Processor::AuthenticateUser", "LDAP started");
+			r = AuthenticateUserLDAP(a_session, a_extensions, a_cuid, auth, a_login, o_status);
+			o_status = STATUS_ERROR_LOGIN;
+			goto loser;
+		} else {
+			RA::Error("RA_Enroll_Processor::AuthenticateUser", "No Authentication type was found.");
+			o_status = STATUS_ERROR_LOGIN;
+			RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "authentication error", "");
+			r = false;
+			goto loser;
+		}
+	} else {
+		r = true;
+		RA::Debug("RA_Enroll_Processor::AuthenticateUser",
+				"Authentication has been disabled.");
+	}
+	loser:
+		return r;
+}
+
+
+
+
+    /**
+     * Checks if the token has the required key version.
+	 * If not, we can swap out the keys on the token with another
+     * set of keys
+     */
+
+/* XXX AID's should be member variables */
+bool RA_Enroll_Processor::CheckAndUpgradeSymKeys(
+	//RA_Session * a_session,
+	//NameValueSet *a_extensions,
+	//const char * a_configname, 
+	//char *a_cuid,
+	RA_Session *a_session,
+	NameValueSet* a_extensions,
+	char *a_cuid,
+	const char *a_tokenType,
+	char *a_msn,
+	Buffer *a_cardmanagerAID,  /* in */
+	Buffer *a_appletAID,       /* in */
+    Secure_Channel *&o_channel,  /* out */
+	RA_Status &o_status          /* out */
+	)
+{
+	char *FN = ( char * ) "RA_EnrollProcessor::CheckAndUpgradeSymKeys";
+	char configname[256];
+	const char *connid = NULL;
+	const char *tksid = NULL;
+	int rc;
+	bool r = false;
+	Buffer key_data_set;
+
+	// the TKS is responsible for doing much of the symmetric keys update
+	// so lets find which TKS we're talking about TKS now.
+	PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, a_tokenType);
+	tksid = RA::GetConfigStore()->GetConfigAsString(configname);
+
+	PR_snprintf((char *)configname, 256,"%s.%s.update.symmetricKeys.enable", OP_PREFIX, a_tokenType);
+
+	RA::Debug(FN, "Symmetric Keys %s", configname);
+
+	if (RA::GetConfigStore()->GetConfigAsBool(configname, 0)) {
+
+		RA::Debug(LL_PER_CONNECTION, FN, 
+			"tokenType=%s configured to update symmetric keys", a_tokenType);
+
+		// the requiredVersion config parameter indicates what key version
+		// the token should have before further operations. If the token
+		// has an older version, we try to change it.
+		PR_snprintf((char *)configname, 256, 
+			"%s.%s.update.symmetricKeys.requiredVersion", OP_PREFIX, a_tokenType);
+
+		int requiredV = RA::GetConfigStore()->GetConfigAsInt(configname, 0x00);
+
+		// If there was a secure channel set up, let's clear it out
+		if( o_channel != NULL ) {
+			delete o_channel;
+			o_channel = NULL;
+		}
+		// try to make a secure channel with the 'requiredVersion' keys
+		// If this fails, we know we will have to attempt an upgrade
+		// of the keys
+        PR_snprintf((char *)configname, 256,"channel.defKeyIndex");
+        int defKeyIndex = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+		o_channel = SetupSecureChannel(a_session, 
+				requiredV,
+				defKeyIndex  /* default key index */, tksid);
+
+		// If that failed, we need to find out what version of keys 
+		// are on the token
+		if (o_channel != NULL) {
+          r = true;
+        } else {
+			/**
+			 * Select Card Manager for Put Key operation.
+			 */
+			SelectApplet(a_session, 0x04, 0x00, a_cardmanagerAID);
+			/* if the key of the required version is
+			 * not found, create them.
+			 */ 
+			//  This sends a InitializeUpdate request to the token.
+			//  We tell the token to use whatever it thinks is the
+			//  default key version (0). It will return the version
+			//  of the key it actually used later. (This is accessed
+			//  with GetKeyInfoData below)
+			//  [ Note: This is not explained very well in the manual
+			//    The token can have multiple sets of symmetric keys
+			//    Each set is given a version number, which I think is
+			//    better thought of as a SLOT. One key slot is populated
+			//    with a set of keys when the token is manufactured.
+			//    This is then designated as the default key set version.
+			//    Later, we will write a new key set with PutKey, and
+			//    set it to be the new default]
+        PR_snprintf((char *)configname, 256,"channel.defKeyVersion");
+        int defKeyVer = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+        PR_snprintf((char *)configname, 256,"channel.defKeyIndex");
+        int defKeyIndex = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+			o_channel = SetupSecureChannel(a_session, 
+					defKeyVer,  /* default key version */
+					defKeyIndex  /* default key index */, tksid);
+
+			if (o_channel == NULL) {
+            	RA::Audit("Enrollment", "status='error' key_ver=00 cuid='%s' msn='%s' note='failed to create secure channel'", a_cuid, a_msn );
+				RA::Error(FN, "failed to establish secure channel");
+				o_status = STATUS_ERROR_SECURE_CHANNEL;		 
+				RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "secure channel error", "");
+				goto loser;
+			}
+
+			/* Complete the secure channel handshake */
+			/* XXX need real enumeration of error codes here */
+			rc = o_channel->ExternalAuthenticate();
+			if (rc != 1) {
+				RA::Error(FN, "External authentication in secure channel failed");
+				o_status = STATUS_ERROR_EXTERNAL_AUTH;
+				/* XXX should print out error codes */
+				RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "external authentication error", "");
+				goto loser;
+			}
+
+			// Assemble the Buffer with the version information
+			// The second byte is the key offset, which is always 1
+			BYTE nv[2] = { requiredV, 0x01 };
+			Buffer newVersion(nv, 2);
+
+			// GetKeyInfoData will return a buffer which is bytes 11,12 of
+			// the data structure on page 89 of Cyberflex Access Programmer's
+			// Guide
+			// Byte 0 is the key set version.
+			// Byte 1 is the index into that key set
+			Buffer curKeyInfo = o_channel->GetKeyInfoData();
+
+
+			// This code makes a call to the TKS to get a new key set for
+			// the token. The new key set data is written to the Buffer
+			// key_data_set.
+			PR_snprintf((char *)configname, 256,"%s.%s.tks.conn", OP_PREFIX, a_tokenType);
+			connid = RA::GetConfigStore()->GetConfigAsString(configname);
+
+			rc = CreateKeySetData(
+					o_channel->GetKeyDiversificationData(), 
+					curKeyInfo,
+					newVersion,
+					key_data_set, connid);
+			if (rc != 1) {
+				RA::Error(FN, "failed to create new key set");
+				o_status = STATUS_ERROR_CREATE_CARDMGR;
+				RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "create card key error", "");
+				goto loser;
+			}
+
+			StatusUpdate(a_session, a_extensions, 13, "PROGRESS_PUT_KEY");
+
+			// sends a PutKey PDU with the new key set to change the
+			// keys on the token
+			BYTE curVersion = ((BYTE*)curKeyInfo)[0];
+			BYTE curIndex = ((BYTE*)curKeyInfo)[1];
+			rc = o_channel->PutKeys(a_session, 
+					curVersion, 
+					curIndex,
+					&key_data_set);
+			RA::Audit("Enrollment", "op='key_change_over' cuid='%s' msn='%s' old_key_ver='%02x' new_key_ver='%02x'",  a_cuid, a_msn, curVersion, ((BYTE*)newVersion)[0]);
+
+			/**
+			 * Re-select the Applet.
+			 */
+			SelectApplet(a_session, 0x04, 0x00, a_appletAID);
+			if( o_channel != NULL ) {
+				delete o_channel;
+				o_channel = NULL;
+			}
+
+			// Make a new secure channel with the new symmetric keys
+			o_channel = SetupSecureChannel(a_session, requiredV,
+					defKeyIndex  /* default key index */, tksid);
+			if (o_channel == NULL) {
+				RA::Error(FN, "failed to establish secure channel after reselect");
+				o_status = STATUS_ERROR_CREATE_CARDMGR;
+				RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "secure channel setup error", "");
+				goto loser;
+			} else {
+				RA::Debug(FN, "Key Upgrade has completed successfully.");
+				r = true;  // Success!!
+			}
+
+		}
+	} else {
+
+		RA::Debug(FN, "Key Upgrade has been disabled.");
+
+		if( o_channel != NULL ) {
+			delete o_channel;
+			o_channel = NULL;
+		}
+        PR_snprintf((char *)configname, 256,"channel.defKeyVersion");
+        int defKeyVer = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+        PR_snprintf((char *)configname, 256,"channel.defKeyIndex");
+        int defKeyIndex = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+		o_channel = SetupSecureChannel(a_session, 
+				defKeyVer,
+				defKeyIndex  /* default key index */, tksid);
+		r = true;	  // Sucess!!
+	}
+loser:
+	return r;
+}
+
+/**
+ * Processes the current session.
+ */
+TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValueSet *extensions)
+{
+	char *FN = ( char * ) "RA_Enroll_Processor::Process";
+    char configname[256];
+    char *cuid = NULL;
+    char *msn = NULL;
+    PRIntervalTime start, end;
+    RA_Status status = STATUS_NO_ERROR;
+    int rc = -1;
+    Secure_Channel *channel = NULL;
+    Buffer kdd;
+    AuthParams *login = NULL;
+    char *new_pin = NULL;
+#define PLAINTEXT_CHALLENGE_SIZE 16
+#define WRAPPED_CHALLENGE_SIZE 16
+    Buffer *plaintext_challenge = 
+        new Buffer(PLAINTEXT_CHALLENGE_SIZE, (BYTE)0);
+    Buffer *wrapped_challenge = new Buffer(PLAINTEXT_CHALLENGE_SIZE, (BYTE)0);
+    Buffer *key_check = new Buffer(0, (BYTE)0);
+    const char *tokenType = NULL;
+
+    //SecurityLevel security_level = SECURE_MSG_MAC_ENC;
+    BYTE major_version = 0x0;
+    BYTE minor_version = 0x0;
+    BYTE app_major_version = 0x0;
+    BYTE app_minor_version = 0x0;
+    int isPinPresent = 0;
+    Buffer *object = NULL;
+    int seq = 0x00;
+    unsigned long lastFormatVersion = 0x00;
+    unsigned long lastObjectVersion = 0x00;
+    int foundLastObjectVersion = 0;
+    int pkcs11obj_enable = 0;
+    int compress = 0;
+    NameValueSet nv;
+    int o_certNums = 0;
+
+    CertEnroll *certEnroll = NULL;
+
+    Buffer *token_status = NULL;
+    char* appletVersion = NULL;
+	char *final_applet_version = NULL;
+
+    const char *keyVersion = PL_strdup( "" );
+    const char *userid = PL_strdup( "" );
+    char *token_state = PL_strdup("inactive");
+    char *khex = NULL;
+
+    Buffer host_challenge = Buffer(8, (BYTE)0);
+    Buffer key_diversification_data;
+    Buffer key_info_data;
+    Buffer card_challenge;
+    Buffer card_cryptogram;
+    const char *connid = NULL;
+    const char *tksid = NULL;
+    const char *authid = NULL;
+    PKCS11Obj *pkcs11objx = NULL;
+    Buffer labelBuffer;
+    char activity_msg[4096];
+
+    Buffer *CardManagerAID = RA::GetConfigStore()->GetConfigAsBuffer(
+		   RA::CFG_APPLET_CARDMGR_INSTANCE_AID, 
+		   RA::CFG_DEF_CARDMGR_INSTANCE_AID);
+    Buffer *NetKeyAID = RA::GetConfigStore()->GetConfigAsBuffer(
+		    RA::CFG_APPLET_NETKEY_INSTANCE_AID, 
+		    RA::CFG_DEF_NETKEY_INSTANCE_AID);
+    Buffer token_cuid;
+    int maxRetries = 3;
+    const char *pattern = NULL;
+    char *label = NULL;
+    CERTCertificate **certificates = NULL;
+    char **ktypes = NULL;
+    char **origins = NULL;
+    char **tokenTypes = NULL;
+    char *tokentype = NULL;
+	RA_Status st;
+    int token_present = 0;
+
+    RA::Debug("RA_Enroll_Processor::Process", "Client %s", 
+                      session->GetRemoteIP());
+    RA::Debug(LL_PER_PDU, FN, "Begin enroll process");
+
+	// XXX need to validate all user input (convert to 'string' types)
+	// to ensure that no buffer overruns
+    start = PR_IntervalNow();
+
+	/* Get the card serial number */
+	if (!GetCardManagerAppletInfo(session, CardManagerAID, st, msn, cuid, token_cuid)) goto loser;
+
+    /* Get the applet version information */
+	if (!GetAppletInfo(session, NetKeyAID, 
+	/*by ref*/	major_version, minor_version, 
+				app_major_version, app_minor_version )) goto loser;
+
+
+    if (RA::ra_is_token_present(cuid)) {
+      RA::Debug(FN, "Found token %s", cuid);
+      if (RA::ra_is_tus_db_entry_disabled(cuid)) {
+        RA::Error(FN, "CUID %s Disabled", cuid);
+        status = STATUS_ERROR_DISABLED_TOKEN;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "token disabled", "");
+        goto loser;
+      }
+
+      if (!RA::ra_allow_token_reenroll(cuid)) {
+        RA::Error(FN, "CUID %s Re-Enrolled Disallowed", cuid);
+        status = STATUS_ERROR_DISABLED_TOKEN;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "token re-enrollment disallowed", "");
+        goto loser;
+      }
+    } else {
+      RA::Debug(FN, "Not Found token %s", cuid);
+      // This is a new token. We need to check our policy to see
+      // if we should allow enrollment. raidzilla #57414
+      PR_snprintf((char *)configname, 256, "%s.allowUnknownToken", 
+		    OP_PREFIX);
+      if (!RA::GetConfigStore()->GetConfigAsBool(configname, 1)) {
+        RA::Error(FN, "CUID %s Enroll Unknown Token", cuid);
+        status = STATUS_ERROR_DISABLED_TOKEN;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "unknown token disallowed", "");
+        goto loser;
+      }
+    }
+
+    /* XXX - this comment does not belong here
+     *
+     * This is very risky to call initialize and then
+     * external authenticate later on.
+     * The token will be locked if no external authenticate
+     * follows the initialize update.
+     */
+	if (!GetTokenType(OP_PREFIX, major_version, minor_version, 
+						cuid, msn, extensions,
+						status, tokenType)) { /* last two are 'out' params */
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "token type not found", "");
+		goto loser;
+	}
+
+    PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", 
+		    OP_PREFIX, tokenType);
+    tksid = RA::GetConfigStore()->GetConfigAsString(configname);
+    if (tksid == NULL) {
+        RA::Error(FN, "TKS Connection Parameter %s Not Found", configname);
+        status = STATUS_ERROR_DEFAULT_TOKENTYPE_NOT_FOUND;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "token type not found", "");
+        goto loser;
+    }
+
+	/* figure some more information about the applet version */
+	/* XXX should probably move this further down, since the results
+       of this function aren't used til much later */
+	if (!FormatAppletVersionInfo(session, tokenType, cuid,
+		app_major_version, app_minor_version,
+		status,
+		final_applet_version /*out */)) goto loser;
+
+	PR_snprintf((char *)configname, 256, "%s.%s.loginRequest.enable", OP_PREFIX, tokenType);
+	if (!RequestUserId(session, extensions, configname, tokenType, cuid, login, userid, status)){
+		goto loser;
+	}
+    
+    PR_snprintf((char *)configname, 256, "%s.%s.auth.enable", OP_PREFIX, tokenType);
+
+	if (!AuthenticateUser(session, configname, cuid, extensions, 
+				tokenType, login, userid, status)){
+		goto loser;
+	}
+        
+	StatusUpdate(session, extensions, 4, "PROGRESS_APPLET_UPGRADE");
+
+	if (! CheckAndUpgradeApplet(
+		session,
+		extensions,
+		cuid,
+		tokenType,
+		final_applet_version,
+		app_major_version, app_minor_version,
+		//appletVersion,
+		NetKeyAID,
+		status )) {
+		goto loser;
+	}
+	
+
+    isPinPresent = IsPinPresent(session, 0x0);
+
+	StatusUpdate(session, extensions, 12, "PROGRESS_KEY_UPGRADE");
+
+	if (!CheckAndUpgradeSymKeys(
+		session,
+		extensions,
+		cuid,
+		tokenType,
+		msn,
+		CardManagerAID,
+		NetKeyAID,
+		channel,
+		status)) 
+	{
+		goto loser;
+	}
+		
+
+    /* we should have a good channel here */
+    if (channel == NULL) {
+            RA::Error(FN, "no good channel");
+            status = STATUS_ERROR_CREATE_CARDMGR;
+            RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "secure channel setup error", "");
+            goto loser;
+    }
+
+    if (channel != NULL) {
+	if( keyVersion != NULL ) {
+		PR_Free( (char *) keyVersion );
+		keyVersion = NULL;
+	}
+        keyVersion = Util::Buffer2String(channel->GetKeyInfoData());
+    }
+    
+	StatusUpdate(session, extensions, 14, "PROGRESS_TOKEN_AUTHENTICATION");
+
+    rc = channel->ExternalAuthenticate();
+    if (rc == -1) {
+      RA::Error(FN, "external authenticate failed");
+        status = STATUS_ERROR_CREATE_CARDMGR;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "external authentication error", "");
+        goto loser;
+    }
+
+    RA::Debug(LL_PER_CONNECTION, FN, "after SetupSecureChannel, succeeded");
+
+    PR_snprintf((char *)configname, 256, "%s.%s.pinReset.enable", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 1)) {
+
+      PR_snprintf((char *)configname, 256, "%s.%s.pinReset.pin.minLen", OP_PREFIX, tokenType);
+      unsigned int minlen = RA::GetConfigStore()->GetConfigAsUnsignedInt(configname, 4);
+      PR_snprintf((char *)configname, 256,"%s.%s.pinReset.pin.maxLen", OP_PREFIX, tokenType);
+      unsigned int maxlen = RA::GetConfigStore()->GetConfigAsUnsignedInt(configname, 10);
+     
+      new_pin = RequestNewPin(session, minlen, maxlen);
+      if (new_pin == NULL) {
+	RA::Error(FN, "new pin request failed");
+
+        status = STATUS_ERROR_MAC_RESET_PIN_PDU;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "new pin request error", "");
+        goto loser;
+      }
+      RA::Debug(LL_PER_CONNECTION, "RA_Enroll_Processor::Process",
+	      "after RequestNewPin, succeeded");
+
+    PR_snprintf((char *)configname, 256, "%s.%s.pinReset.enable", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 1)) {
+      if (!isPinPresent) {
+    	PR_snprintf((char *)configname, 256, "%s.%s.pinReset.pin.maxRetries", OP_PREFIX, tokenType);
+	maxRetries = RA::GetConfigStore()->GetConfigAsInt(configname, 0x7f);
+        RA::Debug(LL_PER_CONNECTION, FN,
+	      "param=%s maxRetries=%d", configname, maxRetries);
+        rc = channel->CreatePin(0x0, 
+		maxRetries,
+		RA::GetConfigStore()->GetConfigAsString("create_pin.string", "password"));
+        if (rc == -1) {
+	    RA::Error("RA_Enroll_Processor::Process",
+		  "create pin failed");
+
+            status = STATUS_ERROR_MAC_RESET_PIN_PDU;
+            RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "create pin request error", "");
+            goto loser;
+        }
+      }
+    }
+
+      rc = channel->ResetPin(0x0, new_pin);
+      if (rc == -1) {
+	  RA::Error("RA_Enroll_Processor::Process",
+		  "reset pin failed");
+
+          status = STATUS_ERROR_MAC_RESET_PIN_PDU;
+            RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "reset pin request error", "");
+          goto loser;
+      }
+    }
+
+    RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+	      "after ResetPin, succeeded");
+
+    // to help testing, we may use fix challenge
+    PR_snprintf((char *)configname, 256, "%s.%s.generateChallenge", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 1)) {
+      /* generate challenge for enrollment */
+      RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+	      "Generate Challenge");
+      rc = Util::GetRandomChallenge(*plaintext_challenge);
+      if (rc == -1) {
+	RA::Error("RA_Enroll_Processor::Process",
+		  "random challenge creation failed");
+        status = STATUS_ERROR_MAC_ENROLL_PDU;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "general challenge error", "");
+        goto loser;
+      }
+    }
+
+    kdd =  channel->GetKeyDiversificationData();
+    khex = kdd.toHex();
+    RA::Debug("RA_Enroll_Processor::Process", "cuid=%s", khex);
+
+    PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, tokenType);
+    connid = RA::GetConfigStore()->GetConfigAsString(configname);
+    /* wrap challenge with KEK key */
+    rc = EncryptData(kdd,
+      channel->GetKeyInfoData(), *plaintext_challenge, *wrapped_challenge, connid);
+    if (rc == -1) {
+	RA::Error("RA_Enroll_Processor::Process",
+		  "encryt data failed");
+        status = STATUS_ERROR_MAC_ENROLL_PDU;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "challenge encryption error", "");
+        goto loser;
+    }
+    
+    // read objects back
+    PR_snprintf((char *)configname, 256, "%s.%s.pkcs11obj.enable", 
+		    OP_PREFIX, tokenType);
+    pkcs11obj_enable = RA::GetConfigStore()->GetConfigAsBool(configname, 1);
+
+    if (pkcs11obj_enable) {
+      pkcs11objx = new PKCS11Obj();
+
+      // read old objects
+      seq = 0x00;
+      lastFormatVersion = 0x0100;
+      //      lastObjectVersion = 0;
+      if (getRandomNumber(&lastObjectVersion) != SECSuccess) {
+          RA::Error(LL_PER_PDU, "RA_Enroll_Processor::Process",
+	    "Could not generate a random version number...assigning 0x00");
+          lastObjectVersion = 0x00;
+      } else {
+          RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+            "got random version numer: %ul", lastObjectVersion);
+      }
+
+      foundLastObjectVersion = 0;
+      do {
+        object = ListObjects(session, seq);
+	if (object == NULL) {
+		seq = 0;
+	} else {
+		seq = 1; // get next entry
+		Buffer objectID = object->substr(0, 4);
+		Buffer objectLen = object->substr(4, 4);
+		unsigned long objectIDVal = 
+			((((BYTE *)objectID)[0] << 24)) + 
+			((((BYTE *)objectID)[1] << 16)) + 
+			((((BYTE *)objectID)[2] << 8)) + 
+			((((BYTE *)objectID)[3]));
+		unsigned long objectLenVal = 
+			((((BYTE *)objectLen)[0] << 24)) + 
+			((((BYTE *)objectLen)[1] << 16)) + 
+			((((BYTE *)objectLen)[2] << 8)) + 
+			((((BYTE *)objectLen)[3]));
+
+		Buffer *o = channel->ReadObject((BYTE*)objectID, 0, 
+				(int)objectLenVal);
+        if (o == NULL) {
+          status = STATUS_ERROR_CREATE_TUS_TOKEN_ENTRY;
+          goto loser;
+        }
+
+		if (((unsigned char *)objectID)[0] == 'z' && 
+				((unsigned char *)objectID)[1] == '0') {
+			lastFormatVersion = (((BYTE*)*o)[0] << 8) + 
+					(((BYTE*)*o)[1]);
+			lastObjectVersion = (((BYTE*)*o)[2] << 8) + 
+					(((BYTE*)*o)[3]);
+      			foundLastObjectVersion = 1;
+
+			//
+			delete pkcs11objx;
+			pkcs11objx = PKCS11Obj::Parse(o, 0);
+			seq = 0;
+		} else {
+			ObjectSpec *objSpec = 
+				ObjectSpec::ParseFromTokenData(objectIDVal, o);
+			if (objSpec != NULL) {
+				pkcs11objx->AddObjectSpec(objSpec);
+			}
+		}
+
+		delete o; 
+		delete object;
+	}
+      } while (seq != 0);
+
+    }
+
+    rc = RA::tdb_add_token_entry((char *)userid, cuid, "uninitialized");
+    if (rc == -1) {
+        status = STATUS_ERROR_CREATE_TUS_TOKEN_ENTRY;
+        goto loser;
+    }
+
+	StatusUpdate(session, extensions, 15, "PROGRESS_PROCESS_PROFILE");
+
+    tokentype = (char *)malloc(256 * sizeof(char)) ;
+    PL_strcpy(tokentype, tokenType);
+    /* generate signing key on netkey */
+    if (!GenerateCertsAfterRecoveryPolicy(login, session, origins, ktypes, tokentype, pkcs11objx, 
+      pkcs11obj_enable, extensions, channel, wrapped_challenge, 
+      key_check, plaintext_challenge, cuid, msn, final_applet_version, 
+      khex, userid, status, certificates, o_certNums, tokenTypes))
+        goto loser;
+    else {
+        if (status == STATUS_NO_ERROR) {
+            if (!GenerateCertificates(login, session, origins, ktypes, tokentype, pkcs11objx, 
+              pkcs11obj_enable, extensions, channel, wrapped_challenge, 
+              key_check, plaintext_challenge, cuid, msn, final_applet_version, 
+              khex, userid, status, certificates, o_certNums, tokenTypes))
+                goto loser;
+        }
+    }
+
+    // read objects back
+    if (pkcs11obj_enable) {
+      pkcs11objx->SetFormatVersion(lastFormatVersion);
+      if (foundLastObjectVersion) {
+          while (lastObjectVersion == 0xff) {
+              if (getRandomNumber(&lastObjectVersion) != SECSuccess) {
+                  RA::Error(LL_PER_PDU, "RA_Enroll_Processor::Process",
+                    "Encounter 0xff, could not generate a random version number...assigning 0x00");
+                  lastObjectVersion = 0x00;
+              } else {
+                  RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+                    "Encounter 0xff, got random version numer: %ul", lastObjectVersion);
+              }
+           }
+
+           pkcs11objx->SetObjectVersion(lastObjectVersion+1);
+      } else {
+      	pkcs11objx->SetObjectVersion(lastObjectVersion);
+      }
+      pkcs11objx->SetCUID(token_cuid);
+
+      RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", 
+              "about to write certificate chain");
+
+      /* add additional certificate objects */
+      PR_snprintf((char *)configname, 256, "%s.certificates.num", 
+		    OP_PREFIX);
+      int certNum = RA::GetConfigStore()->GetConfigAsInt(configname);
+      for (int i = 0; i < certNum; i++) {
+
+        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", 
+              "root certificate #%d", i);
+
+        PR_snprintf((char *)configname, 256, "%s.certificates.value.%d", 
+		    OP_PREFIX, i);
+        char *certName = (char *)RA::GetConfigStore()->GetConfigAsString(configname);
+
+        /* retrieve certificate info */
+        PR_snprintf((char *)configname, 256, "%s.certificates.%s.nickName", 
+		    OP_PREFIX, certName);
+        char *certNickName = (char *)RA::GetConfigStore()->GetConfigAsString(configname);
+        PR_snprintf((char *)configname, 256, "%s.certificates.%s.certId", 
+		    OP_PREFIX, certName);
+        char *certId = (char *)
+          RA::GetConfigStore()->GetConfigAsString(configname, "C0");
+
+/*
+op.enroll.certificates.num=1
+op.enroll.certificates.value.0=caCert
+op.enroll.certificates.caCert.nickName=caCert0 fpki-tps
+op.enroll.certificates.caCert.certId=C5
+op.enroll.certificates.caCert.certAttrId=c5
+op.enroll.certificates.caCert.label=caCert Label
+ */
+
+        /* retrieve certificate */
+        CERTCertificate *cert = CERT_FindCertByNickname(
+                CERT_GetDefaultCertDB(), certNickName);
+
+        if (cert == NULL) {
+          RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", 
+              "Cannot find certificate %s", certNickName);
+        } else {
+          RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", 
+              "Found certificate %s", certNickName);
+
+          /* add certificate to z object */
+          Buffer *certBuf = new Buffer((BYTE*)cert->derCert.data, 
+                        (unsigned int)cert->derCert.len);
+          RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", 
+              "Certificate buffer created");
+	      ObjectSpec *objSpec = ObjectSpec::ParseFromTokenData(
+				(certId[0] << 24) +
+				(certId[1] << 16), certBuf);
+	      pkcs11objx->AddObjectSpec(objSpec);
+          RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", 
+              "Certificate object Added to PKCS11 Object");
+
+          /* add PK11 attributes */
+        PR_snprintf((char *)configname, 256, "%s.certificates.%s.label", 
+		    OP_PREFIX, certName);
+        char *certLabel = (char *)RA::GetConfigStore()->GetConfigAsString(configname);
+        PR_snprintf((char *)configname, 256, "%s.certificates.%s.certAttrId", 
+		    OP_PREFIX, certName);
+        char *certAttrId = (char *)
+          RA::GetConfigStore()->GetConfigAsString(configname, "c0");
+
+          Buffer *keyid = NULL;
+          if (cert->subjectKeyID.data != NULL) {
+            keyid = new Buffer((BYTE*)cert->subjectKeyID.data,
+                                    (unsigned int)cert->subjectKeyID.len);
+          } else {
+            SECItem *pubKeyData = PK11_GetPubIndexKeyID(cert) ;
+            SECItem *tmpitem = PK11_MakeIDFromPubKey(pubKeyData);
+            RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", 
+              "Got Key ID");
+         
+             
+            keyid = new Buffer((BYTE*)tmpitem->data, 
+                                         (unsigned int)tmpitem->len);
+          }
+
+	      Buffer b = channel->CreatePKCS11CertAttrsBuffer(
+						  KEY_TYPE_ENCRYPTION /* not being used */, 
+                          certAttrId, certLabel, keyid);
+          RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", 
+              "Created buffer for PKCS11 cert attributes");
+	      objSpec = ObjectSpec::ParseFromTokenData(
+							   (certAttrId[0] << 24) +
+							   (certAttrId[1] << 16),
+							   &b);
+	      pkcs11objx->AddObjectSpec(objSpec);
+          RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", 
+              "Added PKCS11 certificate attribute");
+        }
+      }
+      
+      // build label
+      PR_snprintf((char *)configname, 256, "%s.%s.keyGen.tokenName", 
+		    OP_PREFIX, tokentype);
+      RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "tokenName '%s'",
+		   configname);
+      pattern = RA::GetConfigStore()->GetConfigAsString(configname, "$cuid$");
+      nv.Add("cuid", cuid);
+      nv.Add("msn", msn);
+      nv.Add("userid", userid);
+      nv.Add("profileId", tokenType);
+
+      /* populate auth parameters output to nv also */
+      /* so we can reference to the auth parameter by */
+      /* using $auth.cn$, or $auth.mail$ */
+      RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "Check login");
+      if (login != NULL) {
+        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "Found login");
+        int s = login->Size();
+        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "login size=%d", s);
+        for (int x = 0; x < s; x++) {
+           char namebuf[2048];
+           char *name = login->GetNameAt(x);
+           sprintf(namebuf, "auth.%s", name);
+           if (strcmp(name,"PASSWORD") != 0) {
+             RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "Exposed %s=%s", namebuf, login->GetValue(name));
+           }
+           nv.Add(namebuf, login->GetValue(name));
+        }
+      }
+      label = MapPattern(&nv, (char *) pattern);
+      RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "labelName '%s'",
+		   label);
+      labelBuffer = Buffer((BYTE*)label, strlen(label));
+      pkcs11objx->SetTokenName(labelBuffer); 
+
+      // write PKCS11 Obj
+      BYTE objid[4];
+
+      objid[0] = 'z';
+      objid[1] = '0';
+      objid[2] = 0;
+      objid[3] = 0;
+      Buffer xb;
+
+      PR_snprintf((char *)configname, 256, "%s.%s.pkcs11obj.compress.enable", 
+		    OP_PREFIX, tokentype);
+      compress = RA::GetConfigStore()->GetConfigAsBool(configname, 1);
+
+      if (compress) {
+      	xb = pkcs11objx->GetCompressedData(); 
+        RA::Debug("RA_Enroll_Processor::Process PKCSData", "Compressed Data");
+      } else {
+      	xb = pkcs11objx->GetData(); 
+        RA::Debug("RA_Enroll_Processor::Process PKCSData", "Uncompressed Data");
+      }
+      RA::DebugBuffer("RA_Enroll_Processor::Process PKCSData", "PKCS Data=", &xb);
+
+	BYTE perms[6];
+
+	perms[0] = 0xff;
+	perms[1] = 0xff;
+	perms[2] = 0x40;
+	perms[3] = 0x00;
+	perms[4] = 0x40;
+	perms[5] = 0x00;
+
+	if (channel->CreateObject(objid, perms, xb.size()) != 1) {
+	  status = STATUS_ERROR_MAC_ENROLL_PDU;
+	  goto loser;
+	}
+      //      channel->CreateObject(objid, xb.size());
+	if (channel->WriteObject(objid, (BYTE*)xb, xb.size()) != 1) {
+	  status = STATUS_ERROR_MAC_ENROLL_PDU;
+	  goto loser;
+	}
+    }
+
+	StatusUpdate(session, extensions, 90, "PROGRESS_SET_LIFE_CYCLE_STATE");
+
+    // add issuer info to the token
+    PR_snprintf((char *)configname, 256, "%s.%s.issuerinfo.enable",
+          OP_PREFIX, tokenType);
+    RA::Debug("RA_Enroll_Processor", "Getting %s", configname);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 0)) {
+        if (channel != NULL) {
+            char issuer[224];
+            for (int i = 0; i < 224; i++) {
+              issuer[i] = 0;
+            }
+            PR_snprintf((char *)configname, 256, "%s.%s.issuerinfo.value",
+               OP_PREFIX, tokenType);
+            char *issuer_val = (char*)RA::GetConfigStore()->GetConfigAsString(
+                                   configname);
+            RA::Debug("RA_Enroll_Processor", 
+              "Before pattern substitution mapping is %s", issuer_val);
+            issuer_val = MapPattern(&nv, (char *) issuer_val);
+            RA::Debug("RA_Enroll_Processor", 
+              "After pattern substitution mapping is %s", issuer_val);
+            sprintf(issuer, "%s", issuer_val);
+            RA::Debug("RA_Enroll_Processor", "Set Issuer Info %s", issuer_val);
+            Buffer *info = new Buffer((BYTE*)issuer, 224);
+            rc = channel->SetIssuerInfo(info);
+        }
+    }
+
+    /* write lifecycle bit */
+    RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "Set Lifecycle State");
+    rc = channel->SetLifecycleState(0x0f);
+    if (rc == -1) {
+        RA::Error("RA_Enroll_Processor::Process",
+		"Set life cycle state failed");
+        status = STATUS_ERROR_MAC_LIFESTYLE_PDU;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "set life cycle state error", "");
+        goto loser;
+    }
+
+    rc = channel->Close();
+    if (rc == -1) {
+        RA::Error("RA_Enroll_Processor::Process",
+		"Failed to close channel");
+        status = STATUS_ERROR_CONNECTION;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "channel not closed", "");
+        goto loser;
+    }
+    
+	StatusUpdate(session, extensions, 100, "PROGRESS_DONE");
+
+    status = STATUS_NO_ERROR;
+
+    sprintf(activity_msg, "applet_version=%s tokenType=%s userid=%s", 
+           final_applet_version, tokentype, userid);
+    RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "success", activity_msg, userid);
+    RA::tdb_update((char *)userid, cuid, (char *)final_applet_version, (char *)keyVersion, "active", "");
+
+    RA::tdb_update_certificates(cuid, tokenTypes, (char*)userid, certificates, ktypes, origins, o_certNums);
+
+    rc = 1;
+
+    end = PR_IntervalNow();
+
+    /* audit log for successful enrollment */
+    if (authid == NULL)
+        RA::Audit("Enrollment", "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' time='%d msec'",
+          final_applet_version, keyVersion, cuid, msn, userid, ((PR_IntervalToMilliseconds(end) - PR_IntervalToMilliseconds(start))));
+    else 
+        RA::Audit("Enrollment", "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' auth='%s' time='%d msec'",
+          final_applet_version, keyVersion, cuid, msn, userid, authid, ((PR_IntervalToMilliseconds(end) - PR_IntervalToMilliseconds(start))));
+
+loser:
+    if (tokenTypes != NULL) {
+        for (int nn=0; nn<o_certNums; nn++) {
+            if (tokenTypes[nn] != NULL)
+                PL_strfree(tokenTypes[nn]);
+            tokenTypes[nn] = NULL;
+        }
+        free(tokenTypes);
+    }
+
+    if( certEnroll != NULL ) {
+        delete certEnroll;
+        certEnroll = NULL;
+    }
+
+    if (certificates != NULL) {
+	   for (int i=0;i < o_certNums; i++) {
+ 			if (certificates[i] != NULL) {
+				CERT_DestroyCertificate(certificates[i]);
+			}
+	   }
+       free(certificates);
+    }
+    if (ktypes != NULL) {
+       free(ktypes);
+    }
+
+    if( CardManagerAID != NULL ) {
+        delete CardManagerAID;
+        CardManagerAID = NULL;
+    }
+    if( NetKeyAID != NULL ) {
+        delete NetKeyAID;
+        NetKeyAID = NULL;
+    }
+    if( login != NULL ) {
+        delete login;
+        login = NULL;
+    }
+    if( channel != NULL ) {
+        delete channel;
+        channel = NULL;
+    }
+    if( new_pin != NULL ) {
+        PL_strfree( new_pin );
+        new_pin = NULL;
+    }
+    if( key_check != NULL ) {
+        delete key_check;
+        key_check = NULL;
+    }
+    if( wrapped_challenge != NULL ) {
+        delete wrapped_challenge;
+        wrapped_challenge = NULL;
+    }
+    if( plaintext_challenge != NULL ) {
+        delete plaintext_challenge;
+        plaintext_challenge = NULL;
+    }
+    if( token_status != NULL ) {
+        delete token_status;
+        token_status = NULL;
+    }
+    /*
+    if( final_applet_version != NULL ) {
+        PR_Free( (char *) final_applet_version );
+        final_applet_version = NULL;
+    }
+    */
+    if( appletVersion != NULL ) {
+        PR_Free( (char *) appletVersion );
+        appletVersion = NULL;
+    }
+    if( khex != NULL ) {
+        PR_Free( khex );
+        khex = NULL;
+    }
+    if( keyVersion != NULL ) {
+        PR_Free( (char *) keyVersion );
+        keyVersion = NULL;
+    }
+    if( userid != NULL ) {
+        PR_Free( (char *) userid );
+        userid = NULL;
+    }
+    if (token_state != NULL) {
+        PR_Free((char *)token_state);
+        token_state = NULL;
+    }
+    if( cuid != NULL ) {
+        PR_Free( cuid );
+        cuid = NULL;
+    }
+    if( msn != NULL ) {
+        PR_Free( msn );
+        msn = NULL;
+    }
+    if( label != NULL ) {
+        PL_strfree( (char *) label );
+        label = NULL;
+    }
+    if (tokentype != NULL) {
+        PR_Free(tokentype);
+    }
+    if (pkcs11objx != NULL) {
+      delete pkcs11objx;
+    }
+
+#ifdef   MEM_PROFILING     
+            MEM_dump_unfree();
+#endif
+
+    return status;
+}
+
+
+bool RA_Enroll_Processor::GenerateCertificates(AuthParams *login, RA_Session *session, char **&origins, char **&ktypes, 
+  char *tokenType, PKCS11Obj *pkcs11objx, int pkcs11obj_enable, 
+  NameValueSet *extensions, Secure_Channel *channel, Buffer *wrapped_challenge,
+  Buffer *key_check, Buffer *plaintext_challenge, char *cuid, char *msn,
+  const char *final_applet_version, char *khex, const char *userid, RA_Status &o_status, 
+  CERTCertificate **&certificates, int &o_certNums, char **&tokenTypes) {
+
+    bool r=true;
+    int keyTypeNum = 0;
+    int i = 0;
+    char configname[256];
+	const char *FN = "RA_Enroll_Processor::GenerateCertificates";
+
+
+    RA::Debug(LL_PER_CONNECTION,FN, "tokenType=%s", tokenType); 
+    PR_snprintf((char *)configname, 256, "%s.%s.keyGen.keyType.num", OP_PREFIX, tokenType);
+    keyTypeNum = RA::GetConfigStore()->GetConfigAsInt(configname);
+    if (keyTypeNum == 0) {
+        r = false;
+        RA::Error(LL_PER_CONNECTION,FN,
+                        "Profile parameters are not found");
+        o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+        goto loser; 
+    }
+    
+    certificates = (CERTCertificate **) malloc (sizeof(CERTCertificate *) * keyTypeNum);
+    o_certNums = keyTypeNum;
+    for (i=0; i<keyTypeNum; i++) {
+		certificates[i] = NULL;
+	}
+    ktypes = (char **) malloc (sizeof(char *) * keyTypeNum);
+    origins = (char **) malloc (sizeof(char *) * keyTypeNum);
+    tokenTypes = (char **) malloc (sizeof(char *) * keyTypeNum);
+
+    for (i=0; i<keyTypeNum; i++) {
+
+        PR_snprintf((char *)configname, 256, "%s.%s.keyGen.keyType.value.%d", OP_PREFIX, tokenType, i);
+        const char *keyTypeValue = RA::GetConfigStore()->GetConfigAsString(configname, "signing");
+
+        r = GenerateCertificate(login,keyTypeNum, keyTypeValue, i, session, origins, ktypes, tokenType,
+          pkcs11objx, pkcs11obj_enable, extensions, channel, wrapped_challenge,
+          key_check, plaintext_challenge, cuid, msn, final_applet_version,
+          khex, userid, o_status, certificates);
+
+        tokenTypes[i] = PL_strdup(tokenType);
+    }
+
+ loser:
+    return r;
+}
+
+bool RA_Enroll_Processor::GenerateCertificate(AuthParams *login, int keyTypeNum, const char *keyTypeValue, int i, RA_Session *session, 
+  char **origins, char **ktypes, char *tokenType, PKCS11Obj *pkcs11objx, int pkcs11obj_enable,
+  NameValueSet *extensions, Secure_Channel *channel, Buffer *wrapped_challenge,
+  Buffer *key_check, Buffer *plaintext_challenge, char *cuid, char *msn,
+  const char *final_applet_version, char *khex, const char *userid, 
+  RA_Status &o_status, CERTCertificate **certificates)
+{
+    bool r = true;
+    char configname[256];
+    char keyTypePrefix[200];
+	const char *FN="RA_Enroll_Processor::GenerateCertificate";
+
+    PR_snprintf((char *)keyTypePrefix, 256, "%s.%s.keyGen.%s", OP_PREFIX, tokenType, keyTypeValue);
+    RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::GenerateCertificate","keyTypePrefix is %s",keyTypePrefix);
+    PR_snprintf((char *)configname, 256, "%s.ca.profileId", keyTypePrefix);
+    const char *profileId = RA::GetConfigStore()->GetConfigAsString(configname, "");
+    PR_snprintf((char *)configname, 256,"%s.certId", keyTypePrefix);
+    const char *certId = RA::GetConfigStore()->GetConfigAsString(configname, "C0");
+    PR_snprintf((char *)configname, 256, "%s.certAttrId", keyTypePrefix);
+    const char *certAttrId = RA::GetConfigStore()->GetConfigAsString(configname, "c0");
+    PR_snprintf((char *)configname, 256, "%s.privateKeyAttrId", keyTypePrefix);
+    const char *priKeyAttrId = RA::GetConfigStore()->GetConfigAsString(configname, "k0"); 
+    PR_snprintf((char *)configname,  256,"%s.publicKeyAttrId", keyTypePrefix);
+    const char *pubKeyAttrId = RA::GetConfigStore()->GetConfigAsString(configname, "k1");
+    PR_snprintf((char *)configname, 256, "%s.keySize", keyTypePrefix);
+    int keySize = RA::GetConfigStore()->GetConfigAsInt(configname, 1024);
+
+    PR_snprintf((char *)configname, 256, "%s.publisherId", keyTypePrefix);
+    const char *publisherId = RA::GetConfigStore()->GetConfigAsString(configname, NULL);
+
+    PR_snprintf((char *)configname, 256, "%s.keyUsage", keyTypePrefix);
+    int keyUsage = RA::GetConfigStore()->GetConfigAsInt(configname, 0);
+    PR_snprintf((char *)configname, 256, "%s.keyUser", keyTypePrefix);
+    int keyUser = RA::GetConfigStore()->GetConfigAsInt(configname, 0);
+    PR_snprintf((char *)configname, 256, "%s.privateKeyNumber", keyTypePrefix);
+    int priKeyNumber = RA::GetConfigStore()->GetConfigAsInt(configname, 0);
+    PR_snprintf((char *)configname, 256, "%s.publicKeyNumber", keyTypePrefix);
+    int pubKeyNumber = RA::GetConfigStore()->GetConfigAsInt(configname, 1);
+
+
+    // get key capabilites to determine if the key type is SIGNING, 
+    // ENCRYPTION, or SIGNING_AND_ENCRYPTION
+    PR_snprintf((char *)configname, 256, "%s.private.keyCapabilities.sign", keyTypePrefix);
+    bool isSigning = RA::GetConfigStore()->GetConfigAsBool(configname);
+    PR_snprintf((char *)configname, 256, "%s.public.keyCapabilities.encrypt", keyTypePrefix);
+    bool isEncrypt = RA::GetConfigStore()->GetConfigAsBool(configname);
+    int keyTypeEnum = 0;
+
+    if ((isSigning) &&
+        (isEncrypt)) {
+        keyTypeEnum = KEY_TYPE_SIGNING_AND_ENCRYPTION;
+    } else if (isSigning) {
+        keyTypeEnum = KEY_TYPE_SIGNING;
+    } else if (isEncrypt) {
+        keyTypeEnum = KEY_TYPE_ENCRYPTION;
+    }
+    RA::Debug(LL_PER_CONNECTION,FN,
+		"key type is %d",keyTypeEnum);
+
+    PR_snprintf((char *)configname, 256, "%s.ca.conn", keyTypePrefix);
+    const char *caconnid = RA::GetConfigStore()->GetConfigAsString(configname);
+    certificates[i] = NULL;
+    ktypes[i] = NULL;
+    origins[i] = NULL;
+
+    o_status = DoEnrollment(login, session, certificates, origins, ktypes, pkcs11obj_enable,
+                    pkcs11objx, extensions, i, keyTypeNum,
+                    15 /* start progress */,
+                    90 /* end progress */, channel, wrapped_challenge,
+          tokenType,
+          keyTypeValue,
+          key_check,
+          plaintext_challenge,
+          cuid,
+          msn,
+          khex, (TokenKeyType)keyTypeEnum, profileId, userid, certId,publisherId, certAttrId, priKeyAttrId,
+          pubKeyAttrId, (keyUser << 4)+priKeyNumber,
+          (keyUsage << 4)+pubKeyNumber, keySize, caconnid, keyTypePrefix,(char *)final_applet_version);
+
+    if (o_status != STATUS_NO_ERROR) {
+        r = false;
+
+        RA::Debug(LL_PER_CONNECTION,FN,
+			"Got a status error from DoEnrollment:  %d", o_status);
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "enrollment error", "");
+        goto loser;
+    }
+
+ loser:
+
+    return r;
+}
+  
+bool RA_Enroll_Processor::GenerateCertsAfterRecoveryPolicy(AuthParams *login, RA_Session *session, char **&origins, char **&ktypes, 
+  char *&tokenType, PKCS11Obj *pkcs11objx, int pkcs11obj_enable, 
+  NameValueSet *extensions, Secure_Channel *channel, Buffer *wrapped_challenge,
+  Buffer *key_check, Buffer *plaintext_challenge, char *cuid, char *msn,
+  const char *final_applet_version, char *khex, const char *userid, RA_Status &o_status, 
+  CERTCertificate **&certificates, int &o_certNums, char **&tokenTypes)
+{
+    LDAPMessage *ldapResult = NULL;
+    LDAPMessage *e = NULL;
+    int nEntries = 0;
+    char filter[512];
+    char configname[512];
+    char tokenStatus[100];
+    char *tokenid = NULL;
+    int rc = -1;
+    bool r=true;
+    o_status = STATUS_NO_ERROR;
+    char *origTokenType = NULL;
+
+	const char *FN="RA_Enroll_Process::GenerateCertsAfterRecoveryPolicy";
+    PR_snprintf(filter, 512, "tokenUserID=%s", userid);
+    
+    rc = RA::ra_find_tus_token_entries_no_vlv(filter, &ldapResult, 1);
+  
+    if (rc != LDAP_SUCCESS) {
+        RA::Debug(LL_PER_CONNECTION,FN,
+			"Cant find any tokens associated with the userid=%s. "
+			"There should be at least one token.", userid);
+        r = false;
+        o_status = STATUS_ERROR_INACTIVE_TOKEN_NOT_FOUND;
+        goto loser;
+    } else {
+        nEntries = RA::ra_get_number_of_entries(ldapResult);
+        for (e = RA::ra_get_first_entry(ldapResult); e != NULL; e = RA::ra_get_next_entry(e)) {   
+            char ** attr_values = RA::ra_get_attribute_values(e, "tokenStatus");
+            RA::Debug(LL_PER_CONNECTION,FN, "tokenStatus = %s",
+              attr_values[0]);
+
+            strcpy(tokenStatus, attr_values[0]);
+            // free attr_values
+            if (attr_values != NULL) {
+              int cc = 0;
+              while (attr_values[cc] != NULL) {
+                free(attr_values[cc]);
+                cc++;
+              }
+              free(attr_values); 
+            }
+            tokenid = RA::ra_get_token_id(e);
+            RA::Debug(LL_PER_CONNECTION,FN, "tokenID = %s", tokenid);
+            int cmp_result = PL_strcasecmp(tokenid, cuid);
+            free(tokenid);
+            if (cmp_result == 0) {
+                if (PL_strcasecmp(tokenStatus, "uninitialized") == 0 ) {
+                    if (nEntries == 1) {
+                        // need to do enrollment outside
+                        break;
+                    } else {
+                        RA::Debug(LL_PER_CONNECTION,FN,
+                          "There are multiple token entries for user %s.", userid);
+
+                        if (RA::ra_tus_has_active_tokens((char *)userid) == 0) {
+                            r = false;
+                            o_status = STATUS_ERROR_HAS_AT_LEAST_ONE_ACTIVE_TOKEN;
+                            RA::Debug(LL_PER_CONNECTION,FN, "User already has one active token.");
+                            goto loser;
+                        } else {
+                            // 1) current token is in active state
+                            // 2) there are no other active tokens for this user
+                            // 3) that means the previous one is the lost one
+                            // get the most recent previous token:
+                            LDAPMessage *prev = RA::ra_get_next_entry(e);
+                            char *reason = RA::ra_get_token_reason(prev);
+                            char *lostTokenCUID = RA::ra_get_token_id(prev);
+
+                            // if the previous one is lost, then check lost reason
+                            origTokenType = PL_strdup(tokenType);
+                            if (PL_strcasecmp(reason, "keyCompromise") == 0) {
+                                r = ProcessRecovery(login, reason, session, origins, ktypes,
+                                  tokenType, pkcs11objx, pkcs11obj_enable,
+                                  extensions, channel, wrapped_challenge,
+                                  key_check, plaintext_challenge, cuid, msn,
+                                  final_applet_version, khex, userid,
+                                  o_status, certificates, lostTokenCUID, o_certNums, tokenTypes, origTokenType); 
+
+                                break;
+                            } else if (PL_strcasecmp(reason, "onHold") == 0) {
+                                // then the inactive one becomes the temp token
+                                // No recovery scheme, basically we are going to
+                                // do the brand new enrollment
+                                PR_snprintf(configname, 512, "op.enroll.%s.temporaryToken.tokenType", tokenType);
+                                char *tempTokenType = (char *)(RA::GetConfigStore()->GetConfigAsString(configname, "userKeyTemporary"));
+                                RA::Debug(LL_PER_CONNECTION,FN, 
+									"Token type for temporary token: %s", tempTokenType);
+                                PL_strcpy(tokenType, tempTokenType);
+                                r = ProcessRecovery(login, reason, session, origins, ktypes,
+                                  tokenType, pkcs11objx, pkcs11obj_enable,
+                                  extensions, channel, wrapped_challenge,
+                                  key_check, plaintext_challenge, cuid, msn,
+                                  final_applet_version, khex, userid,
+                                  o_status, certificates, lostTokenCUID, o_certNums, tokenTypes, origTokenType); 
+
+                                break;
+                            } else if (PL_strcasecmp(reason, "destroyed") == 0) {
+                                r = ProcessRecovery(login, reason, session, origins, ktypes,
+                                  tokenType, pkcs11objx, pkcs11obj_enable,
+                                  extensions, channel, wrapped_challenge,
+                                  key_check, plaintext_challenge, cuid, msn,
+                                  final_applet_version, khex, userid,
+                                  o_status, certificates, lostTokenCUID, o_certNums, tokenTypes, origTokenType); 
+
+                                break;
+                            } else {
+                                r = false;
+                                o_status = STATUS_ERROR_NO_SUCH_LOST_REASON;
+                                RA::Debug(LL_PER_CONNECTION,FN,
+                                  "No such lost reason=%s for this cuid=%s",
+                                  reason, cuid);
+                                goto loser;
+                            }
+                        }
+                    }
+                } else if (strcmp(tokenStatus, "active") == 0) {
+                    r = true;
+                    RA::Debug(LL_PER_CONNECTION,FN,
+						"This is the active token. You can re-enroll if the re-enroll=true.");
+                    break;
+                } else if (strcmp(tokenStatus, "terminated") == 0) {
+                    RA::Debug(LL_PER_CONNECTION,FN,
+                      "terminated token cuid=%s", cuid);
+                    r = false;
+                    o_status = STATUS_ERROR_CONTACT_ADMIN;
+                    goto loser;
+                } else if (strcmp(tokenStatus, "lost") == 0) {
+                    char *reason = RA::ra_get_token_reason(e);
+                    if (strcmp(reason, "keyCompromise") == 0) {
+                        r = false;
+                        o_status = STATUS_ERROR_UNUSABLE_TOKEN_KEYCOMPROMISE;
+                        RA::Debug(LL_PER_CONNECTION,FN,
+							"This token cannot be reused because it has been reported lost");
+                        goto loser;
+                    } else if (strcmp(reason, "onHold") == 0) {
+                        if (RA::ra_tus_has_active_tokens((char *)userid) == 0) {
+                            r = false;
+                            o_status = STATUS_ERROR_HAS_AT_LEAST_ONE_ACTIVE_TOKEN;
+                            RA::Debug(LL_PER_CONNECTION,FN,
+								"User already has an active token.");
+                            goto loser;
+                        } else { // change it back to active token
+                            r = false;
+                            o_status = STATUS_ERROR_CONTACT_ADMIN;
+                            RA::Debug(LL_PER_CONNECTION,FN,
+				"User needs to contact administrator to report lost token (it should be put on Hold).");
+                            break;
+                        }
+                    } else if (strcmp(reason, "destroyed") == 0) {
+                        r = false;
+                        RA::Debug(LL_PER_CONNECTION,FN,
+							"This destroyed lost case should not be executed because the token is so damaged. It should not get here");
+                        o_status = STATUS_ERROR_TOKEN_DISABLED;
+                        goto loser;
+                    } else {
+                        RA::Debug(LL_PER_CONNECTION,FN,
+							"No such lost reason=%s for this cuid=%s", reason, cuid);
+                        r = false;
+                        o_status = STATUS_ERROR_NO_SUCH_LOST_REASON;
+                        goto loser;
+                    }
+                } else {
+                    RA::Debug(LL_PER_CONNECTION,FN,
+                      "No such token status for this cuid=%s", cuid);
+                    r = false;
+                    o_status = STATUS_ERROR_NO_SUCH_TOKEN_STATE;
+                    goto loser;
+                }
+            } else { // cuid != cuid of the current token
+                continue;
+/*
+                if (RA::ra_tus_has_active_tokens((char *)userid) == 0) {
+                    r = false;
+                    o_status = STATUS_ERROR_HAS_AT_LEAST_ONE_ACTIVE_TOKEN;
+                    RA::Debug("RA_Enroll_Processor::GenerateCertsAfterRecoveryPolicy", "You already have one active token.");
+                    goto loser;
+                } else
+                    continue;
+*/
+            }
+        }
+    }
+
+ loser:
+    if (origTokenType != NULL) {
+        PL_strfree(origTokenType);
+        origTokenType = NULL;
+    }
+    if (rc == 0)
+        if (ldapResult != NULL)
+            ldap_msgfree(ldapResult);
+
+
+RA::Debug("RA_Enroll_Processor::GenerateCertsAfterRecoveryPolicy", "boolean = %d", r); 
+    return r;
+}
+
+bool RA_Enroll_Processor::ProcessRecovery(AuthParams *login, char *reason, RA_Session *session, char **&origins, char **&ktypes,
+  char *tokenType, PKCS11Obj *pkcs11objx, int pkcs11obj_enable,
+  NameValueSet *extensions, Secure_Channel *channel, Buffer *wrapped_challenge,
+  Buffer *key_check, Buffer *plaintext_challenge, char *cuid, char *msn,
+  const char *final_applet_version, char *khex, const char *userid,
+  RA_Status &o_status, CERTCertificate **&certificates, char *lostTokenCUID,
+  int &o_certNums, char **&tokenTypes, char *origTokenType)
+{
+    bool r = true;
+    o_status = STATUS_ERROR_RECOVERY_IS_PROCESSED;
+    char keyTypePrefix[256];
+    char configname[256];
+    char filter[256];
+    LDAPMessage *result = NULL;
+    char *o_pub = NULL;
+    char *o_priv = NULL;
+    const char *connid = NULL;
+    bool tksServerKeygen = false;
+    bool serverKeygen = false;
+    bool archive = false;
+    const char *pretty_cuid = NULL;
+
+    int i = 0;
+    const char *FN="RA_Enroll_Processor::ProcessRecovery";
+
+    PR_snprintf(configname, 256, "op.enroll.%s.keyGen.recovery.%s.keyType.num",
+      tokenType, reason);
+    int keyTypeNum = RA::GetConfigStore()->GetConfigAsInt(configname, -1);
+    if (keyTypeNum == -1) {
+        RA::Debug("RA_Enroll_Processor::ProcessRecovery", "Missing the configuration parameter for %s", configname);
+        r = false;
+        o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+        goto loser;
+    }
+
+RA::Debug("RA_Enroll_Processor::ProcessRecovery", "keyTypenum=%d", keyTypeNum);
+
+    o_certNums = keyTypeNum;
+    certificates = (CERTCertificate **) malloc (sizeof(CERTCertificate *) * keyTypeNum);
+    ktypes = (char **) malloc (sizeof(char *) * keyTypeNum);
+    origins = (char **) malloc (sizeof(char *) * keyTypeNum);
+    tokenTypes = (char **) malloc (sizeof(char *) * keyTypeNum);
+    for (i=0; i<keyTypeNum; i++) {
+        PR_snprintf(configname, 256, "op.enroll.%s.keyGen.recovery.%s.keyType.value.%d", tokenType, reason, i);
+        const char *keyTypeValue = (char *)(RA::GetConfigStore()->GetConfigAsString(configname));
+
+RA::Debug("RA_Enroll_Processor::ProcessRecovery", "keyType == %s ", keyTypeValue);
+
+        if (keyTypeValue == NULL) {
+            RA::Debug("RA_Enroll_Processor::ProcessRecovery",
+              "Missing the configuration parameter for %s", configname);
+            r = false;
+            o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+            goto loser;
+        }
+        PR_snprintf(configname, 256, "op.enroll.%s.keyGen.%s.recovery.%s.scheme", tokenType, keyTypeValue, reason);
+        char *scheme = (char *)(RA::GetConfigStore()->GetConfigAsString(configname));
+        if (scheme == NULL) {
+            RA::Debug("RA_Enroll_Processor::ProcessRecovery",
+            "Missing the configuration parameter for %s", configname);
+            r = false;
+            o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+            goto loser;
+        }
+
+        // set allowable $$ config patterns
+        NameValueSet nv;
+        pretty_cuid = GetPrettyPrintCUID(cuid);
+
+        nv.Add("pretty_cuid", pretty_cuid);
+        nv.Add("cuid", cuid);
+        nv.Add("msn", msn);
+        nv.Add("userid", userid);
+        //nv.Add("profileId", profileId);
+
+        /* populate auth parameters output to nv also */
+        /* so we can reference to the auth parameter by */
+        /* using $auth.cn$, or $auth.mail$ */
+        if (login != NULL) {
+          int s = login->Size();
+          for (int x = 0; x < s; x++) {
+             char namebuf[2048];
+             char *name = login->GetNameAt(x);
+             sprintf(namebuf, "auth.%s", name);
+             nv.Add(namebuf, login->GetValue(name));
+          }
+        }
+
+
+        if (PL_strcasecmp(scheme, "GenerateNewKey") == 0) {
+            RA::Debug("RA_Enroll_Processor::ProcessRecovery", "Generate new key for %s", keyTypeValue);
+            r = GenerateCertificate(login, keyTypeNum, keyTypeValue, i, session, origins, ktypes, tokenType,
+              pkcs11objx, pkcs11obj_enable, extensions, channel, wrapped_challenge,
+              key_check, plaintext_challenge, cuid, msn, final_applet_version,
+              khex, userid, o_status, certificates);
+            tokenTypes[i] = PL_strdup(tokenType);
+            if (o_status == STATUS_NO_ERROR)
+                o_status = STATUS_ERROR_RECOVERY_IS_PROCESSED;
+        } else if (PL_strcasecmp(scheme, "RecoverLast") == 0) {
+            RA::Debug("RA_Enroll_Processor::RecoverLast", "Recover the key for %s", keyTypeValue);
+            PR_snprintf(filter, 256, "(&(tokenKeyType=%s)(tokenID=%s))",
+              keyTypeValue, lostTokenCUID);       
+            int rc = RA::ra_find_tus_certificate_entries_by_order_no_vlv(filter,
+              &result, 1);
+ 
+            tokenTypes[i] = PL_strdup(origTokenType);
+            char **attr = (char **) malloc (sizeof(char *) * keyTypeNum);
+            if (rc == LDAP_SUCCESS) {
+                // retrieve the most recent certificate, we just recover the most
+                // recent one
+                LDAPMessage *e = RA::ra_get_first_entry(result);
+                if (e != NULL) {
+                    CERTCertificate **certs = RA::ra_get_certificates(e);
+                    if (certs[0] != NULL) {
+                        RA::Debug("RA_Enroll_Processor::ProcessRecovery",
+                          "Certificate used to restore the private key");
+                        PR_snprintf(configname, 256, 
+                          "op.enroll.%s.keyGen.%s.serverKeygen.drm.conn", tokenType, keyTypeValue);
+                        const char *drmconnid = RA::GetConfigStore()->GetConfigAsString(configname);
+                        if (drmconnid == NULL) {
+                            RA::Debug("RA_Enroll_Processor::ProcessRecovery",
+                              "Missing the configuration parameter for %s", configname);
+                              r = false;
+                            o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+                            goto loser;
+                        }
+       
+			RA::Debug("RA_Enroll_Processor::ProcessRecovery", "begin recovery code");
+
+			SECKEYPublicKey *pk_p = NULL;
+			SECItem si_mod;
+			Buffer *modulus=NULL;
+			SECItem *si_kid = NULL;
+			Buffer *keyid=NULL;
+			SECItem si_exp;
+			Buffer *exponent=NULL;
+	CERTSubjectPublicKeyInfo*  spkix = NULL;
+
+			/*XXX should decide later whether some of the following should
+			  be stored with token entry during enrollment*/
+			int keysize = 1024; //XXX hardcode for now
+			int pubKeyNumber = 5; //XXX hardcode for now
+			int priKeyNumber = 4; //XXX hardcode for now
+			int keyUsage = 0; //XXX hardcode for now
+			int keyUser = 0; //XXX hardcode for now
+			const char *certId="C2";
+			const char *certAttrId="c2";
+			const char *privateKeyAttrId="k4";
+			const char *publicKeyAttrId="k5";
+
+            PR_snprintf((char *)configname, 256, "%s.%s.keyGen.%s.label", 
+		            OP_PREFIX, tokenType, keyTypeValue);
+            RA::Debug(LL_PER_CONNECTION,FN,
+		        "label '%s'", configname);
+            const char *pattern = RA::GetConfigStore()->GetConfigAsString(configname);
+			const char* label = MapPattern(&nv, (char *) pattern);
+
+			//XXX these attr functions shouldn't take config params
+            PR_snprintf(keyTypePrefix, 256, "op.enroll.%s.keyGen.encryption", tokenType);
+
+			BYTE objid[4];
+
+			objid[0] = 0xFF;
+			objid[1] = 0x00;
+			objid[2] = 0xFF;
+			objid[3] = 0xF3;
+
+			char *tmp_c = NULL;
+			if (certs[0] != NULL) {
+			  tmp_c = NSSBase64_EncodeItem(0, 0, 0, &(certs[0]->derCert));
+			  RA::Debug("RA_Enroll_Processor::ProcessRecovery", "after NSSBase64_EncodeItem");
+			} else {
+			  RA::Debug("RA_Enroll_Processor::ProcessRecovery", "no cert!!");
+			  goto rloser;
+			}
+
+			if ((tmp_c == NULL) || (tmp_c =="")) {
+			  RA::Debug("RA_Enroll_Processor::ProcessRecovery", "NSSBase64_EncodeItem failed");
+			  goto rloser;
+			}
+			RA::Debug("RA_Enroll_Processor::ProcessRecovery", "NSSBase64_EncodeItem succeeded");
+			attr[0] = PL_strdup(tmp_c);
+			RA::Debug("RA_Enroll_Processor::ProcessRecovery", "b64 encoded cert =%s",attr[0]);
+			
+                        // get serverKeygen and archive, check if they are enabled.
+                        PR_snprintf((char *)configname, 256, "%s.%s.keyGen.%s.serverKeygen.enable", 
+		          OP_PREFIX, tokenType, keyTypeValue);
+                        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+	                  "looking for config %s", configname);
+                        serverKeygen = RA::GetConfigStore()->GetConfigAsBool(configname, 0);
+                        PR_snprintf((char *)configname, 256, "%s.%s.keyGen.%s.serverKeygen.archive",
+                          OP_PREFIX, tokenType, keyTypeValue);
+                        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+	                  "looking for config %s", configname);
+                        archive = RA::GetConfigStore()->GetConfigAsBool(configname, 0);
+			PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, tokenType);
+			connid = RA::GetConfigStore()->GetConfigAsString(configname);
+                        tksServerKeygen = false;
+                        if (connid != NULL) {
+                            PR_snprintf((char *)configname, 256, "conn.%s.serverKeygen", connid);
+                            tksServerKeygen = RA::GetConfigStore()->GetConfigAsBool(configname, 0);
+                        } else {
+			    r = false;
+			    o_status = STATUS_ERROR_NO_TKS_CONNID;
+                            RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::ProcessRecovery", "Missing tks.connid");
+			    goto rloser;
+                        }
+                        
+                        if (tksServerKeygen && archive && serverKeygen) {
+                            RA::RecoverKey(session, lostTokenCUID, userid, 
+				                           channel->getDrmWrappedDESKey(),
+				                           attr[0], &o_pub, &o_priv,
+				                           (char *)drmconnid);
+                        } else {
+			    r = false;
+			    o_status = STATUS_ERROR_KEY_ARCHIVE_OFF;
+                            RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::ProcessRecovery", "Archival is turned off");
+			    goto rloser;
+                        }
+
+			if (o_pub == NULL) {
+			  RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::DoEnrollment()", "RecoverKey called, o_pub is NULL");
+			  r = false;
+			  o_status = STATUS_ERROR_RECOVERY_FAILED;
+			  goto rloser;
+			} else
+			  RA::Debug(LL_PER_PDU, "DoEnrollment", "o_pub = %s", o_pub);
+
+			if (o_priv == NULL) {
+			  RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::DoEnrollment()", "RecoverKey called, o_priv is NULL");
+			  /* XXX
+			     r = false;
+			     o_status = STATUS_ERROR_RECOVERY_FAILED;
+			     goto rloser;
+			  */
+			} else
+			  RA::Debug(LL_PER_PDU, "DoEnrollment", "o_priv = %s", o_priv);
+
+
+			RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::ProcessRecovery()", "key injection for RecoverKey occurs here");
+			/*
+			 * the following code converts b64-encoded public key info into SECKEYPublicKey
+			 */
+			SECStatus rv;
+			SECItem der;
+			CERTSubjectPublicKeyInfo*  spki;
+               
+			der.type = (SECItemType) 0; /* initialize it, since convertAsciiToItem does not set it */
+			rv = ATOB_ConvertAsciiToItem (&der, o_pub);
+			if (rv != SECSuccess){
+			  RA::Debug("RA_Enroll_Processor::ProcessRecovery", "after converting public key, rv is failure");
+			  SECITEM_FreeItem(&der, PR_FALSE);
+			  r = false;
+			  o_status = STATUS_ERROR_RECOVERY_FAILED;
+			  goto rloser;
+			}else {
+			  RA::Debug(LL_PER_PDU, "ProcessRecovery", "item len=%d, item type=%d",der.len, der.type);
+
+			  spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&der);
+			  SECITEM_FreeItem(&der, PR_FALSE);
+
+			  if (spki != NULL) {
+			    RA::Debug("RA_Enroll_Processor::ProcessRecovery", "after converting public key spki is not NULL");
+			    pk_p = SECKEY_ExtractPublicKey(spki);
+			    if (pk_p != NULL)
+			      RA::Debug("RA_Enroll_Processor::ProcessRecovery", "after converting public key pk_p is not NULL");
+			    else
+			      RA::Debug("RA_Enroll_Processor::ProcessRecovery", "after converting public key, pk_p is NULL");
+			  } else
+			    RA::Debug("RA_Enroll_Processor::ProcessRecovery", "after converting public key, spki is NULL");
+
+			}
+			SECKEY_DestroySubjectPublicKeyInfo(spki);
+
+			if( pk_p == NULL ) {
+			    RA::Debug("RA_Enroll_Processor::ProcessRecovery",
+                          "pk_p is NULL; unable to continue");
+			    r = false;
+			    o_status = STATUS_ERROR_RECOVERY_FAILED;
+			    goto rloser;
+            }
+
+			/* fill in keyid, modulus, and exponent */
+
+			si_mod = pk_p->u.rsa.modulus;
+			modulus = new Buffer((BYTE*) si_mod.data, si_mod.len);
+
+			spkix = SECKEY_CreateSubjectPublicKeyInfo(pk_p);
+
+			/* 
+			 * RFC 3279
+			 * The keyIdentifier is composed of the 160-bit SHA-1 hash of the
+			 * value of the BIT STRING subjectPublicKey (excluding the tag,
+			 * length, and number of unused bits).
+			 */
+			spkix->subjectPublicKey.len >>= 3;
+			si_kid = PK11_MakeIDFromPubKey(&spkix->subjectPublicKey);
+			spkix->subjectPublicKey.len <<= 3;
+			SECKEY_DestroySubjectPublicKeyInfo(spkix);
+
+			keyid = new Buffer((BYTE*) si_kid->data, si_kid->len);
+			si_exp = pk_p->u.rsa.publicExponent;
+			exponent =  new Buffer((BYTE*) si_exp.data, si_exp.len);
+
+			RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+				  " keyid, modulus and exponent are retrieved");
+
+                        ktypes[i] = strdup(keyTypeValue);
+                        // We now store the token id of the original token
+                        // that generates this certificate so we can
+                        // tell if the certificate should be operated
+                        // on or not during formation operation
+                        origins[i] = strdup(lostTokenCUID);
+                        certificates[i] = certs[0];
+
+
+			// Create KeyBlob for private key, but first b64 decode it
+			/* url decode o_priv */
+			{
+			  Buffer priv_keyblob;
+			  Buffer *decodeKey = Util::URLDecode(o_priv);
+			  //RA::DebugBuffer("cfu debug"," private key =",decodeKey);
+			  priv_keyblob =
+			    Buffer(1, 0x01) + // encryption
+			    Buffer(1, 0x09)+ // keytype is RSAPKCS8Pair
+			    Buffer(1,(BYTE)(keysize/256)) + // keysize is two bytes
+			    Buffer(1,(BYTE)(keysize%256)) +
+			    Buffer((BYTE*) *decodeKey, decodeKey->size());
+			  delete decodeKey;
+
+			  //inject PKCS#8 private key
+			  BYTE perms[6];
+
+			  perms[0] = 0x40;
+			  perms[1] = 0x00;
+			  perms[2] = 0x40;
+			  perms[3] = 0x00;
+			  perms[4] = 0x40;
+			  perms[5] = 0x00;
+
+			  if (channel->CreateObject(objid, perms, priv_keyblob.size()) != 1) {
+			    r = false;
+			    goto rloser;
+			  }
+
+			  if (channel->WriteObject(objid, (BYTE*)priv_keyblob, priv_keyblob.size()) != 1) {
+			    r = false;
+			    goto rloser;
+			  }
+			}
+
+			/* url decode the wrapped kek session key and keycheck*/
+			{
+			  Buffer data;
+			  /*
+			    RA::Debug(LL_PER_PDU, "", "getKekWrappedDESKey() returns =%s", channel->getKekWrappedDESKey());
+			    RA::Debug(LL_PER_PDU, "", "getKeycheck() returns =%s", channel->getKeycheck());
+			  */
+			  Buffer *decodeKey = Util::URLDecode(channel->getKekWrappedDESKey());
+
+			  /*
+			    RA::Debug(LL_PER_PDU, "", "des key item len=%d",
+			    decodeKey->size());
+			    RA::DebugBuffer("cfu debug", "DES key =", decodeKey);
+			  */
+			  char *keycheck = channel->getKeycheck();
+			  Buffer *decodeKeyCheck = Util::URLDecode(keycheck);
+			  if (keycheck)
+			    PL_strfree(keycheck);
+
+			  /*
+			    RA::Debug(LL_PER_PDU, "", "keycheck item len=%d",
+			    decodeKeyCheck->size());
+			    RA::DebugBuffer("cfu debug", "key check=", decodeKeyCheck);
+			  */
+
+			  //XXX need randomize this later
+			  BYTE iv[] = {0x01, 0x01,0x01,0x01,0x01,0x01,0x01,0x01};
+
+			  data =
+			    Buffer((BYTE*)objid, 4)+ // object id
+			    Buffer(1, 0x08) + // key type is DES3: 8
+			    Buffer(1, (BYTE) decodeKey->size()) + // 1 byte length
+			    Buffer((BYTE *) *decodeKey, decodeKey->size())+ // key -encrypted to 3des block
+			    // check size
+			    // key check
+			    Buffer(1, (BYTE) decodeKeyCheck->size()) + //keycheck size
+			    Buffer((BYTE *) *decodeKeyCheck , decodeKeyCheck->size())+ // keycheck
+			    Buffer(1, 0x08)+ // IV_Length
+			    Buffer((BYTE*)iv, 8);
+
+			  //      RA::DebugBuffer("cfu debug", "ImportKeyEnc data buffer =", &data);
+
+			  delete decodeKey;
+			  delete decodeKeyCheck;
+
+			  if (channel->ImportKeyEnc((keyUser << 4)+priKeyNumber,
+						    (keyUsage << 4)+pubKeyNumber, &data) != 1) {
+			    r = false;
+			    goto rloser;
+			  }
+			}
+
+			{
+			  Buffer *certbuf = new Buffer(certs[0]->derCert.data, certs[0]->derCert.len);
+			  ObjectSpec *objSpec = 
+			    ObjectSpec::ParseFromTokenData(
+							   (certId[0] << 24) +
+							   (certId[1] << 16),
+							   certbuf);
+			  pkcs11objx->AddObjectSpec(objSpec);
+			}
+			{
+			  Buffer b = channel->CreatePKCS11CertAttrsBuffer(
+									  KEY_TYPE_ENCRYPTION , certAttrId, label, keyid);
+			  ObjectSpec *objSpec = 
+			    ObjectSpec::ParseFromTokenData(
+							   (certAttrId[0] << 24) +
+							   (certAttrId[1] << 16),
+							   &b);
+			  pkcs11objx->AddObjectSpec(objSpec);
+			}
+
+			{
+			  Buffer b = channel->CreatePKCS11PriKeyAttrsBuffer(KEY_TYPE_ENCRYPTION, 
+									    privateKeyAttrId, label, keyid, modulus, OP_PREFIX, 
+									    tokenType, keyTypePrefix);
+			  ObjectSpec *objSpec = 
+			    ObjectSpec::ParseFromTokenData(
+							   (privateKeyAttrId[0] << 24) +
+							   (privateKeyAttrId[1] << 16),
+							   &b);
+			  pkcs11objx->AddObjectSpec(objSpec);
+			}
+
+			{
+			  Buffer b = channel->CreatePKCS11PubKeyAttrsBuffer(KEY_TYPE_ENCRYPTION, 
+									    publicKeyAttrId, label, keyid, 
+									    exponent, modulus, OP_PREFIX, tokenType, keyTypePrefix);
+			  ObjectSpec *objSpec = 
+			    ObjectSpec::ParseFromTokenData(
+							   (publicKeyAttrId[0] << 24) +
+							   (publicKeyAttrId[1] << 16),
+							   &b);
+			  pkcs11objx->AddObjectSpec(objSpec);
+			}
+		    rloser:
+
+			if( modulus != NULL ) {
+			  delete modulus;
+			  modulus = NULL;
+			}
+			if( keyid != NULL ) {
+			  delete keyid;
+			  keyid = NULL;
+			}
+			if( exponent != NULL ) {
+			  delete exponent;
+			  exponent = NULL;
+			}
+			if( attr[0] != NULL ) {
+			  PR_Free(attr[0]);
+			  attr[0] = NULL;
+			}
+			if( o_pub != NULL ) {
+			  PR_Free(o_pub);
+			  o_pub = NULL;
+			}
+
+			if (o_priv !=NULL) {
+			  PR_Free(o_priv);
+			  o_priv = NULL;
+			}
+
+			if( si_kid != NULL ) {
+			  SECITEM_FreeItem( si_kid, PR_TRUE );
+			  si_kid = NULL;
+			}
+			if( label != NULL ) {
+			  PL_strfree( (char *) label );
+			  label = NULL;
+			}
+
+                    }
+                }
+            } else {
+	      r = false;
+	      o_status = STATUS_ERROR_LDAP_CONN;
+	      goto loser;
+            }
+            RA::Debug("RA_Enroll_Processor::ProcessRecovery", 
+		      "Filter to find certificates = %s", filter);
+            RA::Debug("RA_Enroll_Processor::ProcessRecovery", 
+		      "Recover key for %s", keyTypeValue);
+        } else {
+	      RA::Debug("RA_Enroll_Processor::ProcessRecovery", 
+		    "Misconfigure parameter for %s", configname);
+	      r = false;
+	      o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+	      goto loser;
+        }
+    }
+
+ loser:
+    if( pretty_cuid != NULL ) {
+        PR_Free( (char *) pretty_cuid );
+        pretty_cuid = NULL;
+    }
+
+    return r;
+}
+
+int RA_Enroll_Processor::DoPublish(const char *cuid,SECItem *encodedPublicKeyInfo,Buffer *cert,const char *publisher_id,char *applet_version)
+{
+
+        int res = 0;
+
+        CERTCertificate *certObj = NULL;
+		const char *FN="DoPublish";
+
+        unsigned char *public_key_data = NULL;
+        int public_key_len = 0;
+        PRTime not_before,not_after;
+
+        // 1980 epoch offset
+
+        PRTime ul_1980 = ((365 * 10 + 2) * 86400);
+
+
+        if(! encodedPublicKeyInfo)
+        {
+            return 0;
+        }
+
+
+        RA::Debug(LL_PER_CONNECTION,FN, "1980 epoch offset %u ",ul_1980);
+
+        PRUint32  ul_not_before, ul_not_after;
+
+        int key_type =  1;    
+
+        RA::Debug(LL_PER_CONNECTION,FN, "We got a public key back. Now attempt publish operation.");
+
+        public_key_data = encodedPublicKeyInfo->data;
+        public_key_len = encodedPublicKeyInfo->len;
+
+        unsigned long applet_version_long =  0;
+
+        char *end = NULL;
+
+        if(applet_version)
+        {
+            applet_version_long = (unsigned long) strtol((const char *)applet_version,&end,16);
+        }
+        if(cuid)
+        {
+            RA::Debug(LL_PER_CONNECTION,FN,
+				"cuid %s public_key_len %ud",cuid,public_key_len);
+
+        }
+        if(cert)
+        {
+            RA::Debug(LL_PER_CONNECTION,FN,
+				"cert.size() %ld. cert %s",cert->size(),(char *) (BYTE *) cert);
+
+            certObj = CERT_DecodeCertFromPackage((char *) cert->string(), (int) cert->size());
+        }
+        RA::Debug(LL_PER_CONNECTION,FN,
+				"certObj %p.",certObj);
+
+        if(certObj && cuid != NULL)
+        {
+             RA::Debug(LL_PER_CONNECTION,FN,
+				 "We got pointer to Certificate data.");
+             CERT_GetCertTimes (certObj, &not_before, &not_after);
+
+             ul_not_before = ( PRUint32 )( not_before/1000000 );
+             ul_not_after = ( PRUint32 )( not_after/1000000 );
+
+             RA::Debug(LL_PER_CONNECTION,FN,
+				"Cert date not_before %u not_after %u.",ul_not_before,ul_not_after);
+
+              // Convert to 1980 epoch time
+
+              ul_not_before -= (PRUint32) ul_1980;
+              ul_not_after  -= (PRUint32) ul_1980;
+
+
+              RA::Debug(LL_PER_CONNECTION,FN,
+					"Cert date, after 1980 translation, not_before %ul not_after %ul.",ul_not_before,ul_not_after);
+
+
+              PublisherEntry *publish = RA::getPublisherById(publisher_id);
+
+              if(publish != NULL)
+              {
+                  RA::Debug(LL_PER_CONNECTION,FN,
+						"publisher %s ",publish->id);
+              }
+              else
+              {
+                   RA::Debug(LL_PER_CONNECTION,FN,
+						"publisher %s not found ",publisher_id);
+
+              }
+
+              res = 0;
+              if(publish && publish->publisher  )
+              {
+                  IPublisher *pb = publish->publisher;
+                  RA::Debug(LL_PER_CONNECTION,FN,
+					"publisher %p ",pb);
+                  res = pb->publish((unsigned char *) cuid,(int) strlen(cuid),(long) key_type,(unsigned char *) public_key_data,(int) public_key_len,(unsigned long)ul_not_before,(unsigned long) ul_not_after,applet_version_long,applet_version_long - ul_1980);
+
+              }
+              if(!res)
+              {
+                   RA::Debug(LL_PER_CONNECTION,FN,
+						"Publish failed.");
+              }
+              else
+              {
+                    RA::Debug(LL_PER_CONNECTION,FN,
+						"Publish success.");
+              }
+        }
+        else
+        {
+            RA::Debug(LL_PER_CONNECTION,FN,
+					"No Publish failed Either cuid or certObj is NULL.");
+        }
+
+        if(certObj)
+        {
+
+            CERT_DestroyCertificate(certObj);
+        }
+        return res;
+}
diff --git a/pki/base/tps/src/processor/RA_Format_Processor.cpp b/pki/base/tps/src/processor/RA_Format_Processor.cpp
new file mode 100644
index 000000000..386421654
--- /dev/null
+++ b/pki/base/tps/src/processor/RA_Format_Processor.cpp
@@ -0,0 +1,869 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <string.h>
+
+#include "main/RA_Session.h"
+#include "main/RA_Msg.h"
+#include "main/Buffer.h"
+#include "main/Util.h"
+#include "engine/RA.h"
+#include "channel/Secure_Channel.h"
+#include "msg/RA_SecureId_Request_Msg.h"
+#include "msg/RA_SecureId_Response_Msg.h"
+#include "msg/RA_New_Pin_Request_Msg.h"
+#include "msg/RA_New_Pin_Response_Msg.h"
+#include "processor/RA_Processor.h"
+#include "processor/RA_Format_Processor.h"
+#include "cms/CertEnroll.h"
+#include "httpClient/httpc/response.h"
+#include "main/Memory.h"
+#include "tus/tus_db.h"
+#include "ldap.h"
+
+#define OP_PREFIX "op.format"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a processor for handling upgrade operation.
+ */
+TPS_PUBLIC RA_Format_Processor::RA_Format_Processor ()
+{
+}
+
+/**
+ * Destructs upgrade processor.
+ */
+TPS_PUBLIC RA_Format_Processor::~RA_Format_Processor ()
+{
+}
+
+/**
+ * Processes the current session.
+ */
+TPS_PUBLIC RA_Status RA_Format_Processor::Process(RA_Session *session, NameValueSet *extensions)
+{
+    char configname[256];
+    char *cuid = NULL;
+    char *msn = NULL;
+    const char *tokenType = NULL;
+    PRIntervalTime start, end;
+    RA_Status status = STATUS_NO_ERROR;
+    int rc = -1;
+    Secure_Channel *channel = NULL;
+    Buffer kdd;
+    AuthParams *login = NULL;
+    // char *new_pin = NULL;
+    const char *applet_dir;
+    bool upgrade_enc = false;
+    SecurityLevel security_level = SECURE_MSG_MAC_ENC;
+
+    Buffer *buildID = NULL;
+    Buffer *token_status = NULL;
+    const char* required_version = NULL;
+    const char *appletVersion = NULL;
+    const char *final_applet_version = NULL;
+    const char *userid = PL_strdup( "" );
+    // BYTE se_p1 = 0x00;
+    // BYTE se_p2 = 0x00;
+    const char *expected_version;
+    int requiredV = 0;
+    const char *tksid = NULL;
+    const char *authid = NULL;
+    AuthParams *authParams = NULL;
+    Buffer host_challenge = Buffer(8, (BYTE)0);
+    Buffer key_diversification_data;
+    Buffer key_info_data;
+    Buffer card_challenge;
+    Buffer card_cryptogram;
+    Buffer *cplc_data = NULL;
+    char activity_msg[4096];
+    LDAPMessage *ldapResult = NULL;
+    LDAPMessage *e = NULL;
+    LDAPMessage  *result = NULL;
+    char serial[100];
+    char *statusString;
+    char filter[512];
+    int statusNum;
+    Buffer curKeyInfo;
+    BYTE curVersion;
+    bool tokenFound = false;
+    int finalKeyVersion = 0;
+    char *keyVersion = NULL;
+    char *xuserid = NULL;
+
+    Buffer *CardManagerAID = RA::GetConfigStore()->GetConfigAsBuffer(
+		   RA::CFG_APPLET_CARDMGR_INSTANCE_AID, 
+		   RA::CFG_DEF_CARDMGR_INSTANCE_AID);
+    Buffer *NetKeyAID = RA::GetConfigStore()->GetConfigAsBuffer(
+		    RA::CFG_APPLET_NETKEY_INSTANCE_AID, 
+		    RA::CFG_DEF_NETKEY_INSTANCE_AID);
+    Buffer key_data_set;
+    Buffer token_cuid;
+    Buffer token_msn;
+    RA::Debug(LL_PER_PDU, "RA_Format_Processor::Process",
+	      "Begin upgrade process");
+
+    BYTE major_version = 0x0;
+    BYTE minor_version = 0x0;
+    BYTE app_major_version = 0x0;
+    BYTE app_minor_version = 0x0;
+        const char *connid = NULL;
+        int upgrade_rc;
+
+    start = PR_IntervalNow();
+
+    RA::Debug("RA_Format_Processor::Process", "Client %s",                       session->GetRemoteIP());
+
+
+    SelectApplet(session, 0x04, 0x00, CardManagerAID);
+    cplc_data = GetData(session);
+    if (cplc_data == NULL) {
+          RA::Error("RA_Format_Processor::Process",
+                        "Get Data Failed");
+          status = STATUS_ERROR_SECURE_CHANNEL;
+          goto loser;
+    }
+    RA::DebugBuffer("RA_Format_Processor::process", "CPLC Data = ", 
+                        cplc_data);
+    if (cplc_data->size() < 47) {
+          RA::Error("RA_Format_Processor::Process",
+                        "Invalid CPLC Size");
+          status = STATUS_ERROR_SECURE_CHANNEL;
+          goto loser;
+    }
+    token_cuid =  Buffer(cplc_data->substr(3,4)) +
+             Buffer(cplc_data->substr(19,2)) +
+             Buffer(cplc_data->substr(15,4));
+    RA::DebugBuffer("RA_Format_Processor::process", "Token CUID= ",
+                        &token_cuid);
+    cuid = Util::Buffer2String(token_cuid);
+
+    token_msn = Buffer(cplc_data->substr(41, 4));
+    RA::DebugBuffer("RA_Format_Processor::process", "Token MSN= ",
+                        &token_msn);
+    msn = Util::Buffer2String(token_msn);
+
+
+    /**
+     * Checks if the netkey has the required applet version.
+     */
+    SelectApplet(session, 0x04, 0x00, NetKeyAID);
+    token_status = GetStatus(session, 0x00, 0x00);
+    if (token_status == NULL) {
+        major_version = 0;
+        minor_version = 0;
+        app_major_version = 0x0;
+        app_minor_version = 0x0;
+    } else {
+        major_version = ((BYTE*)*token_status)[0];
+        minor_version = ((BYTE*)*token_status)[1];
+        app_major_version = ((BYTE*)*token_status)[2];
+        app_minor_version = ((BYTE*)*token_status)[3];
+    }
+
+    RA::Debug(LL_PER_PDU, "RA_Format_Processor::Process",
+	      "Major=%d Minor=%d", major_version, minor_version);
+    RA::Debug(LL_PER_PDU, "RA_Format_Processor::Process",
+	      "Applet Major=%d Applet Minor=%d", app_major_version, app_minor_version);
+
+
+    if (RA::ra_is_token_present(cuid)) {
+       RA::Debug("RA_Format_Processor::Process",
+	      "Found token %s", cuid);
+
+      if (RA::ra_is_tus_db_entry_disabled(cuid)) {
+        RA::Error("RA_Format_Processor::Process",
+                        "CUID %s Disabled", cuid);
+        status = STATUS_ERROR_DISABLED_TOKEN;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "token disabled", "");
+        goto loser;
+      }
+    } else {
+       RA::Debug("RA_Format_Processor::Process",
+	      "Not Found token %s", cuid);
+      // This is a new token. We need to check our policy to see
+      // if we should allow enrollment. raidzilla #57414
+      PR_snprintf((char *)configname, 256, "%s.allowUnknownToken",
+            OP_PREFIX);
+      if (!RA::GetConfigStore()->GetConfigAsBool(configname, 1)) {
+        RA::Error("Process", "CUID %s Format Unknown Token", cuid);
+        status = STATUS_ERROR_DISABLED_TOKEN;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "unknown token disallowed", "");
+        goto loser;
+      }
+
+    }
+
+    if (!GetTokenType(OP_PREFIX, major_version,
+                    minor_version, cuid, msn,
+                    extensions, status, tokenType)) {
+        goto loser;
+    }
+
+    PR_snprintf((char *)configname, 256, "%s.%s.tks.conn",
+                    OP_PREFIX, tokenType);
+    tksid = RA::GetConfigStore()->GetConfigAsString(configname);
+    if (tksid == NULL) {
+        RA::Error("RA_Format_Processor::Process",
+                        "TKS Connection Parameter %s Not Found", configname);
+        status = STATUS_ERROR_DEFAULT_TOKENTYPE_NOT_FOUND;
+        goto loser;
+    }
+
+    buildID = GetAppletVersion(session);
+    if (buildID == NULL) {
+        PR_snprintf((char *)configname, 256, "%s.%s.update.applet.emptyToken.enable", OP_PREFIX, tokenType);
+        if (RA::GetConfigStore()->GetConfigAsBool(configname, 0)) {
+            appletVersion = PL_strdup( "" );
+        } else {
+            RA::Error("RA_Format_Processor::Process", 
+              "no applet found and applet upgrade not enabled");
+            status = STATUS_ERROR_SECURE_CHANNEL;		 
+            RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "secure channel not established", "");
+            goto loser;
+        }
+    } else {
+      char * buildid =  Util::Buffer2String(*buildID);
+      RA::Debug("RA_Format_Processor", "buildid = %s", buildid);
+      char version[13];
+      PR_snprintf((char *) version, 13,
+		  "%x.%x.%s", app_major_version, app_minor_version,
+		  buildid);
+      appletVersion = strdup(version);
+    }
+
+    final_applet_version = strdup(appletVersion);
+    RA::Debug("RA_Format_Processor", "final_applet_version = %s", final_applet_version);
+
+    /**
+     * Checks if we need to upgrade applet. 
+     */
+    PR_snprintf((char *)configname, 256, "%s.%s.update.applet.requiredVersion", OP_PREFIX, tokenType);
+
+    required_version = RA::GetConfigStore()->GetConfigAsString(
+      configname);
+    expected_version = PL_strdup(required_version);
+
+    if (expected_version == NULL) {
+        RA::Error("RA_Format_Processor::Process", 
+          "upgrade.version not found");
+        status = STATUS_ERROR_MISCONFIGURATION;		 
+        goto loser;
+    }
+    /* upgrade applet */
+    PR_snprintf((char *)configname, 256, "%s.%s.update.applet.directory", OP_PREFIX, tokenType);
+    applet_dir = RA::GetConfigStore()->GetConfigAsString(configname);
+    if (applet_dir == NULL) {
+        RA::Error(LL_PER_PDU, "RA_Processor::UpdateApplet",
+          "Failed to get %s", applet_dir);
+        status = STATUS_ERROR_MISCONFIGURATION;		 
+        goto loser;
+    }
+
+    PR_snprintf((char *)configname, 256, "%s.%s.loginRequest.enable", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 1)) {
+        if (extensions != NULL &&
+               extensions->GetValue("extendedLoginRequest") != NULL)
+        {
+                   RA::Debug("RA_Enroll_Processor::RequestUserId",
+                "Extended Login Request detected");
+                   AuthenticationEntry *entry = GetAuthenticationEntry(
+            OP_PREFIX, configname, tokenType);
+                   char **params = NULL;
+                   char pb[1024];
+                   char *locale = NULL;
+           if (extensions != NULL &&
+               extensions->GetValue("locale") != NULL)
+                   {
+                           locale = extensions->GetValue("locale");
+                   } else {
+                           locale = ( char * ) "en"; /* default to english */
+                   }
+                   int n = entry->GetAuthentication()->GetNumOfParamNames();
+                   if (n > 0) {
+                       RA::Debug("RA_Enroll_Processor::RequestUserId",
+                "Extended Login Request detected n=%d", n);
+                       params = (char **) PR_Malloc(n);
+                       for (int i = 0; i < n; i++) {
+                         sprintf(pb,"id=%s&name=%s&desc=%s&type=%s&option=%s",
+                             entry->GetAuthentication()->GetParamID(i),
+                             entry->GetAuthentication()->GetParamName(i, locale),
+                             entry->GetAuthentication()->GetParamDescription(i,
+locale),
+                             entry->GetAuthentication()->GetParamType(i),
+                             entry->GetAuthentication()->GetParamOption(i)
+                             );
+                         params[i] = PL_strdup(pb);
+                   RA::Debug("RA_Enroll_Processor::RequestUserId",
+                "params[i]=%s", params[i]);
+                       }
+                   }
+                   RA::Debug("RA_Enroll_Processor::RequestUserId", "Extended Login Request detected calling RequestExtendedLogin() locale=%s", locale);
+                                                                                
+                   char *title = PL_strdup(entry->GetAuthentication()->GetTitle(locale));
+                   RA::Debug("RA_Enroll_Processor::RequestUserId", "title=%s", title);
+                   char *description = PL_strdup(entry->GetAuthentication()->GetDescription(locale));
+                   RA::Debug("RA_Enroll_Processor::RequestUserId", "description=%s", description);
+           login = RequestExtendedLogin(session, 0 /* invalid_pw */, 0 /* blocked */, params, n, title, description);
+                             
+                   RA::Debug("RA_Enroll_Processor::RequestUserId",
+    "Extended Login Request detected calling RequestExtendedLogin() login=%x", login);
+        } else {
+          login = RequestLogin(session, 0 /* invalid_pw */, 0 /* blocked */);
+        }
+        if (login == NULL) {
+            RA::Error("RA_Format_Processor::Process",
+              "login not provided");
+            status = STATUS_ERROR_LOGIN;
+            RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "login not found", "");
+            goto loser;
+        }
+        if( userid != NULL ) {
+          PR_Free( (char *) userid );
+          userid = NULL;
+        }
+        if (login->GetUID() == NULL) {
+          userid = NULL;
+        } else {
+          userid = PL_strdup( login->GetUID() );
+        } 
+    }
+
+    // send status update to the client
+    if (extensions != NULL && 
+	             extensions->GetValue("statusUpdate") != NULL) {
+	               StatusUpdate(session, 2 /* progress */, 
+	                          "PROGRESS_START_AUTHENTICATION");
+    }
+
+    PR_snprintf((char *)configname, 256, "%s.%s.auth.enable", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, false)) {
+        if (login == NULL) {
+            RA::Error("RA_Format_Processor::Process", "Login Request Disabled. Authentication failed.");
+            status = STATUS_ERROR_LOGIN;
+            RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "login not found", "");
+            goto loser;
+        }
+
+        PR_snprintf((char *)configname, 256, "%s.%s.auth.id", OP_PREFIX, tokenType);
+        authid = RA::GetConfigStore()->GetConfigAsString(configname);
+        if (authid == NULL) {
+            status = STATUS_ERROR_LOGIN;		 
+            RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "login not found", "");
+            goto loser;
+	}
+        AuthenticationEntry *auth = RA::GetAuth(authid);
+
+        if(auth == NULL)
+        {
+            RA::Error("RA_Format_Processor::Process", "Authentication manager is NULL . Authentication failed.");
+            status = STATUS_ERROR_LOGIN;
+            goto loser;
+        }
+
+        char *type = auth->GetType();
+        if (type == NULL) {
+            status = STATUS_ERROR_LOGIN;
+            RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "authentication is missing param type", "");
+            goto loser;
+        }
+        if (strcmp(type, "LDAP_Authentication") == 0) {
+            RA::Debug(LL_PER_PDU, "RA_Format_Processor::Process",
+                    "LDAP_Authentication is invoked.");
+            int passwd_retries = auth->GetAuthentication()->GetNumOfRetries();
+            int retries = 0;
+            authParams = new AuthParams();
+            authParams->SetUID(login->GetUID());
+            authParams->SetPassword(login->GetPassword());
+            rc = auth->GetAuthentication()->Authenticate(authParams);
+
+            RA::Debug("RA_Format_Processor::Process",
+              "Authenticate returns: %d", rc);
+
+            while ((rc == -2 || rc == -3) && (retries < passwd_retries)) {
+                login = RequestLogin(session, 0 /* invalid_pw */, 0 /* blocked */);
+                retries++;
+                if (login == NULL || login->GetUID() == NULL) {
+                  RA::Error("RA_Format_Processor::Process", "Authentication failed.");
+                  status = STATUS_ERROR_LOGIN;
+                  RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "authentication error", "");
+                  goto loser;
+                }
+                authParams->SetUID(login->GetUID());
+                authParams->SetPassword(login->GetPassword());
+                rc = auth->GetAuthentication()->Authenticate(authParams);
+            }
+
+            if (rc == -1) {
+                RA::Error("RA_Format_Processor::Process", "Authentication failed.");
+                status = STATUS_ERROR_LDAP_CONN;
+                RA::Debug(LL_PER_PDU, "RA_Format_Processor::Process", "Authentication status = %d", status);
+                RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "authentication error", "");
+                goto loser;
+            }
+
+            if (rc == -2 || rc == -3) {
+                RA::Error("RA_Format_Processor::Process", "Authentication failed.");
+                status = STATUS_ERROR_LOGIN;
+                RA::Debug(LL_PER_PDU, "RA_Format_Processor::Process", "Authentication status = %d", status);
+                RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "authentication error", "");
+                goto loser;
+            }
+
+            RA::Debug(LL_PER_PDU, "RA_Format_Processor::Process", "Authentication successful.");
+        } else {
+            RA::Error("RA_Format_Processor::Process", "No Authentication type was found.");
+            status = STATUS_ERROR_LOGIN;
+            RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "authentication error", "");
+            goto loser;
+        }
+    } else {
+        RA::Debug(LL_PER_PDU, "RA_Format_Processor::Process",
+          "Authentication has been disabled.");
+    }
+
+    // check if it is the token owner
+   xuserid = RA::ra_get_token_userid(cuid);
+   if (xuserid != NULL && strcmp(xuserid, "") != 0) {
+     if (login != NULL) {
+       if (strcmp(login->GetUID(), xuserid) != 0) {
+          RA::Debug(LL_PER_PDU, "RA_Format_Processor::Process",
+            "Token owner mismatched");
+          status = STATUS_ERROR_LOGIN;
+          goto loser;
+       }
+     }
+   }
+
+    if (extensions != NULL && 
+	             extensions->GetValue("statusUpdate") != NULL) {
+	               StatusUpdate(session, 10 /* progress */, 
+	                          "PROGRESS_APPLET_UPGRADE");
+    }
+
+    PR_snprintf((char *)configname, 256, "%s.%s.update.applet.encryption", OP_PREFIX, tokenType);
+    upgrade_enc = RA::GetConfigStore()->GetConfigAsBool(configname, true);
+    if (!upgrade_enc)
+        security_level = SECURE_MSG_MAC;
+    PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, tokenType);
+    connid = RA::GetConfigStore()->GetConfigAsString(configname);
+    upgrade_rc = UpgradeApplet(session, OP_PREFIX, (char*)tokenType, major_version, 
+      minor_version, expected_version, applet_dir, security_level, connid,
+			       extensions, 10, 90);
+    if (upgrade_rc != 1) {
+        RA::Debug("RA_Format_Processor::Process", 
+          "applet upgrade failed");
+        status = STATUS_ERROR_UPGRADE_APPLET;		 
+        /**
+         * Bugscape #55709: Re-select Net Key Applet ONLY on failure.
+         */
+        SelectApplet(session, 0x04, 0x00, NetKeyAID);
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "applet upgrade error", "");
+        goto loser;
+    } 
+    RA::Audit("Upgrade", 
+      "op='applet_upgrade' app_ver='%s' new_app_ver='%s'", 
+      appletVersion, expected_version);
+    final_applet_version = expected_version;
+
+    if (extensions != NULL && 
+	             extensions->GetValue("statusUpdate") != NULL) {
+	               StatusUpdate(session, 90 /* progress */, 
+	                          "PROGRESS_KEY_UPGRADE");
+    }
+
+    // add issuer info to the token
+    PR_snprintf((char *)configname, 256, "%s.%s.issuerinfo.enable", 
+          OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 0)) {
+        PR_snprintf((char *)configname, 256,"channel.defKeyIndex");
+        int defKeyIndex = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+        channel = SetupSecureChannel(session, 0x00,
+                  defKeyIndex  /* default key index */, connid);
+        rc = channel->ExternalAuthenticate();
+        if (channel != NULL) {
+            char issuer[224];
+            for (int i = 0; i < 224; i++) {
+              issuer[i] = 0;
+            }
+            PR_snprintf((char *)configname, 256, "%s.%s.issuerinfo.value", 
+               OP_PREFIX, tokenType);
+            char *issuer_val = (char*)RA::GetConfigStore()->GetConfigAsString(
+                                   configname);
+            sprintf(issuer, "%s", issuer_val);
+            RA::Debug("RA_Format_Processor", "Set Issuer Info %s", issuer_val);
+            Buffer *info = new Buffer((BYTE*)issuer, 224);
+            rc = channel->SetIssuerInfo(info);
+        }
+    }
+
+    /**
+     * Checks if the netkey has the required key version.
+     */
+    PR_snprintf((char *)configname, 256, "%s.%s.update.symmetricKeys.enable", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 1)) {
+
+        PR_snprintf((char *)configname, 256, "%s.%s.update.symmetricKeys.requiredVersion", OP_PREFIX, tokenType);
+        requiredV = RA::GetConfigStore()->GetConfigAsInt(configname, 0x00);
+        PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, tokenType);
+        tksid = RA::GetConfigStore()->GetConfigAsString(configname);
+        PR_snprintf((char *)configname, 256,"channel.defKeyIndex");
+        int defKeyIndex = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+        channel = SetupSecureChannel(session, requiredV,
+                   defKeyIndex  /* default key index */, tksid);
+        if (channel == NULL) {
+            /**
+             * Select Card Manager for Put Key operation.
+             */
+            SelectApplet(session, 0x04, 0x00, CardManagerAID);
+	    // send status update to the client
+	    if (extensions != NULL && 
+	             extensions->GetValue("statusUpdate") != NULL) {
+	               StatusUpdate(session, 92 /* progress */, 
+	                          "PROGRESS_SETUP_SECURE_CHANNEL");
+	    }
+            /* if the key of the required version is
+             * not found, create them.
+             */ 
+        PR_snprintf((char *)configname, 256,"channel.defKeyVersion");
+        int defKeyVer = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+        PR_snprintf((char *)configname, 256,"channel.defKeyIndex");
+        int defKeyIndex = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+            channel = SetupSecureChannel(session, 
+                  defKeyVer,  /* default key version */
+                  defKeyIndex  /* default key index */, tksid);
+ 
+            if (channel == NULL) {
+                RA::Error("RA_Upgrade_Processor::Process", 
+                  "failed to establish secure channel");
+                status = STATUS_ERROR_SECURE_CHANNEL;		 
+                goto loser;
+            }
+
+	    // send status update to the client
+	    if (extensions != NULL && 
+		extensions->GetValue("statusUpdate") != NULL) {
+	               StatusUpdate(session, 94 /* progress */, 
+	                          "PROGRESS_EXTERNAL_AUTHENTICATE");
+	    }
+
+            rc = channel->ExternalAuthenticate();
+
+            PR_snprintf((char *)configname, 256, "%s.%s.update.symmetricKeys.requiredVersion", OP_PREFIX, tokenType);
+            int v = RA::GetConfigStore()->GetConfigAsInt(configname, 0x00);
+            curKeyInfo = channel->GetKeyInfoData();
+            BYTE nv[2] = { v, 0x01 };
+            Buffer newVersion(nv, 2);
+            PR_snprintf((char *)configname,  256,"%s.%s.tks.conn", OP_PREFIX, tokenType);
+            connid = RA::GetConfigStore()->GetConfigAsString(configname);
+            rc = CreateKeySetData(
+              channel->GetKeyDiversificationData(), 
+              curKeyInfo,
+              newVersion,
+              key_data_set, connid);
+            if (rc != 1) {
+                RA::Error("RA_Format_Processor::Process", 
+                  "failed to create new key set");
+                status = STATUS_ERROR_CREATE_CARDMGR;
+                RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "create key set error", "");
+                goto loser;
+            }
+
+            curVersion = ((BYTE*)curKeyInfo)[0];
+
+
+	    // send status update to the client
+	    if (extensions != NULL && 
+	             extensions->GetValue("statusUpdate") != NULL) {
+	               StatusUpdate(session, 96 /* progress */, 
+	                          "PROGRESS_PUT_KEYS");
+	    }
+
+            BYTE curIndex = ((BYTE*)curKeyInfo)[1];
+            rc = channel->PutKeys(session, 
+                  curVersion,
+                  curIndex,
+                  &key_data_set);
+            RA::Audit("Format", "op='key_change_over' app_ver='%s' cuid='%s' old_key_ver='%02x01' new_key_ver='%02x01'", 
+              final_applet_version, cuid, curVersion, 
+              ((BYTE*)newVersion)[0]);
+
+
+             finalKeyVersion = ((int) ((BYTE *)newVersion)[0]);
+            /**
+	     * Re-select Net Key Applet.
+	     */
+            SelectApplet(session, 0x04, 0x00, NetKeyAID);
+            PR_snprintf((char *)configname, 256, "%s.%s.update.symmetricKeys.requiredVersion", OP_PREFIX, tokenType);
+            requiredV = RA::GetConfigStore()->GetConfigAsInt(configname, 0x00);
+            PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, tokenType);
+            tksid = RA::GetConfigStore()->GetConfigAsString(configname);
+            if( channel != NULL ) {
+                delete channel;
+                channel = NULL;
+            }
+	    // send status update to the client
+	    if (extensions != NULL && 
+	             extensions->GetValue("statusUpdate") != NULL) {
+	               StatusUpdate(session, 98 /* progress */, 
+	                          "PROGRESS_SETUP_SECURE_CHANNEL");
+	    }
+
+
+            channel = SetupSecureChannel(session, requiredV,
+              defKeyIndex  /* default key index */, tksid);
+            if (channel == NULL) {
+                RA::Error("RA_Format_Processor::Process", 
+			      "failed to establish secure channel after reselect");
+                status = STATUS_ERROR_CREATE_CARDMGR;
+                RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "secure channel not established", "");
+                goto loser;
+            }
+        }     
+    }
+
+    PR_snprintf((char *)filter, 256, "(cn=%s)", cuid);
+    rc = RA::ra_find_tus_token_entries(filter, 100, &result, 0);
+    if (rc == 0) {
+        for (e = RA::ra_get_first_entry(result); e != NULL; e = RA::ra_get_next_entry(e)) {
+            tokenFound = true;
+            break;
+        }
+        if (result != NULL)
+            ldap_msgfree(result);
+    }
+
+    // get keyVersion
+    if (channel != NULL) {
+        keyVersion = Util::Buffer2String(channel->GetKeyInfoData());
+    }
+
+    // need to revoke all the certificates on this token
+    if (tokenFound) {
+        PR_snprintf((char *)filter, 256, "(tokenID=%s)", cuid);
+        rc = RA::ra_find_tus_certificate_entries_by_order(filter, 100, &result, 1);
+        if (rc == 0) {
+            CertEnroll *certEnroll = new CertEnroll();
+            for (e = RA::ra_get_first_entry(result); e != NULL; e = RA::ra_get_next_entry(e)) {
+                char *attr_status = RA::ra_get_cert_status(e);
+                if (strcmp(attr_status, "revoked") == 0) {
+                    if (attr_status != NULL) {
+                        PL_strfree(attr_status);
+                        attr_status = NULL;
+                    }
+                    continue;
+                }
+                char *attr_serial= RA::ra_get_cert_serial(e);
+                /////////////////////////////////////////////////
+                // Raidzilla Bug #57803:
+                // If the certificate is not originally created for this
+                // token, we should not revoke the certificate here.
+                //
+                // To figure out if this certificate is originally created
+                // for this token, we check the tokenOrigin attribute.
+                /////////////////////////////////////////////////
+                char *origin = RA::ra_get_cert_attr_byname(e, "tokenOrigin");
+                if (origin != NULL) {
+                  RA::Debug("RA_Format_Processor", "Origin is %s, Current is %s", origin, cuid);
+                  if (strcmp(origin, cuid) != 0) {
+                    // skip this certificate, no need to do nothing
+                    // We did not create this originally
+                    continue;
+                  }
+                } else {
+                  RA::Debug("RA_Format_Processor", "Origin is not present");
+                }
+
+                PR_snprintf((char *)configname, 256, "%s.%s.revokeCert", OP_PREFIX, tokenType);
+                bool revokeCert = RA::GetConfigStore()->GetConfigAsBool(configname, true);
+                if (revokeCert) {
+                    char *attr_cn = RA::ra_get_cert_cn(e);
+                    PR_snprintf((char *)configname, 256, "%s.%s.ca.conn", OP_PREFIX,
+                      tokenType);
+                    char *connid = (char *)(RA::GetConfigStore()->GetConfigAsString(configname));
+                    if (connid == NULL) {
+                       RA::Debug(LL_PER_PDU, "RA_Format_Processor::Process", "Failed to get connection.");
+                       status = STATUS_ERROR_REVOKE_CERTIFICATES_FAILED;
+                       goto loser;
+                    }
+                    PR_snprintf(serial, 100, "0x%s", attr_serial);
+         
+                    // if the certificates are revoked_on_hold, dont do 
+                    // anything because the certificates may be referenced
+                    // by more than one token.
+                    if (strcmp(attr_status, "revoked_on_hold") == 0) {
+                        RA::Debug("RA_Format_Processor", "This is revoked_on_hold certificate, skip it.");
+                        if (attr_status != NULL) {
+                            PL_strfree(attr_status);
+                            attr_status = NULL;
+                        }
+                        if (attr_serial != NULL) {
+                            PL_strfree(attr_serial);
+                            attr_serial = NULL;
+                        }
+                        if (attr_cn != NULL) {
+                            PL_strfree(attr_cn);
+                            attr_cn = NULL;
+                        }
+
+                        continue;
+                    }
+                    statusNum = certEnroll->RevokeCertificate("1", serial, connid, statusString);
+                    RA::ra_update_cert_status(attr_cn, "revoked");
+                    if (attr_status != NULL) {
+                        PL_strfree(attr_status);
+                        attr_status = NULL;
+                    }
+                    if (attr_serial != NULL) {
+                        PL_strfree(attr_serial);
+                        attr_serial = NULL;
+                    }
+                    if (attr_cn != NULL) {
+                        PL_strfree(attr_cn);
+                        attr_cn = NULL;
+                    }
+                }
+            }
+            if (result != NULL)
+                ldap_msgfree(result);
+            if (certEnroll != NULL) 
+                delete certEnroll;
+        } else {
+            RA::Debug(LL_PER_PDU, "RA_Format_Processor::Process", "Failed to revoke certificates on this token.");
+            status = STATUS_ERROR_REVOKE_CERTIFICATES_FAILED;
+            goto loser;
+        }
+
+        rc = RA::tdb_update("", cuid, (char *)final_applet_version, keyVersion, "uninitialized", "");
+
+        if (rc != 0) {
+            RA::Debug(LL_PER_PDU, "RA_Format_Processor::Process",
+	      "Failed to update the token database");
+            status = STATUS_ERROR_UPDATE_TOKENDB_FAILED;
+            goto loser;
+        }
+    } else {        
+        rc = RA::tdb_update("", cuid, (char *)final_applet_version, keyVersion, "uninitialized", "");
+        if (rc != 0) {
+            RA::Debug(LL_PER_PDU, "RA_Format_Processor::Process",
+              "Failed to update the token database");
+            status = STATUS_ERROR_UPDATE_TOKENDB_FAILED;
+            goto loser;
+        }
+    }
+
+    // send status update to the client
+    if (extensions != NULL &&
+               extensions->GetValue("statusUpdate") != NULL) {
+                      StatusUpdate(session, 100 /* progress */,
+                                                 "PROGRESS_DONE");
+    }
+
+    status = STATUS_NO_ERROR;
+    rc = 1;
+
+    end = PR_IntervalNow();
+
+    sprintf(activity_msg, "applet_version=%s tokenType=%s", 
+           final_applet_version, tokenType);
+    RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "success", activity_msg, userid);
+
+    /* audit log for successful enrollment */
+    if (authid == NULL)
+        RA::Audit("Format", "status='success' app_ver='%s' key_ver='%d' cuid='%s' msn='%s' uid='%s' time='%d msec'",
+          final_applet_version,(int) finalKeyVersion, cuid, msn, userid, ((PR_IntervalToMilliseconds(end) - PR_IntervalToMilliseconds(start))));
+    else
+        RA::Audit("Format", "status='success' app_ver='%s' key_ver='%d' cuid='%s' msn='%s' uid='%s' auth='%s' time='%d msec'",
+          final_applet_version,(int) finalKeyVersion, cuid, msn, userid, authid, ((PR_IntervalToMilliseconds(end) - PR_IntervalToMilliseconds(start))));
+
+loser:
+
+    if (keyVersion != NULL) {
+        PR_Free( (char *) keyVersion );
+        keyVersion = NULL;
+    }
+
+    if (ldapResult != NULL) {
+        ldap_msgfree(ldapResult);
+    }
+
+    if( cplc_data != NULL ) {
+        delete cplc_data;
+        cplc_data = NULL;
+    }
+    if( CardManagerAID != NULL ) {
+        delete CardManagerAID;
+        CardManagerAID = NULL;
+    }
+    if( NetKeyAID != NULL ) {
+        delete NetKeyAID;
+        NetKeyAID = NULL;
+    }
+    if( channel != NULL ) {
+        delete channel;
+        channel = NULL;
+    }
+    if( token_status != NULL ) {
+        delete token_status;
+        token_status = NULL;
+    }
+    if( buildID != NULL ) {
+        delete buildID;
+        buildID = NULL;
+    }
+    if( appletVersion != NULL ) {
+        PR_Free( (char *) appletVersion );
+        appletVersion = NULL;
+    }
+    /*
+    if( final_applet_version != NULL ) {
+        PR_Free( (char *) final_applet_version );
+        final_applet_version = NULL;
+    }
+    */
+    if( userid != NULL ) {
+        PR_Free( (char *) userid );
+        userid = NULL;
+    }
+    if( cuid != NULL ) {
+        PR_Free( cuid );
+        cuid = NULL;
+    }
+    if( msn != NULL ) {
+        PR_Free( msn );
+        msn = NULL;
+    }
+    if( authParams != NULL ) {
+        delete authParams;
+        authParams = NULL;
+    }
+
+#ifdef   MEM_PROFILING     
+            MEM_dump_unfree();
+#endif
+
+    return status;
+}
diff --git a/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp
new file mode 100644
index 000000000..7c1bf7bb8
--- /dev/null
+++ b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp
@@ -0,0 +1,792 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "engine/RA.h"
+#include "main/Util.h"
+#include "main/RA_Msg.h"
+#include "main/RA_Session.h"
+#include "channel/Secure_Channel.h"
+#include "processor/RA_Processor.h"
+#include "processor/RA_Pin_Reset_Processor.h"
+#include "main/Memory.h"
+#include "tus/tus_db.h"
+#define OP_PREFIX "op.pinReset"
+static const char *expected_version = NULL;
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a processor for hanlding pin reset operation.
+ */
+TPS_PUBLIC RA_Pin_Reset_Processor::RA_Pin_Reset_Processor()
+{
+}
+
+/**
+ * Destructs pin reset processor.
+ */
+TPS_PUBLIC RA_Pin_Reset_Processor::~RA_Pin_Reset_Processor()
+{
+}
+
+/**
+ * Process the current session.
+ */
+TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameValueSet *extensions)
+{
+    char **tokenOwner=NULL;
+    char configname[256];
+    const char *tokenType = NULL;
+    char *cuid = NULL;
+    const char *msn = NULL;
+    PRIntervalTime start, end;
+    RA_Status status = STATUS_NO_ERROR;
+    int rc = -1;
+    AuthParams *login = NULL;
+    Secure_Channel *channel = NULL;
+    char *new_pin = NULL;
+    unsigned int minlen = 0, maxlen = 0;
+    const char *applet_dir;
+    bool upgrade_enc = false;
+    SecurityLevel security_level = SECURE_MSG_MAC_ENC;
+    Buffer *CardManagerAID = RA::GetConfigStore()->GetConfigAsBuffer(
+		    RA::CFG_APPLET_CARDMGR_INSTANCE_AID,
+		    RA::CFG_DEF_CARDMGR_INSTANCE_AID);
+    Buffer *NetKeyAID = RA::GetConfigStore()->GetConfigAsBuffer(
+		    RA::CFG_APPLET_NETKEY_INSTANCE_AID,
+		    RA::CFG_DEF_NETKEY_INSTANCE_AID);
+
+    int i;
+    Buffer key_data_set;
+    Buffer *token_status = NULL;
+    Buffer *buildID = NULL;
+    char *policy = NULL; 
+    char *tmp_policy = NULL; 
+    const char* required_version = NULL;
+    const char *appletVersion = NULL;
+    const char *final_applet_version = NULL;
+    const char *keyVersion = PL_strdup( "" );
+    const char *userid = PL_strdup( "" );
+    BYTE major_version = 0x0;
+    BYTE minor_version = 0x0;
+    BYTE app_major_version = 0x0;
+    BYTE app_minor_version = 0x0;
+    char *token_userid = NULL;
+
+    Buffer host_challenge = Buffer(8, (BYTE)0);
+    Buffer key_diversification_data;
+    Buffer key_info_data;
+    Buffer card_challenge;
+    Buffer card_cryptogram;
+    Buffer token_cuid;
+    Buffer token_msn;
+    const char *connId = NULL;
+    const char *connid = NULL;
+    const char *tksid = NULL;
+    const char *authid = NULL;
+    AuthParams *authParams = NULL;
+    start = PR_IntervalNow();
+    Buffer *cplc_data = NULL;
+    char activity_msg[4096];
+    LDAPMessage *e = NULL;
+    LDAPMessage *ldapResult = NULL;
+    int maxReturns = 10;
+
+
+    RA::Debug("RA_Pin_Reset_Processor::Process", "Client %s",                       session->GetRemoteIP());
+
+    RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process",
+        "RA_Pin_Reset_Processor::Process");
+
+
+    SelectApplet(session, 0x04, 0x00, CardManagerAID);
+    cplc_data = GetData(session);
+    if (cplc_data == NULL) {
+          RA::Error("RA_Pin_Reset_Processor::Process",
+                        "Get Data Failed");
+          status = STATUS_ERROR_SECURE_CHANNEL;
+          goto loser;
+    }
+    RA::DebugBuffer("RA_Pin_Reset_Processor::process", "CPLC Data = ", 
+                        cplc_data);
+    if (cplc_data->size() < 47) {
+          RA::Error("RA_Format_Processor::Process",
+                        "Invalid CPLC Size");
+          status = STATUS_ERROR_SECURE_CHANNEL;
+          goto loser;
+    }
+    token_cuid =  Buffer(cplc_data->substr(3,4)) +
+             Buffer(cplc_data->substr(19,2)) +
+             Buffer(cplc_data->substr(15,4));
+    RA::DebugBuffer("RA_Pin_Reset_Processor::process", "Token CUID= ",
+                        &token_cuid);
+    cuid = Util::Buffer2String(token_cuid);
+
+    token_msn = Buffer(cplc_data->substr(41, 4));
+    RA::DebugBuffer("RA_Pin_Reset_Processor::process", "Token MSN= ",
+                        &token_msn);
+    msn = Util::Buffer2String(token_msn);
+
+    /**
+     * Checks if the netkey has the required applet version.
+     */
+    SelectApplet(session, 0x04, 0x00, NetKeyAID);
+    token_status = GetStatus(session, 0x00, 0x00);
+    if (token_status == NULL) {
+      major_version = 0x0;
+      minor_version = 0x0;
+      app_major_version = 0x0;
+      app_minor_version = 0x0;
+    } else {
+      major_version = ((BYTE*)*token_status)[0];
+      minor_version = ((BYTE*)*token_status)[1];
+      app_major_version = ((BYTE*)*token_status)[2];
+      app_minor_version = ((BYTE*)*token_status)[3];
+    }
+
+    RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process",
+              "Major=%d Minor=%d", major_version, minor_version);
+    RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process",
+	      "Applet Major=%d Applet Minor=%d", app_major_version, app_minor_version);
+
+    if (!RA::ra_is_token_present(cuid)) {
+        RA::Error("RA_Pin_Reset_Processor::Process",
+                        "CUID %s Not Present", cuid);
+        status = STATUS_ERROR_DB;
+        goto loser;
+    }
+
+     if (RA::ra_is_tus_db_entry_disabled(cuid)) {
+        RA::Error("RA_Pin_Reset_Processor::Process",
+                        "CUID %s Disabled", cuid);
+        status = STATUS_ERROR_DISABLED_TOKEN;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "token disabled", "");
+        goto loser;
+     }
+
+      if (!RA::ra_is_token_pin_resetable(cuid)) {
+        RA::Error("RA_Pin_Reset_Processor::Process",
+                        "CUID %s Cannot Pin Reset", cuid);
+        status = STATUS_ERROR_NOT_PIN_RESETABLE;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "pin not resetable", "");
+        goto loser;
+      }
+
+    // retrieve CUID
+
+    if (!GetTokenType(OP_PREFIX, major_version,
+                    minor_version, cuid, msn,
+                    extensions, status, tokenType)) {
+		goto loser;
+	}
+
+    PR_snprintf((char *)configname, 256, "%s.%s.tks.conn",
+                    OP_PREFIX, tokenType);
+    tksid = RA::GetConfigStore()->GetConfigAsString(configname);
+    if (tksid == NULL) {
+        RA::Error("RA_Pin_Reset_Processor::Process",
+                        "TKS Connection Parameter %s Not Found", configname);
+        status = STATUS_ERROR_DEFAULT_TOKENTYPE_NOT_FOUND;
+        goto loser;
+    }
+
+    buildID = GetAppletVersion(session);
+    if (buildID == NULL) {
+        PR_snprintf((char *)configname, 256, "%s.%s.update.applet.emptyToken.enable", OP_PREFIX,
+          tokenType); 
+         if (RA::GetConfigStore()->GetConfigAsBool(configname, 0)) {
+                 appletVersion = PL_strdup( "" );
+         } else {
+          	RA::Error("RA_Pin_Reset_Processor::Process", 
+			"no applet found and applet upgrade not enabled");
+                 status = STATUS_ERROR_SECURE_CHANNEL;
+                RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "secure channel not established", "");
+		 goto loser;
+	 }
+    } else {
+      char * buildid =  Util::Buffer2String(*buildID);
+      RA::Debug("RA_Pin_Reset_Processor", "buildid = %s", buildid);
+      char version[13];
+      PR_snprintf((char *) version, 13,
+		  "%x.%x.%s", app_major_version, app_minor_version,
+		  buildid);
+      appletVersion = strdup(version);
+    }
+
+    final_applet_version = strdup(appletVersion);
+    RA::Debug("RA_Pin_Reset_Processor", "final_applet_version = %s", final_applet_version);
+
+    /**
+     * Checks if we need to upgrade applet. 
+     */
+    PR_snprintf((char *)configname, 256, "%s.%s.update.applet.enable", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 0)) {
+        PR_snprintf((char *)configname, 256, "%s.%s.update.applet.requiredVersion", OP_PREFIX, tokenType);
+        required_version = RA::GetConfigStore()->GetConfigAsString(configname);
+	expected_version = PL_strdup(required_version);
+
+	if (expected_version == NULL) {
+             RA::Error("RA_Pin_Reset_Processor::Process", 
+			"misconfiguration for upgrade");
+              status = STATUS_ERROR_MISCONFIGURATION;
+              goto loser;
+	}
+	/* Bugscape #55826: used case-insensitive check below */
+        if (PL_strcasecmp(expected_version, appletVersion) != 0) {
+                /* upgrade applet */
+            PR_snprintf((char *)configname, 256, "%s.%s.update.applet.directory", OP_PREFIX, tokenType);
+            applet_dir = RA::GetConfigStore()->GetConfigAsString(configname);
+            if (applet_dir == NULL) {
+                RA::Error(LL_PER_PDU, "RA_Processor::UpgradeApplet",
+                                "Failed to get %s", applet_dir);
+                goto loser;
+            }
+            PR_snprintf((char *)configname, 256, "%s.%s.update.applet.encryption", OP_PREFIX, tokenType);
+            upgrade_enc = RA::GetConfigStore()->GetConfigAsBool(configname, true);
+            if (!upgrade_enc)
+              security_level = SECURE_MSG_MAC;
+            PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, tokenType);
+            connid = RA::GetConfigStore()->GetConfigAsString(configname);
+            int upgrade_rc = UpgradeApplet(session, OP_PREFIX, (char*)tokenType, major_version, minor_version, expected_version, applet_dir, security_level, connid, extensions, 30, 70);
+	    if (upgrade_rc != 1) {
+               RA::Error("RA_Pin_Reset_Processor::Process", 
+			"upgrade failure");
+              status = STATUS_ERROR_UPGRADE_APPLET;
+              RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "applet upgrade error", "");
+              /**
+               * Bugscape #55709: Re-select Net Key Applet ONLY on failure.
+               */
+              SelectApplet(session, 0x04, 0x00, NetKeyAID);
+              goto loser;
+	    }
+            RA::Audit("Pin Reset", "op='applet_upgrade' app_ver='%s' new_app_ver='%s'", 
+			    appletVersion, expected_version);
+	    final_applet_version = expected_version;
+        }
+    }
+
+    /**
+     * Checks if the netkey has the required key version.
+     */
+    PR_snprintf((char *)configname, 256, "%s.%s.update.symmetricKeys.enable", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 0)) {
+      PR_snprintf((char *)configname, 256, "%s.%s.update.symmetricKeys.requiredVersion", OP_PREFIX, tokenType);
+      int requiredVersion = RA::GetConfigStore()->GetConfigAsInt(configname, 0x00);
+      PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, tokenType);
+      connId = RA::GetConfigStore()->GetConfigAsString(configname);
+      if( channel != NULL ) {
+          delete channel;
+          channel = NULL;
+      }
+      channel = SetupSecureChannel(session, requiredVersion, 
+                  0x00  /* default key index */, connId);
+      if (channel == NULL) {
+
+        /* if version 0x02 key not found, create them */
+        SelectApplet(session, 0x04, 0x00, CardManagerAID);
+        channel = SetupSecureChannel(session,
+                  0x00,  /* default key version */
+                  0x00  /* default key index */, connId);
+
+        if (channel == NULL) {
+            RA::Error("RA_Pin_Reset_Processor::Process", 
+			"setup secure channel failure");
+            status = STATUS_ERROR_SECURE_CHANNEL;
+            RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "secure channel not established", "");
+            goto loser;
+	}
+
+        rc = channel->ExternalAuthenticate();
+        if (rc != 1) {
+            RA::Error("RA_Pin_Reset_Processor::Process", 
+			"External authentication in secure channel failed");
+            status = STATUS_ERROR_EXTERNAL_AUTH;
+            RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "external authentication error", "");
+            goto loser;
+        } 
+
+        PR_snprintf((char *)configname, 256, "%s.%s.update.symmetricKeys.requiredVersion", OP_PREFIX, tokenType);
+        int v = RA::GetConfigStore()->GetConfigAsInt(configname, 0x00);
+        Buffer curKeyInfo = channel->GetKeyInfoData();
+        BYTE nv[2] = { v, 0x01 };
+        Buffer newVersion(nv, 2);
+        PR_snprintf((char *)configname,  256,"%s.%s.tks.conn", OP_PREFIX, tokenType);
+        connid = RA::GetConfigStore()->GetConfigAsString(configname);
+        rc = CreateKeySetData(
+             channel->GetKeyDiversificationData(),
+             curKeyInfo,
+             newVersion,
+             key_data_set, connid);
+        if (rc != 1) {
+            RA::Error("RA_Pin_Reset_Processor::Process",
+                        "failed to create new key set");
+            status = STATUS_ERROR_CREATE_CARDMGR;
+            RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "create key set error", "");
+            goto loser;
+        }
+
+
+	 BYTE curVersion = ((BYTE*)curKeyInfo)[0];
+         BYTE curIndex = ((BYTE*)curKeyInfo)[1];
+         rc = channel->PutKeys(session,
+                  curVersion,
+                  curIndex,
+                  &key_data_set);
+
+        RA::Audit("Pin Reset", "op='key_change_over' app_ver='%s' cuid='%s' old_key_ver='%02x01' new_key_ver='%02x01'", final_applet_version, cuid, curVersion, ((BYTE*)newVersion)[0]);
+
+
+         SelectApplet(session, 0x04, 0x00, NetKeyAID);
+        PR_snprintf((char *)configname, 256, "%s.%s.update.symmetricKeys.requiredVersion", OP_PREFIX, tokenType);
+        if( channel != NULL ) {
+            delete channel;
+            channel = NULL;
+        }
+
+        PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, tokenType);
+        connId = RA::GetConfigStore()->GetConfigAsString(configname);
+         channel = SetupSecureChannel(session, 
+                  RA::GetConfigStore()->GetConfigAsInt(configname, 0x00),
+                  0x00  /* default key index */, connId);
+         if (channel == NULL) {
+            RA::Error("RA_Pin_Reset_Processor::Process", 
+			"setup secure channel failure");
+            status = STATUS_ERROR_CREATE_CARDMGR;
+            RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "secure channel not established", "");
+            goto loser;
+         }
+      }
+    } else {
+      PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, tokenType);
+      connId = RA::GetConfigStore()->GetConfigAsString(configname);
+      if( channel != NULL ) {
+          delete channel;
+          channel = NULL;
+      }
+      channel = SetupSecureChannel(session,
+                  0x00,
+                  0x00  /* default key index */, connId);
+    }
+
+    /* we should have a good channel here */
+    if (channel == NULL) {
+            RA::Error("RA_Pin_Reset_Processor::Process", 
+			"no channel creation failure");
+            status = STATUS_ERROR_CREATE_CARDMGR;
+            RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "secure channel not established", "");
+            goto loser;
+    }
+
+    if (channel != NULL) {
+	if( keyVersion != NULL ) {
+		PR_Free( (char *) keyVersion );
+		keyVersion = NULL;
+	}
+        keyVersion = Util::Buffer2String(channel->GetKeyInfoData());
+    }
+
+    PR_snprintf((char *)configname, 256, "%s.%s.loginRequest.enable", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 1)) {
+        if (extensions != NULL &&
+               extensions->GetValue("extendedLoginRequest") != NULL)
+        {
+                   RA::Debug("RA_Enroll_Processor::RequestUserId",
+                "Extended Login Request detected");
+                   AuthenticationEntry *entry = GetAuthenticationEntry(
+            OP_PREFIX, configname, tokenType);
+                   char **params = NULL;
+                   char pb[1024];
+                   char *locale = NULL;
+           if (extensions != NULL &&
+               extensions->GetValue("locale") != NULL)
+                   {
+                           locale = extensions->GetValue("locale");
+                   } else {
+                           locale = ( char * ) "en"; /* default to english */
+                   }
+                   int n = entry->GetAuthentication()->GetNumOfParamNames();
+                   if (n > 0) {
+                       RA::Debug("RA_Enroll_Processor::RequestUserId",
+                "Extended Login Request detected n=%d", n);
+                       params = (char **) PR_Malloc(n);
+                       for (int i = 0; i < n; i++) {
+                         sprintf(pb,"id=%s&name=%s&desc=%s&type=%s&option=%s",
+                             entry->GetAuthentication()->GetParamID(i),
+                             entry->GetAuthentication()->GetParamName(i, locale),
+                             entry->GetAuthentication()->GetParamDescription(i,
+locale),
+                             entry->GetAuthentication()->GetParamType(i),
+                             entry->GetAuthentication()->GetParamOption(i)
+                             );
+                         params[i] = PL_strdup(pb);
+                   RA::Debug("RA_Enroll_Processor::RequestUserId",
+                "params[i]=%s", params[i]);
+                       }
+                   }
+                   RA::Debug("RA_Enroll_Processor::RequestUserId", "Extended Login Request detected calling RequestExtendedLogin() locale=%s", locale);
+                                                                                
+                   char *title = PL_strdup(entry->GetAuthentication()->GetTitle(locale));
+                   RA::Debug("RA_Enroll_Processor::RequestUserId", "title=%s", title);
+                   char *description = PL_strdup(entry->GetAuthentication()->GetDescription(locale));
+                   RA::Debug("RA_Enroll_Processor::RequestUserId", "description=%s", description);
+           login = RequestExtendedLogin(session, 0 /* invalid_pw */, 0 /* blocked */, params, n, title, description);
+                                                                                
+                   RA::Debug("RA_Enroll_Processor::RequestUserId",
+    "Extended Login Request detected calling RequestExtendedLogin() login=%x", login);
+        } else {
+      login = RequestLogin(session, 0 /* invalid_pw */, 0 /* blocked */);
+        }
+      if (login == NULL) {
+        RA::Error("RA_Pin_Reset_Processor::Process", 
+			"login not provided");
+        status = STATUS_ERROR_LOGIN;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "login not found", "");
+        goto loser;
+      }
+      if( userid != NULL ) {
+        PR_Free( (char *) userid );
+        userid = NULL;
+      }
+      userid = PL_strdup( login->GetUID() );
+    }
+
+    if (extensions != NULL &&
+           extensions->GetValue("statusUpdate") != NULL) {
+           StatusUpdate(session, 30 /* progress */,
+                        "PROGRESS_START_AUTHENTICATION");
+    }
+
+    PR_snprintf(configname, 256, "cn=%s", cuid);
+    rc = RA::ra_find_tus_token_entries(configname, maxReturns, &ldapResult, 0);
+
+    if (rc == 0) {
+        for (e = RA::ra_get_first_entry(ldapResult); e != NULL;
+          e = RA::ra_get_next_entry(e)) {
+            tokenOwner = RA::ra_get_attribute_values(e, "tokenUserID");
+            if (tokenOwner[0] != NULL && strlen(tokenOwner[0]) > 0 &&
+                strcmp(userid, tokenOwner[0]) != 0) {
+                status = STATUS_ERROR_NOT_TOKEN_OWNER;
+                goto loser;
+            }
+        }
+    } else {
+        RA::Error("RA_Pin_Reset_Processor::Process", "Error in ldap connection with token database.");
+        status = STATUS_ERROR_LDAP_CONN;
+        goto loser;
+    }
+
+    PR_snprintf((char *)configname, 256, "%s.%s.auth.enable", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, false)) {
+        if (login == NULL) {
+                RA::Error("RA_Pin_Reset_Processor::Process", "Login Request Disabled. Authentication failed.");
+                status = STATUS_ERROR_LOGIN;
+                goto loser;
+        }
+
+
+        PR_snprintf((char *)configname, 256, "%s.%s.auth.id", OP_PREFIX, tokenType);
+        authid = RA::GetConfigStore()->GetConfigAsString(configname);
+        if (authid == NULL) {
+                status = STATUS_ERROR_LOGIN;
+            goto loser;
+	}
+        AuthenticationEntry *auth = RA::GetAuth(authid);
+   
+        if(auth == NULL) 
+        {
+            RA::Error("RA_Pin_Reset_Processor::Process", "Authentication manager is NULL . Authentication failed.");
+            status = STATUS_ERROR_LOGIN;
+            goto loser;
+        }
+ 
+        char *type = auth->GetType();
+        if (type == NULL) {
+            status = STATUS_ERROR_LOGIN;
+            RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "authentication is missing param type", "");
+            goto loser;
+        }
+        if (strcmp(type, "LDAP_Authentication") == 0) {
+            RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process",
+                    "LDAP_Authentication is invoked.");
+            int passwd_retries = auth->GetAuthentication()->GetNumOfRetries();
+            int retries = 0;
+            authParams = new AuthParams();
+            authParams->SetUID(login->GetUID());
+            authParams->SetPassword(login->GetPassword());
+            rc = auth->GetAuthentication()->Authenticate(authParams);
+
+            RA::Debug("RA_Pin_Reset_Processor::Process",
+              "Authenticate returns: %d", rc);
+
+            while ((rc == -2 || rc == -3) && (retries < passwd_retries)) {
+                login = RequestLogin(session, 0 /* invalid_pw */, 0 /* blocked */);
+                if (login == NULL) {
+                    RA::Error("RA_Pin_Reset_Processor::Process", "Login Request Disabled. Authentication failed.");
+                    status = STATUS_ERROR_LOGIN;
+                    goto loser;
+                }
+                retries++;
+                authParams->SetUID(login->GetUID());
+                authParams->SetPassword(login->GetPassword());
+                rc = auth->GetAuthentication()->Authenticate(authParams);
+            }
+
+            if (rc == -1) {
+                RA::Error("RA_Pin_Reset_Processor::Process", "Authentication failed.");
+                status = STATUS_ERROR_LDAP_CONN;
+                RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process", "Authentication status = %d", status);
+                goto loser; 
+            }
+
+            if (rc == -2 || rc == -3) {
+                RA::Error("RA_Pin_Reset_Processor::Process", "Authentication failed.");
+                status = STATUS_ERROR_LOGIN;
+                RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process", "Authentication status = %d", status);
+                goto loser; 
+            }
+
+            RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process", "Authentication successful.");
+        } else {
+            RA::Error("RA_Pin_Reset_Processor::Process", "No Authentication type was found.");
+            status = STATUS_ERROR_LOGIN;
+            RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "authentication error", "");
+            goto loser;
+        }
+    } else {
+        RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process", 
+          "Authentication has been disabled.");
+    }
+
+    RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process", 
+          "SetupSecureChannel");
+
+#if 0
+    if (RA::GetConfigStore()->GetConfigAsBool("tus.enable", 0)) {
+        if (IsTokenDisabledByTus(channel)) {
+           status = STATUS_ERROR_TOKEN_DISABLED;
+           goto loser;
+        }
+    }
+#endif
+
+    /* check if the user owns the token */
+    token_userid = RA::ra_get_token_userid(cuid);
+    if (token_userid == NULL) {
+        RA::Error(LL_PER_PDU, "RA_Pin_Reset_Processor::Process", 
+          "No user owns the token '%s'", cuid);
+        status = STATUS_ERROR_TOKEN_DISABLED;
+        goto loser;
+    } else {
+      if (strcmp(token_userid, userid) != 0) {
+        RA::Error(LL_PER_PDU, "RA_Pin_Reset_Processor::Process", 
+          "User does not own the token '%s'", cuid);
+        status = STATUS_ERROR_TOKEN_DISABLED;
+        goto loser;
+      }
+    }
+
+    RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process", 
+          "ExternalAuthenticate");
+    rc = channel->ExternalAuthenticate();
+    if (rc == -1) {
+        RA::Error("RA_Pin_Reset_Processor::Process", 
+			"External Authenticate failed.");
+        status = STATUS_ERROR_CREATE_CARDMGR;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "external authentication error", "");
+        goto loser;
+    }
+    RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process", 
+          "RequestNewPin");
+    PR_snprintf((char *)configname, 256, "%s.%s.pinReset.pin.minLen", OP_PREFIX, tokenType);
+    minlen = RA::GetConfigStore()->GetConfigAsUnsignedInt(configname, 4);
+    PR_snprintf((char *)configname, 256, "%s.%s.pinReset.pin.maxLen", OP_PREFIX, tokenType);
+    maxlen = RA::GetConfigStore()->GetConfigAsUnsignedInt(configname, 10);
+    new_pin = RequestNewPin(session, minlen, maxlen);
+    if (new_pin == NULL) {
+        RA::Error("RA_Pin_Reset_Processor::Process", 
+			"Set Pin failed.");
+        status = STATUS_ERROR_MAC_RESET_PIN_PDU;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "request new pin error", "");
+        goto loser;
+    }
+
+    if (extensions != NULL &&
+           extensions->GetValue("statusUpdate") != NULL) {
+           StatusUpdate(session, 70 /* progress */,
+                        "PROGRESS_PIN_RESET");
+    }
+
+    rc = channel->ResetPin(0x0, new_pin);
+    if (rc == -1) {
+        status = STATUS_ERROR_MAC_RESET_PIN_PDU;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "ereset pin error", "");
+        goto loser;
+    }
+
+    rc = channel->Close();
+    if (rc == -1) {
+        RA::Error("RA_Pin_Reset_Processor::Process", 
+			"Failed to close channel");
+        status = STATUS_ERROR_CONNECTION;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "secure channel close error", "");
+        goto loser;
+    }
+
+    if (extensions != NULL &&
+           extensions->GetValue("statusUpdate") != NULL) {
+           StatusUpdate(session, 100 /* progress */,
+                        "PROGRESS_DONE");
+    }
+
+    end = PR_IntervalNow();
+
+    rc = 1;
+
+    if (RA::ra_is_token_present(cuid)) {
+	    /* 
+	     * we want to have a tus policy to change PIN_RESET=YES 
+	     * parameter to PIN_RESET=NO
+	     */
+      if (RA::ra_is_token_pin_resetable(cuid)) {
+	policy = RA::ra_get_token_policy(cuid);
+        RA::Error("RA_Pin_Reset_Processor::Process",
+                        "Policy %s is %s", cuid, policy);
+	tmp_policy = PL_strstr(policy, "PIN_RESET=YES");
+	if (tmp_policy != NULL) {
+	  tmp_policy[10] = 'N';
+	  tmp_policy[11] = 'O';
+	  for (i = 12; tmp_policy[i] != '\0'; i++)
+	    tmp_policy[i] = tmp_policy[i+1];
+	  RA::ra_update_token_policy(cuid, policy);
+	}
+      }
+    }
+
+    sprintf(activity_msg, "applet_version=%s tokenType=%s",
+           (char *)final_applet_version, tokenType);
+    RA::tdb_activity(session->GetRemoteIP(), (char *)cuid, "pin reset", "success", activity_msg, userid);
+
+    /* audit log for successful pin reset */
+    if (authid == NULL)
+        RA::Audit("Pin Reset", "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' time='%d msec'",
+          final_applet_version, keyVersion, cuid, msn, userid, ((PR_IntervalToMilliseconds(end) - PR_IntervalToMilliseconds(start))));
+    else 
+        RA::Audit("Pin Reset", "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' auth='%s' time='%d msec'",
+          final_applet_version, keyVersion, cuid, msn, userid, authid, ((PR_IntervalToMilliseconds(end) - PR_IntervalToMilliseconds(start))));
+
+loser:
+    if (channel == NULL) {
+        RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor: Failed to create secure channel.", "");
+        if (login == NULL) {
+            RA::Audit("Pin Reset", "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' note='failed to login'", final_applet_version, keyVersion, cuid, msn);
+	} else { 
+            RA::Audit("Pin Reset", "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s'  uid='%s' note='failed to create secure channel'", final_applet_version, keyVersion, cuid, msn, userid);  
+        } 
+    } else if (rc != 1 && status == STATUS_ERROR_LOGIN) {
+        if (login == NULL) {
+            RA::Audit("Pin Reset", "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' note='login failure'", final_applet_version, keyVersion, cuid, msn);
+	} else {
+            RA::Audit("Pin Reset", "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' note='authentication failure'", 
+                final_applet_version, keyVersion, cuid, msn, userid);
+        } 
+    }
+    if( token_status != NULL ) {
+        delete token_status;
+        token_status = NULL;
+    }
+    if( CardManagerAID != NULL ) {
+        delete CardManagerAID;
+        CardManagerAID = NULL;
+    }
+    if( NetKeyAID != NULL ) { 
+        delete NetKeyAID;
+        NetKeyAID = NULL;
+    }
+    if( login != NULL ) {
+        delete login;
+        login = NULL;
+    }
+    if( new_pin != NULL ) {
+        PL_strfree( new_pin );
+        new_pin = NULL;
+    }
+    if( channel != NULL ) {
+        delete channel;
+        channel = NULL;
+    }
+    if( cuid != NULL ) {
+        PR_Free( (char *) cuid );
+        cuid = NULL;
+    }
+    if( msn != NULL ) {
+        PR_Free( (char *) msn );
+        msn = NULL;
+    }
+    if( buildID != NULL ) {
+        delete buildID;
+        buildID = NULL;
+    }
+    if( appletVersion != NULL ) {
+        PR_Free( (char *) appletVersion );
+        appletVersion = NULL;
+    }
+    /*
+    if( final_applet_version != NULL ) {
+        PR_Free( (char *) final_applet_version );
+        final_applet_version = NULL;
+    }
+    */
+    if( keyVersion != NULL ) {
+        PR_Free( (char *) keyVersion );
+        keyVersion = NULL;
+    }
+    if( userid != NULL ) {
+        PR_Free( (char *) userid );
+        userid = NULL;
+    }
+    if( authParams != NULL ) {
+        delete authParams;
+        authParams = NULL;
+    }
+    if( cplc_data != NULL ) {
+        delete cplc_data;
+        cplc_data = NULL;
+    }
+
+    if (tokenOwner != NULL) {
+        ldap_value_free(tokenOwner);
+        tokenOwner = NULL;
+    }
+
+    if (ldapResult != NULL) {
+        ldap_msgfree(ldapResult);
+        ldapResult = NULL;
+    }
+
+#ifdef   MEM_PROFILING     
+         MEM_dump_unfree();
+#endif
+
+    return status;
+} /* Process */
diff --git a/pki/base/tps/src/processor/RA_Processor.cpp b/pki/base/tps/src/processor/RA_Processor.cpp
new file mode 100644
index 000000000..ca04b573e
--- /dev/null
+++ b/pki/base/tps/src/processor/RA_Processor.cpp
@@ -0,0 +1,2227 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <math.h>
+#include "plstr.h"
+#include "engine/RA.h"
+#include "main/Buffer.h"
+#include "main/Base.h"
+#include "main/Util.h"
+#include "main/RA_Session.h"
+#include "main/RA_Msg.h"
+#include "main/Login.h"
+#include "main/SecureId.h"
+#include "main/Util.h"
+#include "httpClient/httpc/http.h"
+#include "httpClient/httpc/request.h"
+#include "httpClient/httpc/response.h"
+#include "httpClient/httpc/engine.h"
+#include "processor/RA_Processor.h"
+#include "cms/HttpConnection.h"
+#include "msg/RA_Status_Update_Request_Msg.h"
+#include "msg/RA_Status_Update_Response_Msg.h"
+#include "msg/RA_Login_Request_Msg.h"
+#include "msg/RA_Login_Response_Msg.h"
+#include "msg/RA_Extended_Login_Request_Msg.h"
+#include "msg/RA_Extended_Login_Response_Msg.h"
+#include "msg/RA_ASQ_Request_Msg.h"
+#include "msg/RA_ASQ_Response_Msg.h"
+#include "msg/RA_New_Pin_Request_Msg.h"
+#include "msg/RA_New_Pin_Response_Msg.h"
+#include "msg/RA_SecureId_Request_Msg.h"
+#include "msg/RA_SecureId_Response_Msg.h"
+#include "msg/RA_Token_PDU_Request_Msg.h"
+#include "msg/RA_Token_PDU_Response_Msg.h"
+#include "apdu/Lifecycle_APDU.h"
+#include "apdu/Format_Muscle_Applet_APDU.h"
+#include "apdu/Initialize_Update_APDU.h"
+#include "apdu/Get_Version_APDU.h"
+#include "apdu/External_Authenticate_APDU.h"
+#include "apdu/Create_Object_APDU.h"
+#include "apdu/Get_Status_APDU.h"
+#include "apdu/Get_Data_APDU.h"
+#include "apdu/Set_Pin_APDU.h"
+#include "apdu/Read_Buffer_APDU.h"
+#include "apdu/Write_Object_APDU.h"
+#include "apdu/List_Objects_APDU.h"
+#include "apdu/Generate_Key_APDU.h"
+#include "apdu/List_Pins_APDU.h"
+#include "apdu/Create_Pin_APDU.h"
+#include "apdu/Put_Key_APDU.h"
+#include "apdu/Select_APDU.h"
+#include "apdu/APDU_Response.h"
+#include "channel/Secure_Channel.h"
+#include "main/Memory.h"
+
+#if 0
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+#include "tus/tus_db.h"
+#ifdef __cplusplus
+}
+#endif
+#endif
+
+/**
+ * Constructs a base processor.
+ */
+RA_Processor::RA_Processor ()
+{
+}
+
+
+/**
+ * Destructs processor.
+ */
+RA_Processor::~RA_Processor ()
+{
+}
+
+AuthenticationEntry *RA_Processor::GetAuthenticationEntry(
+            const char *prefix, const char * a_configname, const char *a_tokenType)
+{
+    AuthenticationEntry *auth = NULL;
+                                                                                
+    if (!RA::GetConfigStore()->GetConfigAsBool(a_configname, false))
+            return NULL;
+                                                                                
+        RA::Debug("RA_Enroll_Processor::AuthenticateUser",
+                "Authentication enabled");
+    char configname[256];
+    PR_snprintf((char *)configname, 256, "%s.%s.auth.id", prefix, a_tokenType);
+    const char *authid = RA::GetConfigStore()->GetConfigAsString(configname);
+    if (authid == NULL) {
+        goto loser;
+    }
+    auth = RA::GetAuth(authid);
+        return auth;
+loser:
+    return NULL;
+}
+
+
+void RA_Processor::StatusUpdate(RA_Session *a_session,  
+		NameValueSet *a_extensions,
+    int a_status, const char *a_info)
+{
+    if (a_extensions != NULL) {
+		if (a_extensions->GetValue("statusUpdate") != NULL) {
+        	StatusUpdate(a_session, a_status, a_info);
+		}
+    }
+}
+
+void RA_Processor::StatusUpdate(RA_Session *session,  
+    int status, const char *info)
+{
+    RA_Status_Update_Request_Msg *status_update_request_msg = NULL;
+    RA_Status_Update_Response_Msg *status_update_response_msg = NULL;
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::StatusUpdate",
+        "RA_Processor::StatusUpdate");
+
+    status_update_request_msg = new RA_Status_Update_Request_Msg(
+        status, info);
+    session->WriteMsg(status_update_request_msg);
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::StatusUpdate",
+        "Sent status_update_msg");
+
+    status_update_response_msg = (RA_Status_Update_Response_Msg *)
+        session->ReadMsg();
+    if (status_update_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::StatusUpdate",
+            "No Status Update Response Msg Received");
+        goto loser;
+    }
+    if (status_update_response_msg->GetType() != MSG_STATUS_UPDATE_RESPONSE) {
+            RA::Error("Secure_Channel::StatusUpdate",
+            "Invalid Msg Type");
+            goto loser;
+    }
+
+loser:
+    if( status_update_request_msg != NULL ) {
+        delete status_update_request_msg;
+        status_update_request_msg = NULL;
+    }
+    if( status_update_response_msg != NULL ) {
+        delete status_update_response_msg;
+        status_update_response_msg = NULL;
+    }
+
+} /* StatusUpdate */
+
+/**
+ * Requests login ID and password from user.
+ */
+AuthParams *RA_Processor::RequestExtendedLogin(RA_Session *session,  
+    int invalid_pw, int blocked,
+    char **parameters, int len, char *title, char *description)
+{
+    RA_Extended_Login_Request_Msg *login_request_msg = NULL;
+    RA_Extended_Login_Response_Msg *login_response_msg = NULL;
+    AuthParams *login = NULL;
+    AuthParams *c = NULL;
+    int i = 0;
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::RequestExtendedLogin",
+        "RA_Processor::RequestExtendedLogin %s %s", 
+        title, description);
+
+    login_request_msg = new RA_Extended_Login_Request_Msg(
+        invalid_pw, blocked, parameters, len, title, description);
+    session->WriteMsg(login_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::RequestExtendedLogin",
+        "Sent login_request_msg");
+
+    login_response_msg = (RA_Extended_Login_Response_Msg *)
+        session->ReadMsg();
+    if (login_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::RequestExtendedLogin",
+            "No Extended Login Response Msg Received");
+        goto loser;
+    }
+    if (login_response_msg->GetType() != MSG_EXTENDED_LOGIN_RESPONSE) {
+            RA::Error("Secure_Channel::Login_Request",
+            "Invalid Msg Type");
+            goto loser;
+    }
+
+    login = new AuthParams();
+    c = login_response_msg->GetAuthParams();
+    for (i = 0; i < c->Size(); i++) {
+      login->Add(c->GetNameAt(i), c->GetValue(c->GetNameAt(i)));
+    }
+
+loser:
+    if( login_request_msg != NULL ) {
+        delete login_request_msg;
+        login_request_msg = NULL;
+    }
+    if( login_response_msg != NULL ) {
+        delete login_response_msg;
+        login_response_msg = NULL;
+    }
+
+    return login;
+} /* RequestExtendedLogin */
+
+/**
+ * Requests login ID and password from user.
+ */
+AuthParams *RA_Processor::RequestLogin(RA_Session *session,  
+    int invalid_pw, int blocked)
+{
+    RA_Login_Request_Msg *login_request_msg = NULL;
+    RA_Login_Response_Msg *login_response_msg = NULL;
+    AuthParams *login = NULL;
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::Login_Request",
+        "RA_Processor::Login_Request");
+
+    login_request_msg = new RA_Login_Request_Msg(
+        invalid_pw, blocked);
+    session->WriteMsg(login_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::Login_Request",
+        "Sent login_request_msg");
+
+    login_response_msg = (RA_Login_Response_Msg *)
+        session->ReadMsg();
+    if (login_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::Login_Request",
+            "No Login Response Msg Received");
+        goto loser;
+    }
+    if (login_response_msg->GetType() != MSG_LOGIN_RESPONSE) {
+            RA::Error("Secure_Channel::Login_Request",
+            "Invalid Msg Type");
+            goto loser;
+    }
+    login = new AuthParams();
+    login->Add("UID", login_response_msg->GetUID());
+    login->Add("PASSWORD", login_response_msg->GetPassword());
+
+loser:
+    if( login_request_msg != NULL ) {
+        delete login_request_msg;
+        login_request_msg = NULL;
+    }
+    if( login_response_msg != NULL ) {
+        delete login_response_msg;
+        login_response_msg = NULL;
+    }
+
+    return login;
+} /* RequestLogin */
+
+/**
+ * Upgrade the applet to the current session with the new version.
+ */
+int RA_Processor::UpgradeApplet(RA_Session *session, char *prefix, char *tokenType, BYTE major_version, BYTE minor_version, const char *new_version, const char *applet_dir, SecurityLevel security_level, const char *connid,
+		NameValueSet *extensions,
+		int start_progress,
+		int end_progress)
+{
+        Buffer *NetKeyAID = RA::GetConfigStore()->GetConfigAsBuffer(
+			RA::CFG_APPLET_NETKEY_INSTANCE_AID,
+		        RA::CFG_DEF_NETKEY_INSTANCE_AID);
+        Buffer *OldAAID = RA::GetConfigStore()->GetConfigAsBuffer(
+			RA::CFG_APPLET_NETKEY_OLD_INSTANCE_AID,
+		        RA::CFG_DEF_NETKEY_OLD_INSTANCE_AID);
+        Buffer *OldPAID = RA::GetConfigStore()->GetConfigAsBuffer(
+			RA::CFG_APPLET_NETKEY_OLD_FILE_AID,
+		        RA::CFG_DEF_NETKEY_OLD_FILE_AID);
+        Buffer *NetKeyPAID = RA::GetConfigStore()->GetConfigAsBuffer(
+			RA::CFG_APPLET_NETKEY_FILE_AID,
+		        RA::CFG_DEF_NETKEY_FILE_AID);
+        Buffer *PIN = RA::GetConfigStore()->GetConfigAsBuffer(
+			RA::CFG_APPLET_SO_PIN,
+		        RA::CFG_DEF_APPLET_SO_PIN);
+        Buffer empty;
+	PRFileDesc *f = NULL;
+	char path[4096];
+	char configname[4096];
+	PRFileInfo info;
+	PRStatus status;
+	int rc = 0;
+        Secure_Channel *channel = NULL;
+	int size_to_send = 0;
+	char *dataf = NULL;
+	int block_size;
+	BYTE refControl;
+	int count;
+	Buffer programFile;
+        Buffer tag;
+        Buffer length;
+        Buffer tbsProgramFile;
+        unsigned int totalLen;
+	int num_loops;
+	float progress_block_size;
+	int x_blocksize;
+	int instance_size;
+	int defKeyVer;
+	int defKeyIndex;
+	char *ext;
+
+	if (applet_dir == NULL) {
+                RA::Error(LL_PER_PDU, "RA_Processor::UpgradeApplet", 
+				"Failed to get upgrade.directory");
+		goto loser;		
+	}
+	sprintf(configname, "general.applet_ext");
+	ext = (char*)RA::GetConfigStore()->GetConfigAsString(configname, "ijc");
+	sprintf(path, "%s/%s.%s", applet_dir, new_version, ext);
+	RA::Debug("RA_Processor::UpgradeApplet", "path = %s", path);
+	status = PR_GetFileInfo(path, &info);
+	if (status != PR_SUCCESS) {
+                RA::Error(LL_PER_PDU, "RA_Processor::UpgradeApplet", 
+				"Failed to get file info");
+		goto loser;		
+	}
+	f = PR_Open(path, PR_RDONLY, 400);
+	if (f == NULL) {
+                RA::Error(LL_PER_PDU, "RA_Processor::UpgradeApplet", 
+			"Failed to open '%s'", path);
+		goto loser;		
+	}
+	dataf = (char *)malloc(info.size);
+	PR_Read(f, dataf, info.size);
+    if( f != NULL ) {
+	    PR_Close( f );
+        f = NULL;
+    }
+
+	/* Select Applet - Select Card manager */
+	SelectCardManager(session, prefix, tokenType);
+
+    PR_snprintf((char *)configname, 256,"channel.blockSize");
+    x_blocksize = RA::GetConfigStore()->GetConfigAsInt(configname, 0xf8);
+    PR_snprintf((char *)configname, 256,"channel.instanceSize");
+    instance_size = RA::GetConfigStore()->GetConfigAsInt(configname, 18000);
+    PR_snprintf((char *)configname, 256,"channel.defKeyVersion");
+    defKeyVer = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+    PR_snprintf((char *)configname, 256,"channel.defKeyIndex");
+    defKeyIndex = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+	channel = SetupSecureChannel(session, defKeyVer, defKeyIndex, security_level, connid);
+	if (channel == NULL) {
+             RA::Error(LL_PER_PDU, "RA_Processor::UpgradeApplet", 
+		  "channel creation failure");
+	     goto loser;
+	}
+
+	if (channel->ExternalAuthenticate() == -1) {
+             RA::Error(LL_PER_PDU, "RA_Processor::UpgradeApplet", 
+		  "failed to external authenticate during upgrade");
+	     goto loser;
+	}
+
+	/* Delete File - Delete 627601ff000000 (CoolKey Instance) */
+        rc = channel->DeleteFileX(session, NetKeyAID);
+	if (rc != 1) {
+	     /* it is ok to fail to delete file */
+             RA::DebugBuffer(LL_PER_PDU, "RA_Processor::UpgradeApplet", 
+		  "Warning: failed to delete file", NetKeyAID);
+	}
+
+	if (RA::GetConfigStore()->GetConfigAsBool(RA::CFG_APPLET_DELETE_NETKEY_OLD, true)) {
+	    /* Delete File - Delete a00000000101 */
+            rc = channel->DeleteFileX(session, OldAAID);
+	    if (rc != 1) {
+	       /* it is ok to fail to delete file */
+               RA::DebugBuffer(LL_PER_PDU, "RA_Processor::UpgradeApplet", 
+		  "Warning: failed to delete file", OldAAID);
+	    }
+	    /* Delete File - Delete a000000001 */
+            rc = channel->DeleteFileX(session, OldPAID);
+	    if (rc != 1) {
+               RA::DebugBuffer(LL_PER_PDU, "RA_Processor::UpgradeApplet", 
+		  "Warning: failed to delete file", OldPAID);
+	    }
+	}
+
+	/* Delete File - Delete 627601ff0000 */
+        channel->DeleteFileX(session, NetKeyPAID);
+
+	/* Install Applet - Install applet instance */
+        channel->InstallLoad(session, 
+			*NetKeyPAID,
+			empty,
+			info.size);
+
+	/* Multiple Load Program File - Load 627601ff0000 */
+	programFile = Buffer ((BYTE *)dataf, info.size);
+	if( dataf != NULL ) {
+        free( dataf );
+        dataf = NULL;
+	}
+        tag = Buffer(1, 0xC4);
+        tbsProgramFile = tag + length + programFile;
+        totalLen = tbsProgramFile.size();
+        if( programFile.size() < 128 ) {
+            length = Buffer(1, programFile.size());
+        } else if( programFile.size() <= 255 ) {
+            length = Buffer(2, 0);
+            ((BYTE*)length)[0] = 0x81;
+	    ((BYTE*)length)[1] = programFile.size();
+	} else {
+            length = Buffer(3, 0);
+            ((BYTE*)length)[0] = 0x82;
+            ((BYTE*)length)[1] = (programFile.size() >> 8) & 0xff;
+            ((BYTE*)length)[2] = programFile.size() & 0xff;
+        }
+        tbsProgramFile = tag + length + programFile;
+        totalLen = tbsProgramFile.size();
+
+	size_to_send = totalLen;
+	if (security_level == SECURE_MSG_MAC_ENC) {
+	  // need leave room for possible encryption padding
+	  block_size = x_blocksize - 0x10;
+	} else {
+	  block_size = x_blocksize - 8;
+	}
+
+	// rough number is good enough
+	num_loops = size_to_send / block_size;
+	progress_block_size = (float) (end_progress - start_progress) / num_loops;
+
+	count = 0;
+	refControl = 0x00; // intermediate block
+	do {
+		if (size_to_send < block_size) {
+			block_size = size_to_send;
+			// last block		
+			refControl = 0x80;
+		}
+		if (size_to_send - block_size == 0) {
+			// last block		
+			refControl = 0x80;
+		}
+		Buffer d = tbsProgramFile.substr(totalLen - size_to_send, block_size);
+                channel->LoadFile(session, (BYTE)refControl, (BYTE)count,  &d);
+
+		size_to_send -= block_size;
+
+		// send status update to the client
+		if (extensions != NULL && 
+		    extensions->GetValue("statusUpdate") != NULL) {
+		  StatusUpdate(session, 
+			start_progress + (count * progress_block_size) /* progress */, 
+			"PROGRESS_APPLET_BLOCK");
+		}
+		count++;
+	} while (size_to_send > 0);
+
+
+	/* Install Applet - Install applet instance */
+        channel->InstallApplet(session, 
+			*NetKeyPAID,
+			*NetKeyAID,
+			0 /* appPrivileges */,
+			instance_size /* instanceSize */);
+
+	/* Select File - Select 627601ff000000 */
+        SelectApplet(session, 0x04, 0x00, NetKeyAID);
+
+	rc = 1;
+loser:
+    if( NetKeyAID != NULL ) {
+        delete NetKeyAID;
+        NetKeyAID = NULL;
+    }
+    if( OldAAID != NULL ) {
+        delete OldAAID;
+        OldAAID = NULL;
+    }
+    if( OldPAID != NULL ) {
+        delete OldPAID;
+        OldPAID = NULL;
+    }
+    if( NetKeyPAID != NULL ) {
+        delete NetKeyPAID;
+        NetKeyPAID = NULL;
+    }
+    if( PIN != NULL ) {
+        delete PIN;
+        PIN = NULL;
+    }
+    if( channel != NULL ) {
+        delete channel;
+        channel = NULL;
+    }
+    if( dataf != NULL ) {
+        free( dataf );
+        dataf = NULL;
+    }
+
+	return rc;
+}
+
+char *RA_Processor::MapPattern(NameValueSet *nv, char *pattern)
+{
+        int i=0,x=0,j=0,z=0;
+        unsigned int q = 0;
+        char token[4096];
+        char result[4096];
+	char *value;
+
+	if (pattern == NULL)
+		return NULL;
+        i = strlen(pattern);
+        for (x = 0; x < i; x++) {
+                if (pattern[x] == '$') {
+                  if (pattern[x+1] == '$') {
+                        result[z] = pattern[x];
+			z++;
+                        x++;
+                  } else {
+                          x++;
+                          j = 0;
+                          while (pattern[x] != '$') {
+                                  token[j] = pattern[x];
+                                  j++;
+                                  x++;
+                          }
+                          token[j] = '\0';
+			  value = nv->GetValue(token);
+			  if (value != NULL) {
+                             for (q = 0; q < strlen(value); q++) {
+                                 result[z] = value[q];
+				 z++;
+			     }
+
+			  }
+                  }
+                } else {
+                        result[z] = pattern[x];
+			z++;
+                }
+        }
+	result[z] = '\0';
+
+	return PL_strdup(result);
+}
+
+int RA_Processor::FormatMuscleApplet(RA_Session *session,
+        unsigned short memSize,
+        Buffer &PIN0, BYTE pin0Tries,
+        Buffer &unblockPIN0, BYTE unblock0Tries,
+        Buffer &PIN1, BYTE pin1Tries,
+        Buffer &unblockPIN1, BYTE unblock1Tries,
+        unsigned short objCreationPermissions,
+        unsigned short keyCreationPermissions,
+        unsigned short pinCreationPermissions)
+{   
+    int rc = 0;
+    APDU_Response *format_response = NULL;
+    RA_Token_PDU_Request_Msg *format_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *format_response_msg = NULL;
+    Format_Muscle_Applet_APDU *format_apdu = NULL;
+    // Buffer *mac = NULL;
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::FormatMuscle",
+        "RA_Processor::FormatMuscle");
+
+    format_apdu = new Format_Muscle_Applet_APDU(memSize, PIN0, pin0Tries,
+                                unblockPIN0, unblock0Tries,
+                                PIN1, pin1Tries,
+                                unblockPIN1, unblock1Tries,
+                                objCreationPermissions,
+                                keyCreationPermissions,
+                                pinCreationPermissions);
+    format_request_msg =
+        new RA_Token_PDU_Request_Msg(format_apdu);
+    session->WriteMsg(format_request_msg);
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::FormatMuscle",
+        "Sent format_request_msg");
+
+    format_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (format_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::FormatMuscle",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (format_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "RA_Processor::FormatMuscle", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    format_response = format_response_msg->GetResponse();
+    if (!(format_response->GetSW1() == 0x90 && 
+        format_response->GetSW2() == 0x00)) {
+    	RA::Error(LL_PER_PDU, "RA_Processor::FormatMuscle",
+            "Bad Response");
+	goto loser;
+    }
+    rc = 1;
+
+loser:
+    if( format_request_msg != NULL ) {
+        delete format_request_msg;
+        format_request_msg = NULL;
+    }
+    if( format_response_msg != NULL ) {
+        delete format_response_msg;
+        format_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+/**
+ * Determine the Token Type. The user can set up mapping rules in the 
+ * config file which allow different operations depending on the
+ * CUID, applet version, ATR, etc.
+ */
+bool RA_Processor::GetTokenType(const char *prefix, int major_version, int minor_version, const char *cuid, const char *msn, NameValueSet *extensions, 
+	RA_Status &o_status /* out */, const char *&o_tokenType /* out */)
+{
+	const char *e_tokenATR = NULL;
+	const char *tokenATR = NULL;
+	const char *e_tokenType = NULL;
+	const char *tokenType = NULL;
+	const char *tokenCUIDStart = NULL;
+	const char *tokenCUIDEnd = NULL;
+	const char *targetTokenType = NULL;
+	const char *majorVersion = NULL;
+	const char *minorVersion = NULL;
+	const char *order = NULL;
+	char *order_x = NULL;
+	const char *mappingId = NULL;
+	char configname[256];
+	int start_pos = 0, done = 0;
+	unsigned int end_pos = 0;
+	const char *cuid_x = NULL;
+
+	cuid_x = cuid;
+
+	sprintf(configname, "%s.mapping.order", prefix);
+	order = RA::GetConfigStore()->GetConfigAsString(configname);
+	if (order == NULL) {
+		RA::Error("RA_Processor::GetTokenType", "Token type is not found");
+    	o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_NOT_FOUND;
+		RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType", 
+				"cannot find config ", configname);
+		return false; /* no mapping found */
+	}
+
+	RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType",
+			"Starting:");
+	order_x = PL_strdup(order);
+
+	start_pos = 0;
+	end_pos = 0;
+	done = 0;
+	while (1) 
+	{
+		if (done) {
+			break;
+		}
+		end_pos = start_pos;
+		while ((end_pos < strlen(order)) && (order_x[end_pos] != ',')) {
+			end_pos++;
+		}
+		if (end_pos < strlen(order)) {
+			order_x[end_pos] = '\0';
+			done = 0;
+		} else {
+			done = 1;
+		}
+		mappingId = &order_x[start_pos];
+		RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType", 
+				"mappingId='%s'", mappingId);
+
+		start_pos = end_pos + 1;
+
+		sprintf(configname, "%s.mapping.%s.target.tokenType", prefix, 
+				mappingId);
+		targetTokenType = RA::GetConfigStore()->GetConfigAsString(configname);
+
+
+		if (targetTokenType == NULL) {
+			break;
+		}
+		sprintf(configname, "%s.mapping.%s.filter.tokenType", prefix, 
+				mappingId);
+		tokenType = RA::GetConfigStore()->GetConfigAsString(configname);
+
+		RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType",
+				"tokenType: %s",tokenType);
+
+		if (tokenType != NULL && strlen(tokenType) > 0) {
+			if (extensions == NULL) {
+				continue; /* mapping not matched, next mapping */
+			}
+			e_tokenType = extensions->GetValue("tokenType");
+			if (e_tokenType == NULL) {
+				continue; /* mapping not matched, next mapping */
+			}
+			if (strcmp(tokenType, e_tokenType) != 0) {
+				continue; /* mapping not matched, next mapping */
+			}
+		}
+		sprintf(configname, "%s.mapping.%s.filter.tokenATR", prefix, 
+				mappingId);
+		tokenATR = RA::GetConfigStore()->GetConfigAsString(configname);
+		if (tokenATR != NULL && strlen(tokenATR) > 0) {
+			if (extensions == NULL) {
+				continue; /* mapping not matched, next mapping */
+			}
+			e_tokenATR = extensions->GetValue("tokenATR");
+			if (e_tokenATR == NULL) {
+				continue; /* mapping not matched, next mapping */
+			}
+			if (strcmp(tokenATR, e_tokenATR) != 0) {
+				continue; /* mapping not matched, next mapping */
+			}
+		}
+		sprintf(configname, "%s.mapping.%s.filter.tokenCUID.start", prefix, 
+				mappingId);
+		tokenCUIDStart = RA::GetConfigStore()->GetConfigAsString(configname);
+		if (tokenCUIDStart != NULL && strlen(tokenCUIDStart) > 0) {
+			if (cuid_x == NULL) {
+				continue; /* mapping not matched, next mapping */
+			}
+			RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType", 
+					"cuid_x=%s tokenCUIDStart=%s %d", cuid_x, tokenCUIDStart, 
+					PL_strcasecmp(cuid_x, tokenCUIDStart));
+
+			if(strlen(tokenCUIDStart) != 20)
+			{
+				RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType",
+						"Invalid tokenCUIDStart: %s",tokenCUIDStart);
+				continue;
+			}
+
+			char *pend = NULL;
+			strtol((const char *) tokenCUIDStart, &pend, 16);
+
+			if(*pend != '\0')
+			{
+				RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType",
+						"Invalid tokenCUIDStart: %s",tokenCUIDStart);
+
+				continue;
+			}
+
+			if (PL_strcasecmp(cuid_x, tokenCUIDStart) < 0) {
+				continue; /* mapping not matched, next mapping */
+			}
+		}
+		sprintf(configname, "%s.mapping.%s.filter.tokenCUID.end", prefix, 
+				mappingId);
+		tokenCUIDEnd = RA::GetConfigStore()->GetConfigAsString(configname);
+		if (tokenCUIDEnd != NULL && strlen(tokenCUIDEnd) > 0) {
+			if (cuid_x == NULL) {
+				continue; /* mapping not matched, next mapping */
+			}
+			RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType", 
+					"cuid_x=%s tokenCUIDEnd=%s %d", cuid_x, tokenCUIDEnd, 
+					PL_strcasecmp(cuid_x, tokenCUIDEnd));
+
+			if(strlen(tokenCUIDEnd) != 20)
+			{
+				RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType",
+						"Invalid tokenCUIDEnd: %s",tokenCUIDEnd);
+				continue;
+			}
+
+			char *pend = NULL;
+			strtol((const char *) tokenCUIDEnd, &pend, 16);
+
+			if(*pend != '\0')
+			{
+
+				RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType",
+						"Invalid tokenCUIDEnd: %s",tokenCUIDEnd);
+
+				continue;
+			}
+
+			if (PL_strcasecmp(cuid_x, tokenCUIDEnd) > 0) {
+				continue; /* mapping not matched, next mapping */
+			}
+		}
+		sprintf(configname, "%s.mapping.%s.filter.appletMajorVersion", 
+				prefix, mappingId);
+		majorVersion = RA::GetConfigStore()->GetConfigAsString(configname);
+		if (majorVersion != NULL && strlen(majorVersion) > 0) {
+			if (major_version != atoi(majorVersion)) {
+				continue; /* mapping not matched, next mapping */
+			}
+		}
+		sprintf(configname, "%s.mapping.%s.filter.appletMinorVersion", 
+				prefix, mappingId);
+		minorVersion = RA::GetConfigStore()->GetConfigAsString(configname);
+		if (minorVersion != NULL && strlen(minorVersion) > 0) {
+			if (minor_version != atoi(minorVersion)) {
+				continue; /* mapping not matched, next mapping */
+			}
+		}
+
+		if( order_x != NULL ) {
+			PL_strfree( order_x );
+			order_x = NULL;
+		}
+	    RA::Debug("RA_Processor::GetTokenType",
+                        "Selected Token type is '%s'", targetTokenType);
+		o_tokenType = targetTokenType;
+		return true;
+	}
+
+
+	if( order_x != NULL ) {
+		PL_strfree( order_x );
+		order_x = NULL;
+	}
+	RA::Error("RA_Processor::GetTokenType", "Token type is not found");
+    o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_NOT_FOUND;
+	
+	return false;
+}
+
+int RA_Processor::SelectCardManager(RA_Session *session, char *prefix, char *tokenType)
+{
+    char configname[256];
+    PR_snprintf((char *)configname, 256, "%s.%s.cardmgr_instance", prefix, tokenType);
+    const char *cardmgr_instance = 
+          RA::GetConfigStore()->GetConfigAsString(configname);
+    Buffer *CardManagerAID = RA::GetConfigStore()->GetConfigAsBuffer(
+           cardmgr_instance, RA::CFG_DEF_CARDMGR_INSTANCE_AID);
+    return SelectApplet(session, 0x04, 0x00, CardManagerAID);
+}
+
+/**
+ * GetData  
+ */
+Buffer *RA_Processor::GetData(RA_Session *session)
+{
+    Buffer data;
+    Buffer *status = NULL;
+    APDU_Response *get_data_response = NULL;
+    RA_Token_PDU_Request_Msg *get_data_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *get_data_response_msg = NULL;
+    Get_Data_APDU *get_data_apdu = NULL;
+    Buffer get_status_data;
+
+    get_data_apdu =
+        new Get_Data_APDU();
+    get_data_request_msg =
+        new RA_Token_PDU_Request_Msg(get_data_apdu);
+    session->WriteMsg(get_data_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::GetData",
+        "Sent get_data_request_msg");
+
+    get_data_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (get_data_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::GetData",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (get_data_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "RA_Processor::GetData", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    get_data_response =
+        get_data_response_msg->GetResponse();
+    if (get_data_response == NULL) { 
+	   RA::Error(LL_PER_PDU, "Secure_Channel::GetData", 
+		"No Response From Token");
+           goto loser;
+    }
+    data = get_data_response->GetData();
+
+    if (!(get_data_response->GetSW1() == 0x90 && 
+        get_data_response->GetSW2() == 0x00)) {
+    	RA::Error(LL_PER_PDU, "RA_Processor::GetData",
+            "Bad Response");
+	goto loser;
+    }
+
+    status = new Buffer(data.substr(0, data.size()));
+
+loser:
+
+    if( get_data_request_msg != NULL ) {
+        delete get_data_request_msg;
+        get_data_request_msg = NULL;
+    }
+    if( get_data_response_msg != NULL ) {
+        delete get_data_response_msg;
+        get_data_response_msg = NULL;
+    }
+
+    return status;
+}
+
+Buffer *RA_Processor::ListObjects(RA_Session *session, BYTE seq)
+{
+    Buffer data;
+    Buffer *status = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *request_msg = NULL;
+    RA_Token_PDU_Response_Msg *response_msg = NULL;
+    List_Objects_APDU *list_objects_apdu = NULL;
+    Buffer get_status_data;
+
+    list_objects_apdu =
+        new List_Objects_APDU(seq);
+    request_msg =
+        new RA_Token_PDU_Request_Msg(list_objects_apdu);
+    session->WriteMsg(request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::ListObjects",
+        "Sent request_msg");
+
+    response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::ListObjects",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "RA_Processor::ListObjects", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    response = response_msg->GetResponse();
+    if (response == NULL) { 
+	   RA::Error(LL_PER_PDU, "Secure_Channel::ListObjects", 
+		"No Response From Token");
+           goto loser;
+    }
+
+    if (!(response->GetSW1() == 0x90 && 
+        response->GetSW2() == 0x00)) {
+  //  	RA::Error(LL_PER_PDU, "RA_Processor::ListObjects",
+  //         "Bad Response");
+	goto loser;
+    }
+
+    data = response->GetData();
+
+    status = new Buffer(data.substr(0, data.size()));
+
+loser:
+
+    if( request_msg != NULL ) {
+        delete request_msg;
+        request_msg = NULL;
+    }
+    if( response_msg != NULL ) {
+        delete response_msg;
+        response_msg = NULL;
+    }
+
+    return status;
+}
+
+/**
+ * GetStatus  
+ */
+Buffer *RA_Processor::GetStatus(RA_Session *session, BYTE p1, BYTE p2)
+{
+    Buffer data;
+    Buffer *status = NULL;
+    APDU_Response *get_status_response = NULL;
+    RA_Token_PDU_Request_Msg *get_status_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *get_status_response_msg = NULL;
+    Get_Status_APDU *get_status_apdu = NULL;
+    Buffer get_status_data;
+
+    get_status_apdu =
+        new Get_Status_APDU();
+    get_status_request_msg =
+        new RA_Token_PDU_Request_Msg(get_status_apdu);
+    session->WriteMsg(get_status_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::GetStatus",
+        "Sent get_status_request_msg");
+
+    get_status_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (get_status_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::GetStatus",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (get_status_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "RA_Processor::GetStatus", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    get_status_response =
+        get_status_response_msg->GetResponse();
+    if (get_status_response == NULL) { 
+	   RA::Error(LL_PER_PDU, "Secure_Channel::GetStatus", 
+		"No Response From Token");
+           goto loser;
+    }
+    data = get_status_response->GetData();
+
+    if (!(get_status_response->GetSW1() == 0x90 && 
+        get_status_response->GetSW2() == 0x00)) {
+    	RA::Error(LL_PER_PDU, "RA_Processor::GetStatus",
+            "Bad Response");
+	goto loser;
+    }
+
+    status = new Buffer(data.substr(0, data.size()));
+
+loser:
+
+    if( get_status_request_msg != NULL ) {
+        delete get_status_request_msg;
+        get_status_request_msg = NULL;
+    }
+    if( get_status_response_msg != NULL ) {
+        delete get_status_response_msg;
+        get_status_response_msg = NULL;
+    }
+
+    return status;
+}
+
+int RA_Processor::CreatePin(RA_Session *session, BYTE pin_number, 
+		BYTE max_retries, char *pin)
+{
+    int rc = -1;
+    Create_Pin_APDU *create_pin_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+
+    RA::Debug("Secure_Channel::IsPinPresent",
+        "Secure_Channel::IsPinPresent");
+    Buffer pin_buffer = Buffer((BYTE*)pin, strlen(pin));
+    create_pin_apdu = new Create_Pin_APDU(pin_number, max_retries, 
+		    pin_buffer);
+
+    /*
+    mac = ComputeAPDUMac(set_pin_apdu);
+    set_pin_apdu->SetMAC(*mac);
+    */
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        create_pin_apdu);
+    session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::CreatePin",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::CreatePin",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "RA_Processor::CreatePin", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::CreatePin",
+            "No Response From Token");
+        goto loser;
+    }
+
+    rc = 1;
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+}
+int RA_Processor::IsPinPresent(RA_Session *session, BYTE pin_number)
+{
+    int rc = -1;
+    Buffer data;
+    List_Pins_APDU *list_pins_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+
+    RA::Debug("Secure_Channel::IsPinPresent",
+        "Secure_Channel::IsPinPresent");
+    list_pins_apdu = new List_Pins_APDU(2);
+
+    /*
+    mac = ComputeAPDUMac(set_pin_apdu);
+    set_pin_apdu->SetMAC(*mac);
+    */
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        list_pins_apdu);
+    session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::IsPinPresent",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::IsPinReset",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "RA_Processor::IsPinReset", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::IsPinReset",
+            "No Response From Token");
+        goto loser;
+    }
+    data = response->GetData();
+    if (data.size() < 2) { 
+  	RA::Error(LL_PER_PDU, "Secure_Channel::IsPinReset", 
+		"Invalid Response From Token");
+          goto loser;
+    }
+
+    if (pin_number < 8) {
+       rc = ((((BYTE*)data)[1] & (1 << pin_number)) > 0);
+    } else {
+       rc = ((((BYTE*)data)[0] & (1 << (pin_number - 8))) > 0);
+    }
+
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+/**
+ * Select applet.
+ *
+ * Global Platform Open Platform Card Specification 
+ * Version 2.0.1 Page 9-22
+ *
+ * Sample Data:
+ *
+ * _____________ CLA
+ * |  __________ INS
+ * |  |  _______ P1
+ * |  |  |  ____ P2
+ * |  |  |  |  _ Len
+ * |  |  |  |  |
+ * 00 A4 04 00 07
+ * 53 4C 42 47 49 4E 41
+ */
+int RA_Processor::SelectApplet(RA_Session *session, BYTE p1, BYTE p2, Buffer *aid)
+{
+    int rc = 0;
+    APDU_Response *select_response = NULL;
+    RA_Token_PDU_Request_Msg *select_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *select_response_msg = NULL;
+    Select_APDU *select_apdu = NULL;
+
+    if (aid != NULL) {
+      RA::DebugBuffer(LL_PER_PDU, "RA_Processor::SelectApplet",
+		      "RA_Processor::SelectApplet with aid= ", aid);
+    }
+
+    select_apdu = new Select_APDU(p1, p2, *aid);
+    select_request_msg =
+        new RA_Token_PDU_Request_Msg(select_apdu);
+    session->WriteMsg(select_request_msg);
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::SelectApplet",
+        "Sent select_request_msg");
+
+    select_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (select_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::SelectApplet",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (select_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "Secure_Channel::SelectApplet", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    select_response = select_response_msg->GetResponse();
+    if (select_response == NULL) { 
+	   RA::Error(LL_PER_PDU, "Secure_Channel::SelectApplet", 
+		"No Response From Token");
+           goto loser;
+    }
+    if (select_response->GetData().size() < 2) { 
+  	RA::Error(LL_PER_PDU, "Secure_Channel::SelectApplet", 
+		"Invalid Response From Token");
+          goto loser;
+    }
+    if (!(select_response->GetSW1() == 0x90 && 
+        select_response->GetSW2() == 0x00)) {
+    	RA::Error(LL_PER_PDU, "RA_Processor::SelectApplet",
+            "Bad Response");
+	goto loser;
+    }
+
+
+loser:
+    if( select_request_msg != NULL ) {
+        delete select_request_msg;
+        select_request_msg = NULL;
+    }
+    if( select_response_msg != NULL ) {
+        delete select_response_msg;
+        select_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+/**
+ * Get Build ID from Net Key Applet.
+ * @returns a buffer with 4 bytes of data. This is the applet ID. 
+ *    The caller is responsible for freeing the buffer with 
+ *    the 'delete' operator.
+ */
+Buffer *RA_Processor::GetAppletVersion(RA_Session *session)
+{
+    Buffer data;
+    Buffer *buildID = NULL;
+    APDU_Response *get_version_response = NULL;
+    RA_Token_PDU_Request_Msg *get_version_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *get_version_response_msg = NULL;
+    Get_Version_APDU *get_version_apdu = NULL;
+    Buffer get_version_data;
+
+    get_version_apdu =
+        new Get_Version_APDU();
+    get_version_request_msg =
+        new RA_Token_PDU_Request_Msg(get_version_apdu);
+    session->WriteMsg(get_version_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::GetAppletVersion",
+        "Sent get_version_request_msg");
+
+    get_version_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (get_version_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::GetAppletVersion",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (get_version_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "RA_Processor::GetAppletVersion", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    get_version_response =
+        get_version_response_msg->GetResponse();
+    if (get_version_response == NULL) { 
+	   RA::Error(LL_PER_PDU, "Secure_Channel::GetAppletVersion", 
+		"No Response From Token");
+           goto loser;
+    }
+    data = get_version_response->GetData();
+    if (!(get_version_response->GetSW1() == 0x90 && 
+        get_version_response->GetSW2() == 0x00)) {
+    	RA::Error(LL_PER_PDU, "RA_Processor::GetAppletVersion",
+            "Bad Response");
+	goto loser;
+    }
+
+    /* Sample: 3FBAB4BF9000 */
+    if (data.size() != 6) {
+	   RA::Error(LL_PER_PDU, "Secure_Channel::GetAppletVersion", 
+		"Invalid Applet Version");
+	    goto loser;
+    }
+
+    buildID = new Buffer(data.substr(0, 4));
+
+/*
+    buildID = (get_version_data[0] << 24) | (get_version_data[1] << 16) |
+	      (get_version_data[2] << 8) | get_version_data[3];
+
+*/ 
+
+loser:
+
+    if( get_version_request_msg != NULL ) {
+        delete get_version_request_msg;
+        get_version_request_msg = NULL;
+    }
+    if( get_version_response_msg != NULL ) {
+        delete get_version_response_msg;
+        get_version_response_msg = NULL;
+    }
+    return buildID;
+}
+
+/*
+ * this one sets the security level
+ */
+Secure_Channel *RA_Processor::SetupSecureChannel(RA_Session *session, 
+     BYTE key_version, BYTE key_index, SecurityLevel security_level,
+     const char *connId)
+{
+    Secure_Channel *channel = SetupSecureChannel(session, key_version, key_index, connId);
+    RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel","Resetting security level ...");
+
+    /* Bugscape Bug #55774: Prevent NetKey RA from crashing . . . */
+    if( channel != NULL ) {
+        channel->SetSecurityLevel(security_level);
+    } else {
+        RA::Error( LL_PER_PDU, "RA_Processor::SetupSecureChannel", "%s %s",
+			       "Failed to create a secure channel - potentially due to an",
+                   "RA/TKS key mismatch or differing RA/TKS key versions." );
+    }
+    return channel;
+  
+}
+
+int RA_Processor::InitializeUpdate(RA_Session *session, 
+     BYTE key_version, BYTE key_index, 
+     Buffer &key_diversification_data,
+     Buffer &key_info_data,
+     Buffer &card_challenge,
+     Buffer &card_cryptogram,
+     Buffer &host_challenge)
+{
+    int rc = -1;
+    APDU_Response *initialize_update_response = NULL;
+    RA_Token_PDU_Request_Msg *initialize_update_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *initialize_update_response_msg = NULL;
+    Initialize_Update_APDU *initialize_update_apdu = NULL;
+    Buffer update_response_data;
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+        "RA_Processor::InitializeUpdate");
+
+    if (Util::GetRandomChallenge(host_challenge) != PR_SUCCESS)
+    {
+        RA::Debug(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+            "Failed to generate host challenge");
+        goto loser;
+    }
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+        "Generated Host Challenge",
+        &host_challenge);
+
+    initialize_update_apdu =
+        new Initialize_Update_APDU(key_version, key_index, host_challenge);
+    initialize_update_request_msg =
+        new RA_Token_PDU_Request_Msg(initialize_update_apdu);
+    session->WriteMsg(initialize_update_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+        "Sent initialize_update_request_msg");
+
+    initialize_update_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (initialize_update_response_msg == NULL)
+    {
+    	RA::Error(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (initialize_update_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "RA_Processor::InitializeUpdate", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    initialize_update_response =
+        initialize_update_response_msg->GetResponse();
+    update_response_data = initialize_update_response->GetData();
+
+    if (!(initialize_update_response->GetSW1() == 0x90 && 
+        initialize_update_response->GetSW2() == 0x00)) {
+    	RA::Debug(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+            "Key version mismatch - key changeover to follow");
+	goto loser;
+    }
+
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+        "Update Response Data", &update_response_data);
+
+    /**
+     * Initialize Update response:
+     *   Key Diversification Data - 10 bytes
+     *   Key Information Data - 2 bytes
+     *   Card Challenge - 8 bytes
+     *   Card Cryptogram - 8 bytes
+     */
+    if (initialize_update_response->GetData().size() < 10) {
+    	RA::Error(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+            "Invalid Initialize Update Response Size");
+	goto loser;
+    }
+    key_diversification_data = Buffer(update_response_data.substr(0, 10));
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+        "Key Diversification Data", &key_diversification_data);
+    key_info_data = Buffer(update_response_data.substr(10, 2));
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+        "Key Info Data", &key_info_data);
+    card_challenge = Buffer(update_response_data.substr(12, 8));
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+        "Card Challenge", &card_challenge);
+    card_cryptogram = Buffer(update_response_data.substr(20, 8));
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+        "Card Cryptogram", &card_cryptogram);
+
+    rc = 1;
+
+loser:
+    if( initialize_update_request_msg != NULL ) {
+        delete initialize_update_request_msg;
+        initialize_update_request_msg = NULL;
+    }
+    if( initialize_update_response_msg != NULL ) {
+        delete initialize_update_response_msg;
+        initialize_update_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+/**
+ * Setup secure channel between RA and the token.
+ */
+Secure_Channel *RA_Processor::SetupSecureChannel(RA_Session *session, 
+     BYTE key_version, BYTE key_index, const char *connId)
+{
+    Secure_Channel *channel = NULL;
+    APDU_Response *initialize_update_response = NULL;
+    RA_Token_PDU_Request_Msg *initialize_update_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *initialize_update_response_msg = NULL;
+    Initialize_Update_APDU *initialize_update_apdu = NULL;
+    Buffer update_response_data;
+    Buffer host_challenge = Buffer(8, (BYTE)0);
+    Buffer key_diversification_data;
+    Buffer key_info_data;
+    Buffer card_challenge;
+    Buffer card_cryptogram;
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+        "RA_Processor::Setup_Secure_Channel");
+
+    if (Util::GetRandomChallenge(host_challenge) != PR_SUCCESS)
+    {
+        RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+            "Failed to generate host challenge");
+        goto loser;
+    }
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+        "Generated Host Challenge",
+        &host_challenge);
+
+    initialize_update_apdu =
+        new Initialize_Update_APDU(key_version, key_index, host_challenge);
+    initialize_update_request_msg =
+        new RA_Token_PDU_Request_Msg(initialize_update_apdu);
+    session->WriteMsg(initialize_update_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+        "Sent initialize_update_request_msg");
+
+    initialize_update_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (initialize_update_response_msg == NULL)
+    {
+    	RA::Error(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (initialize_update_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    initialize_update_response =
+        initialize_update_response_msg->GetResponse();
+    update_response_data = initialize_update_response->GetData();
+
+    if (!(initialize_update_response->GetSW1() == 0x90 && 
+        initialize_update_response->GetSW2() == 0x00)) {
+    	RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+            "Key version mismatch - key changeover to follow");
+	goto loser;
+    }
+
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+        "Update Response Data", &update_response_data);
+
+    /**
+     * Initialize Update response:
+     *   Key Diversification Data - 10 bytes
+     *   Key Information Data - 2 bytes
+     *   Card Challenge - 8 bytes
+     *   Card Cryptogram - 8 bytes
+     */
+    if (initialize_update_response->GetData().size() < 28) {
+    	RA::Error(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+            "Invalid Initialize Update Response Size");
+	goto loser;
+    }
+    key_diversification_data = Buffer(update_response_data.substr(0, 10));
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+        "Key Diversification Data", &key_diversification_data);
+    key_info_data = Buffer(update_response_data.substr(10, 2));
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+        "Key Info Data", &key_info_data);
+    card_challenge = Buffer(update_response_data.substr(12, 8));
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+        "Card Challenge", &card_challenge);
+    card_cryptogram = Buffer(update_response_data.substr(20, 8));
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+        "Card Cryptogram", &card_cryptogram);
+
+    channel = GenerateSecureChannel(
+        session, connId,
+        key_diversification_data,
+        key_info_data,
+        card_challenge,
+        card_cryptogram,
+        host_challenge);
+
+loser:
+    if( initialize_update_request_msg != NULL ) {
+        delete initialize_update_request_msg;
+        initialize_update_request_msg = NULL;
+    }
+    if( initialize_update_response_msg != NULL ) {
+        delete initialize_update_response_msg;
+        initialize_update_response_msg = NULL;
+    }
+
+    return channel;
+} /* SetupSecureChannel */
+
+/**
+ * Requests secure ID.
+ */
+SecureId *RA_Processor::RequestSecureId(RA_Session *session)
+{
+    SecureId *secure_id = NULL;
+    RA_SecureId_Request_Msg *secureid_request_msg = NULL;
+    RA_SecureId_Response_Msg *secureid_response_msg = NULL;
+    char *value;
+    char *pin;
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::SecureId_Request",
+        "RA_Processor::SecureId_Request");
+
+    secureid_request_msg = new RA_SecureId_Request_Msg(
+        0 /* pin_required */, 0 /* next_value */);
+    session->WriteMsg(secureid_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::SecureId_Request",
+        "Sent secureid_request_msg");
+
+    secureid_response_msg = (RA_SecureId_Response_Msg *)
+        session->ReadMsg();
+    if (secureid_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::SecureId_Request",
+            "No SecureID Response Msg Received");
+        goto loser;
+    }
+
+    if (secureid_response_msg->GetType() != MSG_SECUREID_RESPONSE) {
+            RA::Error("Secure_Channel::SecureId_Request",
+            "Invalid Msg Type");
+            goto loser;
+    }
+
+    value = secureid_response_msg->GetValue();
+    pin = secureid_response_msg->GetPIN();
+
+    secure_id = new SecureId(value, pin);
+
+loser:
+
+    if( secureid_request_msg != NULL ) {
+        delete secureid_request_msg;
+        secureid_request_msg = NULL;
+    }
+    if( secureid_response_msg != NULL ) {
+        delete secureid_response_msg;
+        secureid_response_msg = NULL;
+    }
+    return secure_id;
+} /* RequestSecureId */
+
+/**
+ * Requests new pin for token.
+ */
+char *RA_Processor::RequestNewPin(RA_Session *session, unsigned int min, unsigned int max)
+{
+    char *new_pin = NULL;
+    RA_New_Pin_Request_Msg *new_pin_request_msg = NULL;
+    RA_New_Pin_Response_Msg *new_pin_response_msg = NULL;
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::New_Pin_Request",
+        "RA_Processor::New_Pin_Request");
+
+    new_pin_request_msg = new RA_New_Pin_Request_Msg(
+        min, max);
+    session->WriteMsg(new_pin_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::New_Pin_Request",
+        "Sent new_pin_request_msg");
+
+    new_pin_response_msg = (RA_New_Pin_Response_Msg *)
+        session->ReadMsg();
+    if (new_pin_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::New_Pin_Request",
+            "No New Pin Response Msg Received");
+        goto loser;
+    }
+
+    if (new_pin_response_msg->GetType() != MSG_NEW_PIN_RESPONSE) {
+        RA::Error(LL_PER_PDU, "RA_Processor::New_Pin_Request",
+            "Invalid Message Type");
+        goto loser;
+    }
+
+    if (new_pin_response_msg->GetNewPIN() == NULL) {
+        RA::Error(LL_PER_PDU, "RA_Processor::New_Pin_Request",
+            "No New Pin");
+        goto loser;
+    }
+
+    new_pin = PL_strdup(new_pin_response_msg->GetNewPIN());
+
+    if (strlen(new_pin) < min) {
+        RA::Error(LL_PER_PDU, "RA_Pin_Reset_Processor::Process",
+          "The length of the new pin is shorter than the mininum length (%d)", min);
+        if( new_pin != NULL ) {
+            PL_strfree( new_pin );
+            new_pin = NULL;
+        }
+        new_pin = NULL;
+        goto loser;
+    } else if (strlen(new_pin) > max) {
+        RA::Error(LL_PER_PDU, "RA_Pin_Reset_Processor::Process",
+          "The length of the new pin is longer than the maximum length (%d)", max);
+        if( new_pin != NULL ) {
+            PL_strfree( new_pin );
+            new_pin = NULL;
+        }
+        new_pin = NULL;
+        goto loser;
+    }
+
+loser:
+
+    if( new_pin_request_msg != NULL ) {
+        delete new_pin_request_msg;
+        new_pin_request_msg = NULL;
+    }
+    if( new_pin_response_msg != NULL ) {
+        delete new_pin_response_msg;
+        new_pin_response_msg = NULL;
+    }
+
+    return new_pin;
+} /* RequestNewPin */
+
+/**
+ * Requests A Security Question (ASQ) from user.
+ */
+char *RA_Processor::RequestASQ(RA_Session *session, char *question)
+{
+    char *answer = NULL;
+    RA_ASQ_Request_Msg *asq_request_msg = NULL;
+    RA_ASQ_Response_Msg *asq_response_msg = NULL;
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::ASQ_Request",
+        "RA_Processor::ASQ_Request");
+
+    asq_request_msg = new RA_ASQ_Request_Msg(question);
+    session->WriteMsg(asq_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::ASQ_Request",
+        "Sent asq_request_msg");
+
+    asq_response_msg = (RA_ASQ_Response_Msg *)
+        session->ReadMsg();
+    if (asq_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::ASQ_Request",
+            "No ASQ Response Msg Received");
+        goto loser;
+    }
+    if (asq_response_msg->GetType() != MSG_ASQ_RESPONSE) {
+        RA::Error(LL_PER_PDU, "RA_Processor::ASQ_Request",
+            "Invalid Message Type");
+        goto loser;
+    }
+
+    if (asq_response_msg->GetAnswer() == NULL) {
+        RA::Error(LL_PER_PDU, "RA_Processor::ASQ_Request",
+            "No ASQ Answer");
+        goto loser;
+    }
+    answer = PL_strdup(asq_response_msg->GetAnswer());
+
+loser:
+    if( asq_request_msg != NULL ) {
+        delete asq_request_msg;
+        asq_request_msg = NULL;
+    }
+    if( asq_response_msg != NULL ) {
+        delete asq_response_msg;
+        asq_response_msg = NULL;
+    }
+
+    return answer;
+} /* RequestASQ */
+
+/**
+ * Creates a secure channel between RA and the token.
+ * challenges are sent to TKS which generates
+ * host cryptogram, and session key.
+ */
+Secure_Channel *RA_Processor::GenerateSecureChannel(
+    RA_Session *session, const char *connId,
+    Buffer &key_diversification_data, /* CUID */
+    Buffer &key_info_data,
+    Buffer &card_challenge,
+    Buffer &card_cryptogram,
+    Buffer &host_challenge)
+{
+    PK11SymKey *session_key = NULL;
+    Buffer *host_cryptogram = NULL;
+    char configname[256];
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+        "RA_Processor::GenerateSecureChannel");
+
+    PK11SymKey *enc_session_key = NULL;
+
+
+    // desKey_s will be assigned to channel and will be destroyed when channel closed
+    char *drm_desKey_s = NULL;
+    char *kek_desKey_s = NULL;
+    char *keycheck_s = NULL;
+
+    session_key = RA::ComputeSessionKey(session, key_diversification_data, 
+                                        key_info_data, card_challenge,
+                                        host_challenge, &host_cryptogram, 
+		                                card_cryptogram, &enc_session_key,
+                                        &drm_desKey_s, &kek_desKey_s,
+                                        &keycheck_s, connId);
+    if (session_key == NULL) {
+      RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+	  "RA_Processor::GenerateSecureChannel - did not get session_key");
+         return NULL;
+    }
+
+    // is serversideKeygen on?
+    PR_snprintf((char *) configname, 256, "conn.%s.serverKeygen", connId);
+    bool serverKeygen = RA::GetConfigStore()->GetConfigAsBool(configname, false);
+
+    if (serverKeygen) {
+      if ((drm_desKey_s == "") || (drm_desKey_s == NULL)) {
+	RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+		  "RA_Processor::GenerateSecureChannel - did not get drm_desKey_s");
+	return NULL;
+      } else {
+	RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+		  "RA_Processor::GenerateSecureChannel - drm_desKey_s = %s", drm_desKey_s);
+      }
+      if ((kek_desKey_s == "") || (kek_desKey_s == NULL)) {
+	RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+		  "RA_Processor::GenerateSecureChannel - did not get kek_desKey_s");
+	return NULL;
+      } else {
+	RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+		  "RA_Processor::GenerateSecureChannel - kek_desKey_s = %s", kek_desKey_s);
+      }
+      if ((keycheck_s == "") || (keycheck_s == NULL)) {
+	RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+		  "RA_Processor::GenerateSecureChannel - did not get keycheck_s");
+	return NULL;
+    }
+
+    if (enc_session_key == NULL) {
+      RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+	  "RA_Processor::GenerateSecureChannel - did not get enc_session_key");
+         return NULL;
+    }
+    if (host_cryptogram == NULL) {
+      RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+	  "RA_Processor::GenerateSecureChannel - did not get host_cryptogram");
+         return NULL;
+      } else {
+	RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+		  "RA_Processor::GenerateSecureChannel - keycheck_s = %s", keycheck_s);
+      }
+    }
+/*
+    host_cryptogram = RA::ComputeHostCryptogram(
+        card_challenge, host_challenge);
+*/
+
+
+    Secure_Channel *channel = new Secure_Channel(session, session_key,
+						 enc_session_key,
+						 drm_desKey_s, kek_desKey_s, keycheck_s,
+        key_diversification_data, key_info_data,
+        card_challenge, card_cryptogram,
+        host_challenge, *host_cryptogram);
+
+    if( host_cryptogram != NULL ) {
+      delete host_cryptogram;
+      host_cryptogram = NULL;
+    }
+
+    if (channel != NULL) {
+        // this can be overridden by individual processor later
+        channel->SetSecurityLevel(RA::GetGlobalSecurityLevel());
+    } else {
+        if( session_key != NULL ) {
+            PK11_FreeSymKey( session_key );
+            session_key = NULL;
+        }
+        if( enc_session_key != NULL ) {
+            PK11_FreeSymKey( enc_session_key );
+            enc_session_key = NULL;
+        }
+
+    }
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::GenerateSecureChannel", "complete");
+    return channel;
+} /* GenerateSecureChannel */
+
+int RA_Processor::CreateKeySetData(Buffer &CUID, Buffer &version, 
+  Buffer &NewMasterVer, Buffer &out, const char *connid)
+{
+    char body[5000];
+    char configname[256];
+    HttpConnection *tksConn = NULL;
+    tksConn = RA::GetTKSConn(connid);
+    if (tksConn == NULL) {
+        RA::Debug(LL_PER_PDU, "RA_Processor::CreateKeySetData", "Failed to get TKSConnection %s", connid);
+        RA::Error(LL_PER_PDU, "RA_Processor::CreateKeySetData", "Failed to get TKSConnection %s", connid);
+        return -1;
+    } else {
+        // PRLock *tks_lock = RA::GetTKSLock();
+        int tks_curr = RA::GetCurrentIndex(tksConn);
+        int currRetries = 0;
+        char *cuid = Util::SpecialURLEncode(CUID);
+        char *versionID = Util::SpecialURLEncode(version);
+        char *masterV = Util::SpecialURLEncode(NewMasterVer);
+
+        PR_snprintf((char *)configname, 256, "conn.%s.keySet", connid);
+        const char *keySet = RA::GetConfigStore()->GetConfigAsString(configname);
+
+        PR_snprintf((char *)body, 5000,
+           "newKeyInfo=%s&CUID=%s&KeyInfo=%s&keySet=%s", masterV, cuid, versionID,keySet);
+
+        PR_snprintf((char *)configname, 256, "conn.%s.servlet.createKeySetData", connid);
+        const char *servletID = RA::GetConfigStore()->GetConfigAsString(configname);
+
+        if( cuid != NULL ) {
+            PR_Free( cuid );
+            cuid = NULL;
+        }
+        if( versionID != NULL ) {
+            PR_Free( versionID );
+            versionID = NULL;
+        }
+        if( masterV != NULL ) {
+            PR_Free( masterV );
+            masterV = NULL;
+        }
+
+        tks_curr = RA::GetCurrentIndex(tksConn);
+
+        PSHttpResponse * response = tksConn->getResponse(tks_curr, servletID, body);
+        ConnectionInfo *connInfo = tksConn->GetFailoverList();
+        char **hostport = connInfo->GetHostPortList();
+
+        if (response == NULL)
+            RA::Debug(LL_PER_PDU, "The CreateKeySetData response from TKS ",
+              "at %s is NULL.", hostport[tks_curr]);
+        else
+            RA::Debug(LL_PER_PDU, "The CreateKeySetData response from TKS ",
+              "at % is not NULL.", hostport[tks_curr]);
+
+        while (response == NULL) {
+            RA::Failover(tksConn, connInfo->GetHostPortListLen());
+            tks_curr = RA::GetCurrentIndex(tksConn);
+
+            RA::Debug(LL_PER_PDU, "RA is reconnecting to TKS ",
+              "at %s for createKeySetData.", hostport[tks_curr]);
+
+            if (++currRetries >= tksConn->GetNumOfRetries()) {
+                RA::Debug(LL_PER_PDU, "Used up all the retries. Response is NULL","");
+                RA::Error(LL_PER_PDU, "RA_Processor::CreateKeySetData","Failed connecting to TKS after %d retries", currRetries);
+                if (tksConn != NULL) {
+                    RA::ReturnTKSConn(tksConn);
+                }
+                return -1;
+            }
+            response = tksConn->getResponse(tks_curr, servletID, body);
+        }
+
+        int status = 0;
+
+        Buffer *keydataset = NULL;
+        if (response != NULL) {
+            RA::Debug(LL_PER_PDU,"Response is not ","NULL");
+            char * content = response->getContent();
+            if (content == NULL) {
+                RA::Debug(LL_PER_PDU,"TKSConnection::CreateKeySetData","Content Is NULL");
+            } else {
+                RA::Debug(LL_PER_PDU,"TKSConnection::CreateKeySetData","Content Is '%s'",
+                                        content);
+            }
+            if (content != NULL) {
+                char *statusStr = strstr((char *)content, "status=0&");
+                if (statusStr == NULL) {
+                    status = 1;
+                    char *p = strstr((char *)content, "status=");
+                    if(p != NULL) {
+                        status = int(p[7]) - 48;
+		    } else {
+			status = 4;
+                        return -1;
+		    }
+                } else {
+                    status = 0;
+                    char *p = &content[9];
+                    char *rcStr = strstr((char *)p, "keySetData=");
+                    if (rcStr != NULL) {
+                        rcStr = &rcStr[11];
+                        if (!strcmp(rcStr, "%00")) {
+                            return -1;
+                        }
+                        keydataset = Util::URLDecode(rcStr);
+                    }
+                }
+            }
+        }
+
+        if (keydataset == NULL)
+        {
+            RA::Debug(LL_PER_PDU, "RA_Processor:CreateKeySetData",
+              "Key Set Data is NULL");
+
+               return -1;
+        }
+
+        RA::Debug(LL_PER_PDU, "RA_Processor:CreateKeySetData", "Status of CreateKeySetData=%d", status);
+        RA::Debug(LL_PER_PDU, "finish CreateKeySetData", "");
+
+        if (status > 0) {
+	    if (tksConn != NULL) {
+                RA::ReturnTKSConn(tksConn);
+	    }
+            return -1;
+	} else {
+            out = *keydataset;
+            if( keydataset != NULL ) {
+                delete keydataset;
+                keydataset = NULL;
+            }
+        }
+
+        if( response != NULL ) {
+            response->freeContent();
+            delete response;
+            response = NULL;
+        }
+
+	if (tksConn != NULL) {
+            RA::ReturnTKSConn(tksConn);
+	}
+        return 1;
+    }
+        BYTE kek_key[] = {
+                0x40, 0x41, 0x42, 0x43,
+                0x44, 0x45, 0x46, 0x47,
+                0x48, 0x49, 0x4a, 0x4b,
+                0x4c, 0x4d, 0x4e, 0x4f
+        };
+        BYTE key[] = {
+                0x40, 0x41, 0x42, 0x43,
+                0x44, 0x45, 0x46, 0x47,
+                0x48, 0x49, 0x4a, 0x4b,
+                0x4c, 0x4d, 0x4e, 0x4f
+        };
+    Buffer old_kek_key(kek_key, 16);
+    Buffer new_auth_key(key, 16);
+    Buffer new_mac_key(key, 16);
+    Buffer new_kek_key(key, 16);
+
+
+        Util::CreateKeySetData(
+             NewMasterVer,
+             old_kek_key,
+             new_auth_key,
+             new_mac_key,
+             new_kek_key,
+             out);
+
+	if (tksConn != NULL) {
+		RA::ReturnTKSConn(tksConn);
+	}
+   return 1;
+}
+
+
+/**
+ * Input data wrapped by KEK key in TKS.
+ */
+int RA_Processor::EncryptData(Buffer &CUID, Buffer &version, Buffer &in, Buffer &out, const char *connid)
+{
+    char body[5000];
+    char configname[256];
+	// khai, here we wrap the input with the KEK key
+	// in TKS
+        HttpConnection *tksConn = NULL;
+        char kek_key[16] = {
+                0x40, 0x41, 0x42, 0x43,
+                0x44, 0x45, 0x46, 0x47,
+                0x48, 0x49, 0x4a, 0x4b,
+                0x4c, 0x4d, 0x4e, 0x4f
+        };
+    int status = 0;
+
+    tksConn = RA::GetTKSConn(connid);
+    if (tksConn == NULL) {
+        RA::Debug(LL_PER_PDU, "RA_Processor::EncryptData", "Failed to get TKSConnection %s", connid);
+        RA::Debug(LL_PER_PDU, "RA_Processor::EncryptData", "Failed to get TKSConnection %s", connid);
+        return -1;
+    } else {
+        int tks_curr = RA::GetCurrentIndex(tksConn);
+        int currRetries = 0;
+        char *data = Util::SpecialURLEncode(in);
+        char *cuid = Util::SpecialURLEncode(CUID);
+        char *versionID = Util::SpecialURLEncode(version);
+
+        PR_snprintf((char *)configname, 256, "conn.%s.keySet", connid);
+        const char *keySet = RA::GetConfigStore()->GetConfigAsString(configname);
+
+        PR_snprintf((char *)body, 5000, "data=%s&CUID=%s&KeyInfo=%s&keySet=%s",
+          data, cuid, versionID,keySet);
+        PR_snprintf((char *)configname, 256, "conn.%s.servlet.encryptData", connid);
+        const char *servletID = RA::GetConfigStore()->GetConfigAsString(configname);
+
+        if( data != NULL ) {
+            PR_Free( data );
+            data = NULL;
+        }
+        if( cuid != NULL ) {
+            PR_Free( cuid );
+            cuid = NULL;
+        }
+        if( versionID != NULL ) {
+            PR_Free( versionID );
+            versionID = NULL;
+        }
+
+        PSHttpResponse *response = tksConn->getResponse(tks_curr, servletID, body);
+        ConnectionInfo *connInfo = tksConn->GetFailoverList();
+        char **hostport = connInfo->GetHostPortList();
+        if (response == NULL)
+            RA::Debug(LL_PER_PDU, "The encryptedData response from TKS ",
+              "at %s is NULL.", hostport[tks_curr]);
+        else
+            RA::Debug(LL_PER_PDU, "The encryptedData response from TKS ",
+              "at %s is not NULL.", hostport[tks_curr]);
+
+        while (response == NULL) {
+            RA::Failover(tksConn, connInfo->GetHostPortListLen());
+            tks_curr = RA::GetCurrentIndex(tksConn);
+            RA::Debug(LL_PER_PDU, "RA is reconnecting to TKS ",
+              "at %s for encryptData.", hostport[tks_curr]);
+
+            if (++currRetries >= tksConn->GetNumOfRetries()) {
+                RA::Debug(LL_PER_PDU, "Used up all the retries. Response is NULL","");
+                RA::Error(LL_PER_PDU, "RA_Processor::EncryptData", "Failed connecting to TKS after %d retries", currRetries);
+                if (tksConn != NULL) {
+		          RA::ReturnTKSConn(tksConn);
+	            }
+                return -1;
+            }
+            response = tksConn->getResponse(tks_curr, servletID, body);
+        }
+
+        Buffer *encryptedData = NULL;
+        status = 0;
+        if (response != NULL) {
+            RA::Debug(LL_PER_PDU, "EncryptData Response is not ","NULL");
+            char *content = response->getContent();
+            if (content != NULL) {
+                char *statusStr = strstr((char *)content, "status=0&");
+                if (statusStr == NULL) {
+                    char *p = strstr((char *)content, "status=");
+
+                    if(p != NULL) {
+                        status = int(p[7]) - 48;
+		    } else {
+			status = 4;
+                        return -1;
+		    }
+                } else {
+                    status = 0;
+                    char *p = &content[9];
+                    char *rcStr = strstr((char *)p, "encryptedData=");
+                    if (rcStr != NULL) {
+                        rcStr = &rcStr[14];
+                        encryptedData = Util::URLDecode(rcStr);
+                    }
+                }
+            }
+        }
+        if (encryptedData == NULL)
+            RA::Debug(LL_PER_PDU, "RA_Processor:GetEncryptedData",
+              "Encrypted Data is NULL");
+
+        RA::Debug(LL_PER_PDU, "EncryptedData ", "status=%d", status);
+        RA::Debug(LL_PER_PDU, "finish EncryptedData", "");
+        if (status > 0 || encryptedData == NULL) {
+            if (tksConn != NULL) {
+                RA::ReturnTKSConn(tksConn);
+	        }
+            return -1;   
+	    } else {
+            out = *encryptedData;
+            if( encryptedData != NULL ) {
+                delete encryptedData;
+                encryptedData = NULL;
+            }
+        }
+        if( response != NULL ) {
+            response->freeContent();
+            delete response;
+            response = NULL;
+        }
+
+        if (tksConn != NULL) {
+            RA::ReturnTKSConn(tksConn);
+	    }
+        return 1;
+    }
+
+	Buffer kek_buffer = Buffer((BYTE*)kek_key, 16);
+	status = Util::EncryptData(kek_buffer, in, out);
+#if 0
+        RA::DebugBuffer(LL_PER_PDU, "RA_Processor::EncryptData", "Encrypted Data",
+		&out);
+        Buffer out1 = Buffer(16, (BYTE)0);
+	status = Util::DecryptData(kek_buffer, out, out1);
+        RA::DebugBuffer(LL_PER_PDU, "RA_Processor::EncryptData", "Clear Data",
+		&out1);
+#endif
+        if (tksConn != NULL) {
+	    RA::ReturnTKSConn(tksConn);
+	}
+	return status;
+}
+
+/**
+ * Process the current session. It does nothing in the base
+ * class.
+ */
+RA_Status RA_Processor::Process(RA_Session *session, NameValueSet *extensions)
+{
+    return STATUS_NO_ERROR;
+} /* Process */
+
diff --git a/pki/base/tps/src/processor/RA_Renew_Processor.cpp b/pki/base/tps/src/processor/RA_Renew_Processor.cpp
new file mode 100644
index 000000000..5caa329b4
--- /dev/null
+++ b/pki/base/tps/src/processor/RA_Renew_Processor.cpp
@@ -0,0 +1,57 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "engine/RA.h"
+#include "main/RA_Msg.h"
+#include "main/RA_Session.h"
+#include "processor/RA_Processor.h"
+#include "processor/RA_Renew_Processor.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a renew processor.
+ */
+TPS_PUBLIC RA_Renew_Processor::RA_Renew_Processor()
+{
+}
+
+/**
+ * Destructs a renew processor.
+ */
+TPS_PUBLIC RA_Renew_Processor::~RA_Renew_Processor()
+{
+}
+
+/**
+ * Processes the current session.
+ */
+TPS_PUBLIC RA_Status RA_Renew_Processor::Process(RA_Session *session, NameValueSet *extensions)
+{
+    RA::Debug("RA_Renew_Processor::Process",
+        "RA_Renew_Processor::Process");
+
+    return STATUS_NO_ERROR;
+}
diff --git a/pki/base/tps/src/processor/RA_Unblock_Processor.cpp b/pki/base/tps/src/processor/RA_Unblock_Processor.cpp
new file mode 100644
index 000000000..0bdbcfa2b
--- /dev/null
+++ b/pki/base/tps/src/processor/RA_Unblock_Processor.cpp
@@ -0,0 +1,58 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "engine/RA.h"
+#include "main/RA_Msg.h"
+#include "main/RA_Session.h"
+#include "processor/RA_Processor.h"
+#include "processor/RA_Unblock_Processor.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs the unblock processor.
+ */
+TPS_PUBLIC RA_Unblock_Processor::RA_Unblock_Processor()
+{
+} /* RA_Unblock_Processor */
+
+/**
+ * Destructs the unblock processor.
+ */
+TPS_PUBLIC RA_Unblock_Processor::~RA_Unblock_Processor()
+{
+} /* RA_Unblock_Processor */
+
+/**
+ * Processes the current session.
+ */
+TPS_PUBLIC RA_Status RA_Unblock_Processor::Process(RA_Session *session, NameValueSet *extensions)
+{
+    RA::Debug("RA_Unblock_Processor::Process", "Client %s",                       session->GetRemoteIP());
+
+    RA::Debug("RA_Unblock_Processor::Process",
+        "RA_Unblock_Processor::Process");
+    return STATUS_NO_ERROR;
+} /* Process */
diff --git a/pki/base/tps/src/test/Test_ConfigStore.cfg b/pki/base/tps/src/test/Test_ConfigStore.cfg
new file mode 100644
index 000000000..60f8e8675
--- /dev/null
+++ b/pki/base/tps/src/test/Test_ConfigStore.cfg
@@ -0,0 +1,28 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+integer=100
+string=steve
+sub1.integer=500
+sub1.string=paul
+sub1.sub2.integer=1000
+sub1.sub2.string=jim
+
+
diff --git a/pki/base/tps/src/test/Test_ConfigStore.cpp b/pki/base/tps/src/test/Test_ConfigStore.cpp
new file mode 100644
index 000000000..d81a67b03
--- /dev/null
+++ b/pki/base/tps/src/test/Test_ConfigStore.cpp
@@ -0,0 +1,79 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+
+#include "main/ConfigStore.h"
+
+
+// This is needed to resolve a symbol expected by the linker
+int __nsapi30_table;
+
+ConfigStore getsubstore(ConfigStore& config, char *subname)
+{
+	printf("Getting sub store : %s\n", subname);
+	ConfigStore sub2 = config.GetSubStore(subname);
+	const char *t = sub2.GetConfigAsString("string");
+	printf("substore string   : %s\n", t);
+
+
+	printf("returning substore to parent\n");
+	return sub2;
+}
+
+int main()
+{
+	int i;
+	const char *s;
+
+	ConfigStore *cfg = ConfigStore::CreateFromConfigFile("Test_ConfigStore.cfg");
+	
+	printf("TOP LEVEL\n");
+	i = cfg->GetConfigAsInt("integer");
+	printf("int    : %d\n",i);
+	s = cfg->GetConfigAsString("string");
+	printf("string : %s\n",s);
+
+
+	printf("\nSUB1 LEVEL\n");
+	ConfigStore subcfg = cfg->GetSubStore("sub1");
+	i = subcfg.GetConfigAsInt("integer");
+	printf("int      : %d\n",i);
+	s = subcfg.GetConfigAsString("string");
+	printf("string   : %s\n",s);
+	s = subcfg["string"];
+	printf("[string] : %s\n",s);
+
+	printf("\nSUB2 LEVEL in method\n");
+	ConfigStore sub2cfg = getsubstore(subcfg,"sub2");
+	printf("accessing sub2 from main\n");
+	i = sub2cfg.GetConfigAsInt("integer");
+	printf("int      : %d\n",i);
+	
+	
+	printf("\nTOP LEVEL AGAIN\n");
+	i = cfg->GetConfigAsInt("integer");
+	printf("int      : %d\n",i);
+	s = cfg->GetConfigAsString("string");
+
+	ConfigStore subcfg2 = cfg->GetSubStore("level2");
+
+
+}
+
diff --git a/pki/base/tps/src/tus/tus_db.c b/pki/base/tps/src/tus/tus_db.c
new file mode 100644
index 000000000..ee4240ffb
--- /dev/null
+++ b/pki/base/tps/src/tus/tus_db.c
@@ -0,0 +1,3357 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "nspr.h"
+#include "pk11func.h"
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "base64.h"
+#include "nssb64.h"
+#include "prlock.h"
+#include "secder.h"
+#include "cert.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "plstr.h"
+#include "prmem.h"
+#include "prprf.h"
+#include "prtime.h"
+
+#include "tus/tus_db.h"
+
+static char *tokenActivityAttributes[] = { TOKEN_ID,
+                                           TOKEN_CUID,
+                                           TOKEN_OP,
+                                           TOKEN_USER,
+                                           TOKEN_MSG,
+                                           TOKEN_RESULT,
+                                           TOKEN_IP,
+                                           TOKEN_C_DATE,
+                                           TOKEN_M_DATE,
+                                           NULL };
+static char *tokenAttributes[] = { TOKEN_ID,
+                                   TOKEN_USER,
+                                   TOKEN_STATUS,
+                                   TOKEN_APPLET,
+                                   TOKEN_KEY_INFO,
+                                   TOKEN_MODS,
+                                   TOKEN_C_DATE,
+                                   TOKEN_M_DATE,
+                                   TOKEN_RESETS,
+                                   TOKEN_ENROLLMENTS,
+                                   TOKEN_RENEWALS,
+                                   TOKEN_RECOVERIES,
+                                   TOKEN_POLICY,
+                                   TOKEN_REASON,
+                                   NULL };
+static char *tokenCertificateAttributes[] = { TOKEN_ID,
+                                              TOKEN_CUID,
+                                              TOKEN_USER,
+                                              TOKEN_STATUS, 
+                                              TOKEN_C_DATE,
+                                              TOKEN_M_DATE,
+                                              TOKEN_SUBJECT,
+                                              TOKEN_ISSUER,
+                                              TOKEN_SERIAL,
+                                              TOKEN_CERT,
+                                              TOKEN_TYPE,
+                                              TOKEN_NOT_BEFORE,
+                                              TOKEN_NOT_AFTER,
+                                              TOKEN_KEY_TYPE,
+                                              TOKEN_STATUS,
+                                              NULL };
+
+
+static char *tokenStates[] = { STATE_UNINITIALIZED,
+                               STATE_ACTIVE,
+                               STATE_DISABLED,
+                               NULL };
+
+#ifdef __cplusplus
+}
+#endif
+
+static char *ssl     = NULL; /* true or false */
+static char *host     = NULL;
+static int  port      = 0;
+static char *userBaseDN   = NULL;
+static char *baseDN   = NULL;
+static char *activityBaseDN   = NULL;
+static char *certBaseDN   = NULL;
+static char *bindDN   = NULL;
+static char *bindPass = NULL;
+static char *defaultPolicy = NULL;
+
+static int  ccHost        = 0;
+static int  ccBaseDN      = 0;
+static int  ccBindDN      = 0;
+static int  ccBindPass    = 0;
+
+static LDAP *ld           = NULL;
+static int  bindStatus    = -1;
+
+static PRFileDesc *debug_fd  = NULL;
+static PRFileDesc *audit_fd  = NULL;
+
+extern void audit_log(const char *func_name, const char *userid, const char *msg);
+
+char *get_pwd_from_conf(char *filepath, char *name);
+static int tus_check_conn();
+
+TPS_PUBLIC void set_tus_db_port(int number)
+{
+    port = number;
+}
+
+TPS_PUBLIC void set_tus_db_hostport(char *name)
+{
+    char *s = NULL;
+
+    s = PL_strstr(name, ":");
+    if (s == NULL) {
+      set_tus_db_port(389);
+    } else {
+      set_tus_db_port(atoi(s+1));
+      s[0] = '\0'; 
+    } 
+    set_tus_db_host(name);
+}
+
+TPS_PUBLIC void set_tus_db_host(char *name)
+{
+    if( ccHost > 0 && host != NULL ) {
+        PL_strfree( host );
+        host = NULL;
+    }
+    if( name != NULL ) {
+        host = PL_strdup( name );
+    }
+    ccHost++;
+}
+
+TPS_PUBLIC void set_tus_db_baseDN(char *dn)
+{
+    if( ccBaseDN > 0 && baseDN != NULL ) {
+        PL_strfree( baseDN );
+        baseDN = NULL;
+    }
+    if( dn != NULL ) {
+        baseDN = PL_strdup( dn );
+    }
+    ccBaseDN++;
+}
+
+TPS_PUBLIC void set_tus_db_userBaseDN(char *dn)
+{
+    if( userBaseDN != NULL ) {
+        PL_strfree( userBaseDN );
+        userBaseDN = NULL;
+    }
+    if( dn != NULL ) {
+        userBaseDN = PL_strdup( dn );
+    }
+}
+
+TPS_PUBLIC void set_tus_db_activityBaseDN(char *dn)
+{
+    if( activityBaseDN != NULL ) {
+        PL_strfree( activityBaseDN );
+        activityBaseDN = NULL;
+    }
+    if( dn != NULL ) {
+        activityBaseDN = PL_strdup( dn );
+    }
+}
+
+TPS_PUBLIC void set_tus_db_certBaseDN(char *dn)
+{
+    if( certBaseDN != NULL ) {
+        PL_strfree( certBaseDN );
+        certBaseDN = NULL;
+    }
+    if( dn != NULL ) {
+        certBaseDN = PL_strdup( dn );
+    }
+}
+
+TPS_PUBLIC void set_tus_db_bindDN(char *dn)
+{
+    if( ccBindDN > 0 && bindDN != NULL ) {
+        PL_strfree( bindDN );
+        bindDN = NULL;
+    }
+    if( dn != NULL ) {
+        bindDN = PL_strdup( dn );
+    }
+    ccBindDN++;
+}
+
+TPS_PUBLIC void set_tus_db_bindPass(char *p)
+{
+    if( ccBindPass > 0 && bindPass != NULL ) {
+        PL_strfree( bindPass );
+        bindPass = NULL;
+    }
+    if( p != NULL ) {
+        bindPass = PL_strdup( p );
+    }
+    ccBindPass++;
+}
+
+TPS_PUBLIC int is_tus_db_initialized()
+{
+    return ((ld != NULL && bindStatus == LDAP_SUCCESS)? 1: 0);
+}
+
+TPS_PUBLIC int get_tus_db_config(char *cfg_name)
+{
+    PRFileInfo info;
+    PRFileDesc *fd = NULL;
+    PRUint32   size;
+    int  k, n, p;
+    char *buf = NULL;
+    char *s   = NULL;
+    char *v   = NULL;
+
+    if (PR_GetFileInfo (cfg_name, &info) != PR_SUCCESS)
+        return 0;
+    size = info.size;
+    size++;
+    buf = (char *)PR_Malloc(size);
+    if (buf == NULL)
+        return 0;
+
+    fd = PR_Open(cfg_name, PR_RDONLY, 400);
+    if (fd == NULL) {
+        if( buf != NULL ) {
+            PR_Free( buf );
+            buf = NULL;
+        }
+        return 0;
+    }
+
+    k = 0;
+    while ((n = PR_Read(fd, &buf[k], size-k-1)) > 0) {
+        k += n;
+        if ((PRUint32)(k+1) >= size) break;
+    }
+    if( fd != NULL ) {
+        PR_Close( fd );
+        fd = NULL;
+    }
+    if (n < 0 || ((PRUint32)(k+1) > size)) {
+        if( buf != NULL ) {
+            PR_Free( buf );
+            buf = NULL;
+        }
+        return 0;
+    }
+    buf[k] = '\0';
+
+    if ((s = PL_strstr(buf, "tokendb.hostport=")) != NULL) {
+
+        s += 17;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            set_tus_db_hostport(s);
+            PL_strfree( s );
+            s = NULL;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if ((s = PL_strstr(buf, "tokendb.port=")) != NULL) {
+
+        s += 13;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            p = atoi(s);
+            set_tus_db_port(p);
+            PL_strfree( s );
+            s = NULL;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if ((s = PL_strstr(buf, "tokendb.ssl=")) != NULL) {
+
+        s += 12;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            if (strcmp(s, "") != 0) {
+              ssl = PL_strdup( s );
+            }
+            PL_strfree( s );
+            s = NULL;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if ((s = PL_strstr(buf, "tokendb.auditLog=")) != NULL) {
+
+        s += 17;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            if (strcmp(s, "") != 0) {
+              audit_fd = PR_Open(s, PR_RDWR | PR_CREATE_FILE | PR_APPEND,
+                   400 | 200);
+            }
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+    if ((s = PL_strstr(buf, "tokendb.host=")) != NULL) {
+
+        s += 13;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            set_tus_db_host(s);
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if ((s = PL_strstr(buf, "tokendb.defaultPolicy=")) != NULL) {
+
+        s += 22;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            defaultPolicy = PL_strdup( s );
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if ((s = PL_strstr(buf, "tokendb.userBaseDN=")) != NULL) {
+        s += 19;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            set_tus_db_userBaseDN(s);
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if ((s = PL_strstr(buf, "tokendb.baseDN=")) != NULL) {
+        s += 15;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            set_tus_db_baseDN(s);
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+    if ((s = PL_strstr(buf, "tokendb.activityBaseDN=")) != NULL) {
+        s += strlen("tokendb.activityBaseDN=");
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            set_tus_db_activityBaseDN(s);
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+    if ((s = PL_strstr(buf, "tokendb.certBaseDN=")) != NULL) {
+        s += strlen("tokendb.certBaseDN=");
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            set_tus_db_certBaseDN(s);
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+    if ((s = PL_strstr(buf, "tokendb.bindDN=")) != NULL) {
+        s += 15;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            set_tus_db_bindDN(s);
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+    if ((s = PL_strstr(buf, "tokendb.bindPassPath=")) != NULL) {
+        s += 21;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            /* read tokendbBindPass from bindPassPath */
+            char *p = NULL;
+            p = get_pwd_from_conf(s, "tokendbBindPass");
+            set_tus_db_bindPass(p);
+            if (p) {
+                if (debug_fd)
+	              PR_fprintf(debug_fd, "freeing p - %s\n", p);
+                PR_Free( p );
+            }
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( buf != NULL ) {
+        PR_Free( buf );
+        buf = NULL;
+    }
+
+    tus_db_end();
+
+    return 1;
+}
+
+
+TPS_PUBLIC char *tus_authenticate(char *cert)
+{
+    char *dst;
+    int len;
+    int certlen;
+    int  rc = -1;
+#define MAX_FILTER_LEN 4096
+    char filter[MAX_FILTER_LEN];
+    char **v = NULL;
+    char *userid = NULL;
+    LDAPMessage *result = NULL;
+    LDAPMessage *entry =  NULL;
+    int i,j;
+    char *certX = NULL;
+	int tries;
+
+    tus_check_conn();
+    if (cert == NULL)
+      return NULL;
+
+    certlen = strlen(cert);
+
+    certX = malloc(certlen);
+    j = 0;
+    for (i = 0; i < certlen; i++) {
+       if (cert[i] != '\n' && cert[i] != '\r') {
+         certX[j++] = cert[i];
+       }
+    } 
+    certX[j++] = '\0';
+    dst = malloc(3 * strlen(certX) / 4);
+    len = base64_decode(certX, ( unsigned char * ) dst);
+    free(certX);
+
+    if (len <= 0)
+      return NULL;
+
+    PR_snprintf(filter, MAX_FILTER_LEN, "(userCertificate=");
+
+    for (i = 0; i < len; i++) {
+      char c = dst[i];
+      PR_snprintf(filter, MAX_FILTER_LEN, "%s\\%02x", filter, (c & 0xff) );
+    }
+    PR_snprintf(filter, MAX_FILTER_LEN, "%s)", filter);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s(ld, userBaseDN, LDAP_SCOPE_SUBTREE, 
+               filter, NULL, 0, NULL, NULL, NULL, 0, &result)) == LDAP_SUCCESS )  
+		{
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+		}
+	}
+		
+    if (rc != LDAP_SUCCESS) {
+      return NULL;
+    }
+
+    if (result == NULL)
+      return NULL;
+
+    entry = get_first_entry (result);
+    if (entry == NULL)
+      return NULL;
+
+    v = ldap_get_values(ld, entry, "uid");
+    if (v == NULL) 
+       return NULL;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        userid = PL_strdup(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return userid;
+}
+
+TPS_PUBLIC int tus_authorize(const char *group, const char *userid)
+{
+    int rc;
+    char filter[4096];
+	int tries;
+    LDAPMessage *result = NULL;
+
+    PR_snprintf(filter, 4096, 
+          "(&(cn=%s)(uniqueMember=uid=%s,*))", group ,userid);
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s(ld, userBaseDN, LDAP_SCOPE_SUBTREE, 
+               filter, NULL, 0, NULL, NULL, NULL, 0, &result))  == LDAP_SUCCESS )  
+		{
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+		}
+	}
+
+    if (rc != LDAP_SUCCESS) {
+      return 0;
+    }
+    if (ldap_count_entries (ld, result) <= 0) {
+      return 0;
+    }
+    return 1;
+}
+
+static int tus_check_conn()
+{
+    int  version = LDAP_VERSION3;
+    int  status  = -1;
+
+/*#define DEBUG_TOKENDB*/
+#ifdef DEBUG_TOKENDB
+    debug_fd = PR_Open("/tmp/debugTUSdb.log",
+           PR_RDWR | PR_CREATE_FILE | PR_APPEND,
+                   400 | 200);
+#endif
+    if (ld == NULL) {
+        if (ssl != NULL && strcmp(ssl, "true") == 0) {
+
+          /* enabling SSL */
+          ld = ldapssl_init(host, port, 1);
+        } else {
+          ld = ldap_init(host, port);
+        }
+        if (ld == NULL) {
+            return status;
+        }
+        if ((status = ldap_set_option (ld, LDAP_OPT_RECONNECT, LDAP_OPT_ON)) != LDAP_SUCCESS) {
+            return status;
+        }
+        if ((status = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version)) != LDAP_SUCCESS) {
+            return status;
+        }
+    }
+    if (ld != NULL && bindStatus != LDAP_SUCCESS) {
+        bindStatus = ldap_simple_bind_s (ld, bindDN, bindPass);
+        if (bindStatus != LDAP_SUCCESS) {
+            return bindStatus;
+        }
+    }
+
+    return LDAP_SUCCESS;
+}
+
+TPS_PUBLIC int tus_db_init(char **errorMsg)
+{
+    return LDAP_SUCCESS;
+}
+
+TPS_PUBLIC void tus_db_end()
+{
+    if (ld != NULL) {
+        if (ldap_unbind(ld) == LDAP_SUCCESS) {
+            ld = NULL;
+            bindStatus = -1;
+        }
+    }
+}
+
+char **parse_number_change(int n)
+{
+    char tmp[32];
+    int  l;
+    char **v  = NULL;
+
+    PR_snprintf(tmp, 32, "%d", n);
+    l = PL_strlen(tmp);
+
+    if ((v = allocate_values(1, l+1)) == NULL) {
+        return NULL;
+    }
+    PL_strcpy(v[0], tmp);
+
+    return v;
+}
+
+TPS_PUBLIC int update_cert_status (char *cn, const char *status)
+{
+    char dn[256];
+    int  len;
+    int  tries;
+    int  rc = -1;
+    char **v = NULL;
+    LDAPMod **mods = NULL;
+
+    tus_check_conn();
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, certBaseDN) < 0)
+        return -1;
+
+        mods = allocate_modifications(2);
+        if (mods == NULL)
+            return -1;
+
+        if ((v = create_modification_date_change()) == NULL) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return -1;
+        }
+
+        mods[0]->mod_op = LDAP_MOD_REPLACE;
+        mods[0]->mod_type = tokenAttributes[I_TOKEN_M_DATE];
+        mods[0]->mod_values = v;
+        if (status != NULL && PL_strlen(status) > 0) {
+            len = PL_strlen(status);
+            if ((v = allocate_values(1, len+1)) == NULL) {
+                if( mods != NULL ) {
+                    free_modifications( mods, 0 );
+                    mods = NULL;
+                }
+                return -1;
+            }
+            PL_strcpy(v[0], status);
+
+            mods[1]->mod_op = LDAP_MOD_REPLACE;
+            mods[1]->mod_type = "tokenStatus";
+            mods[1]->mod_values = v;
+        }
+
+        for (tries = 0; tries < MAX_RETRIES; tries++) {
+            if ((rc = ldap_modify_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+                break;
+            } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+                rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+                if (rc != LDAP_SUCCESS) {
+                    bindStatus = rc;
+                    break;
+                }
+            }
+        }
+
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+
+    return rc;
+}
+
+TPS_PUBLIC int update_token_policy (char *cn, char *policy)
+{
+    char dn[256];
+    int  len, k;
+    int  tries;
+    int  rc = -1;
+    char **v = NULL;
+    LDAPMod **mods = NULL;
+
+    tus_check_conn();
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, baseDN) < 0)
+        return -1;
+
+        mods = allocate_modifications(2);
+        if (mods == NULL)
+            return -1;
+
+        if ((v = create_modification_date_change()) == NULL) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return -1;
+        }
+
+        mods[0]->mod_op = LDAP_MOD_REPLACE;
+        mods[0]->mod_type = tokenAttributes[I_TOKEN_M_DATE];
+        mods[0]->mod_values = v;
+        k = 1;
+        if (policy != NULL && PL_strlen(policy) > 0) {
+            len = PL_strlen(policy);
+            if ((v = allocate_values(1, len+1)) == NULL) {
+                if( mods != NULL ) {
+                    free_modifications( mods, 0 );
+                    mods = NULL;
+                }
+                return -1;
+            }
+            PL_strcpy(v[0], policy);
+
+            mods[k]->mod_op = LDAP_MOD_REPLACE;
+            mods[k]->mod_type = tokenAttributes[I_TOKEN_POLICY];
+            mods[k]->mod_values = v;
+            k++;
+        }
+
+        for (tries = 0; tries < MAX_RETRIES; tries++) {
+            if ((rc = ldap_modify_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+                break;
+            } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+                rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+                if (rc != LDAP_SUCCESS) {
+                    bindStatus = rc;
+                    break;
+                }
+            }
+        }
+
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+
+    return rc;
+}
+
+TPS_PUBLIC int update_tus_db_entry_with_mods (const char *agentid, const char *cn, LDAPMod **mods)
+{
+    char dn[256];
+    int  tries;
+    int  rc = -1;
+
+    tus_check_conn();
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, baseDN) < 0)
+        return -1;
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+            if ((rc = ldap_modify_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+                break;
+            } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+                rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+                if (rc != LDAP_SUCCESS) {
+                    bindStatus = rc;
+                    break;
+                }
+            }
+    }
+
+    if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+    }
+
+    return rc;
+}
+
+TPS_PUBLIC int update_tus_db_entry (const char *agentid, char *cn, const char *uid, char *keyInfo, const char *status, char *applet_version, const char *reason)
+{
+    char dn[256];
+    int  len, k;
+    int  tries;
+    int  rc = -1;
+    char **v = NULL;
+    LDAPMod **mods = NULL;
+
+    tus_check_conn();
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, baseDN) < 0)
+        return -1;
+
+        if (keyInfo == NULL)
+            mods = allocate_modifications(5);
+        else
+            mods = allocate_modifications(6);
+        if (mods == NULL)
+            return -1;
+
+        if ((v = create_modification_date_change()) == NULL) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return -1;
+        }
+
+        mods[0]->mod_op = LDAP_MOD_REPLACE;
+        mods[0]->mod_type = tokenAttributes[I_TOKEN_M_DATE];
+        mods[0]->mod_values = v;
+        k = 1;
+        if (applet_version != NULL && PL_strlen(applet_version) > 0) {
+            len = PL_strlen(applet_version);
+            if ((v = allocate_values(1, len+1)) == NULL) {
+                if( mods != NULL ) {
+                    free_modifications( mods, 0 );
+                    mods = NULL;
+                }
+                return -1;
+            }
+            PL_strcpy(v[0], applet_version);
+
+            mods[k]->mod_op = LDAP_MOD_REPLACE;
+            mods[k]->mod_type = tokenAttributes[I_TOKEN_APPLET];
+            mods[k]->mod_values = v;
+            k++;
+        }
+
+    /* for userid */
+    if (uid != NULL && PL_strlen(uid) > 0)
+        len = PL_strlen(uid);
+    else
+        len = 0;
+    if ((v = allocate_values(1, len+1)) == NULL) {
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+        return -1;
+    }
+    mods[k]->mod_op = LDAP_MOD_REPLACE;
+    mods[k]->mod_type = "tokenUserID";
+    if (uid != NULL && PL_strlen(uid) > 0)
+        PL_strcpy(v[0], uid);
+    else
+        v[0] = "";
+    mods[k]->mod_values = v;
+    k++;
+
+        if (status != NULL && PL_strlen(status) > 0) {
+            len = PL_strlen(status);
+            if ((v = allocate_values(1, len+1)) == NULL) {
+                if( mods != NULL ) {
+                    free_modifications( mods, 0 );
+                    mods = NULL;
+                }
+                return -1;
+            }
+            PL_strcpy(v[0], status);
+
+            mods[k]->mod_op = LDAP_MOD_REPLACE;
+            mods[k]->mod_type = tokenAttributes[I_TOKEN_STATUS];
+            mods[k]->mod_values = v;
+            k++;
+        }
+
+    /* for tokenReason */
+    if (reason != NULL && PL_strlen(reason) > 0)
+        len = PL_strlen(reason);
+    else
+        len = 0;
+    if ((v = allocate_values(1, len+1)) == NULL) {
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+        return -1;
+    }
+    mods[k]->mod_op = LDAP_MOD_REPLACE;
+    mods[k]->mod_type = "tokenReason";
+    if (reason != NULL && PL_strlen(reason) > 0)
+        PL_strcpy(v[0], reason);
+    else
+        v[0] = "";
+    mods[k]->mod_values = v;
+    k++;
+
+    /* for keyinfo */
+    if (keyInfo != NULL) {
+        if (keyInfo != NULL && PL_strlen(keyInfo) > 0)
+            len = PL_strlen(keyInfo);
+        else
+            len = 0;
+        if ((v = allocate_values(1, len+1)) == NULL) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return -1;
+        }
+        mods[k]->mod_op = LDAP_MOD_REPLACE;
+        mods[k]->mod_type = tokenAttributes[I_TOKEN_KEY_INFO];
+        if (keyInfo != NULL && PL_strlen(keyInfo) > 0)
+            PL_strcpy(v[0], keyInfo);
+        else
+            v[0] = "";
+        mods[k]->mod_values = v;
+        k++;
+    }
+        for (tries = 0; tries < MAX_RETRIES; tries++) {
+            if ((rc = ldap_modify_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+                break;
+            } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+                rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+                if (rc != LDAP_SUCCESS) {
+                    bindStatus = rc;
+                    break;
+                }
+            }
+        }
+
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+
+    return rc;
+}
+
+int check_and_modify_tus_db_entry (char *userid, char *cn, char *check, LDAPMod **mods)
+{
+    char dn[256];
+    int  rc = 0, tries = 0;
+
+    tus_check_conn();
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, baseDN) < 0)
+        return -1;
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_compare_s(ld, dn, get_number_of_modifications_name(), check))
+            == LDAP_COMPARE_TRUE) {
+            break;
+        } else {
+            if (rc != LDAP_SERVER_DOWN && rc != LDAP_CONNECT_ERROR) {
+                return rc;
+            }
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                return rc;
+            }
+        }
+    }
+    if (tries >= MAX_RETRIES)
+        return rc;
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_modify_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    /* audit log */
+    if (rc == LDAP_SUCCESS) {
+      audit_log("check_and_modify_token", userid, cn);
+    }
+
+    return rc;
+}
+
+int modify_tus_db_entry (char *userid, char *cn, LDAPMod **mods)
+{
+    char dn[256];
+    int  rc = 0, tries = 0;
+
+    tus_check_conn();
+    if (ld == NULL) {
+      if (debug_fd)
+	PR_fprintf(debug_fd, "tus_db mod: ld null...no ldap");
+      return -1;
+    }
+    if (mods == NULL) {
+      if (debug_fd)
+	PR_fprintf(debug_fd, "tus_db mod: mods null, can't modify");
+      return -1;
+    }
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, baseDN) < 0)
+        return -1;
+    if (debug_fd)
+      PR_fprintf(debug_fd, "tus_db mod: modifying :%s\n",dn);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+    if (debug_fd)
+      PR_fprintf(debug_fd, "tus_db mod: tries=%d\n",tries);
+        if ((rc = ldap_modify_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    if (rc == LDAP_SUCCESS) {
+      audit_log("modify_token", userid, cn);
+    }
+
+    return rc;
+}
+
+int add_certificate (char *tokenid, char *origin, char *tokenType, char *userid, CERTCertificate *certificate, char *ktype, const char *status)
+{
+    PRExplodedTime time;
+    PRTime   now;
+    LDAPMod  a01;
+    LDAPMod  a02;
+    LDAPMod  a03;
+    LDAPMod  a04;
+    LDAPMod  a05;
+    LDAPMod  a06;
+    LDAPMod  a07;
+    LDAPMod  a08;
+    LDAPMod  a09;
+    LDAPMod  a10;
+    LDAPMod  a11;
+    LDAPMod  a12;
+    LDAPMod  a13;
+    LDAPMod  a14;
+    LDAPMod  a15;
+    LDAPMod  a16;
+    LDAPMod  *mods[17];
+    int  rc = 0, tries = 0;
+    char dn[2049];
+    char cdate[256];
+    char name[2048];
+    char x_not_before[2048];
+    char x_not_after[2048];
+    char serialnumber[2048];
+    char *serial_values[2];
+    char *cn_values[2];
+    char *issuer_values[2];
+    char *subject_values[2];
+    char *cdate_values[2];
+    char *id_values[2];
+    char *userid_values[2];
+    char *type_values[2];
+    char *key_type_values[2];
+    char *origin_values[2];
+    char *status_values[2];
+    char *not_before_values[2];
+    char *not_after_values[2];
+    PRThread *ct;
+    struct berval berval;
+    struct berval *cert_values[2]; 
+    char *objectClass_values[] = { "top", "tokenCert", NULL };
+    PRTime not_before,not_after;
+    char zcdate[256];
+
+    tus_check_conn();
+    ct = PR_GetCurrentThread();
+    now = PR_Now();
+    PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+    PR_snprintf(cdate, 16, "%04d%02d%02d%02d%02d%02dZ",
+                time.tm_year, (time.tm_month + 1), time.tm_mday,
+                time.tm_hour, time.tm_min, time.tm_sec);
+
+    /* unique id per activity */
+    PR_snprintf(serialnumber, 2048, "%x", DER_GetInteger(&certificate->serialNumber));
+    PR_snprintf(name, 16, "%04d%02d%02d%02d%02d%02dZ",
+                time.tm_year, (time.tm_month + 1), time.tm_mday,
+                time.tm_hour, time.tm_min, time.tm_sec);
+
+    /* unique id per activity */
+    PR_snprintf(zcdate, 256, "%s.%04d%02d%02d%02d%02d%02d",
+                serialnumber, 
+                time.tm_year, (time.tm_month + 1), time.tm_mday,
+                time.tm_hour, time.tm_min, time.tm_sec);
+
+    cn_values[0] = zcdate;
+    cn_values[1] = NULL;
+
+    a01.mod_op = 0;
+    a01.mod_type = TOKEN_ID;
+    a01.mod_values = cn_values;
+
+    a02.mod_op = 0;
+    a02.mod_type = "objectClass";
+    a02.mod_values = objectClass_values;
+
+    cdate_values[0] = cdate;
+    cdate_values[1] = NULL;
+    a03.mod_op = 0;
+    a03.mod_type = TOKEN_C_DATE;
+    a03.mod_values = cdate_values;
+
+    a04.mod_op = 0;
+    a04.mod_type = TOKEN_M_DATE;
+    a04.mod_values = cdate_values;
+
+    id_values[0] = tokenid;
+    id_values[1] = NULL;
+    a05.mod_op = 0;
+    a05.mod_type = TOKEN_CUID;
+    a05.mod_values = id_values;
+    
+    userid_values[0] = userid;
+    userid_values[1] = NULL;
+    a06.mod_op = 0;
+    a06.mod_type = TOKEN_USER;
+    a06.mod_values = userid_values;
+
+    berval.bv_len = certificate->derCert.len;
+    berval.bv_val = ( char * ) certificate->derCert.data;
+    cert_values[0] = &berval;
+    cert_values[1] = NULL;
+
+    a07.mod_op = LDAP_MOD_BVALUES;
+    a07.mod_type = TOKEN_CERT;
+    a07.mod_values = ( char ** ) cert_values;
+
+    subject_values[0] = certificate->subjectName;
+    subject_values[1] = NULL;
+    a08.mod_op = 0;
+    a08.mod_type = TOKEN_SUBJECT;
+    a08.mod_values = subject_values;
+
+    issuer_values[0] = certificate->issuerName;
+    issuer_values[1] = NULL;
+    a09.mod_op = 0;
+    a09.mod_type = TOKEN_ISSUER;
+    a09.mod_values = issuer_values;
+
+    serial_values[0] = serialnumber;
+    serial_values[1] = NULL;
+    a10.mod_op = 0;
+    a10.mod_type = TOKEN_SERIAL;
+    a10.mod_values = serial_values;
+
+    type_values[0] = tokenType;
+    type_values[1] = NULL;
+    a11.mod_op = 0;
+    a11.mod_type = TOKEN_TYPE;
+    a11.mod_values = type_values;
+
+    key_type_values[0] = ktype;
+    key_type_values[1] = NULL;
+    a12.mod_op = 0;
+    a12.mod_type = TOKEN_KEY_TYPE;
+    a12.mod_values = key_type_values;
+
+    status_values[0] = ( char * ) status;
+    status_values[1] = NULL;
+    a13.mod_op = 0;
+    a13.mod_type = TOKEN_STATUS;
+    a13.mod_values = status_values;
+
+    CERT_GetCertTimes (certificate, &not_before, &not_after);
+
+    PR_ExplodeTime(not_before, PR_LocalTimeParameters, &time);
+    PR_snprintf(x_not_before, 16, "%04d%02d%02d%02d%02d%02dZ",
+            time.tm_year, (time.tm_month + 1), time.tm_mday,
+            time.tm_hour, time.tm_min, time.tm_sec);
+
+    not_before_values[0] = x_not_before;
+    not_before_values[1] = NULL;
+    a14.mod_op = 0;
+    a14.mod_type = TOKEN_NOT_BEFORE;
+    a14.mod_values = not_before_values;
+
+    PR_ExplodeTime(not_after, PR_LocalTimeParameters, &time);
+    PR_snprintf(x_not_after, 16, "%04d%02d%02d%02d%02d%02dZ",
+            time.tm_year, (time.tm_month + 1), time.tm_mday,
+            time.tm_hour, time.tm_min, time.tm_sec);
+
+    not_after_values[0] = x_not_after;
+    not_after_values[1] = NULL;
+    a15.mod_op = 0;
+    a15.mod_type = TOKEN_NOT_AFTER;
+    a15.mod_values = not_after_values;
+
+    origin_values[0] = origin;
+    origin_values[1] = NULL;
+    a16.mod_op = 0;
+    a16.mod_type = TOKEN_ORIGIN;
+    a16.mod_values = origin_values;
+
+    mods[0]  = &a01;
+    mods[1]  = &a02;
+    mods[2]  = &a03;
+    mods[3]  = &a04;
+    mods[4]  = &a05;
+    mods[5]  = &a06;
+    mods[6]  = &a07;
+    mods[7]  = &a08;
+    mods[8]  = &a09;
+    mods[9]  = &a10;
+    mods[10]  = &a11;
+    mods[11]  = &a12;
+    mods[12]  = &a13;
+    mods[13]  = &a14;
+    mods[14]  = &a15;
+    mods[15]  = &a16;
+    mods[16]  = NULL;
+
+    if (PR_snprintf(dn, 2048, "cn=%s,%s", cn_values[0], certBaseDN) < 0)
+        return -1;
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_add_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    return rc;
+}
+int add_activity (char *ip, char *id, const char *op, const char *result, const char *msg, const char *userid)
+{
+    PRExplodedTime time;
+    PRTime   now;
+    LDAPMod  a01;
+    LDAPMod  a02;
+    LDAPMod  a03;
+    LDAPMod  a04;
+    LDAPMod  a05;
+    LDAPMod  a06;
+    LDAPMod  a07;
+    LDAPMod  a08;
+    LDAPMod  a09;
+    LDAPMod  a10;
+    LDAPMod  *mods[11];
+    int  rc = 0, tries = 0;
+    char dn[256];
+    char cdate[256];
+    char zcdate[256];
+    char *cn_values[2];
+    char *objectClass_values[] = { "top", "tokenActivity", NULL };
+    char *cdate_values[2];
+    char *id_values[2];
+    char *result_values[2];
+    char *op_values[2];
+    char *msg_values[2];
+    char *ip_values[2];
+    char *userid_values[2];
+    PRThread *ct;
+
+    tus_check_conn();
+    id_values[0] = id;
+    id_values[1] = NULL;
+    result_values[0] = ( char * ) result;
+    result_values[1] = NULL;
+    op_values[0] = ( char * ) op;
+    op_values[1] = NULL;
+    msg_values[0] = ( char * ) msg;
+    msg_values[1] = NULL;
+    ip_values[0] = ip;
+    ip_values[1] = NULL;
+    userid_values[0] = userid;
+    userid_values[1] = NULL;
+
+    ct = PR_GetCurrentThread();
+    now = PR_Now();
+    PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+    PR_snprintf(cdate, 16, "%04d%02d%02d%02d%02d%02dZ",
+                time.tm_year, (time.tm_month + 1), time.tm_mday,
+                time.tm_hour, time.tm_min, time.tm_sec);
+
+    /* unique id per activity */
+    PR_snprintf(zcdate, 256, "%04d%02d%02d%02d%02d%02d.%x",
+                time.tm_year, (time.tm_month + 1), time.tm_mday,
+                time.tm_hour, time.tm_min, time.tm_sec,ct);
+
+    cn_values[0] = zcdate;
+    cn_values[1] = NULL;
+
+    a01.mod_op = 0;
+    a01.mod_type = TOKEN_ID;
+    a01.mod_values = cn_values;
+
+    a02.mod_op = 0;
+    a02.mod_type = "objectClass";
+    a02.mod_values = objectClass_values;
+
+    cdate_values[0] = cdate;
+    cdate_values[1] = NULL;
+    a03.mod_op = 0;
+    a03.mod_type = TOKEN_C_DATE;
+    a03.mod_values = cdate_values;
+
+    a04.mod_op = 0;
+    a04.mod_type = TOKEN_M_DATE;
+    a04.mod_values = cdate_values;
+
+    a05.mod_op = 0;
+    a05.mod_type = TOKEN_CUID;
+    a05.mod_values = id_values;
+    
+    a06.mod_op = 0;
+    a06.mod_type = TOKEN_OP;
+    a06.mod_values = op_values;
+
+    a07.mod_op = 0;
+    a07.mod_type = TOKEN_MSG;
+    a07.mod_values = msg_values;
+
+    a08.mod_op = 0;
+    a08.mod_type = TOKEN_RESULT;
+    a08.mod_values = result_values;
+
+    a09.mod_op = 0;
+    a09.mod_type = TOKEN_IP;
+    a09.mod_values = ip_values;
+
+    a10.mod_op = 0;
+    a10.mod_type = TOKEN_USER;
+    a10.mod_values = userid_values;
+
+    mods[0]  = &a01;
+    mods[1]  = &a02;
+    mods[2]  = &a03;
+    mods[3]  = &a04;
+    mods[4]  = &a05;
+    mods[5]  = &a06;
+    mods[6]  = &a07;
+    mods[7]  = &a08;
+    mods[8]  = &a09;
+    mods[9]  = &a10;
+    mods[10]  = NULL;
+
+    if (PR_snprintf(dn, 255, "cn=%s,%s", zcdate, activityBaseDN) < 0)
+        return -1;
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_add_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    return rc;
+}
+
+
+int add_tus_db_entry (char *cn, LDAPMod **mods)
+{
+    char dn[256];
+    int  rc = 0, tries = 0;
+
+    tus_check_conn();
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, baseDN) < 0)
+        return -1;
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_add_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    return rc;
+}
+
+int add_new_tus_db_entry (const char *userid, char *cn, const char *uid, int flag, const char *status, char *applet_version, char *key_info)
+{
+    PRExplodedTime time;
+    PRTime   now;
+    LDAPMod  a01;
+    LDAPMod  a02;
+    LDAPMod  a03;
+    LDAPMod  a04;
+    LDAPMod  a05;
+    LDAPMod  a06;
+    LDAPMod  a07;
+    LDAPMod  a08;
+    LDAPMod  a09;
+    LDAPMod  a10;
+    LDAPMod  a11;
+    LDAPMod  a12;
+    LDAPMod  a13;
+    LDAPMod  a14;
+    LDAPMod  a15;
+    LDAPMod  *mods[16];
+    int  rc = 0, tries = 0;
+    char dn[256];
+    char cdate[256];
+    char *cn_values[2];
+    char *objectClass_values[] = { "top", "tokenRecord", NULL };
+    char *cdate_values[2];
+    char *modified_values[] = { "0", NULL };
+    char *uid_values[] = { "", NULL };
+    char *status_values[] = { "", NULL };
+    char *aid_values[] = { "", NULL };
+    char *resets_values[] = { "0", NULL };
+    char *enrollments_values[] = { "0", NULL };
+    char *renewals_values[] = { "0", NULL };
+    char *recoveries_values[] = { "0", NULL };
+    char *key_info_values[] = { "", NULL };
+    char *reason_values[] = { "", NULL };
+    char *policy_values[2];
+
+    tus_check_conn();
+    cn_values[0] = cn;
+    cn_values[1] = NULL;
+
+    policy_values[0] = defaultPolicy;
+    policy_values[1] = NULL;
+
+    if (uid != NULL) uid_values[0] = ( char * ) uid;
+    if (key_info != NULL) key_info_values[0] = key_info;
+    status_values[0] = ( char * ) status;
+
+    a01.mod_op = 0;
+    a01.mod_type = TOKEN_ID;
+    a01.mod_values = cn_values;
+
+    a02.mod_op = 0;
+    a02.mod_type = "objectClass";
+    a02.mod_values = objectClass_values;
+
+    cdate_values[0] = cdate;
+    cdate_values[1] = NULL;
+    a03.mod_op = 0;
+    a03.mod_type = TOKEN_C_DATE;
+    a03.mod_values = cdate_values;
+
+    a04.mod_op = 0;
+    a04.mod_type = TOKEN_M_DATE;
+    a04.mod_values = cdate_values;
+
+    a05.mod_op = 0;
+    a05.mod_type = TOKEN_MODS;
+    a05.mod_values = modified_values;
+    
+    a06.mod_op = 0;
+    a06.mod_type = TOKEN_USER;
+    a06.mod_values = uid_values;
+
+    a07.mod_op = 0;
+    a07.mod_type = TOKEN_STATUS;
+    a07.mod_values = status_values;
+
+    a08.mod_op = 0;
+    a08.mod_type = TOKEN_APPLET;
+    if (applet_version != NULL) {
+        aid_values[0] = applet_version;
+    }
+    a08.mod_values = aid_values;
+
+    a09.mod_op = 0;
+    a09.mod_type = TOKEN_RESETS;
+    a09.mod_values = resets_values;
+
+    a10.mod_op = 0;
+    a10.mod_type = TOKEN_ENROLLMENTS;
+    a10.mod_values = enrollments_values;
+
+    a11.mod_op = 0;
+    a11.mod_type = TOKEN_RENEWALS;
+    a11.mod_values = renewals_values;
+
+    a12.mod_op = 0;
+    a12.mod_type = TOKEN_RECOVERIES;
+    a12.mod_values = recoveries_values;
+
+    a13.mod_op = 0;
+    a13.mod_type = TOKEN_KEY_INFO;
+    a13.mod_values = key_info_values;
+
+    a14.mod_op = 0;
+    a14.mod_type = TOKEN_POLICY;
+    a14.mod_values = policy_values;
+
+    a15.mod_op = 0;
+    a15.mod_type = TOKEN_REASON;
+    a15.mod_values = reason_values;
+
+    mods[0]  = &a01;
+    mods[1]  = &a02;
+    mods[2]  = &a03;
+    mods[3]  = &a04;
+    mods[4]  = &a05;
+    mods[5]  = &a06;
+    mods[6]  = &a07;
+    mods[7]  = &a08;
+    mods[8]  = &a09;
+    mods[9]  = &a10;
+    mods[10] = &a11;
+    mods[11] = &a12;
+    mods[12] = &a13;
+    mods[13] = &a14;
+    mods[14] = &a15;
+    mods[15] = NULL;
+
+    now = PR_Now();
+    PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+
+    PR_snprintf(cdate, 16, "%04d%02d%02d%02d%02d%02dZ",
+                time.tm_year, (time.tm_month + 1), time.tm_mday,
+                time.tm_hour, time.tm_min, time.tm_sec);
+
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, baseDN) < 0)
+        return -1;
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_add_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    /* audit log */
+    if (rc == LDAP_SUCCESS) {
+      audit_log("add_token", userid, cn);
+    }
+
+    return rc;
+}
+
+TPS_PUBLIC int add_default_tus_db_entry (const char *uid, const char *agentid, char *cn, const char *status, char *applet_version, char *key_info)
+{
+    return add_new_tus_db_entry (agentid, cn, uid, 0, status, applet_version, key_info);
+}
+
+int delete_tus_db_entry (char *userid, char *cn)
+{
+    char dn[256];
+    int  rc = 0, tries = 0;
+
+    tus_check_conn();
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, baseDN) < 0)
+        return -1;
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_delete_ext_s(ld, dn, NULL, NULL)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    /* audit log */
+    if (rc == LDAP_SUCCESS) {
+      audit_log("delete_token", userid, cn);
+    }
+
+    return rc;
+}
+
+TPS_PUBLIC int find_tus_db_entry (char *cn, int max, LDAPMessage **result)
+{
+    char dn[256];
+    int  rc = 0, tries = 0;
+
+    tus_check_conn();
+    if (ld == NULL)
+      return -1;
+
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, baseDN) < 0)
+        return -1;
+
+    if (debug_fd)
+      PR_fprintf(debug_fd, "find_tus_db_entry: looking for :%s\n",dn);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+      if (debug_fd)
+	PR_fprintf(debug_fd, "find_tus_db_entry: tries = %d\n",tries);
+        if ((rc = ldap_search_ext_s (ld, dn, LDAP_SCOPE_BASE, "(objectclass=*)",
+                       NULL, 0, NULL, NULL, NULL, 0, result)) == LDAP_SUCCESS) {
+	  if (debug_fd)
+	    PR_fprintf(debug_fd, "find_tus_db_entry: found it\n");
+
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+	  if (debug_fd)
+	    PR_fprintf(debug_fd, "find_tus_db_entry: server down or connect error\n");
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        } else {/* can't find?*/
+	  if (debug_fd)
+	    PR_fprintf(debug_fd, "find_tus_db_entry: can't find\n");
+	  break;
+	}
+    }
+
+    return rc;
+}
+
+TPS_PUBLIC int find_tus_db_entries (const char *filter, int max, LDAPMessage **result)
+{
+    int  rc = LDAP_OTHER, tries = 0;
+
+    LDAPsortkey **sortKeyList;
+    LDAPControl *controls[3];
+    LDAPVirtualList vlv_data;
+
+    tus_check_conn();
+    controls[0] = NULL;
+    controls[1] = NULL;
+    controls[2] = NULL;
+
+    vlv_data.ldvlist_before_count = 0;
+    vlv_data.ldvlist_after_count = max - 1;
+    vlv_data.ldvlist_attrvalue = NULL;
+    vlv_data.ldvlist_size = max;
+    vlv_data.ldvlist_index = 0;
+    ldap_create_virtuallist_control(ld, &vlv_data, &controls[0]);
+   
+    ldap_create_sort_keylist(&sortKeyList, "-dateOfModify");
+    ldap_create_sort_control(ld, sortKeyList, 1 /* non-critical */, 
+        &controls[1]);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s (ld, baseDN, LDAP_SCOPE_SUBTREE, filter,
+                       NULL, 0, controls, NULL, NULL, 0, result)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    ldap_free_sort_keylist(sortKeyList);
+    ldap_control_free(controls[0]);
+    ldap_control_free(controls[1]);
+
+    return rc;
+}
+
+static int sort_cmp(const char *v1, const char *v2)
+{
+  return PL_strcasecmp(v1, v2);
+}
+
+static int reverse_sort_cmp(const char *v1, const char *v2)
+{
+  return PL_strcasecmp(v2, v1);
+}
+
+TPS_PUBLIC int find_tus_token_entries_no_vlv(char *filter, LDAPMessage **result, int order) 
+{
+    int rc = LDAP_OTHER, tries = 0;
+
+    tus_check_conn();
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_s (ld, baseDN, LDAP_SCOPE_SUBTREE, filter,
+                       NULL, 0, result)) == LDAP_SUCCESS) {
+            /* we do client-side sorting here */
+            if (order == 0) {
+              rc = ldap_sort_entries(ld, result, "dateOfCreate", 
+                                     sort_cmp);
+            } else { /* order == 1 */
+              rc = ldap_sort_entries(ld, result, "dateOfCreate", 
+                                     reverse_sort_cmp);
+            }
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+    
+    return rc;
+}
+
+TPS_PUBLIC int find_tus_activity_entries_no_vlv(char *filter, LDAPMessage **result, int order)
+{
+    int rc = LDAP_OTHER, tries = 0;
+
+    tus_check_conn();
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_s (ld, activityBaseDN, LDAP_SCOPE_SUBTREE, filter,
+                       NULL, 0, result)) == LDAP_SUCCESS) {
+            /* we do client-side sorting here */
+            if (order == 0) {
+              rc = ldap_sort_entries(ld, result, "dateOfCreate", 
+                                     sort_cmp);
+            } else { /* order == 1 */
+              rc = ldap_sort_entries(ld, result, "dateOfCreate",
+                                     reverse_sort_cmp);
+            }
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    return rc;
+}
+
+TPS_PUBLIC int find_tus_token_entries(char *filter, int max, LDAPMessage **result, int order) 
+{
+    int rc = LDAP_OTHER, tries = 0;
+    LDAPsortkey **sortKeyList;
+    LDAPControl *controls[3];
+    LDAPVirtualList vlv_data;
+
+    tus_check_conn();
+    controls[0] = NULL;
+    controls[1] = NULL;
+    controls[2] = NULL;
+
+    vlv_data.ldvlist_before_count = 0;
+    vlv_data.ldvlist_after_count = max - 1;
+    vlv_data.ldvlist_attrvalue = NULL;
+    vlv_data.ldvlist_size = max;
+    vlv_data.ldvlist_index = 0;
+    ldap_create_virtuallist_control(ld, &vlv_data, &controls[0]);
+
+    ldap_create_sort_keylist(&sortKeyList, "-dateOfCreate");
+     (*sortKeyList)->sk_reverseorder = order;
+    ldap_create_sort_control(ld, sortKeyList, 1 /* non-critical */,
+        &controls[1]);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s (ld, baseDN, LDAP_SCOPE_SUBTREE, filter,
+                       NULL, 0, controls, NULL, NULL, 0, result)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+    
+    ldap_free_sort_keylist(sortKeyList);
+    ldap_control_free(controls[0]);
+    ldap_control_free(controls[1]);
+
+    return rc;
+}
+
+TPS_PUBLIC int update_token_status_reason_userid(const char *userid, char *cuid,
+  const char *tokenStatus, const char *reason, int modifyDateOfCreate) {
+    LDAPMod **mods = NULL;
+    int status;
+    char **v = NULL;
+    int len = 0;
+
+    tus_check_conn();
+    if (modifyDateOfCreate)
+        mods = allocate_modifications(5);
+    else
+        mods = allocate_modifications(4);
+
+    if (mods == NULL) {
+        return -1;
+    } else {
+        if ((v = create_modification_date_change()) == NULL) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return -1;
+        }
+    }
+    
+    mods[0]->mod_op = LDAP_MOD_REPLACE;
+    mods[0]->mod_type = get_modification_date_name();
+    mods[0]->mod_values = v; 
+
+    /* for token status */
+    if (tokenStatus != NULL && PL_strlen(tokenStatus) > 0) {
+        len = PL_strlen(tokenStatus);
+        if ((v = allocate_values(1, len+1)) == NULL) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return -1;
+        }
+        PL_strcpy(v[0], tokenStatus);
+        mods[1]->mod_op = LDAP_MOD_REPLACE;
+        mods[1]->mod_type = get_token_status_name();
+        mods[1]->mod_values = v;
+    }
+  
+    /* for token reason */
+    if (reason != NULL && PL_strlen(reason) > 0)
+        len = PL_strlen(reason);
+    else 
+        len = 0;
+    if ((v = allocate_values(1, len+1)) == NULL) {
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+        return -1;
+    }
+    mods[2]->mod_op = LDAP_MOD_REPLACE;
+    mods[2]->mod_type = tokenAttributes[13];
+    if (reason != NULL && PL_strlen(reason) > 0)
+        PL_strcpy(v[0], reason);
+    else
+        v[0] = "";
+    mods[2]->mod_values = v;
+
+    /* for userid */
+    if (userid != NULL && PL_strlen(userid) > 0)
+        len = PL_strlen(userid);
+    else
+        len = 0;
+    if ((v = allocate_values(1, len+1)) == NULL) {
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+        return -1;
+    }
+    mods[3]->mod_op = LDAP_MOD_REPLACE;
+    mods[3]->mod_type = "tokenUserID";
+    if (userid != NULL && PL_strlen(userid) > 0)
+        PL_strcpy(v[0], userid);
+    else
+        v[0] = "";
+    mods[3]->mod_values = v;
+
+    if (modifyDateOfCreate) {
+        if ((v = create_modification_date_change()) == NULL) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return -1;
+        }
+    
+        mods[4]->mod_op = LDAP_MOD_REPLACE;
+        mods[4]->mod_type = "dateOfCreate";
+        mods[4]->mod_values = v; 
+
+    }
+
+    status = update_tus_db_entry_with_mods(userid, cuid, mods);
+    return status;
+}
+
+TPS_PUBLIC int update_token_status_reason(char *userid, char *cuid, const char *tokenStatus, const char *reason) {
+    LDAPMod **mods = NULL;
+    int status;
+    char **v = NULL;
+    int len = 0;
+    
+    tus_check_conn();
+    mods = allocate_modifications(3);
+
+    if (mods == NULL) {
+        return -1;    
+    } else {
+        if ((v = create_modification_date_change()) == NULL) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return -1;
+        }
+    }
+
+    mods[0]->mod_op = LDAP_MOD_REPLACE;
+    mods[0]->mod_type = get_modification_date_name();
+    mods[0]->mod_values = v;
+
+    /* for token status */
+    if (tokenStatus != NULL && PL_strlen(tokenStatus) > 0) {
+        len = PL_strlen(tokenStatus);
+        if ((v = allocate_values(1, len+1)) == NULL) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return -1;
+        }
+        PL_strcpy(v[0], tokenStatus);
+        mods[1]->mod_op = LDAP_MOD_REPLACE;
+        mods[1]->mod_type = get_token_status_name();
+        mods[1]->mod_values = v;
+    }
+
+    /* for token reason */
+    if (reason != NULL && PL_strlen(reason) > 0)
+        len = PL_strlen(reason);
+    else
+        len = 0;
+    if ((v = allocate_values(1, len+1)) == NULL) {
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+        return -1;
+    }
+    mods[2]->mod_op = LDAP_MOD_REPLACE;
+    mods[2]->mod_type = tokenAttributes[13];
+    if (reason != NULL && PL_strlen(reason) > 0)
+        PL_strcpy(v[0], reason);
+    else
+        v[0] = "";
+    mods[2]->mod_values = v;
+
+    status = update_tus_db_entry_with_mods(userid, cuid, mods);
+    return status;
+}
+
+TPS_PUBLIC int tus_has_active_tokens(char *userid)
+{
+    LDAPMessage *result;
+    char filter[256];
+    int n = 0;
+
+    int rc = LDAP_OTHER, tries = 0;
+    LDAPsortkey **sortKeyList;
+    LDAPControl *controls[3];
+    LDAPVirtualList vlv_data;
+    int max = 1000;
+    
+    tus_check_conn();
+    PR_snprintf(filter, 256, "(&(tokenStatus=active)(tokenUserID=%s))", userid);
+    controls[0] = NULL;
+    controls[1] = NULL;
+    controls[2] = NULL;
+
+    vlv_data.ldvlist_before_count = 0;
+    vlv_data.ldvlist_after_count = max - 1;
+    vlv_data.ldvlist_attrvalue = NULL;
+    vlv_data.ldvlist_size = max;
+    vlv_data.ldvlist_index = 0;
+    ldap_create_virtuallist_control(ld, &vlv_data, &controls[0]);
+
+    ldap_create_sort_keylist(&sortKeyList, "-dateOfCreate");
+    ldap_create_sort_control(ld, sortKeyList, 1 /* non-critical */,
+        &controls[1]);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s (ld, baseDN, LDAP_SCOPE_SUBTREE, filter,
+                       NULL, 0, controls, NULL, NULL, 0, &result)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((n = ldap_count_entries (ld, result)) >= 0) {
+            break;
+        } else {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    ldap_free_sort_keylist(sortKeyList);
+    ldap_control_free(controls[0]);
+    ldap_control_free(controls[1]);
+
+    if (rc == LDAP_SUCCESS) {
+        if (n > 0)
+            return 0;
+        else
+            return -1;
+    }
+
+    return rc;
+}
+
+TPS_PUBLIC int find_tus_certificate_entries_by_order_no_vlv (char *filter, 
+  LDAPMessage **result, int order)
+{   
+    int  rc = LDAP_OTHER, tries = 0;
+
+    tus_check_conn();
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_s (ld, certBaseDN, LDAP_SCOPE_SUBTREE, filter,
+                       NULL, 0, result)) == LDAP_SUCCESS) {
+            /* we do client-side sorting here */
+            if (order == 0) {
+              rc = ldap_sort_entries(ld, result, "dateOfCreate", 
+                                   sort_cmp);
+            } else {
+              rc = ldap_sort_entries(ld, result, "dateOfCreate", 
+                                   reverse_sort_cmp);
+            }
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    return rc;
+}
+
+TPS_PUBLIC int find_tus_certificate_entries_by_order (char *filter, int max, 
+  LDAPMessage **result, int order)
+{   
+    int  rc = LDAP_OTHER, tries = 0;
+    LDAPsortkey **sortKeyList;
+    LDAPControl *controls[3];
+    LDAPVirtualList vlv_data;
+                       
+    tus_check_conn();
+    controls[0] = NULL;
+    controls[1] = NULL;
+    controls[2] = NULL;
+            
+    vlv_data.ldvlist_before_count = 0;
+    vlv_data.ldvlist_after_count = max - 1;
+    vlv_data.ldvlist_attrvalue = NULL;
+    vlv_data.ldvlist_size = max;
+    vlv_data.ldvlist_index = 0;
+    ldap_create_virtuallist_control(ld, &vlv_data, &controls[0]);
+
+    ldap_create_sort_keylist(&sortKeyList, "-dateOfCreate");
+    (*sortKeyList)->sk_reverseorder = order;
+    ldap_create_sort_control(ld, sortKeyList, 1 /* non-critical */,
+        &controls[1]);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s (ld, certBaseDN, LDAP_SCOPE_SUBTREE, filter,
+                       NULL, 0, controls, NULL, NULL, 0, result)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    ldap_free_sort_keylist(sortKeyList);
+    ldap_control_free(controls[0]);
+    ldap_control_free(controls[1]);
+
+    return rc;
+}
+
+int find_tus_certificate_entries (char *filter, int max, LDAPMessage **result)
+{
+    int  rc = LDAP_OTHER, tries = 0;
+    LDAPsortkey **sortKeyList;
+    LDAPControl *controls[3];
+    LDAPVirtualList vlv_data;
+
+    tus_check_conn();
+    controls[0] = NULL;
+    controls[1] = NULL;
+    controls[2] = NULL;
+
+    vlv_data.ldvlist_before_count = 0;
+    vlv_data.ldvlist_after_count = max - 1;
+    vlv_data.ldvlist_attrvalue = NULL;
+    vlv_data.ldvlist_size = max;
+    vlv_data.ldvlist_index = 0;
+    ldap_create_virtuallist_control(ld, &vlv_data, &controls[0]);
+
+    ldap_create_sort_keylist(&sortKeyList, "-dateOfCreate");
+    ldap_create_sort_control(ld, sortKeyList, 1 /* non-critical */, 
+        &controls[1]);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s (ld, certBaseDN, LDAP_SCOPE_SUBTREE, filter,
+                       NULL, 0, controls, NULL, NULL, 0, result)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    ldap_free_sort_keylist(sortKeyList);
+    ldap_control_free(controls[0]);
+    ldap_control_free(controls[1]);
+
+    return rc;
+}
+
+int find_tus_activity_entries (char *filter, int max, LDAPMessage **result)
+{
+    int  rc = LDAP_OTHER, tries = 0;
+    LDAPsortkey **sortKeyList;
+    LDAPControl *controls[3];
+    LDAPVirtualList vlv_data;
+
+    tus_check_conn();
+    controls[0] = NULL;
+    controls[1] = NULL;
+    controls[2] = NULL;
+
+    vlv_data.ldvlist_before_count = 0;
+    vlv_data.ldvlist_after_count = max - 1;
+    vlv_data.ldvlist_attrvalue = NULL;
+    vlv_data.ldvlist_size = max;
+    vlv_data.ldvlist_index = 0;
+    ldap_create_virtuallist_control(ld, &vlv_data, &controls[0]);
+
+    ldap_create_sort_keylist(&sortKeyList, "-dateOfCreate");
+    ldap_create_sort_control(ld, sortKeyList, 1 /* non-critical */, 
+        &controls[1]);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s (ld, activityBaseDN, LDAP_SCOPE_SUBTREE, filter,
+                       NULL, 0, controls, NULL, NULL, 0, result)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    ldap_free_sort_keylist(sortKeyList);
+    ldap_control_free(controls[0]);
+    ldap_control_free(controls[1]);
+
+    return rc;
+}
+
+int get_number_of_entries (LDAPMessage *result)
+{
+    int  n = 0, rc = 0, tries = 0;
+
+    tus_check_conn();
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((n = ldap_count_entries (ld, result)) >= 0) {
+            break;
+        } else {
+            rc = ldap_simple_bind_s (ld, bindDN, bindPass);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    return n;
+}
+
+int free_results (LDAPMessage *results)
+{
+    return ldap_msgfree (results);
+}
+
+LDAPMessage *get_first_entry (LDAPMessage *result)
+{
+    return ldap_first_entry (ld, result);
+}
+
+LDAPMessage *get_next_entry (LDAPMessage *entry)
+{
+    return ldap_next_entry (ld, entry);
+}
+
+TPS_PUBLIC char **get_token_states()
+{
+    return tokenStates;
+}
+
+TPS_PUBLIC char **get_certificate_attributes()
+{
+    return tokenCertificateAttributes;
+}
+
+TPS_PUBLIC char **get_activity_attributes()
+{
+    return tokenActivityAttributes;
+}
+
+TPS_PUBLIC char **get_token_attributes()
+{
+    return tokenAttributes;
+}
+
+CERTCertificate **get_certificates(LDAPMessage *entry) {
+    int i;    
+    struct berval **bvals;
+    CERTCertificate *cert;
+    int c = 0;
+    CERTCertificate **ret = NULL;
+
+    tus_check_conn();
+    bvals = ldap_get_values_len(ld, entry, "userCertificate");
+    if (bvals == NULL)
+        return NULL;
+
+    for (i = 0; bvals[i] != NULL; i++ )
+        c++;    
+    ret = (CERTCertificate **) malloc ((sizeof (CERTCertificate *) * c) + 1);
+    c = 0;
+    for (i = 0; bvals[i] != NULL; i++ ) {
+        cert = CERT_DecodeCertFromPackage((char *) bvals[i]->bv_val, (int) 
+          ( bvals[i]->bv_len ) );
+        ret[c] = cert;
+	c++;
+    }  
+    ret[c] = NULL;
+    return ret;
+   
+}
+
+char **get_attribute_values(LDAPMessage *entry, const char *attribute)
+{
+    int i;
+    unsigned int j;
+    struct berval **bvals;
+    CERTCertificate *cert;
+    char buffer[2048];
+    int c = 0;
+    char **ret = NULL;
+
+
+    tus_check_conn();
+    if (PL_strcasecmp(attribute, "userCertificate") == 0) {
+       bvals = ldap_get_values_len(ld, entry, attribute);
+       if (bvals == NULL)
+		return NULL;
+       for (i = 0; bvals[i] != NULL; i++ ) {
+	 c++;
+       }  
+       ret = (char **) malloc ((sizeof (char *) * c) + 1);
+       c = 0;
+       for (i = 0; bvals[i] != NULL; i++ ) {
+         cert = CERT_DecodeCertFromPackage((char *) bvals[i]->bv_val, (int) 
+			( bvals[i]->bv_len ) );
+         sprintf(buffer, "%s", BTOA_DataToAscii((unsigned char *)bvals[i]->bv_val, 
+                   (int)bvals[i]->bv_len));
+         /* remove \r\n that javascript does not like */
+         for (j = 0; j < strlen(buffer); j++) {
+            if (buffer[j] == '\r') {
+              buffer[j] = '.';
+            }
+            if (buffer[j] == '\n') {
+              buffer[j] = '.';
+            }
+         }
+	 ret[c] = strdup(buffer);
+	 c++;
+       }  
+       ret[c] = NULL;
+       return ret;
+    } else {
+       return ldap_get_values(ld, entry, attribute);
+    }
+}
+
+void free_values(char **values, int ldapValues)
+{
+    if( ldapValues != (int) NULL ) {
+        if( values != NULL ) {
+            ldap_value_free( values );
+            values = NULL;
+        }
+    } else {
+        if( values != NULL ) {
+            PR_Free( values );
+            values = NULL;
+        }
+    }
+}
+
+TPS_PUBLIC char *get_token_users_name()
+{
+    return tokenAttributes[I_TOKEN_USER];
+}
+
+char **get_token_users(LDAPMessage *entry)
+{
+    return ldap_get_values(ld, entry, TOKEN_USER);
+}
+
+char *get_token_id_name()
+{
+    return tokenAttributes[I_TOKEN_ID];
+}
+
+TPS_PUBLIC char *get_token_reason(LDAPMessage *e)
+{
+    char **v = NULL;
+    char *value = NULL;
+
+    v = ldap_get_values(ld, e, "tokenReason");
+    if (v == NULL) return NULL;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        value = PL_strdup(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return value;
+}
+
+char *get_token_id(LDAPMessage *entry)
+{
+    char **v = NULL;
+    char *value = NULL;
+
+    v = ldap_get_values(ld, entry, TOKEN_ID);
+    if (v == NULL) return NULL;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        value = PL_strdup(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return value;
+}
+
+char *get_cert_tokenType(LDAPMessage *entry)
+{
+    char **v = NULL; 
+    char *value = NULL;
+
+    v = ldap_get_values(ld, entry, "tokenType");
+    if (v == NULL) return NULL;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        value = PL_strdup(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return value;
+}
+
+char *get_cert_serial(LDAPMessage *entry)
+{
+    char **v = NULL;
+    char *value = NULL;
+
+    v = ldap_get_values(ld, entry, "tokenSerial");
+    if (v == NULL) return NULL;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        value = PL_strdup(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return value;
+}
+
+char *get_cert_type(LDAPMessage *entry)
+{
+    char **v = NULL;
+    char *value = NULL;
+
+    v = ldap_get_values(ld, entry, "tokenKeyType");
+    if (v == NULL) return NULL;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        value = PL_strdup(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return value;
+}
+
+char *get_cert_attr_byname(LDAPMessage *entry, char *name)
+{
+    char **v = NULL;
+    char *value = NULL;
+
+    v = ldap_get_values(ld, entry, name);
+    if (v == NULL) return NULL;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        value = PL_strdup(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return value;
+}
+
+char *get_cert_status(LDAPMessage *entry)
+{
+    char **v = NULL;
+    char *value = NULL;
+
+    v = ldap_get_values(ld, entry, "tokenStatus");
+    if (v == NULL) return NULL;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        value = PL_strdup(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return value;
+}
+
+char *get_cert_issuer(LDAPMessage *entry) {
+    char **v = NULL;
+    char *value = NULL;
+        
+    v = ldap_get_values(ld, entry, "tokenIssuer");
+    if (v == NULL) return NULL;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        value = PL_strdup(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return value;
+}
+
+char *get_cert_cn(LDAPMessage *entry)
+{
+    char **v = NULL;
+    char *value = NULL;
+
+    v = ldap_get_values(ld, entry, "cn");
+    if (v == NULL) return NULL;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        value = PL_strdup(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return value;
+}
+
+char *get_token_status_name()
+{
+    return tokenAttributes[I_TOKEN_STATUS];
+}
+
+TPS_PUBLIC char *get_reason_name()
+{
+    return tokenAttributes[I_TOKEN_REASON];
+}
+
+TPS_PUBLIC char *get_policy_name()
+{
+    return tokenAttributes[I_TOKEN_POLICY];
+}
+
+char *get_token_status(LDAPMessage *entry)
+{
+    char **v = NULL;
+    char *value = NULL;
+
+    v = ldap_get_values(ld, entry, TOKEN_STATUS);
+    if (v == NULL) return NULL;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        value = PL_strdup(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return value;
+}
+
+char *get_applet_id_name()
+{
+    return tokenAttributes[I_TOKEN_APPLET];
+}
+
+char *get_applet_id(LDAPMessage *entry)
+{
+    char **v = NULL;
+    char *value = NULL;
+
+    v = ldap_get_values(ld, entry, TOKEN_APPLET);
+    if (v == NULL) return NULL;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        value = PL_strdup(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return value;
+}
+
+char *get_key_info_name()
+{
+    return tokenAttributes[I_TOKEN_KEY_INFO];
+}
+
+char *get_key_info(LDAPMessage *entry)
+{
+    char **v = NULL;
+    char *value = NULL;
+
+    v = ldap_get_values(ld, entry, TOKEN_KEY_INFO);
+    if (v == NULL) return NULL;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        value = PL_strdup(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return value;
+}
+
+char *get_creation_date_name()
+{
+    return tokenAttributes[I_TOKEN_C_DATE];
+}
+
+char *get_creation_date(LDAPMessage *entry)
+{
+    char **v = NULL;
+    char *value = NULL;
+
+    v = ldap_get_values(ld, entry, TOKEN_C_DATE);
+    if (v == NULL) return NULL;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        value = PL_strdup(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return value;
+}
+
+char *get_modification_date_name()
+{
+    return tokenAttributes[I_TOKEN_M_DATE];
+}
+
+char *get_modification_date(LDAPMessage *entry)
+{
+    char **v = NULL;
+    char *value = NULL;
+
+    v = ldap_get_values(ld, entry, TOKEN_M_DATE);
+    if (v == NULL) return NULL;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        value = PL_strdup(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return value;
+}
+
+char *get_number_of_modifications_name()
+{
+    return tokenAttributes[I_TOKEN_MODS];
+}
+
+int get_number_of_modifications(LDAPMessage *entry)
+{
+    char **v = NULL;
+    int  n = 0;
+
+    v = ldap_get_values(ld, entry, TOKEN_MODS);
+    if (v == NULL) return 0;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        n = atoi(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return n;
+}
+
+char *get_number_of_resets_name()
+{
+    return tokenAttributes[I_TOKEN_RESETS];
+}
+
+int get_number_of_resets(LDAPMessage *entry)
+{
+    char **v = NULL;
+    int  n = 0;
+
+    v = ldap_get_values(ld, entry, TOKEN_RESETS);
+    if (v == NULL) return 0;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        n = atoi(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return n;
+}
+
+char *get_number_of_enrollments_name()
+{
+    return tokenAttributes[I_TOKEN_ENROLLMENTS];
+}
+
+int get_number_of_enrollments(LDAPMessage *entry)
+{
+    char **v = NULL;
+    int  n = 0;
+
+    v = ldap_get_values(ld, entry, TOKEN_ENROLLMENTS);
+    if (v == NULL) return 0;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        n = atoi(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return n;
+}
+
+char *get_number_of_renewals_name()
+{
+    return tokenAttributes[I_TOKEN_RENEWALS];
+}
+
+int get_number_of_renewals(LDAPMessage *entry)
+{
+    char **v = NULL;
+    int  n = 0;
+
+    v = ldap_get_values(ld, entry, TOKEN_RENEWALS);
+    if (v == NULL) return 0;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        n = atoi(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return n;
+}
+
+char *get_number_of_recoveries_name()
+{
+    return tokenAttributes[I_TOKEN_RECOVERIES];
+}
+
+int get_number_of_recoveries(LDAPMessage *entry)
+{
+    char **v = NULL;
+    int  n = 0;
+
+    v = ldap_get_values(ld, entry, TOKEN_RECOVERIES);
+    if (v == NULL) return 0;
+    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+        n = atoi(v[0]);
+    }
+    if( v != NULL ) {
+        ldap_value_free( v );
+        v = NULL;
+    }
+
+    return n;
+}
+
+TPS_PUBLIC char *get_token_userid(char *cn)
+{
+    LDAPMessage *result = NULL;
+    LDAPMessage *e = NULL;
+    char **v = NULL;
+    char *ret = NULL;
+    int rc = -1;
+
+    if (cn != NULL && PL_strlen(cn) > 0) {
+        if ((rc = find_tus_db_entry (cn, 0, &result)) == LDAP_SUCCESS) {
+            e = get_first_entry (result);
+            if (e != NULL) {
+                if ((v = ldap_get_values(ld, e, TOKEN_USER)) != NULL) {
+                    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+                            ret = PL_strdup(v[0]);
+                    }
+                    if( v != NULL ) {
+                        ldap_value_free( v );
+                        v = NULL;
+                    }
+                }
+            }
+            if( result != NULL ) {
+                free_results( result );
+                result = NULL;
+            }
+        }
+    }
+    return ret;
+}
+
+TPS_PUBLIC char *get_token_policy(char *cn)
+{
+    LDAPMessage *result = NULL;
+    LDAPMessage *e = NULL;
+    char **v = NULL;
+    char *ret = NULL;
+    int rc = -1;
+
+    if (cn != NULL && PL_strlen(cn) > 0) {
+        if ((rc = find_tus_db_entry (cn, 0, &result)) == LDAP_SUCCESS) {
+            e = get_first_entry (result);
+            if (e != NULL) {
+                if ((v = ldap_get_values(ld, e, TOKEN_POLICY)) != NULL) {
+                    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+                            ret = PL_strdup(v[0]);
+                    }
+                    if( v != NULL ) {
+                        ldap_value_free( v );
+                        v = NULL;
+                    }
+                }
+            }
+            if( result != NULL ) {
+                free_results( result );
+                result = NULL;
+            }
+        }
+    }
+    return ret;
+}
+
+TPS_PUBLIC int allow_token_reenroll(char *cn)
+{
+    LDAPMessage *result = NULL;
+    LDAPMessage *e = NULL;
+    char **v = NULL;
+    int can_reenroll = 0;
+    int rc = -1;
+
+    if (cn != NULL && PL_strlen(cn) > 0) {
+        if ((rc = find_tus_db_entry (cn, 0, &result)) == LDAP_SUCCESS) {
+            e = get_first_entry (result);
+            if (e != NULL) {
+                if ((v = ldap_get_values(ld, e, TOKEN_POLICY)) != NULL) {
+                    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+                        if (PL_strstr(v[0], "RE_ENROLL=YES")) {
+                            can_reenroll = 1;
+                        }
+                    }
+                    if( v != NULL ) {
+                        ldap_value_free( v );
+                        v = NULL;
+                    }
+                }
+            }
+            if( result != NULL ) {
+                free_results( result );
+                result = NULL;
+            }
+        }
+    }
+    return can_reenroll;
+}
+
+TPS_PUBLIC int is_token_present(char *cn)
+{
+    LDAPMessage *result = NULL;
+    LDAPMessage *e = NULL;
+    int present = 0;
+    int rc = -1;
+
+    if (cn != NULL && PL_strlen(cn) > 0) {
+        if ((rc = find_tus_db_entry (cn, 0, &result)) == LDAP_SUCCESS) {
+            e = get_first_entry (result);
+            if (e != NULL) {
+                present = 1;
+            }
+            if( result != NULL ) {
+                free_results( result );
+                result = NULL;
+            }
+        }
+    }
+    return present;
+}
+
+TPS_PUBLIC int is_token_pin_resetable(char *cn)
+{
+    LDAPMessage *result = NULL;
+    LDAPMessage *e = NULL;
+    char **v = NULL;
+    int resetable = 1;
+    int rc = -1;
+
+    if (cn != NULL && PL_strlen(cn) > 0) {
+        if ((rc = find_tus_db_entry (cn, 0, &result)) == LDAP_SUCCESS) {
+            e = get_first_entry (result);
+            if (e != NULL) {
+                if ((v = ldap_get_values(ld, e, TOKEN_POLICY)) != NULL) {
+                    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+                        if (PL_strstr(v[0], "PIN_RESET=NO")) {
+                            resetable = 0;
+                        }
+                    }
+                    if( v != NULL ) {
+                        ldap_value_free( v );
+                        v = NULL;
+                    }
+                }
+            }
+            if( result != NULL ) {
+                free_results( result );
+                result = NULL;
+            }
+        }
+    }
+    return resetable;
+}
+
+TPS_PUBLIC int is_update_pin_resetable_policy(char *cn)
+{
+    LDAPMessage *result = NULL;
+    LDAPMessage *e = NULL;
+    char **v = NULL;
+    int resetable = 0;
+    int rc = -1;
+
+    if (cn != NULL && PL_strlen(cn) > 0) {
+        if ((rc = find_tus_db_entry (cn, 0, &result)) == LDAP_SUCCESS) {
+            e = get_first_entry (result);
+            if (e != NULL) {
+                if ((v = ldap_get_values(ld, e, TOKEN_POLICY)) != NULL) {
+                    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+                        if (PL_strstr(v[0], "RESET_PIN_RESET_TO_NO=YES")) {
+                            resetable = 1;
+                        }
+                    }
+                    if( v != NULL ) {
+                        ldap_value_free( v );
+                        v = NULL;
+                    }
+                }
+            }
+            if( result != NULL ) {
+                free_results( result );
+                result = NULL;
+            }
+        }
+    }
+    return resetable;
+}
+
+TPS_PUBLIC int is_tus_db_entry_disabled(char *cn)
+{
+    LDAPMessage *result = NULL;
+    LDAPMessage *e = NULL;
+    char **v = NULL;
+    int disabled = 0;
+    int rc = -1;
+
+    if (cn != NULL && PL_strlen(cn) > 0) {
+        if ((rc = find_tus_db_entry (cn, 0, &result)) == LDAP_SUCCESS) {
+            e = get_first_entry (result);
+            if (e != NULL) {
+                if ((v = ldap_get_values(ld, e, TOKEN_STATUS)) != NULL) {
+                    if (v[0] != NULL && PL_strlen(v[0]) > 0) {
+                        if (!PL_strcasecmp(v[0], STATE_DISABLED)) {
+                            disabled = 1;
+                        }
+                    }
+                    if( v != NULL ) {
+                        ldap_value_free( v );
+                        v = NULL;
+                    }
+                }
+            }
+            if( result != NULL ) {
+                free_results( result );
+                result = NULL;
+            }
+        }
+    }
+    return disabled;
+}
+
+TPS_PUBLIC LDAPMod **allocate_modifications(int size)
+{
+    int i, n;
+    LDAPMod **mods = NULL;
+    char *s;
+
+    n = ((size + 1) * sizeof(LDAPMod *)) + (size * sizeof(LDAPMod));
+    s = (char *) PR_Malloc(n);
+    if (s == NULL)
+        return NULL;
+    memset(s, 0, n);
+
+    mods = (LDAPMod **)s;
+
+    s += ((size + 1) * sizeof(LDAPMod *));
+
+    for (i = 0; i < size; i++) {
+        mods[i] = (LDAPMod *)s;
+        s += sizeof(LDAPMod);
+    }
+
+    return mods;
+}
+
+void free_modifications(LDAPMod **mods, int ldapValues)
+{
+    int i;
+
+    if( mods == NULL ) {
+        return;
+    }
+
+    for (i = 0; mods[i] != NULL; i++) {
+        if ((mods[i]->mod_op & LDAP_MOD_BVALUES) &&
+            (mods[i]->mod_bvalues != NULL)) {
+            if (ldapValues) {
+                if( mods[i]->mod_bvalues != NULL ) {
+                    ber_bvecfree( mods[i]->mod_bvalues );
+                    mods[i]->mod_bvalues = NULL;
+                }
+            } else {
+                if( ( mods[i] != NULL ) && ( mods[i]->mod_bvalues != NULL ) ) {
+                    PR_Free( mods[i]->mod_bvalues );
+                    mods[i]->mod_bvalues = NULL;
+                }
+            }
+        } else if (mods[i]->mod_values != NULL) {
+            if (ldapValues) {
+                if( mods[i]->mod_values != NULL ) {
+                    ldap_value_free( mods[i]->mod_values );
+                    mods[i]->mod_values = NULL;
+                }
+            } else {
+                if( ( mods[i] != NULL ) && ( mods[i]->mod_values != NULL ) ) {
+                    PR_Free( mods[i]->mod_values );
+                    mods[i]->mod_values = NULL;
+                }
+            }
+        }
+    }
+    if( mods != NULL ) {
+        PR_Free( mods );
+        mods = NULL;
+    }
+}
+
+TPS_PUBLIC char **allocate_values(int size, int extra)
+{
+    int  n;
+    char **values = NULL;
+    char *s;
+
+    n = (size + 1) * sizeof(char *);
+    if (extra > 0) {
+        n += extra * sizeof(char);
+    }
+    s = (char *) PR_Malloc(n);
+    if (s == NULL)
+        return NULL;
+    memset(s, 0, n);
+
+    values = (char **)s;
+
+    if (extra > 0) {
+        s += ((size + 1) * sizeof(char *));
+        values[0] = s;
+    }
+
+    return values;
+}
+
+TPS_PUBLIC char **create_modification_date_change()
+{
+    PRExplodedTime time;
+    PRTime now;
+    char **v = NULL;
+
+    if ((v = allocate_values(1, 16)) == NULL) {
+        return NULL;
+    }
+
+    now = PR_Now();
+    PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+
+    PR_snprintf(v[0], 16, "%04d%02d%02d%02d%02d%02dZ",
+                time.tm_year, (time.tm_month + 1), time.tm_mday,
+                time.tm_hour, time.tm_min, time.tm_sec);
+
+    return v;
+}
+
+/**
+ * Reads password.conf file
+ */
+static int ReadLine(PRFileDesc *f, char *buf, int buf_len, int *removed_return)
+{
+       char *cur = buf;
+       int sum = 0;
+       PRInt32 rc;
+
+       *removed_return = 0;
+       while (1) {
+         rc = PR_Read(f, cur, 1);
+         if (rc == -1 || rc == 0)
+             break;
+         if (*cur == '\r') {
+             continue;
+         }
+         if (*cur == '\n') {
+             *cur = '\0';
+             *removed_return = 1;
+             break;
+         }
+         sum++;
+         cur++;
+       }
+       return sum;
+}
+
+#define MAX_CFG_LINE_LEN 4096
+/*
+ * Search for password name "name" in the password file "filepath"
+ */
+char *get_pwd_from_conf(char *filepath, char *name)
+{
+    PRFileDesc *fd;
+    char line[MAX_CFG_LINE_LEN];
+    int removed_return;
+    char *val= NULL;
+
+    if (debug_fd)
+	    PR_fprintf(debug_fd, "get_pwd_from_conf looking for %s\n", name);
+    fd= PR_Open(filepath, PR_RDONLY, 400);
+    if (fd == NULL) {
+        return NULL;
+    }
+    if (debug_fd)
+	    PR_fprintf(debug_fd, "get_pwd_from_conf opened %s\n", filepath);
+
+    while (1) {
+        int n = ReadLine(fd, line, MAX_CFG_LINE_LEN, &removed_return);
+        if (n > 0) {
+            /* handle comment line */
+            if (line[0] == '#')
+                continue;
+            int c = 0;
+            while ((c < n) && (line[c] != ':')) {
+                c++;
+            }
+            if (c < n) {
+                line[c] = '\0';
+            } else {
+                continue; /* no ':', skip this line */
+            }
+            if (!PL_strcmp (line, name)) {
+                if (debug_fd)
+	              PR_fprintf(debug_fd, "get_pwd_from_conf found %s is %s\n", line, &line[c+1]);
+                val =  PL_strdup(&line[c+1]);
+                break;
+            }
+        } else if (n == 0 && removed_return == 1) {
+            continue; /* skip empty line */
+        } else {
+            break;
+        }
+    }
+    if( fd != NULL ) {
+        PR_Close( fd );
+        fd = NULL;
+    }
+    return val;
+
+}
+
+void audit_log(const char *func_name, const char *userid, const char *msg)
+{
+    const char* time_fmt = "%Y-%m-%d %H:%M:%S";
+    char datetime[1024];
+    PRTime now;
+    PRExplodedTime time;
+    PRThread *ct;
+
+    if (audit_fd == NULL)
+        return;
+
+    now = PR_Now();
+    PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+    PR_FormatTimeUSEnglish(datetime, 1024, time_fmt, &time);
+    ct = PR_GetCurrentThread();
+    PR_fprintf(audit_fd, "[%s] t=%x uid=%s op=%s - ", 
+	datetime, ct, userid, func_name);
+    PR_fprintf(audit_fd, msg);
+    PR_fprintf(audit_fd, "\n");
+}
+
+int base64_decode( char *src, unsigned char *dst )
+{
+
+#define RIGHT2            0x03
+#define RIGHT4            0x0f
+
+         unsigned char b642nib[0x80] = {
+         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+         0xff, 0xff, 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f,
+         0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
+         0x3c, 0x3d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+         0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+         0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e,
+         0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
+         0x17, 0x18, 0x19, 0xff, 0xff, 0xff, 0xff, 0xff,
+         0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
+         0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+         0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
+         0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff
+         };
+         char            *p, *stop;
+         unsigned char   nib, *byte;
+         int             i, len;
+ 
+         stop = strchr( src, '\0' );
+         byte = dst;
+         for ( p = src, len = 0; p < stop; p += 4, len += 3 ) {
+                 for ( i = 0; i < 4; i++ ) {
+                         if ( p[i] != '=' && (p[i] & 0x80 ||
+                             b642nib[ p[i] & 0x7f ] > 0x3f) ) {
+                                 return( -1 );
+                         }
+                 }
+ 
+                 /* first digit */
+                 nib = b642nib[ p[0] & 0x7f ];
+                 byte[0] = nib << 2;
+ 
+                 /* second digit */
+                 nib = b642nib[ p[1] & 0x7f ];
+                 byte[0] |= nib >> 4;
+ 
+                 /* third digit */
+                 if ( p[2] == '=' ) {
+                         len += 1;
+                         break;
+                 }
+                 byte[1] = (nib & RIGHT4) << 4;
+                 nib = b642nib[ p[2] & 0x7f ];
+                 byte[1] |= nib >> 2;
+ 
+                 /* fourth digit */
+                 if ( p[3] == '=' ) {
+                         len += 2;
+                         break;
+                 }
+                 byte[2] = (nib & RIGHT2) << 6;
+                 nib = b642nib[ p[3] & 0x7f ];
+                 byte[2] |= nib;
+ 
+                 byte += 3;
+         }
+ 
+         return( len );
+}
+
diff --git a/pki/base/tps/stubs/modules/nss/mod_nss_stub.c b/pki/base/tps/stubs/modules/nss/mod_nss_stub.c
new file mode 100644
index 000000000..b47fa0edb
--- /dev/null
+++ b/pki/base/tps/stubs/modules/nss/mod_nss_stub.c
@@ -0,0 +1,51 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifdef XP_WIN32
+#define MOD_NSS_STUB_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define MOD_NSS_STUB_PUBLIC
+#endif /* !XP_WIN32 */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifndef XP_WIN32
+#include <unistd.h>  /* sleep */
+#else /* XP_WIN32 */
+#include <windows.h>
+#endif /* XP_WIN32 */
+
+#include "httpd/httpd.h"
+#include "httpd/http_config.h"
+#include "httpd/http_log.h"
+#include "httpd/http_protocol.h"
+#include "httpd/http_main.h"
+#include "httpd/apr_strings.h"
+
+MOD_NSS_STUB_PUBLIC char *nss_var_lookup( apr_pool_t *p, server_rec *s,
+                                          conn_rec *c, request_rec *r,
+                                          char *var )
+{
+	return NULL;
+}
+
diff --git a/pki/base/tps/tools/raclient/RA_Client.cpp b/pki/base/tps/tools/raclient/RA_Client.cpp
new file mode 100644
index 000000000..c2a610e33
--- /dev/null
+++ b/pki/base/tps/tools/raclient/RA_Client.cpp
@@ -0,0 +1,1645 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include "prinrval.h"
+
+#include "prmem.h"
+#include "prsystem.h"
+#include "plstr.h"
+#include "prio.h"
+#include "prprf.h"
+#include "pk11func.h"
+
+#include "main/NameValueSet.h"
+#include "main/Util.h"
+#include "main/RA_Msg.h"
+#include "authentication/AuthParams.h"
+#include "apdu/APDU_Response.h"
+#include "apdu/Initialize_Update_APDU.h"
+#include "apdu/External_Authenticate_APDU.h"
+#include "apdu/Set_Pin_APDU.h"
+#include "msg/RA_Begin_Op_Msg.h"
+#include "msg/RA_End_Op_Msg.h"
+#include "msg/RA_Login_Request_Msg.h"
+#include "msg/RA_Login_Response_Msg.h"
+#include "msg/RA_Extended_Login_Request_Msg.h"
+#include "msg/RA_Extended_Login_Response_Msg.h"
+#include "msg/RA_Token_PDU_Request_Msg.h"
+#include "msg/RA_Token_PDU_Response_Msg.h"
+#include "msg/RA_New_Pin_Request_Msg.h"
+#include "msg/RA_New_Pin_Response_Msg.h"
+#include "msg/RA_SecureId_Request_Msg.h"
+#include "msg/RA_SecureId_Response_Msg.h"
+#include "msg/RA_ASQ_Request_Msg.h"
+#include "msg/RA_ASQ_Response_Msg.h"
+#include "msg/RA_Status_Update_Request_Msg.h"
+#include "msg/RA_Status_Update_Response_Msg.h"
+#include "RA_Token.h"
+#include "RA_Client.h"
+
+#include "nss.h"
+
+static PRFileDesc *m_fd_debug = (PRFileDesc *) NULL;
+PRBool old_style = PR_TRUE;
+
+/**
+ * Constructs a RA client that talks to RA.
+ */
+RA_Client::RA_Client ()
+{
+  /* default global variables */
+  m_vars.Add ("ra_host", "air");
+  m_vars.Add ("ra_port", "8000");
+  m_vars.Add ("ra_uri", "/nk_service");
+}
+
+/**
+ * Destructs this RA client.
+ */
+RA_Client::~RA_Client ()
+{
+  if (m_fd_debug != NULL)
+    {
+      PR_Close (m_fd_debug);
+      m_fd_debug = NULL;
+    }
+}
+
+static void
+PrintHeader ()
+{
+  printf ("Registration Authority Client\n");
+  printf ("'op=help' for Help\n");
+}
+
+static void
+Output (const char *fmt, ...)
+{
+  va_list ap;
+  va_start (ap, fmt);
+  printf ("Output> ");
+  vprintf (fmt, ap);
+  printf ("\n");
+  va_end (ap);
+}
+
+static void
+PrintPrompt ()
+{
+  printf ("Command>");
+}
+
+static void
+OutputSuccess (const char *fmt, ...)
+{
+  va_list ap;
+  va_start (ap, fmt);
+  printf ("Result> Success - ");
+  vprintf (fmt, ap);
+  printf ("\n");
+  va_end (ap);
+}
+
+static void
+OutputError (const char *fmt, ...)
+{
+  va_list ap;
+  va_start (ap, fmt);
+  printf ("Result> Error - ");
+  vprintf (fmt, ap);
+  printf ("\n");
+  va_end (ap);
+}
+
+static int
+ReadLine (char *buf, int len)
+{
+  char *cur = buf;
+
+  while (1)
+    {
+      *cur = getchar ();
+      if (*cur == '\r')
+	{
+	  continue;
+	}
+      if (*cur == '\n')
+	{
+	  *cur = '\0';
+	  return 1;
+	}
+      cur++;
+    }
+  return 0;
+}
+
+void
+RA_Client::Debug (const char *func_name, const char *fmt, ...)
+{
+  PRTime now;
+  const char *time_fmt = "%Y-%m-%d %H:%M:%S";
+  char datetime[1024];
+  PRExplodedTime time;
+
+  if (m_fd_debug == NULL)
+    return;
+  va_list ap;
+  va_start (ap, fmt);
+  now = PR_Now ();
+  PR_ExplodeTime (now, PR_LocalTimeParameters, &time);
+  PR_FormatTimeUSEnglish (datetime, 1024, time_fmt, &time);
+  PR_fprintf (m_fd_debug, "[%s] %s - ", datetime, func_name);
+  PR_vfprintf (m_fd_debug, fmt, ap);
+  va_end (ap);
+  PR_Write (m_fd_debug, "\n", 1);
+}
+
+int
+RA_Client::OpHelp (NameValueSet * params)
+{
+  Output ("Available Operations:");
+  Output ("op=debug filename=<filename> - enable debugging");
+  Output ("op=help");
+  Output
+    ("op=ra_enroll uid=<uid> pwd=<pwd> num_threads=<number of threads> secureid_pin=<secureid_pin> keygen=<true|false> - Enrollment Via RA");
+  Output
+    ("op=ra_reset_pin uid=<uid> pwd=<pwd> num_threads=<number of threads> secureid_pin=<secureid_pin> new_pin=<new_pin> - Reset Pin Via RA");
+  Output
+    ("op=ra_update uid=<uid> pwd=<pwd> num_threads=<number of threads> secureid_pin=<secureid_pin> new_pin=<new_pin> - Reset Pin Via RA");
+  Output ("op=token_set <name>=<value> - Set Token Value");
+  Output ("op=token_status - Print Token Status");
+  Output ("op=var_get name=<name> - Get Value of Variable");
+  Output ("op=var_list - List All Variables");
+  Output ("op=var_set name=<name> value=<value> - Set Value to Variable");
+
+  return 1;
+}
+
+static void
+GetBuffer (Buffer & buf, char *output, int len)
+{
+  int i;
+
+  output[0] = '\0';
+  for (i = 0; i < (int) buf.size (); ++i)
+    {
+      sprintf (output, "%s%02x", output, ((BYTE *) buf)[i]);
+    }
+}
+
+static BYTE
+ToVal (char c)
+{
+  if (c >= '0' && c <= '9')
+    {
+      return c - '0';
+    }
+  else if (c >= 'A' && c <= 'Z')
+    {
+      return c - 'A' + 10;
+    }
+  else if (c >= 'a' && c <= 'z')
+    {
+      return c - 'a' + 10;
+    }
+
+  /* The following return is needed to suppress compiler warnings on Linux. */
+  return 0;
+}
+
+static Buffer *
+ToBuffer (char *input)
+{
+  int len = strlen (input) / 2;
+  BYTE *buffer = NULL;
+
+  buffer = (BYTE *) malloc (len);
+  if (buffer == NULL)
+    {
+      return NULL;
+    }
+
+  for (int i = 0; i < len; i++)
+    {
+      buffer[i] = (ToVal (input[i * 2]) * 16) + ToVal (input[i * 2 + 1]);
+    }
+  Buffer *j;
+  j = new Buffer (buffer, len);
+
+  if (buffer != NULL)
+    {
+      free (buffer);
+      buffer = NULL;
+    }
+
+  return j;
+}
+
+int
+RA_Client::OpTokenStatus (NameValueSet * params)
+{
+  int i;
+  char output[2048];
+
+  Output ("life_cycle_state : '%x'", m_token.GetLifeCycleState ());
+  Output ("pin : '%s'", m_token.GetPIN ());
+  GetBuffer (m_token.GetAppletVersion (), output, 2048);
+  Output ("app_ver : '%s' (%d bytes)", output,
+	  m_token.GetAppletVersion ().size ());
+  Output ("major_ver : '%x'", m_token.GetMajorVersion ());
+  Output ("minor_ver : '%x'", m_token.GetMinorVersion ());
+  GetBuffer (m_token.GetCUID (), output, 2048);
+  Output ("cuid : '%s' (%d bytes)", output, m_token.GetCUID ().size ());
+  GetBuffer (m_token.GetMSN (), output, 2048);
+  Output ("msn : '%s' (%d bytes)", output, m_token.GetMSN ().size ());
+  GetBuffer (m_token.GetKeyInfo (), output, 2048);
+  Output ("key_info : '%s' (%d bytes)", output,
+	  m_token.GetKeyInfo ().size ());
+  GetBuffer (m_token.GetAuthKey (), output, 2048);
+  Output ("auth_key : '%s' (%d bytes)", output,
+	  m_token.GetAuthKey ().size ());
+  GetBuffer (m_token.GetMacKey (), output, 2048);
+  Output ("mac_key : '%s' (%d bytes)", output, m_token.GetMacKey ().size ());
+  GetBuffer (m_token.GetKekKey (), output, 2048);
+  Output ("kek_key : '%s' (%d bytes)", output, m_token.GetKekKey ().size ());
+
+  /* print all the public/private keys */
+  if (params->GetValue ("print_cert") != NULL)
+    {
+      for (i = 0; i < m_token.NoOfCertificates (); i++)
+	{
+	  CERTCertificate *cert = m_token.GetCertificate (i);
+	  Output ("Certificate #%d: '%s'", i, cert->nickname);
+	}
+    }
+
+  if (params->GetValue ("print_private") != NULL)
+    {
+      for (i = 0; i < m_token.NoOfPrivateKeys (); i++)
+	{
+	  SECKEYPrivateKey *key = m_token.GetPrivateKey (i);
+#if 0
+	  SECKEYPublicKey *pubKey = SECKEY_ConvertToPublicKey (key);
+	  Buffer modulus = Buffer (pubKey->u.rsa.modulus.data,
+				   pubKey->u.rsa.modulus.len);
+	  Buffer exponent = Buffer (pubKey->u.rsa.publicExponent.data,
+				    pubKey->u.rsa.publicExponent.len);
+#endif
+	  Output ("Private Key #%d: '%s'", i,
+		  PK11_GetPrivateKeyNickname (key));
+	}
+    }
+
+  return 1;
+}
+
+int
+RA_Client::OpTokenSet (NameValueSet * params)
+{
+  if (params->GetValue ("cuid") != NULL)
+    {
+      Buffer *CUID = ToBuffer (params->GetValue ("cuid"));
+      m_token.SetCUID (*CUID);
+      if (CUID != NULL)
+	{
+	  delete CUID;
+	  CUID = NULL;
+	}
+    }
+  if (params->GetValue ("msn") != NULL)
+    {
+      Buffer *MSN = ToBuffer (params->GetValue ("msn"));
+      m_token.SetMSN (*MSN);
+      if (MSN != NULL)
+	{
+	  delete MSN;
+	  MSN = NULL;
+	}
+    }
+  if (params->GetValue ("app_ver") != NULL)
+    {
+      Buffer *Version = ToBuffer (params->GetValue ("app_ver"));
+      m_token.SetAppletVersion (*Version);
+      if (Version != NULL)
+	{
+	  delete Version;
+	  Version = NULL;
+	}
+    }
+  if (params->GetValue ("major_ver") != NULL)
+    {
+      m_token.SetMajorVersion (atoi (params->GetValue ("major_ver")));
+    }
+  if (params->GetValue ("minor_ver") != NULL)
+    {
+      m_token.SetMinorVersion (atoi (params->GetValue ("minor_ver")));
+    }
+  if (params->GetValue ("key_info") != NULL)
+    {
+      Buffer *KeyInfo = ToBuffer (params->GetValue ("key_info"));
+      m_token.SetKeyInfo (*KeyInfo);
+      if (KeyInfo != NULL)
+	{
+	  delete KeyInfo;
+	  KeyInfo = NULL;
+	}
+    }
+  if (params->GetValue ("auth_key") != NULL)
+    {
+      Buffer *Key = ToBuffer (params->GetValue ("auth_key"));
+      m_token.SetAuthKey (*Key);
+      if (Key != NULL)
+	{
+	  delete Key;
+	  Key = NULL;
+	}
+    }
+  if (params->GetValue ("mac_key") != NULL)
+    {
+      Buffer *Key = ToBuffer (params->GetValue ("mac_key"));
+      m_token.SetMacKey (*Key);
+      if (Key != NULL)
+	{
+	  delete Key;
+	  Key = NULL;
+	}
+    }
+  if (params->GetValue ("kek_key") != NULL)
+    {
+      Buffer *Key = ToBuffer (params->GetValue ("kek_key"));
+      m_token.SetKekKey (*Key);
+      if (Key != NULL)
+	{
+	  delete Key;
+	  Key = NULL;
+	}
+    }
+  return 1;
+}
+
+static int
+HandleStatusUpdateRequest (RA_Client * client,
+			   RA_Status_Update_Request_Msg * req,
+			   RA_Token * token, RA_Conn * conn,
+			   NameValueSet * vars, NameValueSet * params)
+{
+  client->Debug ("RA_Client::HandleStatusUpdateRequest",
+		 "RA_Client::HandleStatusUpdateRequest");
+  RA_Status_Update_Response_Msg resp =
+    RA_Status_Update_Response_Msg (req->GetStatus ());
+  conn->SendMsg (&resp);
+  return 1;
+}
+
+static int
+HandleExtendedLoginRequest (RA_Client * client,
+			    RA_Extended_Login_Request_Msg * req,
+			    RA_Token * token, RA_Conn * conn,
+			    NameValueSet * vars, NameValueSet * params)
+{
+  client->Debug ("RA_Client::HandleExtendLoginRequest",
+		 "RA_Client::HandleExtendedLoginRequest");
+  AuthParams *auths = new AuthParams;
+  auths->SetUID (params->GetValue ("uid"));
+  auths->SetPassword (params->GetValue ("pwd"));
+  if (vars->GetValueAsBool ("test_enable", 0) == 1)
+    {
+      if (vars->GetValueAsBool ("test_el_resp_exclude_uid", 0) == 1)
+	{
+	  auths->Remove ("UID");
+	}
+      if (vars->GetValueAsBool ("test_el_resp_exclude_pwd", 0) == 1)
+	{
+	  auths->Remove ("PASSWORD");
+	}
+      if (vars->GetValueAsBool ("test_el_resp_include_invalid_param", 0) == 1)
+	{
+	  auths->Add ("XXX", "YYY");
+	}
+    }
+  RA_Extended_Login_Response_Msg resp =
+    RA_Extended_Login_Response_Msg (auths);
+  conn->SendMsg (&resp);
+  return 1;
+}
+
+static int
+HandleLoginRequest (RA_Client * client,
+		    RA_Login_Request_Msg * req,
+		    RA_Token * token, RA_Conn * conn,
+		    NameValueSet * vars, NameValueSet * params)
+{
+  client->Debug ("RA_Client::HandleLoginRequest",
+		 "RA_Client::HandleLoginRequest");
+  RA_Login_Response_Msg resp =
+    RA_Login_Response_Msg (params->GetValue ("uid"),
+			   params->GetValue ("pwd"));
+  conn->SendMsg (&resp);
+  return 1;
+}
+
+static int
+HandleNewPinRequest (RA_Client * client,
+		     RA_New_Pin_Request_Msg * req,
+		     RA_Token * token, RA_Conn * conn,
+		     NameValueSet * vars, NameValueSet * params)
+{
+  client->Debug ("RA_Client::HandleNewPinRequest",
+		 "RA_Client::HandleNewPinRequest");
+  int min_len = req->GetMinLen ();
+  int max_len = req->GetMaxLen ();
+  Output ("Min Len: '%d' Max Len: '%d'", min_len, max_len);
+  RA_New_Pin_Response_Msg resp =
+    RA_New_Pin_Response_Msg (params->GetValue ("new_pin"));
+  conn->SendMsg (&resp);
+
+  return 1;
+}
+
+static int
+HandleASQRequest (RA_Client * client,
+		  RA_ASQ_Request_Msg * req,
+		  RA_Token * token, RA_Conn * conn,
+		  NameValueSet * vars, NameValueSet * params)
+{
+  client->Debug ("RA_Client::HandleASQRequest",
+		 "RA_Client::HandleASQRequest");
+  Output ("ASQ Question: '%s'", req->GetQuestion ());
+  RA_ASQ_Response_Msg resp =
+    RA_ASQ_Response_Msg (params->GetValue ("answer"));
+  conn->SendMsg (&resp);
+
+  return 1;
+}
+
+static int
+HandleSecureIdRequest (RA_Client * client,
+		       RA_SecureId_Request_Msg * req,
+		       RA_Token * token, RA_Conn * conn,
+		       NameValueSet * vars, NameValueSet * params)
+{
+  client->Debug ("RA_Client::HandleSecureIdRequest",
+		 "RA_Client::HandleSecureIdRequest");
+  int pin_required = req->IsPinRequired ();
+  int next_value = req->IsNextValue ();
+  Output ("Pin Required: '%d' Next Value: '%d'", pin_required, next_value);
+  RA_SecureId_Response_Msg resp =
+    RA_SecureId_Response_Msg (params->GetValue ("secureid_value"),
+			      params->GetValue ("secureid_pin"));
+  conn->SendMsg (&resp);
+  return 1;
+}
+
+static int
+HandleTokenPDURequest (RA_Client * client,
+		       RA_Token_PDU_Request_Msg * req,
+		       RA_Token * token, RA_Conn * conn,
+		       NameValueSet * vars, NameValueSet * params)
+{
+  client->Debug ("RA_Client::HandleTokenPDURequest",
+		 "RA_Client::HandleTokenPDURequest");
+  APDU *apdu = req->GetAPDU ();
+  APDU_Response *apdu_resp = token->Process (apdu, vars, params);
+  if (apdu_resp == NULL)
+    {
+      return 0;
+    }
+  RA_Token_PDU_Response_Msg *resp = new RA_Token_PDU_Response_Msg (apdu_resp);
+  conn->SendMsg (resp);
+
+  if (resp != NULL)
+    {
+      delete resp;
+      resp = NULL;
+    }
+  // if( apdu_resp != NULL ) {
+  //     delete apdu_resp;
+  //     apdu_resp = NULL;
+  // }
+
+  return 1;
+}
+
+
+typedef struct _ThreadArg
+{
+  PRTime time;			/* processing time */
+  int status;			/* status result */
+  NameValueSet *params;		/* parameters */
+  RA_Client *client;		/* client */
+  RA_Token *token;		/* token */
+
+  PRLock *donelock;		/* lock */
+  int done;			/* are we done? */
+} ThreadArg;
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+  static void ThreadConnUpdate (void *arg)
+  {
+    PRTime start, end;
+    ThreadArg *targ = (ThreadArg *) arg;
+
+      start = PR_Now ();
+    RA_Conn conn (targ->client->m_vars.GetValue ("ra_host"),
+		  atoi (targ->client->m_vars.GetValue ("ra_port")),
+		  targ->client->m_vars.GetValue ("ra_uri"));
+
+    if (!conn.Connect ())
+      {
+	OutputError ("Cannot connect to %s:%d",
+		     targ->client->m_vars.GetValue ("ra_host"),
+		     atoi (targ->client->m_vars.GetValue ("ra_port")));
+	targ->status = 0;
+	if (!old_style)
+	  {
+	    PR_Lock (targ->donelock);
+	    targ->done = PR_TRUE;
+	    PR_Unlock (targ->donelock);
+	  }
+
+	return;
+      }
+
+    NameValueSet *exts = NULL;
+    char *extensions =
+      targ->params->GetValueAsString ((char *) "extensions", NULL);
+    if (extensions != NULL)
+      {
+	exts = NameValueSet::Parse (extensions, "&");
+      }
+
+    RA_Begin_Op_Msg beginOp = RA_Begin_Op_Msg (OP_FORMAT, exts);
+    conn.SendMsg (&beginOp);
+
+    /* handle secure ID (optional) */
+    while (1)
+      {
+	RA_Msg *msg = (RA_Msg *) conn.ReadMsg (targ->token);
+	if (msg == NULL)
+	  break;
+	if (msg->GetType () == MSG_LOGIN_REQUEST)
+	  {
+	    targ->status =
+	      HandleLoginRequest (targ->client, (RA_Login_Request_Msg *) msg,
+				  targ->token, &conn, &targ->client->m_vars,
+				  targ->params);
+	  }
+	else if (msg->GetType () == MSG_EXTENDED_LOGIN_REQUEST)
+	  {
+	    targ->status =
+	      HandleExtendedLoginRequest (targ->client,
+					  (RA_Extended_Login_Request_Msg *)
+					  msg, targ->token, &conn,
+					  &targ->client->m_vars,
+					  targ->params);
+	  }
+	else if (msg->GetType () == MSG_STATUS_UPDATE_REQUEST)
+	  {
+	    targ->status =
+	      HandleStatusUpdateRequest (targ->client,
+					 (RA_Status_Update_Request_Msg *) msg,
+					 targ->token, &conn,
+					 &targ->client->m_vars, targ->params);
+	  }
+	else if (msg->GetType () == MSG_SECUREID_REQUEST)
+	  {
+	    targ->status =
+	      HandleSecureIdRequest (targ->client,
+				     (RA_SecureId_Request_Msg *) msg,
+				     targ->token, &conn,
+				     &targ->client->m_vars, targ->params);
+	  }
+	else if (msg->GetType () == MSG_ASQ_REQUEST)
+	  {
+	    targ->status =
+	      HandleASQRequest (targ->client, (RA_ASQ_Request_Msg *) msg,
+				targ->token, &conn, &targ->client->m_vars,
+				targ->params);
+	  }
+	else if (msg->GetType () == MSG_TOKEN_PDU_REQUEST)
+	  {
+	    targ->status =
+	      HandleTokenPDURequest (targ->client,
+				     (RA_Token_PDU_Request_Msg *) msg,
+				     targ->token, &conn,
+				     &targ->client->m_vars, targ->params);
+	  }
+	else if (msg->GetType () == MSG_NEW_PIN_REQUEST)
+	  {
+	    targ->status =
+	      HandleNewPinRequest (targ->client,
+				   (RA_New_Pin_Request_Msg *) msg,
+				   targ->token, &conn, &targ->client->m_vars,
+				   targ->params);
+	  }
+	else if (msg->GetType () == MSG_END_OP)
+	  {
+	    RA_End_Op_Msg *endOp = (RA_End_Op_Msg *) msg;
+	    if (endOp->GetResult () == 0)
+	      {
+		targ->status = 1;	/* error */
+	      }
+	    else
+	      {
+		targ->status = 0;
+	      }
+	    if (msg != NULL)
+	      {
+		delete msg;
+		msg = NULL;
+	      }
+	    break;
+	  }
+	else
+	  {
+	    /* error */
+	    targ->status = 0;
+	  }
+	if (msg != NULL)
+	  {
+	    delete msg;
+	    msg = NULL;
+	  }
+
+	if (targ->status == 0)
+	  break;
+      }
+
+    conn.Close ();
+    end = PR_Now ();
+    targ->time = (end - start) / 1000;
+
+    if (!old_style)
+      {
+	PR_Lock (targ->donelock);
+	targ->done = PR_TRUE;
+	PR_Unlock (targ->donelock);
+      }
+  }
+
+  static void ThreadConnResetPin (void *arg)
+  {
+    PRTime start, end;
+    ThreadArg *targ = (ThreadArg *) arg;
+
+    start = PR_Now ();
+    RA_Conn conn (targ->client->m_vars.GetValue ("ra_host"),
+		  atoi (targ->client->m_vars.GetValue ("ra_port")),
+		  targ->client->m_vars.GetValue ("ra_uri"));
+
+    if (!conn.Connect ())
+      {
+	OutputError ("Cannot connect to %s:%d",
+		     targ->client->m_vars.GetValue ("ra_host"),
+		     atoi (targ->client->m_vars.GetValue ("ra_port")));
+	targ->status = 0;
+
+	if (!old_style)
+	  {
+	    PR_Lock (targ->donelock);
+	    targ->done = PR_TRUE;
+	    PR_Unlock (targ->donelock);
+	  }
+
+	return;
+      }
+
+    NameValueSet *exts = NULL;
+    char *extensions =
+      targ->params->GetValueAsString ((char *) "extensions", NULL);
+    if (extensions != NULL)
+      {
+	exts = NameValueSet::Parse (extensions, "&");
+      }
+
+    RA_Begin_Op_Msg beginOp = RA_Begin_Op_Msg (OP_RESET_PIN, exts);
+    conn.SendMsg (&beginOp);
+
+    /* handle secure ID (optional) */
+    while (1)
+      {
+	RA_Msg *msg = (RA_Msg *) conn.ReadMsg (targ->token);
+	if (msg == NULL)
+	  break;
+	if (msg->GetType () == MSG_LOGIN_REQUEST)
+	  {
+	    targ->status =
+	      HandleLoginRequest (targ->client, (RA_Login_Request_Msg *) msg,
+				  targ->token, &conn, &targ->client->m_vars,
+				  targ->params);
+	  }
+	else if (msg->GetType () == MSG_EXTENDED_LOGIN_REQUEST)
+	  {
+	    targ->status =
+	      HandleExtendedLoginRequest (targ->client,
+					  (RA_Extended_Login_Request_Msg *)
+					  msg, targ->token, &conn,
+					  &targ->client->m_vars,
+					  targ->params);
+	  }
+	else if (msg->GetType () == MSG_STATUS_UPDATE_REQUEST)
+	  {
+	    targ->status =
+	      HandleStatusUpdateRequest (targ->client,
+					 (RA_Status_Update_Request_Msg *) msg,
+					 targ->token, &conn,
+					 &targ->client->m_vars, targ->params);
+	  }
+	else if (msg->GetType () == MSG_SECUREID_REQUEST)
+	  {
+	    targ->status =
+	      HandleSecureIdRequest (targ->client,
+				     (RA_SecureId_Request_Msg *) msg,
+				     targ->token, &conn,
+				     &targ->client->m_vars, targ->params);
+	  }
+	else if (msg->GetType () == MSG_ASQ_REQUEST)
+	  {
+	    targ->status =
+	      HandleASQRequest (targ->client, (RA_ASQ_Request_Msg *) msg,
+				targ->token, &conn, &targ->client->m_vars,
+				targ->params);
+	  }
+	else if (msg->GetType () == MSG_TOKEN_PDU_REQUEST)
+	  {
+	    targ->status =
+	      HandleTokenPDURequest (targ->client,
+				     (RA_Token_PDU_Request_Msg *) msg,
+				     targ->token, &conn,
+				     &targ->client->m_vars, targ->params);
+	  }
+	else if (msg->GetType () == MSG_NEW_PIN_REQUEST)
+	  {
+	    targ->status =
+	      HandleNewPinRequest (targ->client,
+				   (RA_New_Pin_Request_Msg *) msg,
+				   targ->token, &conn, &targ->client->m_vars,
+				   targ->params);
+	  }
+	else if (msg->GetType () == MSG_END_OP)
+	  {
+	    RA_End_Op_Msg *endOp = (RA_End_Op_Msg *) msg;
+	    if (endOp->GetResult () == 0)
+	      {
+		targ->status = 1;	/* error */
+	      }
+	    else
+	      {
+		targ->status = 0;
+	      }
+	    if (msg != NULL)
+	      {
+		delete msg;
+		msg = NULL;
+	      }
+	    break;
+	  }
+	else
+	  {
+	    /* error */
+	    targ->status = 0;
+	  }
+	if (msg != NULL)
+	  {
+	    delete msg;
+	    msg = NULL;
+	  }
+
+	if (targ->status == 0)
+	  break;
+      }
+
+    conn.Close ();
+    end = PR_Now ();
+    targ->time = (end - start) / 1000;
+
+    if (!old_style)
+      {
+	PR_Lock (targ->donelock);
+	targ->done = PR_TRUE;
+	PR_Unlock (targ->donelock);
+      }
+  }
+
+#ifdef __cplusplus
+}
+#endif
+
+int
+RA_Client::OpConnUpdate (NameValueSet * params)
+{
+  int num_threads = params->GetValueAsInt ((char *) "num_threads", 1);
+  int i;
+  int status = 0;
+  PRThread **threads;
+  ThreadArg *arg;
+
+  threads = (PRThread **) malloc (sizeof (PRThread *) * num_threads);
+  if (threads == NULL)
+    {
+      return 0;
+    }
+  arg = (ThreadArg *) malloc (sizeof (ThreadArg) * num_threads);
+  if (arg == NULL)
+    {
+      return 0;
+    }
+
+  /* start threads */
+  for (i = 0; i < num_threads; i++)
+    {
+      arg[i].time = 0;
+      arg[i].status = 0;
+      arg[i].client = this;
+      if (i == 0)
+	{
+	  arg[i].token = &this->m_token;
+	}
+      else
+	{
+	  arg[i].token = this->m_token.Clone ();
+	}
+      arg[i].params = params;
+      threads[i] = PR_CreateThread (PR_USER_THREAD, ThreadConnUpdate, &arg[i], PR_PRIORITY_NORMAL,	/* Priority */
+				    PR_GLOBAL_THREAD,	/* Scope */
+				    PR_JOINABLE_THREAD,	/* State */
+				    0	/* Stack Size */
+	);
+    }
+
+  /* join threads */
+  for (i = 0; i < num_threads; i++)
+    {
+      PR_JoinThread (threads[i]);
+    }
+
+  for (i = 0; i < num_threads; i++)
+    {
+      Output ("Thread (%d) status='%d' time='%d msec'", i,
+	      arg[i].status, arg[i].time);
+    }
+
+  status = arg[0].status;
+
+  return status;
+}
+
+int
+RA_Client::OpConnResetPin (NameValueSet * params)
+{
+  int num_threads = params->GetValueAsInt ((char *) "num_threads", 1);
+  int i;
+  int status = 0;
+  PRThread **threads;
+  ThreadArg *arg;
+
+  threads = (PRThread **) malloc (sizeof (PRThread *) * num_threads);
+  if (threads == NULL)
+    {
+      return 0;
+    }
+  arg = (ThreadArg *) malloc (sizeof (ThreadArg) * num_threads);
+  if (arg == NULL)
+    {
+      return 0;
+    }
+
+  /* start threads */
+  for (i = 0; i < num_threads; i++)
+    {
+      arg[i].time = 0;
+      arg[i].status = 0;
+      arg[i].client = this;
+      if (i == 0)
+	{
+	  arg[i].token = &this->m_token;
+	}
+      else
+	{
+	  arg[i].token = this->m_token.Clone ();
+	}
+      arg[i].params = params;
+      threads[i] = PR_CreateThread (PR_USER_THREAD, ThreadConnResetPin, &arg[i], PR_PRIORITY_NORMAL,	/* Priority */
+				    PR_GLOBAL_THREAD,	/* Scope */
+				    PR_JOINABLE_THREAD,	/* State */
+				    0	/* Stack Size */
+	);
+    }
+
+  /* join threads */
+  for (i = 0; i < num_threads; i++)
+    {
+      PR_JoinThread (threads[i]);
+    }
+
+  for (i = 0; i < num_threads; i++)
+    {
+      Output ("Thread (%d) status='%d' time='%d msec'", i,
+	      arg[i].status, arg[i].time);
+    }
+
+  status = arg[0].status;
+
+  return status;
+}
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+  static void ThreadConnEnroll (void *arg)
+  {
+    PRTime start, end;
+    ThreadArg *targ = (ThreadArg *) arg;
+
+      start = PR_Now ();
+    RA_Conn conn (targ->client->m_vars.GetValue ("ra_host"),
+		  atoi (targ->client->m_vars.GetValue ("ra_port")),
+		  targ->client->m_vars.GetValue ("ra_uri"));
+
+    if (!conn.Connect ())
+      {
+	OutputError ("Cannot connect to %s:%d",
+		     targ->client->m_vars.GetValue ("ra_host"),
+		     atoi (targ->client->m_vars.GetValue ("ra_port")));
+	targ->status = 0;
+
+	if (!old_style)
+	  {
+	    PR_Lock (targ->donelock);
+	    targ->done = PR_TRUE;
+	    PR_Unlock (targ->donelock);
+	  }
+
+	return;
+      }
+
+    NameValueSet *exts = NULL;
+    char *extensions =
+      targ->params->GetValueAsString ((char *) "extensions", NULL);
+    if (extensions != NULL)
+      {
+	exts = NameValueSet::Parse (extensions, "&");
+      }
+
+    RA_Begin_Op_Msg beginOp = RA_Begin_Op_Msg (OP_ENROLL, exts);
+    conn.SendMsg (&beginOp);
+
+    /* handle secure ID (optional) */
+    while (1)
+      {
+	RA_Msg *msg = (RA_Msg *) conn.ReadMsg (targ->token);
+	if (msg == NULL)
+	  break;
+	if (msg->GetType () == MSG_LOGIN_REQUEST)
+	  {
+	    targ->status = HandleLoginRequest (targ->client,
+					       (RA_Login_Request_Msg *) msg,
+					       targ->token, &conn,
+					       &targ->client->m_vars,
+					       targ->params);
+	  }
+	else if (msg->GetType () == MSG_EXTENDED_LOGIN_REQUEST)
+	  {
+	    targ->status = HandleExtendedLoginRequest (targ->client,
+						       (RA_Extended_Login_Request_Msg
+							*) msg, targ->token,
+						       &conn,
+						       &targ->client->m_vars,
+						       targ->params);
+	  }
+	else if (msg->GetType () == MSG_STATUS_UPDATE_REQUEST)
+	  {
+	    targ->status =
+	      HandleStatusUpdateRequest (targ->client,
+					 (RA_Status_Update_Request_Msg *) msg,
+					 targ->token, &conn,
+					 &targ->client->m_vars, targ->params);
+	  }
+	else if (msg->GetType () == MSG_SECUREID_REQUEST)
+	  {
+	    targ->status = HandleSecureIdRequest (targ->client,
+						  (RA_SecureId_Request_Msg *)
+						  msg, targ->token, &conn,
+						  &targ->client->m_vars,
+						  targ->params);
+	  }
+	else if (msg->GetType () == MSG_ASQ_REQUEST)
+	  {
+	    targ->status = HandleASQRequest (targ->client,
+					     (RA_ASQ_Request_Msg *) msg,
+					     targ->token, &conn,
+					     &targ->client->m_vars,
+					     targ->params);
+	  }
+	else if (msg->GetType () == MSG_TOKEN_PDU_REQUEST)
+	  {
+	    targ->status = HandleTokenPDURequest (targ->client,
+						  (RA_Token_PDU_Request_Msg *)
+						  msg, targ->token, &conn,
+						  &targ->client->m_vars,
+						  targ->params);
+	    targ->status = 1;
+	  }
+	else if (msg->GetType () == MSG_NEW_PIN_REQUEST)
+	  {
+	    targ->status = HandleNewPinRequest (targ->client,
+						(RA_New_Pin_Request_Msg *)
+						msg, targ->token, &conn,
+						&targ->client->m_vars,
+						targ->params);
+	  }
+	else if (msg->GetType () == MSG_END_OP)
+	  {
+	    RA_End_Op_Msg *endOp = (RA_End_Op_Msg *) msg;
+	    if (endOp->GetResult () == 0)
+	      {
+		targ->status = 1;	/* error */
+	      }
+	    else
+	      {
+		targ->status = 0;
+	      }
+	    if (msg != NULL)
+	      {
+		delete msg;
+		msg = NULL;
+	      }
+	    break;
+	  }
+	else
+	  {
+	    /* error */
+	    targ->status = 0;	/* error */
+	  }
+	if (msg != NULL)
+	  {
+	    delete msg;
+	    msg = NULL;
+	  }
+      }
+
+    conn.Close ();
+    end = PR_Now ();
+    targ->time = (end - start) / 1000;
+
+    if (!old_style)
+      {
+	PR_Lock (targ->donelock);
+	targ->done = PR_TRUE;
+	PR_Unlock (targ->donelock);
+      }
+  }
+
+#ifdef __cplusplus
+}
+#endif
+
+int
+RA_Client::OpConnEnroll (NameValueSet * params)
+{
+  int num_threads = params->GetValueAsInt ((char *) "num_threads", 1);
+  int i;
+  int status = 0;
+  PRThread **threads;
+  ThreadArg *arg;
+
+  threads = (PRThread **) malloc (sizeof (PRThread *) * num_threads);
+  if (threads == NULL)
+    {
+      return 0;			/* error */
+    }
+  arg = (ThreadArg *) malloc (sizeof (ThreadArg) * num_threads);
+  if (arg == NULL)
+    {
+      return 0;
+    }
+
+  /* start threads */
+  for (i = 0; i < num_threads; i++)
+    {
+      arg[i].time = 0;
+      arg[i].status = 0;
+      arg[i].client = this;
+      if (i == 0)
+	{
+	  arg[i].token = &this->m_token;
+	}
+      else
+	{
+	  arg[i].token = this->m_token.Clone ();
+	}
+      arg[i].params = params;
+      threads[i] = PR_CreateThread (PR_USER_THREAD, ThreadConnEnroll, &arg[i], PR_PRIORITY_NORMAL,	/* Priority */
+				    PR_GLOBAL_THREAD,	/* Scope */
+				    PR_JOINABLE_THREAD,	/* State */
+				    0	/* Stack Size */
+	);
+    }
+
+  /* join threads */
+  for (i = 0; i < num_threads; i++)
+    {
+      PR_JoinThread (threads[i]);
+    }
+
+  status = 1;
+
+  for (i = 0; i < num_threads; i++)
+    {
+      Output ("Thread (%d) status='%d' time='%d msec'", i,
+	      arg[i].status, arg[i].time);
+      if (arg[i].status != 1)
+	{
+	  // if any thread fails, this operation 
+	  // is considered as failure     
+	  status = arg[i].status;
+	}
+    }
+
+
+  return status;
+}
+
+
+/*
+ * no more than num_threads will be running concurrently
+ * no more than a total of max_ops requests will be started
+ */
+int
+StartThreads (int num_threads, ThreadArg * arg, PRThread ** threads,
+	      int max_ops, RA_Client * _this, NameValueSet * params,
+	      RequestType op_type)
+{
+  int i;
+  int started = 0;
+
+  if (arg == NULL)
+    {
+      goto loser;
+    }
+
+  /* start threads */
+  for (i = 0; i < num_threads; i++)
+    {
+      if (started == max_ops)
+	{
+	  break;
+	}
+      if (threads[i] == NULL)
+	{
+	  arg[i].time = 0;
+	  arg[i].status = 0;
+	  arg[i].client = _this;
+	  arg[i].done = PR_FALSE;
+
+	  if (i == 0)
+	    {
+	      arg[i].token = &_this->m_token;
+	    }
+	  else
+	    {
+
+	      if (arg[i].token != NULL)
+		{
+		  if (arg[i].token->m_pin)
+		    {
+		      PL_strfree (arg[i].token->m_pin);
+		      arg[i].token->m_pin = NULL;
+		    }
+		  if (arg[i].token->m_session_key != NULL)
+		    {
+		      PORT_Free (arg[i].token->m_session_key);
+		      arg[i].token->m_session_key = NULL;
+		    }
+		  if (arg[i].token->m_enc_session_key != NULL)
+		    {
+		      PORT_Free (arg[i].token->m_enc_session_key);
+		      arg[i].token->m_enc_session_key = NULL;
+		    }
+		  if (arg[i].token->m_object != NULL)
+		    {
+		      delete (arg[i].token->m_object);
+		      arg[i].token->m_object = NULL;
+		    }
+
+		  delete (arg[i].token);
+		  arg[i].token = NULL;
+
+		}
+
+	      arg[i].token = _this->m_token.Clone ();
+	    }
+	  arg[i].params = params;
+	  Output ("WWWWWWWWW StartThreads -- thread (%d) begins", i);
+	  if (op_type == OP_CLIENT_ENROLL)
+	    {
+	      threads[i] = PR_CreateThread (PR_USER_THREAD, ThreadConnEnroll, &arg[i], PR_PRIORITY_NORMAL,	/* Priority */
+					    PR_GLOBAL_THREAD,	/* Scope */
+					    PR_JOINABLE_THREAD,	/* State */
+					    0	/* Stack Size */
+		);
+	    }
+	  else if (op_type == OP_CLIENT_FORMAT)
+	    {
+	      threads[i] = PR_CreateThread (PR_USER_THREAD, ThreadConnUpdate, &arg[i], PR_PRIORITY_NORMAL,	/* Priority */
+					    PR_GLOBAL_THREAD,	/* Scope */
+					    PR_JOINABLE_THREAD,	/* State */
+					    0	/* Stack Size */
+		);
+	    }
+	  else
+	    {			// OP_CLIENT_RESET_PIN
+	      threads[i] = PR_CreateThread (PR_USER_THREAD, ThreadConnResetPin, &arg[i], PR_PRIORITY_NORMAL,	/* Priority */
+					    PR_GLOBAL_THREAD,	/* Scope */
+					    PR_JOINABLE_THREAD,	/* State */
+					    0	/* Stack Size */
+		);
+	    }
+
+	  started++;
+	}
+      else
+	{
+	  Output ("thread[%d] is not NULL", i);
+	}
+    }
+
+loser:
+  Output ("StartThreads -- %d threads started", started);
+  return started;
+}
+
+/*
+ * no more than num_threads will be running concurrently
+ * no more than a total of max_ops requests will be started
+ */
+int
+RA_Client::OpConnStart (NameValueSet * params, RequestType op_type)
+{
+  // number of concurrent threads
+  int num_threads = params->GetValueAsInt ((char *) "num_threads", 1);
+  // number of total enrollments
+  int max_ops = params->GetValueAsInt ((char *) "max_ops", num_threads);
+  int count = 0;
+  int i;
+  int status = 1;
+  int started = 0;
+  PRThread **threads;
+  ThreadArg *arg;
+
+  threads = (PRThread **) malloc (sizeof (PRThread *) * num_threads);
+  if (threads == NULL)
+    {
+      return 0;			/* error */
+    }
+  arg = (ThreadArg *) malloc (sizeof (ThreadArg) * num_threads);
+  if (arg == NULL)
+    {
+      return 0;
+    }
+
+  for (i = 0; i < num_threads; i++)
+    {
+      arg[i].donelock = PR_NewLock ();
+      arg[i].token = NULL;
+      threads[i] = NULL;
+    }
+
+  count = 0;
+  PRBool hasFreeThread = PR_TRUE;
+  while (count < max_ops)
+    {
+      // fully populate the thread pool
+
+      if (hasFreeThread)
+	{
+	  started =
+	    StartThreads (num_threads, arg, threads, max_ops - count, this,
+			  params, op_type);
+	  count += started;
+	  Output ("OpConnStart: # requests started =%d", count);
+	  hasFreeThread = PR_FALSE;
+	}
+
+      //        PR_Sleep(PR_MillisecondsToInterval(500));
+      PR_Sleep (PR_SecondsToInterval (1));
+      Output ("OpConnStart: checking for free threads...");
+      // check if any threads are done
+      for (i = 0; i < num_threads; i++)
+	{
+	  if (threads[i] != NULL)
+	    {
+	      PR_Lock (arg[i].donelock);
+	      int arg_done = arg[i].done;
+	      PR_Unlock (arg[i].donelock);
+	      if (arg_done)
+		{
+		  PR_JoinThread (threads[i]);
+		  Output ("Thread (%d) status='%d' time='%d msec'", i,
+			  arg[i].status, arg[i].time);
+
+		  if (arg[i].status != 1)
+		    {
+		      // if any thread fails, this operation 
+		      // is considered as failure     
+		      status = arg[i].status;
+		    }
+		  threads[i] = NULL;
+
+		  hasFreeThread = PR_TRUE;
+
+		}
+	    }
+	}
+      Output ("OpConnStart: done checking for free threads...");
+    }				// while
+
+  Output ("OpConnStart: TOTAL REQUESTS: %d", count);
+
+  for (i = 0; i < num_threads; i++)
+    {
+      if (threads[i] != NULL)
+	{
+	  PR_JoinThread (threads[i]);
+	}
+      if (arg[i].donelock != NULL)
+	{
+	  PR_DestroyLock (arg[i].donelock);
+	}
+    }
+
+  return status;
+
+}
+
+int
+RA_Client::OpVarSet (NameValueSet * params)
+{
+  m_vars.Add (params->GetValue ("name"), params->GetValue ("value"));
+  Output ("%s: '%s'", params->GetValue ("name"),
+	  m_vars.GetValue (params->GetValue ("name")));
+  return 1;
+}
+
+int
+RA_Client::OpVarDebug (NameValueSet * params)
+{
+  if (m_fd_debug != NULL)
+    {
+      PR_Close (m_fd_debug);
+      m_fd_debug = NULL;
+    }
+  m_fd_debug = PR_Open (params->GetValue ("filename"),
+			PR_RDWR | PR_CREATE_FILE | PR_APPEND, 400 | 200);
+  return 1;
+}
+
+int
+RA_Client::OpVarGet (NameValueSet * params)
+{
+  char *value = m_vars.GetValue (params->GetValue ("name"));
+  Output ("%s: '%s'", params->GetValue ("name"), value);
+
+  return 1;
+}
+
+int
+RA_Client::OpVarList (NameValueSet * params)
+{
+  int i;
+  char *name;
+
+  for (i = 0; i < m_vars.Size (); i++)
+    {
+      name = m_vars.GetNameAt (i);
+      Output ("%s: '%s'", name, m_vars.GetValue (name));
+    }
+  return 1;
+}
+
+/**
+ * Invoke operation.
+ */
+void
+RA_Client::InvokeOperation (char *op, NameValueSet * params)
+{
+  PRTime start, end;
+  int status = 0;
+
+  start = PR_Now ();
+  Debug ("RA_Client::InvokeOperation", "op='%s'", op);
+  int max_ops = params->GetValueAsInt ((char *) "max_ops");
+  if (max_ops != 0)
+    old_style = PR_FALSE;
+
+  if (strcmp (op, "help") == 0)
+    {
+      status = OpHelp (params);
+    }
+  else if (strcmp (op, "ra_format") == 0)
+    {
+      if (old_style)
+	status = OpConnUpdate (params);
+      else
+	status = OpConnStart (params, OP_CLIENT_FORMAT);
+    }
+  else if (strcmp (op, "ra_reset_pin") == 0)
+    {
+      if (old_style)
+	status = OpConnResetPin (params);
+      else
+	status = OpConnStart (params, OP_CLIENT_RESET_PIN);
+    }
+  else if (strcmp (op, "ra_enroll") == 0)
+    {
+      if (old_style)
+	status = OpConnEnroll (params);
+      else
+	status = OpConnStart (params, OP_CLIENT_ENROLL);
+    }
+  else if (strcmp (op, "token_status") == 0)
+    {
+      status = OpTokenStatus (params);
+    }
+  else if (strcmp (op, "token_set") == 0)
+    {
+      status = OpTokenSet (params);
+    }
+  else if (strcmp (op, "debug") == 0)
+    {
+      status = OpVarDebug (params);
+    }
+  else if (strcmp (op, "var_set") == 0)
+    {
+      status = OpVarSet (params);
+    }
+  else if (strcmp (op, "var_get") == 0)
+    {
+      status = OpVarGet (params);
+    }
+  else if (strcmp (op, "var_list") == 0)
+    {
+      status = OpVarList (params);
+    }
+  end = PR_Now ();
+
+  if (status)
+    {
+      OutputSuccess ("Operation '%s' Success (%d msec)", op,
+		     (end - start) / 1000);
+    }
+  else
+    {
+      OutputError ("Operation '%s' Failure (%d msec)", op,
+		   (end - start) / 1000);
+    }
+}
+
+/**
+ * Execute RA client.
+ */
+void
+RA_Client::Execute ()
+{
+  char line[1024];
+  int rc;
+  char *op;
+  int done = 0;
+  char *lasts = NULL;
+
+  /* start main loop */
+  PrintHeader ();
+  while (!done)
+    {
+      PrintPrompt ();
+      rc = ReadLine (line, 1024);
+      printf ("%s\n", line);
+      if (rc <= 0)
+	{
+	  break;		/* exit if no more line */
+	}
+      if (line[0] == '#')
+	{
+	  continue;		/* ignore comment line */
+	}
+      /* format: 'op=cmd <parameters>' */
+      NameValueSet *params = NameValueSet::Parse (line, " ");
+      if (params == NULL)
+	{
+	  continue;
+	}
+      op = params->GetValue ("op");
+      if (op == NULL)
+	{
+	  /* user did not type op= */
+	  op = PL_strtok_r (line, " ", &lasts);
+	  if (op == NULL)
+	    continue;
+	}
+      if (strcmp (op, "exit") == 0)
+	{
+	  done = 1;
+	}
+      else
+	{
+	  InvokeOperation (op, params);
+	}
+      if (params != NULL)
+	{
+	  delete params;
+	  params = NULL;
+	}
+    }
+}				/* Execute */
+
+char *
+ownPasswd (PK11SlotInfo * slot, PRBool retry, void *arg)
+{
+  return PL_strdup ("password");
+}
+
+/**
+ * User certutil -d . -N to create a database.
+ * The database should have 'password' as the password.
+ */
+int
+main (int argc, char *argv[])
+{
+  char buffer[513];
+  SECStatus rv;
+  PK11SlotInfo *slot = NULL;
+  PRUint32 flags = 0;
+  // char *newpw = NULL;
+
+  /* Initialize NSPR & NSS */
+  PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+  PK11_SetPasswordFunc (ownPasswd);
+  rv = NSS_Initialize (".", "", "", "", flags);
+  if (rv != SECSuccess)
+    {
+      PR_GetErrorText (buffer);
+      fprintf (stderr, "unable to initialize NSS library (%d - '%s')\n",
+	       PR_GetError (), buffer);
+      exit (0);
+    }
+  slot = PK11_GetInternalKeySlot ();
+  if (PK11_NeedUserInit (slot))
+    {
+      rv = PK11_InitPin (slot, (char *) NULL, (char *) "password");
+      if (rv != SECSuccess)
+	{
+	  PR_GetErrorText (buffer);
+	  fprintf (stderr, "unable to set new PIN (%d - '%s')\n",
+		   PR_GetError (), buffer);
+	  exit (0);
+	}
+
+    }
+  if (PK11_NeedLogin (slot))
+    {
+      rv = PK11_Authenticate (slot, PR_TRUE, NULL);
+      if (rv != SECSuccess)
+	{
+	  PR_GetErrorText (buffer);
+	  fprintf (stderr, "unable to authenticate (%d - '%s')\n",
+		   PR_GetError (), buffer);
+	  exit (0);
+	}
+    }
+
+  /* Start RA Client */
+  RA_Client client;
+  client.Execute ();
+
+  /* Shutdown NSS and NSPR */
+  NSS_Shutdown ();
+  PR_Cleanup ();
+
+  return 1;
+}
diff --git a/pki/base/tps/tools/raclient/RA_Client.h b/pki/base/tps/tools/raclient/RA_Client.h
new file mode 100644
index 000000000..6ab2ecf97
--- /dev/null
+++ b/pki/base/tps/tools/raclient/RA_Client.h
@@ -0,0 +1,78 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_CLIENT_H
+#define RA_CLIENT_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "prthread.h"
+#include "main/NameValueSet.h"
+#include "RA_Conn.h"
+#include "RA_Token.h"
+
+enum RequestType {
+  OP_CLIENT_ENROLL = 0,
+  OP_CLIENT_FORMAT = 1,
+  OP_CLIENT_RESET_PIN = 2
+};
+
+class RA_Client
+{
+  public:
+	  RA_Client();
+	  ~RA_Client();
+  public:
+	  int OpHelp(NameValueSet *set);
+	  int OpConnStart(NameValueSet *set, RequestType);
+	  int OpConnResetPin(NameValueSet *set);
+	  int OpConnEnroll(NameValueSet *set);
+	  int OpConnUpdate(NameValueSet *set);
+	  int OpTokenStatus(NameValueSet *set);
+	  int OpTokenSet(NameValueSet *set);
+	  int OpVarList(NameValueSet *set);
+	  int OpVarSet(NameValueSet *set);
+	  int OpVarDebug(NameValueSet *set);
+	  int OpVarGet(NameValueSet *set);
+	  int OpExit(NameValueSet *set);
+  public:
+	  void Debug(const char *func_name, const char *fmt, ...);
+	  void Execute();
+	  void InvokeOperation(char *op, NameValueSet *set);
+  public:
+	  RA_Token m_token;
+	  NameValueSet m_vars;
+};
+
+#endif /* RA_CLIENT_H */
diff --git a/pki/base/tps/tools/raclient/RA_Conn.cpp b/pki/base/tps/tools/raclient/RA_Conn.cpp
new file mode 100644
index 000000000..ebf8c86a9
--- /dev/null
+++ b/pki/base/tps/tools/raclient/RA_Conn.cpp
@@ -0,0 +1,1019 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <string.h>
+#include "prnetdb.h"
+#include "prerror.h"
+#include "prio.h"
+#include "plstr.h"
+#include "main/NameValueSet.h"
+#include "main/Util.h"
+#include "RA_Conn.h"
+#include "apdu/APDU_Response.h"
+#include "apdu/List_Objects_APDU.h"
+#include "apdu/Create_Object_APDU.h"
+#include "apdu/Generate_Key_APDU.h"
+#include "apdu/External_Authenticate_APDU.h"
+#include "apdu/Initialize_Update_APDU.h"
+#include "apdu/Lifecycle_APDU.h"
+#include "apdu/Set_Pin_APDU.h"
+#include "apdu/Get_Status_APDU.h"
+#include "apdu/Get_Data_APDU.h"
+#include "apdu/Format_Muscle_Applet_APDU.h"
+#include "apdu/Load_File_APDU.h"
+#include "apdu/Get_IssuerInfo_APDU.h"
+#include "apdu/Set_IssuerInfo_APDU.h"
+#include "apdu/Install_Applet_APDU.h"
+#include "apdu/Install_Load_APDU.h"
+#include "apdu/Import_Key_APDU.h"
+#include "apdu/Import_Key_Enc_APDU.h"
+#include "apdu/Install_Load_APDU.h"
+#include "apdu/Create_Pin_APDU.h"
+#include "apdu/Read_Buffer_APDU.h"
+#include "apdu/List_Pins_APDU.h"
+#include "apdu/Write_Object_APDU.h"
+#include "apdu/Delete_File_APDU.h"
+#include "apdu/Unblock_Pin_APDU.h"
+#include "apdu/Select_APDU.h"
+#include "apdu/Get_Version_APDU.h"
+#include "apdu/Put_Key_APDU.h"
+#include "msg/RA_Begin_Op_Msg.h"
+#include "msg/RA_End_Op_Msg.h"
+#include "msg/RA_Extended_Login_Request_Msg.h"
+#include "msg/RA_Login_Request_Msg.h"
+#include "msg/RA_SecureId_Request_Msg.h"
+#include "msg/RA_ASQ_Request_Msg.h"
+#include "msg/RA_New_Pin_Request_Msg.h"
+#include "msg/RA_Status_Update_Request_Msg.h"
+#include "msg/RA_Status_Update_Response_Msg.h"
+#include "msg/RA_Token_PDU_Request_Msg.h"
+#include "msg/RA_Login_Response_Msg.h"
+#include "msg/RA_Extended_Login_Response_Msg.h"
+#include "msg/RA_SecureId_Response_Msg.h"
+#include "msg/RA_ASQ_Response_Msg.h"
+#include "msg/RA_New_Pin_Response_Msg.h"
+#include "msg/RA_Token_PDU_Response_Msg.h"
+#include "engine/RA.h"
+
+/**
+ * http parameters used in the protocol 
+ */
+#define PARAM_MSG_TYPE                "msg_type"
+#define PARAM_OPERATION               "operation"
+#define PARAM_EXTENSIONS              "extensions"
+#define PARAM_INVALID_PW              "invalid_pw"
+#define PARAM_BLOCKED                 "blocked"
+#define PARAM_SCREEN_NAME             "screen_name"
+#define PARAM_PASSWORD                "password"
+#define PARAM_PIN_REQUIRED            "pin_required"
+#define PARAM_NEXT_VALUE              "next_value"
+#define PARAM_VALUE                   "value"
+#define PARAM_PIN                     "pin"
+#define PARAM_QUESTION                "question"
+#define PARAM_ANSWER                  "answer"
+#define PARAM_MINIMUM_LENGTH          "minimum_length"
+#define PARAM_MAXIMUM_LENGTH          "maximum_length"
+#define PARAM_NEW_PIN                 "new_pin"
+#define PARAM_PDU_SIZE                "pdu_size"
+#define PARAM_PDU_DATA                "pdu_data"
+#define PARAM_RESULT                  "result"
+#define PARAM_MESSAGE                 "message"
+#define PARAM_CURRENT_STATE           "current_state"
+#define PARAM_NEXT_TASK_NAME          "next_task_name"
+
+#define MAX_RA_MSG_SIZE               4096
+
+/**
+ * Constructs a RA connection.
+ */
+RA_Conn::RA_Conn (char *host, int port, char *uri)
+{
+  if (host == NULL)
+    m_host = NULL;
+  else
+    m_host = PL_strdup (host);
+  if (uri == NULL)
+    m_uri = NULL;
+  else
+    m_uri = PL_strdup (uri);
+  m_port = port;
+  m_read_header = 0;
+  m_fd = NULL;
+}
+
+/**
+ * Destructs a RA connection.
+ */
+RA_Conn::~RA_Conn ()
+{
+  if (m_host != NULL)
+    {
+      PL_strfree (m_host);
+      m_host = NULL;
+    }
+  if (m_uri != NULL)
+    {
+      PL_strfree (m_uri);
+      m_uri = NULL;
+    }
+  if (m_fd != NULL)
+    {
+      PR_Close (m_fd);
+      m_fd = NULL;
+    }
+}
+
+static void
+Output (const char *fmt, ...)
+{
+  va_list ap;
+  va_start (ap, fmt);
+  printf ("Output> ");
+  vprintf (fmt, ap);
+  printf ("\n");
+  va_end (ap);
+}
+
+
+#ifdef VERBOSE
+static void
+printBuf (Buffer * buf)
+{
+  int sum = 0;
+
+  BYTE *data = *buf;
+  int i = 0;
+  if (buf->size () > 255)
+    {
+      Output ("printBuf: TOO BIG to print");
+      return;
+    }
+  Output ("Begin printing buffer =====");
+  for (i = 0; i < (int) buf->size (); i++)
+    {
+      printf ("%02x ", (unsigned char) data[i]);
+      sum++;
+      if (sum == 10)
+	{
+	  printf ("\n");
+	  sum = 0;
+	}
+    }
+  Output ("End printing buffer =====");
+}
+#endif
+
+
+static PRUint32
+GetIPAddress (const char *hostName)
+{
+  const unsigned char *p;
+  char buf[PR_NETDB_BUF_SIZE];
+  PRStatus prStatus;
+  PRUint32 rv = 0;
+  PRHostEnt prHostEnt;
+
+  prStatus = PR_GetHostByName (hostName, buf, sizeof buf, &prHostEnt);
+  if (prStatus != PR_SUCCESS)
+    return rv;
+
+#undef  h_addr
+#define h_addr  h_addr_list[0]	/* address, for backward compatibility */
+
+  p = (const unsigned char *) (prHostEnt.h_addr);	/* in Network Byte order */
+  rv = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+  return rv;
+}
+
+/**
+ * Connects to the RA.
+ */
+int
+RA_Conn::Connect ()
+{
+  PRStatus rc;
+  PRNetAddr addr;
+  PRUint32 ip_addr;
+  char header[4096];
+
+  sprintf (header, "POST %s HTTP/1.1\r\n"
+	   "Host: %s:%d\r\n"
+	   "Transfer-Encoding: chunked\r\n" "\r\n", m_uri, m_host, m_port);
+
+  m_fd = PR_NewTCPSocket ();
+
+  ip_addr = GetIPAddress (m_host);
+
+  addr.inet.family = PR_AF_INET;
+  addr.inet.port = PR_htons (m_port);
+  addr.inet.ip = PR_htonl (ip_addr);
+
+  rc = PR_Connect (m_fd, &addr, PR_INTERVAL_NO_TIMEOUT /* timeout */ );
+  if (rc != PR_SUCCESS)
+    return 0;
+
+  /* Send header */
+
+  PR_Send (m_fd, header, strlen (header), 0, 1000000);
+
+  return 1;
+}
+
+static void
+CreateChunkEntity (char *msg, char *chunk, int chunk_len)
+{
+  int chunk_size;
+  int len;
+  Output ("***** msg = %s  *****", msg);
+  len = strlen (msg);
+  sprintf (chunk, "s=%d&%s", len, msg);
+  chunk_size = strlen (chunk);
+  sprintf (chunk, "%x\r\ns=%d&%s\r\n", chunk_size, len, msg);
+}
+
+/**
+ * Sends message to the RA.
+ */
+int
+RA_Conn::SendMsg (RA_Msg * msg)
+{
+  char msgbuf[MAX_RA_MSG_SIZE];
+  char chunk[MAX_RA_MSG_SIZE];
+
+  /* send chunk size */
+  if (msg->GetType () == MSG_BEGIN_OP)
+    {
+      RA_Begin_Op_Msg *begin = (RA_Begin_Op_Msg *) msg;
+      sprintf (msgbuf, "%s=%d&%s=%d", PARAM_MSG_TYPE, MSG_BEGIN_OP,
+	       PARAM_OPERATION, begin->GetOpType ());
+      NameValueSet *exts = begin->GetExtensions ();
+      if (exts != NULL)
+	{
+	  sprintf (msgbuf, "%s&%s=", msgbuf, PARAM_EXTENSIONS);
+	  for (int i = 0; i < exts->Size (); i++)
+	    {
+	      if (i != 0)
+		{
+		  sprintf (msgbuf, "%s%%26", msgbuf);
+		}
+	      char *name = exts->GetNameAt (i);
+	      sprintf (msgbuf, "%s%s=%s",
+		       msgbuf, name, exts->GetValueAsString (name));
+	    }
+	}
+      CreateChunkEntity (msgbuf, chunk, 4096);
+    }
+  else if (msg->GetType () == MSG_LOGIN_RESPONSE)
+    {
+      RA_Login_Response_Msg *resp = (RA_Login_Response_Msg *) msg;
+      sprintf (msgbuf, "%s=%d&%s=%s&%s=%s",
+	       PARAM_MSG_TYPE, MSG_LOGIN_RESPONSE,
+	       PARAM_SCREEN_NAME, resp->GetUID (),
+	       PARAM_PASSWORD, resp->GetPassword ());
+      CreateChunkEntity (msgbuf, chunk, 4096);
+    }
+  else if (msg->GetType () == MSG_EXTENDED_LOGIN_RESPONSE)
+    {
+      RA_Extended_Login_Response_Msg *resp =
+	(RA_Extended_Login_Response_Msg *) msg;
+      AuthParams *auth = resp->GetAuthParams ();
+      sprintf (msgbuf, "%s=%d&%s=%s&%s=%s",
+	       PARAM_MSG_TYPE, MSG_EXTENDED_LOGIN_RESPONSE,
+	       PARAM_SCREEN_NAME, auth->GetUID (),
+	       PARAM_PASSWORD, auth->GetPassword ());
+      CreateChunkEntity (msgbuf, chunk, 4096);
+    }
+  else if (msg->GetType () == MSG_STATUS_UPDATE_RESPONSE)
+    {
+      RA_Status_Update_Response_Msg *resp =
+	(RA_Status_Update_Response_Msg *) msg;
+      int status = resp->GetStatus ();
+      sprintf (msgbuf, "%s=%d&%s=%d",
+	       PARAM_MSG_TYPE, MSG_STATUS_UPDATE_RESPONSE,
+	       PARAM_CURRENT_STATE, status);
+      CreateChunkEntity (msgbuf, chunk, 4096);
+    }
+  else if (msg->GetType () == MSG_SECUREID_RESPONSE)
+    {
+      RA_SecureId_Response_Msg *resp = (RA_SecureId_Response_Msg *) msg;
+      char *value = resp->GetValue ();
+      char *pin = resp->GetPIN ();
+      if (pin == NULL)
+	{
+	  pin = (char *) "";
+	}
+      sprintf (msgbuf, "%s=%d&%s=%s&%s=%s",
+	       PARAM_MSG_TYPE, MSG_SECUREID_RESPONSE,
+	       PARAM_VALUE, value, PARAM_PIN, pin);
+      CreateChunkEntity (msgbuf, chunk, 4096);
+    }
+  else if (msg->GetType () == MSG_ASQ_RESPONSE)
+    {
+      RA_ASQ_Response_Msg *resp = (RA_ASQ_Response_Msg *) msg;
+      sprintf (msgbuf, "%s=%d&%s=%s",
+	       PARAM_MSG_TYPE, MSG_ASQ_RESPONSE,
+	       PARAM_ANSWER, resp->GetAnswer ());
+      CreateChunkEntity (msgbuf, chunk, 4096);
+    }
+  else if (msg->GetType () == MSG_NEW_PIN_RESPONSE)
+    {
+      RA_New_Pin_Response_Msg *resp = (RA_New_Pin_Response_Msg *) msg;
+      sprintf (msgbuf, "%s=%d&%s=%s",
+	       PARAM_MSG_TYPE, MSG_NEW_PIN_RESPONSE,
+	       PARAM_NEW_PIN, resp->GetNewPIN ());
+      CreateChunkEntity (msgbuf, chunk, 4096);
+    }
+  else if (msg->GetType () == MSG_TOKEN_PDU_RESPONSE)
+    {
+      RA_Token_PDU_Response_Msg *resp = (RA_Token_PDU_Response_Msg *) msg;
+      APDU_Response *apdu_resp = resp->GetResponse ();
+      Buffer pdu = apdu_resp->GetData ();
+      char *pdu_encoded = Util::URLEncode (pdu);
+      sprintf (msgbuf, "%s=%d&%s=%s&%s=%d",
+	       PARAM_MSG_TYPE, MSG_TOKEN_PDU_RESPONSE,
+	       PARAM_PDU_DATA, pdu_encoded, PARAM_PDU_SIZE, pdu.size ());
+      if (pdu_encoded != NULL)
+	{
+	  PR_Free (pdu_encoded);
+	  pdu_encoded = NULL;
+	}
+      CreateChunkEntity (msgbuf, chunk, 4096);
+    }
+  else
+    {
+      /* error */
+    }
+
+  /* send chunk */
+  Output ("sending chunk -----  %s -----", chunk);
+  PR_Send (m_fd, chunk, strlen (chunk), 0, 1000000);
+
+  return 1;
+}
+
+static int
+ReadResponseHeader (PRFileDesc * fd)
+{
+  char buf[1024];
+  PRInt32 rc;
+  char *cur = buf;
+  int i;
+
+  for (i = 0; i < 1024; i++)
+    {
+      buf[i] = 0;
+    }
+  while (1)
+    {
+      rc = PR_Recv (fd, cur, 1, 0, 1000000);
+      if (buf[0] == '\r' &&
+	  buf[1] == '\n' && buf[2] == '\r' && buf[3] == '\n')
+	{
+	  break;
+	}
+      if (*cur == '\r')
+	{
+	  cur++;
+	}
+      else if (*cur == '\n')
+	{
+	  cur++;
+	}
+      else
+	{
+	  cur = buf;
+	}
+    }
+  return 1;
+}
+
+static int
+GetChunkSize (PRFileDesc * fd)
+{
+  char buf[1024];
+  char *cur = buf;
+  PRInt32 rc;
+  int i;
+  int ret;
+
+  for (i = 0; i < 1024; i++)
+    {
+      buf[i] = 0;
+    }
+  while (1)
+    {
+      rc = PR_Recv (fd, cur, 1, 0, 1000000);
+      if (rc <= 0)
+	{
+	  return 0;
+	}
+      if (*cur == '\r')
+	{
+	  *cur = '\0';
+	  /* read \n */
+	  rc = PR_Recv (fd, cur, 1, 0, 1000000);
+	  if (rc <= 0)
+	    {
+	      return 0;
+	    }
+	  *cur = '\0';
+	  break;
+	}
+      cur++;
+    }
+  sscanf (buf, "%x", (unsigned int *) (&ret));
+  return ret;
+}
+
+static int
+GetChunk (PRFileDesc * fd, char *buf, int buflen)
+{
+  int rc = 0;
+  int sum = 0;
+  char *cur = buf;
+
+  while (1)
+    {
+      rc = PR_Recv (fd, cur, buflen - sum, 0, 1000000);
+      if (rc <= 0)
+	{
+	  return -1;
+	}
+      sum += rc;
+      cur += rc;
+      cur[sum] = '\0';
+      if (sum == buflen)
+	return sum;
+    }
+}
+
+bool
+RA_Conn::isEncrypted ()
+{
+  return m_encrypted_channel;
+}
+
+void
+RA_Conn::setEncryption (bool encrypted)
+{
+  Output ("RA_Conn::setEncryption: setting encrypted channel: %d", encrypted);
+  m_encrypted_channel = encrypted;
+}
+
+APDU *
+RA_Conn::CreateAPDU (RA_Token * tok, Buffer & in_apdu_data, Buffer & mac)
+{
+  APDU *apdu = NULL;
+  Buffer apdu_data;
+
+  if (isEncrypted () && (((BYTE *) in_apdu_data)[0] == 0x84))
+    {
+      tok->decryptMsg (in_apdu_data, apdu_data);
+    }
+  else
+    {
+      apdu_data = in_apdu_data;
+    }
+
+  if (((BYTE *) apdu_data)[1] == 0x5a)
+    {
+      /* Create_Object_APDU */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      BYTE object_id[4];
+      object_id[0] = ((BYTE *) apdu_data)[5];
+      object_id[1] = ((BYTE *) apdu_data)[6];
+      object_id[2] = ((BYTE *) apdu_data)[7];
+      object_id[3] = ((BYTE *) apdu_data)[8];
+      BYTE permissions[6];
+      permissions[0] = ((BYTE *) apdu_data)[13];
+      permissions[1] = ((BYTE *) apdu_data)[14];
+      permissions[2] = ((BYTE *) apdu_data)[15];
+      permissions[3] = ((BYTE *) apdu_data)[16];
+      permissions[4] = ((BYTE *) apdu_data)[17];
+      permissions[5] = ((BYTE *) apdu_data)[18];
+      int len =
+	(((BYTE *) apdu_data)[9] << 24) + (((BYTE *) apdu_data)[10] << 16) +
+	(((BYTE *) apdu_data)[11] << 8) + ((BYTE *) apdu_data)[12];
+      apdu = new Create_Object_APDU (object_id, permissions, len);
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x82)
+    {
+      /* External_Authenticate_APDU */
+      BYTE encryption = ((BYTE *) apdu_data)[2];	// P1 is sec level
+      if (encryption == (BYTE) 0x03)
+	{
+	  setEncryption (true);
+	}
+      else
+	{
+	  Output ("RA_Conn::CreateAPDU(): not encrypted");
+	}
+
+      // mac is last 8 bytes
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      Buffer *data = new Buffer (apdu_data.substr (5, 8));
+
+      if (isEncrypted () == true)
+	{
+	  apdu = new External_Authenticate_APDU (*data, SECURE_MSG_MAC_ENC);
+	}
+      else
+	{
+	  apdu = new External_Authenticate_APDU (*data, SECURE_MSG_ANY);
+	}
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x0A)
+    {
+      /* ImportKeyEnc APDU */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      BYTE p[2];
+      p[0] = ((BYTE *) apdu_data)[2];	/* p1 */
+      p[1] = ((BYTE *) apdu_data)[3];	/* p2 */
+      Buffer *data =
+	new Buffer (apdu_data.substr (5, apdu_data.size () - 8 - 5));
+      Buffer a;
+      apdu = new Import_Key_Enc_APDU ((BYTE) p[0], (BYTE) p[1], *data);
+      apdu->SetMAC (mac);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x0C)
+    {
+      /* Generate_Key_APDU */
+      BYTE p[2];
+      p[0] = ((BYTE *) apdu_data)[2];	/* p1 */
+      p[1] = ((BYTE *) apdu_data)[3];	/* p2 */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      BYTE alg = ((BYTE *) apdu_data)[5];
+      int keysize = (((BYTE *) apdu_data)[6] << 8) + ((BYTE *) apdu_data)[7];
+      BYTE option = ((BYTE *) apdu_data)[8];
+      BYTE type = ((BYTE *) apdu_data)[9];
+      unsigned int wc_len = (unsigned int) ((BYTE *) apdu_data)[10];
+      Buffer *wrapped_challenge = new Buffer ((BYTE *) &
+					      ((BYTE *) apdu_data)[11],
+					      wc_len);
+      Buffer *key_check = new Buffer ((BYTE *) &
+				      ((BYTE *) apdu_data)[11 + wc_len + 1],
+				      (unsigned int) ((BYTE *) apdu_data)[11 +
+									  wc_len]);
+      apdu =
+	new Generate_Key_APDU (p[0], p[1], alg, keysize, option, type,
+			       *wrapped_challenge, *key_check);
+      if (wrapped_challenge != NULL)
+	{
+	  delete wrapped_challenge;
+	  wrapped_challenge = NULL;
+	}
+      if (key_check != NULL)
+	{
+	  delete key_check;
+	  key_check = NULL;
+	}
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x50)
+    {
+      /* Initialize_Update_APDU */
+
+      setEncryption (false);
+      BYTE p[2];
+      p[0] = ((BYTE *) apdu_data)[2];	/* p1 */
+      p[1] = ((BYTE *) apdu_data)[3];	/* p2 */
+      Buffer *data = new Buffer (apdu_data.substr (5, 8));
+      apdu = new Initialize_Update_APDU (p[0], p[1], *data);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x56)
+    {				/* Read Objects */
+      BYTE p[4];
+      int offset = 0;
+      int size = 0;
+      p[0] = ((BYTE *) apdu_data)[5];
+      p[1] = ((BYTE *) apdu_data)[6];
+      p[2] = ((BYTE *) apdu_data)[7];
+      p[3] = ((BYTE *) apdu_data)[8];
+      offset = (((BYTE *) apdu_data)[9] << 24) +
+	(((BYTE *) apdu_data)[10] << 16) +
+	(((BYTE *) apdu_data)[11] << 8) + ((BYTE *) apdu_data)[12];
+      size = ((BYTE *) apdu_data)[13];	/* p2 */
+      apdu = new Read_Object_APDU (p, offset, size);
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x58)
+    {				/* List Objects */
+      apdu = new List_Objects_APDU (((BYTE *) apdu_data)[2]);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0xf0)
+    {
+      /* Lifecycle_APDU */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      apdu = new Lifecycle_APDU (((BYTE *) apdu_data)[2]);
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x08)
+    {
+      /* Read_BufferAPDU */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      int len = ((BYTE *) apdu_data)[2];
+      int offset = (((BYTE *) apdu_data)[5] << 8) + ((BYTE *) apdu_data)[6];
+      apdu = new Read_Buffer_APDU (len, offset);
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x04)
+    {
+      /* Set_Pin_APDU */
+      BYTE p[2];
+      p[0] = ((BYTE *) apdu_data)[2];	/* p1 */
+      p[1] = ((BYTE *) apdu_data)[3];	/* p2 */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      Buffer *data =
+	new Buffer (apdu_data.substr (5, apdu_data.size () - 8 - 5));
+      apdu = new Set_Pin_APDU (p[0], p[1], *data);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x2a)
+    {
+      Buffer dummy;
+      apdu = new Format_Muscle_Applet_APDU (0,
+					    dummy, 0,
+					    dummy, 0,
+					    dummy, 0, dummy, 0, 0, 0, 0);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0xe6)
+    {
+      BYTE p1 = ((BYTE *) apdu_data)[2];	/* p1 */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+/* Why was it ignored?
+	 	Buffer dummy;		
+		if (p1 == 0x02) {
+		    apdu = new Install_Load_APDU(dummy, dummy, 0);
+		} else {
+		    apdu = new Install_Applet_APDU(dummy, dummy, 0,0);
+		}
+*/
+      Buffer *data =
+	new Buffer (apdu_data.substr (5, apdu_data.size () - 8 - 5));
+      if (p1 == 0x02)
+	{
+	  apdu = new Install_Load_APDU (*data);
+	}
+      else
+	{
+	  apdu = new Install_Applet_APDU (*data);
+	}
+      apdu->SetMAC (mac);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+    }
+  else if (((BYTE *) apdu_data)[1] == 0xe8)
+    {
+      BYTE p[2];
+      p[0] = ((BYTE *) apdu_data)[2];	/* p1 */
+      p[1] = ((BYTE *) apdu_data)[3];	/* p2 */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      Buffer *data =
+	new Buffer (apdu_data.substr (5, apdu_data.size () - 8 - 5));
+      apdu = new Load_File_APDU (p[0], p[1], *data);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0xe4)
+    {
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      // Delete File apdu has two extra bytes after header
+      // remove before proceed
+      Buffer *data =
+	new Buffer (apdu_data.substr (7, apdu_data.size () - 8 - 5 - 2));
+      apdu = new Delete_File_APDU (*data);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x02)
+    {
+      /* Unblock_Pin_APDU */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      apdu = new Unblock_Pin_APDU ();
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0xa4)
+    {				/* Select */
+      BYTE p[2];
+      p[0] = ((BYTE *) apdu_data)[2];	/* p1 */
+      p[1] = ((BYTE *) apdu_data)[3];	/* p2 */
+      Buffer *data = NULL;
+      if (apdu_data.size () == 5)
+	{
+	  data = new Buffer ();
+	}
+      else
+	{
+	  data = new Buffer (apdu_data.substr (5, apdu_data.size () - 5));
+	}
+      apdu = new Select_APDU (p[0], p[1], *data);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x3C)
+    {				/* Get Status */
+      apdu = new Get_Status_APDU ();
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x70)
+    {				/* Get Version */
+      apdu = new Get_Version_APDU ();
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x48)
+    {
+      apdu = new List_Pins_APDU (0x02);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x40)
+    {				/* Put Key */
+      BYTE p[2];
+      p[0] = ((BYTE *) apdu_data)[2];	/* p1 */
+      p[1] = ((BYTE *) apdu_data)[3];	/* p2 */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      Buffer *data =
+	new Buffer (apdu_data.substr (5, apdu_data.size () - 8 - 5));
+      apdu = new Create_Pin_APDU (p[0], p[1], *data);
+      apdu->SetMAC (mac);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+    }
+  else if (((BYTE *) apdu_data)[1] == 0xca)
+    {				/* Get Data */
+      apdu = new Get_Data_APDU ();
+    }
+  else if (((BYTE *) apdu_data)[1] == 0xf6)
+    {				/* Get_IssuerInfo */
+      apdu = new Get_IssuerInfo_APDU ();
+    }
+  else if (((BYTE *) apdu_data)[1] == 0xf4)
+    {				/* Set_IssuerInfo */
+      BYTE p[2];
+      p[0] = ((BYTE *) apdu_data)[2];	/* p1 */
+      p[1] = ((BYTE *) apdu_data)[3];	/* p2 */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      Buffer *data =
+	new Buffer (apdu_data.substr (5, apdu_data.size () - 8 - 5));
+      apdu = new Set_IssuerInfo_APDU (p[0], p[1], *data);
+      apdu->SetMAC (mac);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+    }
+  else if (((BYTE *) apdu_data)[1] == 0xd8)
+    {				/* Put Key */
+      BYTE p[2];
+      p[0] = ((BYTE *) apdu_data)[2];	/* p1 */
+      p[1] = ((BYTE *) apdu_data)[3];	/* p2 */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      Buffer *data =
+	new Buffer (apdu_data.substr (5, apdu_data.size () - 8 - 5));
+      apdu = new Put_Key_APDU (p[0], p[1], *data);
+      apdu->SetMAC (mac);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x54)
+    {
+      /* Write_Object_APDU */
+      BYTE object_id[4];
+      object_id[0] = ((BYTE *) apdu_data)[5];
+      object_id[1] = ((BYTE *) apdu_data)[6];
+      object_id[2] = ((BYTE *) apdu_data)[7];
+      object_id[3] = ((BYTE *) apdu_data)[8];
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      int offset =
+	(((BYTE *) apdu_data)[9] << 24) + (((BYTE *) apdu_data)[10] << 16) +
+	(((BYTE *) apdu_data)[11] << 8) + ((BYTE *) apdu_data)[12];
+      Buffer *data =
+	new Buffer (apdu_data.substr (14, apdu_data.size () - 8 - 11 - 3));
+      apdu = new Write_Object_APDU (object_id, offset, *data);
+      apdu->SetMAC (mac);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+    }
+  else
+    {
+      /* error */
+    }
+  return apdu;
+}
+
+/**
+ * Retrieves message from the RA.
+ */
+RA_Msg *
+RA_Conn::ReadMsg (RA_Token * token)
+{
+  int len = 0;
+  char buf[4096];
+  PRInt32 rc;
+  int i;
+  char *msg_type_s = NULL;
+  int msg_type;
+  RA_Msg *msg = NULL;
+
+  if (!m_read_header)
+    {
+      ReadResponseHeader (m_fd);
+      m_read_header = 1;
+    }
+
+  /* read chunk size */
+  len = GetChunkSize (m_fd);
+  if (len <= 0)
+    {
+      return NULL;
+    }
+
+  for (i = 0; i < 4096; i++)
+    {
+      buf[i] = 0;
+    }
+
+  /* read chunk */
+  rc = GetChunk (m_fd, buf, len + 2);
+  if (rc <= 0)
+    {
+      return NULL;
+    }
+  buf[len] = '\0';
+
+  /* parse name value pair */
+  NameValueSet *params = NameValueSet::Parse (buf, "&");
+  if (params == NULL)
+    return NULL;
+  msg_type_s = params->GetValue (PARAM_MSG_TYPE);
+  if (msg_type_s == NULL)
+    {
+      if (params != NULL)
+	{
+	  delete params;
+	  params = NULL;
+	}
+      return NULL;
+    }
+  msg_type = atoi (msg_type_s);
+
+  if (msg_type == MSG_LOGIN_REQUEST)
+    {
+      msg =
+	new RA_Login_Request_Msg (atoi (params->GetValue (PARAM_INVALID_PW)),
+				  atoi (params->GetValue (PARAM_BLOCKED)));
+    }
+  else if (msg_type == MSG_EXTENDED_LOGIN_REQUEST)
+    {
+      msg = new RA_Extended_Login_Request_Msg (0, 0, NULL, 0, NULL, NULL);
+    }
+  else if (msg_type == MSG_END_OP)
+    {
+      msg = new RA_End_Op_Msg ((RA_Op_Type)
+			       atoi (params->GetValue (PARAM_OPERATION)),
+			       atoi (params->GetValue (PARAM_RESULT)),
+			       atoi (params->GetValue (PARAM_MESSAGE)));
+    }
+  else if (msg_type == MSG_SECUREID_REQUEST)
+    {
+      msg =
+	new
+	RA_SecureId_Request_Msg (atoi (params->GetValue (PARAM_PIN_REQUIRED)),
+				 atoi (params->GetValue (PARAM_NEXT_VALUE)));
+    }
+  else if (msg_type == MSG_STATUS_UPDATE_REQUEST)
+    {
+      msg =
+	new
+	RA_Status_Update_Request_Msg (atoi
+				      (params->
+				       GetValue (PARAM_CURRENT_STATE)),
+				      params->
+				      GetValue (PARAM_NEXT_TASK_NAME));
+    }
+  else if (msg_type == MSG_ASQ_REQUEST)
+    {
+      msg = new RA_ASQ_Request_Msg (params->GetValue (PARAM_QUESTION));
+    }
+  else if (msg_type == MSG_NEW_PIN_REQUEST)
+    {
+      msg =
+	new
+	RA_New_Pin_Request_Msg (atoi
+				(params->GetValue (PARAM_MINIMUM_LENGTH)),
+				atoi (params->
+				      GetValue (PARAM_MAXIMUM_LENGTH)));
+    }
+  else if (msg_type == MSG_TOKEN_PDU_REQUEST)
+    {
+      char *pdu_encoded = params->GetValue (PARAM_PDU_DATA);
+      Buffer *apdu_data = Util::URLDecode (pdu_encoded);
+
+#ifdef VERBOSE
+      Output ("ReadMsg: URLDecoded apdu = ");
+      printBuf (apdu_data);
+#endif
+
+      Buffer mac;
+      APDU *apdu = CreateAPDU (token, *apdu_data, mac);
+      msg = new RA_Token_PDU_Request_Msg (apdu);
+      if (apdu_data != NULL)
+	{
+	  delete apdu_data;
+	  apdu_data = NULL;
+	}
+    }
+  else
+    {
+      /* error */
+      if (params != NULL)
+	{
+	  delete params;
+	  params = NULL;
+	}
+      return NULL;
+    }
+
+  if (params != NULL)
+    {
+      delete params;
+      params = NULL;
+    }
+
+  return msg;
+}
+
+/**
+ * Terminates this connection.
+ */
+int
+RA_Conn::Close ()
+{
+  if (m_fd != NULL)
+    {
+      PR_Close (m_fd);
+      m_fd = NULL;
+    }
+  return 1;
+}
diff --git a/pki/base/tps/tools/raclient/RA_Conn.h b/pki/base/tps/tools/raclient/RA_Conn.h
new file mode 100644
index 000000000..307166eaf
--- /dev/null
+++ b/pki/base/tps/tools/raclient/RA_Conn.h
@@ -0,0 +1,71 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_CONN_H
+#define RA_CONN_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+#include "prio.h"
+#include "RA_Token.h"
+#include "main/RA_Msg.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+
+class RA_Conn
+{
+  public:
+	  RA_Conn(char *host, int port, char *uri);
+	  ~RA_Conn();
+  public:
+          int SendMsg(RA_Msg *msg);
+          RA_Msg *ReadMsg();
+          RA_Msg *ReadMsg(RA_Token *token);
+          int Connect();
+          int Close();
+	  void setEncryption(bool encrypted);
+	  bool isEncrypted();
+  public:
+	  APDU *CreateAPDU(RA_Token *tok, Buffer &data, Buffer &mac);
+  private:
+          char *m_host;
+          int m_port;
+          char *m_uri;
+	  PRFileDesc *m_fd;
+	  int m_read_header;
+	  bool m_encrypted_channel;
+};
+
+#endif /* RA_MSG_H */
diff --git a/pki/base/tps/tools/raclient/RA_Token.cpp b/pki/base/tps/tools/raclient/RA_Token.cpp
new file mode 100644
index 000000000..66ee0a52f
--- /dev/null
+++ b/pki/base/tps/tools/raclient/RA_Token.cpp
@@ -0,0 +1,2001 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "cryptohi.h"
+#include "plstr.h"
+#include "main/Util.h"
+#include "RA_Token.h"
+#include "apdu/APDU_Response.h"
+#include "apdu/Initialize_Update_APDU.h"
+#include "apdu/Generate_Key_APDU.h"
+#include "apdu/Put_Key_APDU.h"
+#include "apdu/Select_APDU.h"
+#include "apdu/Get_Data_APDU.h"
+#include "apdu/List_Objects_APDU.h"
+#include "apdu/Get_IssuerInfo_APDU.h"
+#include "apdu/Set_IssuerInfo_APDU.h"
+#include "apdu/Read_Object_APDU.h"
+#include "apdu/Get_Version_APDU.h"
+#include "apdu/Get_Status_APDU.h"
+#include "apdu/List_Pins_APDU.h"
+#include "apdu/Create_Pin_APDU.h"
+#include "keyhi.h"
+#include "nss.h"
+#include "cert.h"
+
+//#define VERIFY_PROOF
+
+static BYTE
+ToVal (char c)
+{
+  if (c >= '0' && c <= '9')
+    {
+      return c - '0';
+    }
+  else if (c >= 'A' && c <= 'Z')
+    {
+      return c - 'A' + 10;
+    }
+  else if (c >= 'a' && c <= 'z')
+    {
+      return c - 'a' + 10;
+    }
+                                                                                
+  /* The following return is needed to suppress compiler warnings on Linux. */
+  return 0;
+}
+
+static Buffer *
+ToBuffer (char *input)
+{
+  int len = strlen (input) / 2;
+  BYTE *buffer = NULL;
+                                                                                
+  buffer = (BYTE *) malloc (len);
+  if (buffer == NULL)
+    {
+      return NULL;
+    }
+                                                                                
+  for (int i = 0; i < len; i++)
+    {
+      buffer[i] = (ToVal (input[i * 2]) * 16) + ToVal (input[i * 2 + 1]);
+    }
+  Buffer *j;
+  j = new Buffer (buffer, len);
+                                                                                
+  if (buffer != NULL)
+    {
+      free (buffer);
+      buffer = NULL;
+    }
+                                                                                
+  return j;
+}
+
+/**
+ * Constructs a virtual token.
+ */
+RA_Token::RA_Token ()
+{
+  m_session_key = NULL;
+  m_enc_session_key = NULL;
+  BYTE key_info[] = {
+    0x01, 0x01
+  };
+  BYTE version[] = {
+    0x00, 0x01, 0x02, 0x03
+  };
+  BYTE cuid[] = {
+    0x00, 0x01, 0x02, 0x03,
+    0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09
+  };
+  BYTE msn[] = {
+    0x00, 0x00, 0x00, 0x00
+  };
+  BYTE key[] = {
+    0x40, 0x41, 0x42, 0x43,
+    0x44, 0x45, 0x46, 0x47,
+    0x48, 0x49, 0x4a, 0x4b,
+    0x4c, 0x4d, 0x4e, 0x4f
+  };
+
+  m_major_version = 0;
+  m_minor_version = 0;
+
+  /* default setting */
+  m_lifecycle_state = 0;
+  m_icv = Buffer (8, (BYTE) 0);
+  m_auth_key = Buffer (key, sizeof key);
+  m_mac_key = Buffer (key, sizeof key);
+  m_kek_key = Buffer (key, sizeof key);
+  m_cuid = Buffer (cuid, sizeof cuid);
+  m_msn = Buffer (msn, sizeof msn);
+  m_version = Buffer (version, sizeof version);
+  m_key_info = Buffer (key_info, sizeof key_info);
+  m_pin = PL_strdup ("password");
+  m_object_len = 0;
+  m_object = NULL;
+}
+
+
+/**
+ * Destructs token.
+ */
+RA_Token::~RA_Token ()
+{
+  if (m_pin != NULL)
+    {
+      PL_strfree (m_pin);
+      m_pin = NULL;
+    }
+  if (m_session_key != NULL)
+    {
+      PORT_Free (m_session_key);
+      m_session_key = NULL;
+    }
+  if (m_enc_session_key != NULL)
+    {
+      PORT_Free (m_enc_session_key);
+      m_enc_session_key = NULL;
+    }
+  if (m_object != NULL)
+    {
+      delete (m_object);
+      m_object = NULL;
+    }
+}
+
+RA_Token *
+RA_Token::Clone ()
+{
+  RA_Token *token = new RA_Token ();
+  token->m_icv = m_icv;
+  /*
+     token->m_session_key = m_session_key;
+     token->m_enc_session_key = m_enc_session_key;
+   */
+  token->m_session_key = NULL;
+  token->m_enc_session_key = NULL;
+  token->m_lifecycle_state = m_lifecycle_state;
+  token->m_auth_key = m_auth_key;
+  token->m_major_version = m_major_version;
+  token->m_minor_version = m_minor_version;
+  token->m_mac_key = m_mac_key;
+  token->m_kek_key = m_kek_key;
+  token->m_cuid = m_cuid;
+  token->m_version = m_version;
+  token->m_key_info = m_key_info;
+  PL_strfree (token->m_pin);
+  token->m_pin = PL_strdup (m_pin);
+  token->m_object_len = m_object_len;
+  return token;
+}
+
+static void
+Output (const char *fmt, ...)
+{
+  va_list ap;
+  va_start (ap, fmt);
+  printf ("Output> ");
+  vprintf (fmt, ap);
+  printf ("\n");
+  va_end (ap);
+}
+
+void
+printBuf (Buffer * buf)
+{
+  int sum = 0;
+
+  BYTE *data = *buf;
+  int i = 0;
+  if (buf->size () > 255)
+    {
+      Output ("printBuf: TOO BIG to print");
+      return;
+    }
+  Output ("Begin printing buffer =====");
+  for (i = 0; i < (int) buf->size (); i++)
+    {
+      printf ("%02x ", (unsigned char) data[i]);
+      sum++;
+      if (sum == 10)
+	{
+	  printf ("\n");
+	  sum = 0;
+	}
+    }
+  Output ("End printing buffer =====");
+}
+
+Buffer & RA_Token::GetCUID ()
+{
+  return m_cuid;
+}
+
+Buffer & RA_Token::GetMSN ()
+{
+  return m_msn;
+}
+
+void
+RA_Token::SetCUID (Buffer & cuid)
+{
+  m_cuid = cuid;
+}
+
+void
+RA_Token::SetMSN (Buffer & msn)
+{
+  m_msn = msn;
+}
+
+Buffer & RA_Token::GetAppletVersion ()
+{
+  return m_version;
+}
+
+void
+RA_Token::SetAppletVersion (Buffer & version)
+{
+  m_version = version;
+}
+
+void
+RA_Token::SetMajorVersion (int v)
+{
+  m_major_version = v;
+}
+
+void
+RA_Token::SetMinorVersion (int v)
+{
+  m_minor_version = v;
+}
+
+void
+RA_Token::SetAuthKey (Buffer & key)
+{
+  m_auth_key = key;
+}
+
+void
+RA_Token::SetMacKey (Buffer & key)
+{
+  m_mac_key = key;
+}
+
+void
+RA_Token::SetKekKey (Buffer & key)
+{
+  m_kek_key = key;
+}
+
+Buffer & RA_Token::GetKeyInfo ()
+{
+  return m_key_info;
+}
+
+void
+RA_Token::SetKeyInfo (Buffer & key_info)
+{
+  m_key_info = key_info;
+}
+
+int
+RA_Token::GetMajorVersion ()
+{
+  return m_major_version;
+}
+
+int
+RA_Token::GetMinorVersion ()
+{
+  return m_minor_version;
+}
+
+BYTE
+RA_Token::GetLifeCycleState ()
+{
+  return m_lifecycle_state;
+}
+
+char *
+RA_Token::GetPIN ()
+{
+  return m_pin;
+}
+
+Buffer & RA_Token::GetAuthKey ()
+{
+  return m_auth_key;
+}
+
+Buffer & RA_Token::GetMacKey ()
+{
+  return m_mac_key;
+}
+
+Buffer & RA_Token::GetKekKey ()
+{
+  return m_kek_key;
+}
+
+int
+RA_Token::NoOfPrivateKeys ()
+{
+  SECKEYPrivateKeyList *list = NULL;
+  SECKEYPrivateKeyListNode *node;
+  PK11SlotInfo *slot = PK11_GetInternalKeySlot ();
+  int count;
+
+  list = PK11_ListPrivateKeysInSlot (slot);
+  for (count = 0, node = PRIVKEY_LIST_HEAD (list);
+       !PRIVKEY_LIST_END (node, list);
+       node = PRIVKEY_LIST_NEXT (node), count++)
+    {
+      /* nothing */
+    }
+  if (list != NULL)
+    {
+      SECKEY_DestroyPrivateKeyList (list);
+      list = NULL;
+    }
+
+  return count;
+}
+
+SECKEYPrivateKey *
+RA_Token::GetPrivateKey (int pos)
+{
+  SECKEYPrivateKeyList *list = NULL;
+  SECKEYPrivateKeyListNode *node;
+  PK11SlotInfo *slot = PK11_GetInternalKeySlot ();
+  int count;
+
+  list = PK11_ListPrivateKeysInSlot (slot);
+  for (count = 0, node = PRIVKEY_LIST_HEAD (list);
+       !PRIVKEY_LIST_END (node, list);
+       node = PRIVKEY_LIST_NEXT (node), count++)
+    {
+      if (pos == count)
+	{
+	  return node->key;
+	}
+    }
+  if (list != NULL)
+    {
+      SECKEY_DestroyPrivateKeyList (list);
+      list = NULL;
+    }
+
+  return NULL;
+}
+
+int
+RA_Token::NoOfCertificates ()
+{
+  CERTCertList *clist = NULL;
+  CERTCertListNode *cln;
+  PK11SlotInfo *slot = PK11_GetInternalKeySlot ();
+  int count = 0;
+
+  clist = PK11_ListCertsInSlot (slot);
+  for (cln = CERT_LIST_HEAD (clist); !CERT_LIST_END (cln, clist);
+       cln = CERT_LIST_NEXT (cln))
+    {
+      count++;
+    }
+
+  return count;
+}
+
+CERTCertificate *
+RA_Token::GetCertificate (int pos)
+{
+  CERTCertList *clist = NULL;
+  CERTCertListNode *cln;
+  PK11SlotInfo *slot = PK11_GetInternalKeySlot ();
+  int count = 0;
+
+  clist = PK11_ListCertsInSlot (slot);
+  for (cln = CERT_LIST_HEAD (clist); !CERT_LIST_END (cln, clist);
+       cln = CERT_LIST_NEXT (cln))
+    {
+      if (count == pos)
+	{
+	  CERTCertificate *cert = cln->cert;
+	  return cert;
+	}
+      count++;
+    }
+
+  return NULL;
+}
+
+void
+RA_Token::decryptMsg (Buffer & in_data, Buffer & out_data)
+{
+  Output ("RA_Token::decryptMsg: decryption about to proceed");
+
+  //add this header back later...does not include lc, since it might change
+  Buffer header = in_data.substr (0, 4);
+#ifdef VERBOSE
+  Output ("input data =");
+  printBuf (&in_data);
+  Output ("length = %d", in_data.size ());
+#endif
+
+  //add this mac back later
+  Buffer mac = in_data.substr (in_data.size () - 8, 8);
+
+#ifdef VERBOSE
+  Output ("mac=");
+  printBuf (&mac);
+#endif
+
+  // encrypted data area is the part without header and mac
+  Buffer enc_in_data = in_data.substr (5, in_data.size () - 8 - 5);
+
+#ifdef VERBOSE
+  Output ("RA_Token::decryptMsg: enc_in_data size: %d", enc_in_data.size ());
+  Output ("encrypted in_data =");
+  printBuf (&enc_in_data);
+#endif
+
+  Buffer d_apdu_data;
+  PRStatus status = Util::DecryptData (GetEncSessionKey (),
+				       enc_in_data, d_apdu_data);
+#ifdef VERBOSE
+  Output ("RA_Token::decryptMsg: decrypted data size = %d, data=",
+	  d_apdu_data.size ());
+  printBuf (&d_apdu_data);
+#endif
+
+  if (status == PR_SUCCESS)
+    {
+      Output ("RA_Token::decryptMsg: decrypt success");
+    }
+  else
+    {
+      Output ("RA_Token::decryptMsg: decrypt failure");
+      //      return NULL;
+    }
+
+  /*
+   * the original (pre-encrypted) data would look like the following
+   *   orig. Length | Data... | <80> | <padding>
+   * where orig. Length is one byte,
+   * if orig Length + 1byte length is multiple of 8,
+   *     it wasn't padded
+   * if orig Length + 1byte length is not multiple of 8,
+   *     '80' was appended to the right of data field
+   * if that was multiple was 8, it's done, otherwise
+   *    it was padded with 0 until the data len is a multiple of 8
+   */
+  int origLen = (int) ((BYTE *) d_apdu_data)[0];
+  Output ("RA_Token::decryptMsg: origLen = %d", origLen);
+
+  Buffer orig_data;
+
+  // this should perfectly skip the paddings, if was any
+  orig_data = d_apdu_data.substr (1, origLen);
+  out_data = header;
+  out_data += Buffer (1, ((BYTE *) d_apdu_data)[0] + 0x08);
+  out_data += orig_data;
+  out_data += mac;
+
+#ifdef VERBOSE
+  Output ("decrypted pdu data:");
+  printBuf (&out_data);
+#endif
+}
+
+APDU_Response *
+RA_Token::ProcessInitializeUpdate (Initialize_Update_APDU * apdu,
+				   NameValueSet * vars, NameValueSet * params)
+{
+  BYTE requested_version = apdu->GetP1 ();
+  //BYTE requested_index = apdu->GetP2();
+  Buffer host_challenge = apdu->GetHostChallenge ();
+  m_host_challenge = host_challenge;
+//        printf("Host Challenge: \n");
+//        host_challenge.dump();
+
+  Buffer ki = GetKeyInfo ();
+  BYTE current_version = ((BYTE *) ki)[0];
+  //BYTE current_index = ((BYTE*)ki)[1];
+
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_iu_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_iu_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (requested_version != 0x00 && requested_version != current_version)
+    {
+      // return an error
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  m_icv = Buffer (8, (BYTE) 0);
+
+	/**
+         * Initialize Update response:
+         *   Key Diversification Data - 10 bytes
+         *   Key Information Data - 2 bytes
+         *   Card Challenge - 8 bytes
+         *   Card Cryptogram - 8 bytes
+         */
+  Buffer card_challenge (8, (BYTE) 0);
+  Util::GetRandomChallenge (card_challenge);
+  m_card_challenge = card_challenge;
+
+  /* compute cryptogram */
+  Buffer icv = Buffer (8, (BYTE) 0);
+  Buffer input = host_challenge + card_challenge;
+  Buffer cryptogram (8, (BYTE) 0);
+
+  Buffer authkey = GetAuthKey ();
+  if (authkey == NULL)
+    {
+      return NULL;
+    }
+  PK11SymKey *encAuthKey = Util::DeriveKey (GetAuthKey (),
+					    host_challenge, card_challenge);
+  Util::ComputeMAC (encAuthKey, input, icv, cryptogram);
+
+  // printf("Cryptogram: \n");
+  // cryptogram.dump();
+  //
+  // establish session key
+  m_session_key = CreateSessionKey (mac, m_card_challenge, m_host_challenge);
+  // establish Encryption session key
+  m_enc_session_key = CreateSessionKey (auth, m_card_challenge,
+					m_host_challenge);
+
+  Buffer data = GetCUID () + GetKeyInfo () +
+    card_challenge + cryptogram +
+    Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+
+  return apdu_resp;
+}
+
+int
+RA_Token::VerifyMAC (APDU * apdu)
+{
+  Buffer data;
+  Buffer mac = apdu->GetMAC ();
+
+  Output ("RA_Token::VerifyMAC: Begins==== apdu type =%d", apdu->GetType ());
+  if (mac.size () != 8)
+    {
+      Output ("RA_Token::VerifyMAC:  no mac? ok");
+      return 1;
+    }
+
+  Buffer new_mac = Buffer (8, (BYTE) 0);
+
+  ComputeAPDUMac (apdu, new_mac);
+  if (new_mac != mac)
+    {
+#ifdef VERBOSE
+      Output ("old mac: ");
+      printBuf (&mac);
+      Output ("new mac: ");
+      printBuf (&new_mac);
+#endif
+      Output ("RA_Token::VerifyMAC:  *** failed ***");
+      return 0;
+    }
+  else
+    {
+      Output ("RA_Token::VerifyMAC:  passed");
+      return 1;
+    }
+}
+
+void
+RA_Token::ComputeAPDUMac (APDU * apdu, Buffer & new_mac)
+{
+  Buffer data;
+
+  apdu->GetDataToMAC (data);
+
+#ifdef VERBOSE
+  Output ("RA_Token::ComputeAPDUMac: data to mac =");
+  printBuf (&data);
+  Output ("RA_Token::ComputeAPDUMac: current m_icv =");
+  printBuf (&m_icv);
+#endif
+
+
+  Util::ComputeMAC (m_session_key, data, m_icv, new_mac);
+#ifdef VERBOSE
+  Output ("RA_Token::ComputeAPDUMac: got new mac =");
+#endif
+  printBuf (&new_mac);
+
+
+  m_icv = new_mac;
+}				/* EncodeAPDUMac */
+
+PK11SymKey *
+RA_Token::GetEncSessionKey ()
+{
+  return m_enc_session_key;
+}
+
+PK11SymKey *
+RA_Token::CreateSessionKey (keyType keytype, Buffer & card_challenge,
+			    Buffer & host_challenge)
+{
+  BYTE *key = NULL;
+  char input[16];
+  int i;
+  BYTE *cc = (BYTE *) card_challenge;
+  int cc_len = card_challenge.size ();
+  BYTE *hc = (BYTE *) host_challenge;
+  int hc_len = host_challenge.size ();
+
+  if (keytype == mac)
+    key = (BYTE *) m_mac_key;
+  else if (keytype == auth)
+    key = (BYTE *) m_auth_key;
+  else
+    key = (BYTE *) m_mac_key;	// for now
+
+  /* copy card and host challenge into input buffer */
+  for (i = 0; i < 8; i++)
+    {
+      input[i] = cc[i];
+    }
+  for (i = 0; i < 8; i++)
+    {
+      input[8 + i] = hc[i];
+    }
+
+  PK11SymKey *session_key =
+    Util::DeriveKey (Buffer (key, 16), Buffer (hc, hc_len),
+		     Buffer (cc, cc_len));
+
+  //printf("XXX mac key\n");
+  //m_mac_key.dump();
+  //printf("XXX card challenge\n");
+  //card_challenge.dump();
+  //printf("XXX host challenge\n");
+  //host_challenge.dump();
+  SECItem *data = PK11_GetKeyData (session_key);
+  Buffer db = Buffer (data->data, data->len);
+  //      printf("session key:\n");
+  //          db.dump();
+
+  return session_key;
+}
+
+APDU_Response *
+RA_Token::ProcessExternalAuthenticate (External_Authenticate_APDU * apdu,
+				       NameValueSet * vars,
+				       NameValueSet * params)
+{
+  Buffer host_cryptogram = apdu->GetHostCryptogram ();
+
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessExternalAuthenticate");
+#endif
+  // printf("Host Cryptogram: \n");
+  // host_cryptogram.dump();
+
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_ea_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_ea_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+static int
+VerifyProof (SECKEYPublicKey * pk, SECItem * siProof,
+	     unsigned short pkeyb_len, unsigned char *pkeyb,
+	     Buffer * challenge)
+{
+  // this doesn't work, and not needed anymore
+  return 1;
+
+  int rs = 1;
+  unsigned short i = 0;
+  unsigned int j = 0;
+  unsigned char *chal = NULL;
+
+  VFYContext *vc = VFY_CreateContext (pk, siProof,
+				      SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE,
+				      NULL);
+  if (vc == NULL)
+    {
+      Output ("VerifyProof: CreateContext failed");
+      return 0;			// error
+    }
+
+  SECStatus vs = VFY_Begin (vc);
+  if (vs == SECFailure)
+    {
+      rs = -1;
+      Output ("VerifyProof: Begin failed");
+      goto loser;
+    }
+  unsigned char proof[1024];
+
+  for (i = 0; i < pkeyb_len; i++)
+    {
+      proof[i] = pkeyb[i];
+    }
+  chal = (unsigned char *) (BYTE *) (*challenge);
+
+  for (j = 0; j < challenge->size (); i++, j++)
+    {
+      proof[i] = chal[j];
+    }
+  vs =
+    VFY_Update (vc, (unsigned char *) proof, pkeyb_len + challenge->size ());
+  if (vs == SECFailure)
+    {
+      rs = -1;
+      Output ("VerifyProof: Update failed");
+      goto loser;
+    }
+  vs = VFY_End (vc);
+  if (vs == SECFailure)
+    {
+      rs = -1;
+      Output ("VerifyProof: End failed");
+      goto loser;
+    }
+  else
+    {
+      Output ("VerifyProof good");
+    }
+
+loser:
+  if (vc != NULL)
+    {
+      VFY_DestroyContext (vc, PR_TRUE);
+      vc = NULL;
+    }
+  return rs;
+
+}
+
+static Buffer
+GetMusclePublicKeyData (SECKEYPublicKey * pubKey, int keylen)
+{
+  int i, j;
+
+  Buffer pk = Buffer (4 /* header len */  +
+		      pubKey->u.rsa.modulus.len +
+		      pubKey->u.rsa.publicExponent.len);
+
+  ((BYTE *) pk)[0] = 0;		/* BLOB_ENC_PLAIN */
+  ((BYTE *) pk)[1] = 0x01;	/* Public RSA Key */
+  ((BYTE *) pk)[2] = keylen / 256;
+  ((BYTE *) pk)[3] = keylen % 256;
+  ((BYTE *) pk)[4] = pubKey->u.rsa.modulus.len / 256;
+  ((BYTE *) pk)[5] = pubKey->u.rsa.modulus.len % 256;
+  for (i = 0; i < (int) pubKey->u.rsa.modulus.len; i++)
+    {
+      ((BYTE *) pk)[6 + i] = pubKey->u.rsa.modulus.data[i];
+    }
+  ((BYTE *) pk)[i++] = pubKey->u.rsa.publicExponent.len / 256;
+  ((BYTE *) pk)[i++] = pubKey->u.rsa.publicExponent.len % 256;
+  for (j = 0; j < (int) pubKey->u.rsa.publicExponent.len; j++)
+    {
+      ((BYTE *) pk)[i++] = pubKey->u.rsa.publicExponent.data[j];
+    }
+  return pk;
+}
+
+static Buffer
+Sign (SECKEYPrivateKey * privKey, Buffer & blob)
+{
+  SECStatus status;
+
+  SECItem sigitem;
+  int signature_len;
+
+  signature_len = PK11_SignatureLen (privKey);
+  sigitem.len = signature_len;
+  sigitem.data = (unsigned char *) PORT_Alloc (signature_len);
+
+  status = SEC_SignData (&sigitem, (BYTE *) blob, blob.size (), privKey,
+			 SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE);
+  if (status != SECSuccess)
+    {
+      printf ("Signing error\n");
+      if (sigitem.data != NULL)
+	{
+	  PORT_Free (sigitem.data);
+	  sigitem.data = NULL;
+	}
+      return Buffer (16, (BYTE) 0);	// sucks
+    }
+
+  Buffer proof = Buffer (sigitem.data, signature_len);
+  if (sigitem.data != NULL)
+    {
+      PORT_Free (sigitem.data);
+      sigitem.data = NULL;
+    }
+  return proof;
+}
+
+static Buffer
+GetKeyBlob (int keysize, SECKEYPublicKey * pubKey)
+{
+  Buffer blob = Buffer (1, (BYTE) 0) +	/* encoding */
+    Buffer (1, (BYTE) 1) +	/* key type */
+    Buffer (1, (BYTE) (keysize >> 8) & 0xff) +	/* key size */
+    Buffer (1, (BYTE) keysize & 0xff) +	/* key size */
+    Buffer (1, (BYTE) (pubKey->u.rsa.modulus.len >> 8) & 0xff) +
+    Buffer (1, (BYTE) pubKey->u.rsa.modulus.len & 0xff) +
+    Buffer ((BYTE *) pubKey->u.rsa.modulus.data, pubKey->u.rsa.modulus.len) +
+    Buffer (1, (BYTE) (pubKey->u.rsa.publicExponent.len >> 8) & 0xff) +
+    Buffer (1, (BYTE) pubKey->u.rsa.publicExponent.len & 0xff) +
+    Buffer ((BYTE *) pubKey->u.rsa.publicExponent.data,
+	    pubKey->u.rsa.publicExponent.len);
+  return blob;
+}
+
+static Buffer
+GetSignBlob (Buffer & muscle_public_key, Buffer & challenge)
+{
+  int i, j;
+
+  Buffer data = Buffer (muscle_public_key.size () +
+			challenge.size (), (BYTE) 0);
+  for (i = 0; i < (int) muscle_public_key.size (); i++)
+    {
+      ((BYTE *) data)[i] = ((BYTE *) muscle_public_key)[i];
+    }
+  for (j = 0; j < (int) challenge.size (); j++, i++)
+    {
+      ((BYTE *) data)[i] = ((BYTE *) challenge)[j];
+    }
+  return data;
+}
+
+APDU_Response *
+RA_Token::ProcessGenerateKey (Generate_Key_APDU * apdu,
+			      NameValueSet * vars, NameValueSet * params)
+{
+  CK_MECHANISM_TYPE mechanism;
+  SECOidTag algtag;
+  PK11RSAGenParams rsaparams;
+  void *x_params;
+  SECKEYPrivateKey *privKey;
+  SECKEYPublicKey *pubKey;
+  PK11SlotInfo *slot = PK11_GetInternalKeySlot ();
+  int publicExponent = 0x010001;
+  int buffer_size;
+  // RA::Debug( LL_PER_PDU,
+  //            "RA_Token::ProcessGenerateKey: ",
+  //            "=====ProcessGenerateKey():in ProcessGenerateKey====" );
+
+  // for testing only
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessGenerateKey");
+#endif
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_gk_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_gk_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer req = apdu->GetData ();
+  BYTE *raw = (BYTE *) req;
+  // BYTE alg = (BYTE)req[5];
+  int keysize = (((BYTE *) req)[1] << 8) + ((BYTE *) req)[2];
+//      printf("Requested key size %d\n", keysize);
+
+  int wrapped_challenge_len = ((BYTE *) req)[5];
+//      printf("Challenged Size=%d\n", wrapped_challenge_len);
+  Buffer wrapped_challenge = Buffer ((BYTE *) & raw[6],
+				     wrapped_challenge_len);
+
+  rsaparams.keySizeInBits = keysize;
+  rsaparams.pe = publicExponent;
+  mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
+  algtag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
+  x_params = &rsaparams;
+
+  /* generate key pair */
+  char *keygen_param = params->GetValue ("keygen");
+  if (keygen_param == NULL || (strcmp (keygen_param, "true") == 0))
+    {
+      privKey = PK11_GenerateKeyPair (slot, mechanism,
+				      x_params, &pubKey,
+				      PR_FALSE /*isPerm */ ,
+				      PR_TRUE /*isSensitive */ ,
+				      NULL /*wincx */ );
+      if (privKey == NULL)
+	{
+	  // printf("privKey == NULL\n");
+	  buffer_size = 1024;	/* testing */
+	}
+      else
+	{
+
+	  /* put key in the buffer */
+	  // printf("modulus len %d\n", pubKey->u.rsa.modulus.len);
+	  // printf("exponent len %d\n", pubKey->u.rsa.publicExponent.len);
+
+	  Buffer blob = GetKeyBlob (keysize, pubKey);
+
+/*
+ * The key generation operation creates a proof-of-location for the
+ * newly generated key. This proof is a signature computed with the 
+ * new private key using the RSA-with-MD5 signature algorithm.  The 
+ * signature is computed over the Muscle Key Blob representation of 
+ * the new public key and the challenge sent in the key generation 
+ * request.  These two data fields are concatenated together to form
+ * the input to the signature, without any other data or length fields.
+ */
+
+	  Buffer challenge = Buffer (16, (BYTE) 0x00);
+	  // printf("Encrypted Enrollment Challenge:\n");
+	  // wrapped_challenge.dump();
+	  Util::DecryptData (m_kek_key, wrapped_challenge, challenge);
+
+//              printf("Enrollment Challenge:\n");
+//              challenge.dump();
+//              printf("after challenge dump");
+	  Buffer muscle_public_key = GetMusclePublicKeyData (pubKey, keysize);
+//              printf("after muscle_public_key get, muscle_public_key size=%d", muscle_public_key.size());
+	  Buffer data_blob = GetSignBlob ( /*muscle_public_key */ blob,
+					  challenge);
+//              printf("after getsignblob, blob size =%d",blob.size());
+	  Buffer proof = Sign (privKey, data_blob);
+//              printf("begin verifying proof");
+	  unsigned char *pkeyb = (unsigned char *) (BYTE *) data_blob;
+	  int pkeyb_len = data_blob.size ();
+
+	  SECItem siProof;
+	  siProof.type = (SECItemType) 0;
+	  siProof.data = (unsigned char *) proof;
+	  siProof.len = proof.size ();
+
+	  //    int size = data_blob.size();
+	  // RA::Debug( LL_PER_PDU,
+	  //            "RA_Token::ProcessGenerateKey: ",
+	  //            "==== proof size =%d, data_blob size=%d",
+	  //            siProof.len,
+	  //            data_blob.size() );
+	  // RA::Debug( LL_PER_PDU,
+	  //            "RA_Token::ProcessGenerateKey: ",
+	  //            "==== === printing blob. size=%d",
+	  //            size );
+	  // RA::Debug( LL_PER_PDU,
+	  //            "RA_Token::ProcessGenerateKey: ",
+	  //            "pubKey->u.rsa.publicExponent.data[37] =%d",
+	  //            pubKey->u.rsa.publicExponent.data[37] );
+
+	  if (VerifyProof (pubKey, &siProof, pkeyb_len, pkeyb, &challenge) !=
+	      1)
+	    {
+
+	      Output ("VerifyProof failed");
+	      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+	      APDU_Response *apdu_resp = new APDU_Response (data);
+	      return apdu_resp;
+
+	    }
+
+	  m_buffer =
+	    Buffer (1, (BYTE) blob.size () / 256) +
+	    Buffer (1, (BYTE) blob.size () % 256) +
+	    Buffer (blob) +
+	    Buffer (1, (BYTE) proof.size () / 256) +
+	    Buffer (1, (BYTE) proof.size () % 256) + Buffer (proof);
+	  buffer_size = m_buffer.size ();
+	}			// if private key not NULL
+
+    }
+  else
+    {
+      // fake key
+      BYTE fake_key[] = {
+	0x00, 0x8b, 0x00, 0x01, 0x04, 0x00, 0x00, 0x80, 0x9f, 0xf9,
+	0x6e, 0xa6, 0x6c, 0xd9, 0x4b, 0x5c, 0x1a, 0xb6, 0xd8, 0x78,
+	0xd2, 0xaf, 0x45, 0xd5, 0xce, 0x8a, 0xee, 0x69, 0xfc, 0xdb,
+	0x16, 0x21, 0x46, 0x61, 0xb9, 0x91, 0x5d, 0xa8, 0x41, 0x3f,
+	0x5c, 0xce, 0xce, 0x16, 0x0b, 0xc3, 0x16, 0x99, 0xb7, 0x81,
+	0xe9, 0x9c, 0xe5, 0x31, 0x04, 0x6d, 0xab, 0xb2, 0xa3, 0xac,
+	0x91, 0x2b, 0xbd, 0x9b, 0x48, 0xa8, 0xd7, 0xd8, 0x34, 0x67,
+	0x4d, 0x58, 0xd3, 0xb9, 0x81, 0x4f, 0x8c, 0xf1, 0x2c, 0x92,
+	0xfa, 0xe7, 0x98, 0x72, 0xea, 0x52, 0xbb, 0x43, 0x73, 0x9e,
+	0x88, 0xdc, 0x6c, 0x44, 0xf3, 0x6d, 0xfd, 0x36, 0xa6, 0x5c,
+	0x61, 0x7d, 0x88, 0x51, 0xc7, 0x32, 0x14, 0x64, 0xf3, 0xe0,
+	0x6f, 0xfa, 0x86, 0x1d, 0xad, 0x6c, 0xdb, 0x8a, 0x1c, 0x30,
+	0xb2, 0x46, 0x26, 0xba, 0x3c, 0x71, 0x2c, 0x03, 0x45, 0x97,
+	0x7f, 0xb0, 0x10, 0x24, 0xf4, 0x45, 0x00, 0x03, 0x01, 0x00,
+	0x01, 0x00, 0x80, 0x58, 0x06, 0x40, 0x4e, 0x05, 0xd8, 0x54,
+	0x87, 0xb1, 0x5b, 0xfc, 0x67, 0x95, 0xe5
+      };
+      m_buffer = Buffer ((BYTE *) fake_key, sizeof fake_key);
+      buffer_size = m_buffer.size ();
+    }
+
+
+  Buffer data = Buffer (1, (BYTE) (buffer_size >> 8) & 0xff) +	// key length
+    Buffer (1, (BYTE) buffer_size & 0xff) +	// key length 
+    Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessCreateObject (Create_Object_APDU * apdu,
+			       NameValueSet * vars, NameValueSet * params)
+{
+  Buffer inputdata;
+  m_chunk_len = 0;
+  m_object_len = 0;
+
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessCreateObject");
+#endif
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_co_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_co_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  inputdata = apdu->GetData ();
+//    inputdata.dump();
+  m_objectid[0] = (char) (((BYTE *) inputdata)[0]);
+  m_objectid[1] = (char) (((BYTE *) inputdata)[1]);
+  m_objectid[2] = '\0';
+
+// skip permissions
+
+  m_object_len += (((BYTE *) inputdata)[4]) << 24;
+  m_object_len += (((BYTE *) inputdata)[5]) << 16;
+  m_object_len += (((BYTE *) inputdata)[6]) << 8;
+  m_object_len += ((BYTE *) inputdata)[7];
+
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  if (m_object != NULL)
+    {
+      delete m_object;
+      m_object = NULL;
+    }
+  m_object = new Buffer (m_object_len, (BYTE) 0);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessLifecycle (Lifecycle_APDU * apdu,
+			    NameValueSet * vars, NameValueSet * params)
+{
+
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessLifecycle");
+#endif
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_lc_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_lc_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessDeleteFile (Delete_File_APDU * apdu,
+			     NameValueSet * vars, NameValueSet * params)
+{
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessDeleteFile");
+#endif
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_df_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_df_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessInstallApplet (Install_Applet_APDU * apdu,
+				NameValueSet * vars, NameValueSet * params)
+{
+#ifdef VERBOSE
+  Output ("RA_Token::InstallApplet");
+#endif
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_ia_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_ia_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessInstallLoad (Install_Load_APDU * apdu,
+			      NameValueSet * vars, NameValueSet * params)
+{
+#ifdef VERBOSE
+  Output ("RA_Token::InstallLoad");
+#endif
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_il_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_il_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessLoadFile (Load_File_APDU * apdu,
+			   NameValueSet * vars, NameValueSet * params)
+{
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessLoadFile");
+#endif
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_lf_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_lf_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessFormatMuscleApplet (Format_Muscle_Applet_APDU * apdu,
+				     NameValueSet * vars,
+				     NameValueSet * params)
+{
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessSelect (Select_APDU * apdu,
+			 NameValueSet * vars, NameValueSet * params)
+{
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_se_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_se_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessListPins (List_Pins_APDU * apdu,
+			   NameValueSet * vars, NameValueSet * params)
+{
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_lp_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_lp_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+  Buffer data = m_version + Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessGetIssuerInfo (Get_IssuerInfo_APDU * apdu,
+			    NameValueSet * vars, NameValueSet * params)
+{
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_cp_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_cp_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data = m_version + Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessSetIssuerInfo (Set_IssuerInfo_APDU * apdu,
+			    NameValueSet * vars, NameValueSet * params)
+{
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_cp_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_cp_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data = m_version + Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessCreatePin (Create_Pin_APDU * apdu,
+			    NameValueSet * vars, NameValueSet * params)
+{
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_cp_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_cp_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data = m_version + Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessGetVersion (Get_Version_APDU * apdu,
+			     NameValueSet * vars, NameValueSet * params)
+{
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_gv_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_gv_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data = m_version + Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessGetData (Get_Data_APDU * apdu,
+			  NameValueSet * vars, NameValueSet * params)
+{
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_gd_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_gd_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data =
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) +
+    m_cuid.substr (0, 4) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    m_cuid.substr (6, 4) +
+    m_cuid.substr (4, 2) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x00) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x00) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    m_msn.substr (0, 4) + Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessGetStatus (Get_Status_APDU * apdu,
+			    NameValueSet * vars, NameValueSet * params)
+{
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_gs_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_gs_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data =
+    Buffer (1, (BYTE) m_major_version) + Buffer (1, (BYTE) m_minor_version) +
+    Buffer (1, (BYTE) 0x00) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessPutKey (Put_Key_APDU * apdu,
+			 NameValueSet * vars, NameValueSet * params)
+{
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessPutKey");
+#endif
+  Buffer key_set_data = apdu->GetData ();
+  BYTE current_version = ((BYTE *) key_set_data)[0];
+  BYTE current_index = (apdu->GetP2 () & 0x0f);
+
+  BYTE ki[2] = { current_version, current_index };
+  Buffer kib (ki, 2);
+  SetKeyInfo (kib);
+
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_pk_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_pk_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  //BYTE new_version = key_set_data[0];
+  Buffer e_auth = key_set_data.substr (3, 16);
+  Buffer e_mac = key_set_data.substr (25, 16);
+  Buffer e_kek = key_set_data.substr (47, 16);
+
+  // need to retrieve the old kek, and decrypt the data 
+  // with it
+  Buffer auth;
+  Buffer mac;
+  Buffer kek;
+  Util::DecryptData (m_kek_key, e_auth, auth);
+  Util::DecryptData (m_kek_key, e_mac, mac);
+  Util::DecryptData (m_kek_key, e_kek, kek);
+
+  m_kek_key = kek;
+  m_mac_key = mac;
+  m_auth_key = auth;
+
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessImportKeyEnc (Import_Key_Enc_APDU * apdu,
+			       NameValueSet * vars, NameValueSet * params)
+{
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessImportKeyEnc");
+#endif
+  Buffer data;
+
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_ik_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_ik_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+  data = apdu->GetData ();
+
+  data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessReadBuffer (Read_Buffer_APDU * apdu,
+			     NameValueSet * vars, NameValueSet * params)
+{
+  Buffer buffer;
+
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessReadBuffer");
+#endif
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_rb_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_rb_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  int len = apdu->GetLen ();
+  int offset = apdu->GetOffset ();
+
+  if (offset + len <= (int) m_buffer.size ())
+    {
+      buffer = m_buffer.substr (offset, len);
+    }
+  else
+    {
+      Output ("TESTING   offset = %d, len = %d, m_buffer.size = %d",
+	      offset, len, m_buffer.size ());
+      buffer = Buffer (len, (BYTE) 0);	/* for testing */
+    }
+  Buffer data = buffer + Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessUnblockPin (Unblock_Pin_APDU * apdu,
+			     NameValueSet * vars, NameValueSet * params)
+{
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessUnblockPin");
+#endif
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_up_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_up_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessListObjects (List_Objects_APDU * apdu,
+			      NameValueSet * vars, NameValueSet * params)
+{
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_lo_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_lo_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data = Buffer (1, (BYTE) 0x9C) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessReadObject (Read_Object_APDU * apdu,
+			     NameValueSet * vars, NameValueSet * params)
+{
+  Buffer buffer;
+
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessReadObject");
+#endif
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_ro_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_ro_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer buf = apdu->GetData();
+  int len = ((BYTE*)buf)[8];
+  int offset = (((BYTE*)buf)[4] << 24) + (((BYTE*)buf)[5] << 16) +
+               (((BYTE*)buf)[6] << 8) + ((BYTE*)buf)[7];
+                                                                                
+  if (offset + len <= (int) m_buffer.size ())
+    {
+      buffer = m_buffer.substr (offset, len);
+    }
+  else
+    {
+      Output ("TESTING   offset = %d, len = %d, m_buffer.size = %d",
+          offset, len, m_buffer.size ());
+      buffer = Buffer (len, (BYTE) 0);  /* for testing */
+    }
+                                                                                
+  Buffer data = buffer + Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessWriteBuffer (Write_Object_APDU * apdu,
+			      NameValueSet * vars, NameValueSet * params)
+{
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessWriteBuffer");
+#endif
+#define MAX_WRITE_BUFFER_SIZE 0x40
+  int num = 0;
+  int rv = -1;
+  int index = MAX_WRITE_BUFFER_SIZE + 2;
+  PK11SlotInfo *slot;
+  CERTCertificate *cert = NULL;
+
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_wb_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_wb_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+  Buffer inputdata = apdu->GetData ();
+  num = m_object_len - m_chunk_len;
+  if (num > MAX_WRITE_BUFFER_SIZE)
+    {
+      for (int i = 2; i < index; i++)
+	{
+	  BYTE data = ((BYTE *) inputdata)[i];
+	  ((BYTE *) * m_object)[m_chunk_len] = data;
+	  m_chunk_len++;
+	}
+    }
+  else
+    {
+      for (int i = 2; i < num + 2; i++)
+	{
+	  ((BYTE *) * m_object)[m_chunk_len] = ((BYTE *) inputdata)[i];
+	  m_chunk_len++;
+	}
+
+      if (strcmp (m_objectid, "C0") == 0)
+	{
+	  // printf("RA_Token::ProcessWriteBuffer objectid = %s\n", m_objectid);
+	  // we got the whole certificate, import to the db.
+	  cert = CERT_DecodeCertFromPackage ((char *) ((BYTE *) * m_object),
+					     m_object->size ());
+	  if (cert == NULL)
+	    {
+	      // printf("cert is NULL\n");
+	    }
+	  else
+	    {
+	      slot = PK11_GetInternalKeySlot ();
+
+	      rv = PK11_Authenticate (slot, PR_TRUE, NULL);
+	      if (rv != SECSuccess)
+		{
+		  //  printf("Failed to authenticate to the internal token\n");
+		}
+	      else
+		{
+		  rv = PK11_ImportCert (slot, cert, CK_INVALID_HANDLE,
+					(char *) "testcert", PR_FALSE);
+		  if (rv != SECSuccess)
+		    {
+		      printf
+			("Failed to import the cert to the internal token\n");
+		    }
+		}
+	    }
+	}
+    }
+
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessSetPin (Set_Pin_APDU * apdu,
+			 NameValueSet * vars, NameValueSet * params)
+{
+  Buffer new_pin_buf = apdu->GetNewPIN ();
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessSetPin");
+#endif
+
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_sp_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_sp_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+#if 0
+  printf ("New PIN: \n");
+  new_pin_buf.dump ();
+#endif
+
+  /* replace current pin */
+  int i;
+  char *new_pin = (char *) malloc (new_pin_buf.size () + 1);
+  for (i = 0; i < (int) new_pin_buf.size (); i++)
+    {
+      new_pin[i] = ((BYTE *) new_pin_buf)[i];
+    }
+  new_pin[new_pin_buf.size ()] = '\0';
+
+  if (m_pin != NULL)
+    {
+      PL_strfree (m_pin);
+      m_pin = NULL;
+    }
+  m_pin = new_pin;
+
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::Process (APDU * apdu, NameValueSet * vars, NameValueSet * params)
+{
+  APDU_Response *resp = NULL;
+
+  if (apdu->GetType () == APDU_INITIALIZE_UPDATE)
+    {
+      resp = ProcessInitializeUpdate ((Initialize_Update_APDU *) apdu, vars,
+				      params);
+    }
+  else if (apdu->GetType () == APDU_EXTERNAL_AUTHENTICATE)
+    {
+      resp = ProcessExternalAuthenticate ((External_Authenticate_APDU *) apdu,
+					  vars, params);
+    }
+  else if (apdu->GetType () == APDU_SET_PIN)
+    {
+      resp = ProcessSetPin ((Set_Pin_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_LOAD_FILE)
+    {
+      resp = ProcessLoadFile ((Load_File_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_FORMAT_MUSCLE_APPLET)
+    {
+      resp = ProcessFormatMuscleApplet ((Format_Muscle_Applet_APDU *) apdu,
+					vars, params);
+    }
+  else if (apdu->GetType () == APDU_INSTALL_LOAD)
+    {
+      resp = ProcessInstallLoad ((Install_Load_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_INSTALL_APPLET)
+    {
+      resp = ProcessInstallApplet ((Install_Applet_APDU *) apdu, vars,
+				   params);
+    }
+  else if (apdu->GetType () == APDU_DELETE_FILE)
+    {
+      resp = ProcessDeleteFile ((Delete_File_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_CREATE_OBJECT)
+    {
+      resp = ProcessCreateObject ((Create_Object_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_LIFECYCLE)
+    {
+      resp = ProcessLifecycle ((Lifecycle_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_READ_BUFFER)
+    {
+      resp = ProcessReadBuffer ((Read_Buffer_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_UNBLOCK_PIN)
+    {
+      resp = ProcessUnblockPin ((Unblock_Pin_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_LIST_OBJECTS)
+    {
+      resp = ProcessListObjects ((List_Objects_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_READ_OBJECT)
+    {
+      resp = ProcessReadObject ((Read_Object_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_WRITE_OBJECT)
+    {
+      resp = ProcessWriteBuffer ((Write_Object_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_SELECT)
+    {
+      resp = ProcessSelect ((Select_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_GET_VERSION)
+    {
+      resp = ProcessGetVersion ((Get_Version_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_PUT_KEY)
+    {
+      resp = ProcessPutKey ((Put_Key_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_GET_STATUS)
+    {
+      resp = ProcessGetStatus ((Get_Status_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_GET_ISSUERINFO)
+    {
+      resp = ProcessGetIssuerInfo ((Get_IssuerInfo_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_SET_ISSUERINFO)
+    {
+      resp = ProcessSetIssuerInfo ((Set_IssuerInfo_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_GET_DATA)
+    {
+      resp = ProcessGetData ((Get_Data_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_LIST_PINS)
+    {
+      resp = ProcessListPins ((List_Pins_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_CREATE_PIN)
+    {
+      resp = ProcessCreatePin ((Create_Pin_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_GENERATE_KEY)
+    {
+      resp = ProcessGenerateKey ((Generate_Key_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_IMPORT_KEY_ENC)
+    {
+      resp = ProcessImportKeyEnc ((Import_Key_Enc_APDU *) apdu, vars, params);
+    }
+  else
+    {
+      printf ("RA_Token: Unknown APDU (%d)\n", apdu->GetType ());
+      /* error */
+    }
+  return resp;
+}
diff --git a/pki/base/tps/tools/raclient/RA_Token.h b/pki/base/tps/tools/raclient/RA_Token.h
new file mode 100644
index 000000000..bf92e4e89
--- /dev/null
+++ b/pki/base/tps/tools/raclient/RA_Token.h
@@ -0,0 +1,225 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_TOKEN_H
+#define RA_TOKEN_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+#include "main/Buffer.h"
+#include "main/NameValueSet.h"
+#include "apdu/APDU_Response.h"
+#include "apdu/APDU.h"
+#include "apdu/Initialize_Update_APDU.h"
+#include "apdu/External_Authenticate_APDU.h"
+#include "apdu/Set_Pin_APDU.h"
+#include "apdu/Get_Status_APDU.h"
+#include "apdu/Create_Object_APDU.h"
+#include "apdu/Lifecycle_APDU.h"
+#include "apdu/Read_Buffer_APDU.h"
+#include "apdu/Get_IssuerInfo_APDU.h"
+#include "apdu/Set_IssuerInfo_APDU.h"
+#include "apdu/Load_File_APDU.h"
+#include "apdu/Format_Muscle_Applet_APDU.h"
+#include "apdu/Install_Applet_APDU.h"
+#include "apdu/Install_Load_APDU.h"
+#include "apdu/Unblock_Pin_APDU.h"
+#include "apdu/Write_Object_APDU.h"
+#include "apdu/Read_Object_APDU.h"
+#include "apdu/List_Pins_APDU.h"
+#include "apdu/List_Objects_APDU.h"
+#include "apdu/Create_Pin_APDU.h"
+#include "apdu/Generate_Key_APDU.h"
+#include "apdu/Select_APDU.h"
+#include "apdu/Delete_File_APDU.h"
+#include "apdu/Get_Version_APDU.h"
+#include "apdu/Get_Data_APDU.h"
+#include "apdu/Put_Key_APDU.h"
+#include "apdu/Import_Key_APDU.h"
+#include "apdu/Import_Key_Enc_APDU.h"
+
+typedef enum {
+        auth,
+        mac,
+        kek
+        } keyType;
+
+class RA_Token
+{
+  public:
+	  RA_Token();
+	  ~RA_Token();
+  public:
+	  char *GetPIN();
+	  Buffer &GetAuthKey();
+	  Buffer &GetMacKey();
+	  Buffer &GetKekKey();
+	  Buffer &GetAppletVersion();
+	  void SetAppletVersion(Buffer &version);
+	  Buffer &GetCUID();
+	  void SetCUID(Buffer &cuid);
+	  Buffer &GetMSN();
+	  void SetMSN(Buffer &msn);
+	  Buffer &GetKeyInfo();
+	  int GetMajorVersion();
+	  int GetMinorVersion();
+	  void SetKeyInfo(Buffer &key_info);
+	  void SetAuthKey(Buffer &key);
+	  void SetMacKey(Buffer &key);
+	  void SetKekKey(Buffer &key);
+	  void SetMajorVersion(int v);
+	  void SetMinorVersion(int v);
+	  BYTE GetLifeCycleState();
+  public:
+          int VerifyMAC(APDU *apdu);
+          void ComputeAPDUMac(APDU *apdu, Buffer &new_mac);
+          PK11SymKey *CreateSessionKey(keyType keytype,
+				Buffer &card_challenge,  
+		                Buffer &host_challenge);
+	  RA_Token *Clone();
+	  void decryptMsg(Buffer &in_data, Buffer &out_data);
+	  PK11SymKey *GetEncSessionKey();
+  public:
+	int NoOfCertificates();
+	CERTCertificate *GetCertificate(int pos);
+	int NoOfPrivateKeys();
+	SECKEYPrivateKey *GetPrivateKey(int pos);
+  public:
+	  APDU_Response *Process(APDU *apdu, NameValueSet *vars, NameValueSet *params);
+	  APDU_Response *ProcessInitializeUpdate(
+			  Initialize_Update_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessExternalAuthenticate(
+			  External_Authenticate_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessReadObject(Read_Object_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessListObjects(List_Objects_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessDeleteFile(Delete_File_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessSetPin(Set_Pin_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessInstallApplet(Install_Applet_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessInstallLoad(Install_Load_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessLoadFile(Load_File_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessFormatMuscleApplet(Format_Muscle_Applet_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessGetVersion(Get_Version_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessListPins(List_Pins_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessCreatePin(Create_Pin_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessGetData(Get_Data_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessGetStatus(Get_Status_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessCreateObject(Create_Object_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessLifecycle(Lifecycle_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessReadBuffer(Read_Buffer_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessUnblockPin(Unblock_Pin_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessGetIssuerInfo(Get_IssuerInfo_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessSetIssuerInfo(Set_IssuerInfo_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessWriteBuffer(Write_Object_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessGenerateKey(Generate_Key_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessImportKeyEnc(Import_Key_Enc_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessSelect(Select_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessPutKey(Put_Key_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+  public:
+	  Buffer m_card_challenge;
+	  Buffer m_host_challenge;
+          PK11SymKey *m_session_key;
+          PK11SymKey *m_enc_session_key;
+	  Buffer m_icv;
+	  Buffer m_cuid;
+	  Buffer m_msn;
+	  Buffer m_version;
+	  Buffer m_key_info;
+	  Buffer m_auth_key;
+	  Buffer m_mac_key;
+	  Buffer m_kek_key;
+	  Buffer m_buffer;
+	  BYTE m_lifecycle_state;
+	  char *m_pin;
+          Buffer* m_object;
+          int m_major_version;
+          int m_minor_version;
+          int m_object_len;
+          int m_chunk_len;
+          char m_objectid[3];
+};
+
+#endif /* RA_TOKEN_H */
diff --git a/pki/base/tps/tools/raclient/enroll.tps b/pki/base/tps/tools/raclient/enroll.tps
new file mode 100644
index 000000000..08e40b6e1
--- /dev/null
+++ b/pki/base/tps/tools/raclient/enroll.tps
@@ -0,0 +1,42 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################
+# Description:
+#    This data file tests enrollment operation.
+#
+# Execution:
+#    tpsclient < enroll.test
+#
+########################################################
+op=var_set name=ra_host value=air
+op=var_set name=ra_port value=8099
+op=var_set name=ra_uri value=/nk_service
+# print original token status
+op=token_set cuid=a00192030405060708c9 msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0
+op=token_set auth_key=404142434445464748494a4b4c4d4e4f
+op=token_set mac_key=404142434445464748494a4b4c4d4e4f
+op=token_set kek_key=404142434445464748494a4b4c4d4e4f
+op=token_status
+#op=ra_enroll uid=test pwd=password new_pin=password
+op=ra_enroll uid=sectest13 num_threads=1 pwd=home-boy new_pin=password 
+# print changed token status
+op=token_status
+op=exit
diff --git a/pki/base/tps/tools/raclient/enroll1.test b/pki/base/tps/tools/raclient/enroll1.test
new file mode 100644
index 000000000..fdd54f704
--- /dev/null
+++ b/pki/base/tps/tools/raclient/enroll1.test
@@ -0,0 +1,43 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################
+# Description:
+#    This data file tests enrollent.
+#
+# Execution:
+#    tpsclient < enroll.test
+#
+########################################################
+op=var_set name=ra_host value=air
+op=var_set name=ra_port value=8000
+op=var_set name=ra_uri value=/nk_service
+# print original token status
+op=token_status
+###set token params
+op=token_set cuid=a00192030405060708c9 msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0
+op=token_set auth_key=404142434445464748494a4b4c4d4e4f
+op=token_set mac_key=404142434445464748494a4b4c4d4e4f
+op=token_set kek_key=404142434445464748494a4b4c4d4e4f
+op=token_status
+op=ra_enroll uid=sectest13 pwd=home-boy new_pin=password
+# print changed token status
+op=token_status
+op=exit
diff --git a/pki/base/tps/tools/raclient/format.tps b/pki/base/tps/tools/raclient/format.tps
new file mode 100644
index 000000000..f087a2d25
--- /dev/null
+++ b/pki/base/tps/tools/raclient/format.tps
@@ -0,0 +1,45 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################
+# Description:
+#    This data file tests token format operation.
+#
+# Execution:
+#    tpsclient < format.test
+#
+########################################################
+op=var_set name=ra_host value=air
+op=var_set name=ra_port value=8000
+op=var_set name=ra_uri value=/nk_service
+op=var_list
+# print original token status
+op=token_status
+### set token params
+op=token_set cuid=a00192030405060708c9 app_ver=6FBBC105 key_info=0101
+op=token_set auth_key=404142434445464748494a4b4c4d4e4f
+op=token_set mac_key=404142434445464748494a4b4c4d4e4f
+op=token_set kek_key=404142434445464748494a4b4c4d4e4f
+op=token_status
+## perform format operation
+op=ra_format uid=test pwd=password num_threads=1 new_pin=password
+# print changed token status
+op=token_status
+op=exit
diff --git a/pki/base/tps/tools/raclient/nt_enroll.test b/pki/base/tps/tools/raclient/nt_enroll.test
new file mode 100644
index 000000000..f4faf18fe
--- /dev/null
+++ b/pki/base/tps/tools/raclient/nt_enroll.test
@@ -0,0 +1,212 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################
+# Description:
+#    This data file tests enrollment operation.
+#
+# Execution:
+#    tpsclient < enroll.test
+#
+########################################################
+op=var_set name=ra_host value=water
+op=var_set name=ra_port value=7888
+op=var_set name=ra_uri value=/nk_service
+########################################################
+# Possible return codes:
+#
+# General errors:
+#  6400 - No specific diagnosis
+#  6700 - Wrong length in Lc
+#  6982 - Security status not satisfied
+#  6985 - Conditions of use not satisified
+#  6a86 - Incorrect P1 P2
+#  6d00 - Invalid instruction
+#  6e00 - Invalid class
+#
+# Install Load errors:
+#  6581 - Memory Failure
+#  6a80 - Incorrect parameters in data field
+#  6a84 - Not enough memory space
+#  6a88 - Referenced data not found
+#
+# Delete errors:
+#  6200 - Application has been logically deleted
+#  6581 - Memory failure
+#  6985 - Referenced data cannot be deleted
+#  6a88 - Referenced data not found
+#  6a82 - Application not found
+#  6a80 - Incorrect values in command data
+#
+# Get Data errors:
+#  6a88 - Referenced data not found
+#
+# Get Status errors:
+#  6310 - More data available
+#  6a88 - Referenced data not found
+#  6a80 - Incorrect values in command data
+#
+# Load errors:
+#  6581 - Memory failure
+#  6a84 - Not enough memory space
+#  6a86 - Incorrect P1/P2
+#  6985 - Conditions of use not satisified
+########################################################
+#
+########################################################
+# Negative Test Cases Testing:
+#
+# To enable the testing, you need to uncomment
+# the following:
+#
+#op=var_set name=test_enable value=true
+#
+# Init Update APDU:
+#
+#op=var_set name=test_apdu_iu_return_enable value=true
+#op=var_set name=test_apdu_iu_return value=6a88
+#
+# External Authenticate APDU:
+#
+#op=var_set name=test_apdu_ea_return_enable value=true
+#op=var_set name=test_apdu_ea_return value=6a88
+#
+# Generate Key APDU:
+#
+#op=var_set name=test_apdu_gk_return_enable value=true
+#op=var_set name=test_apdu_gk_return value=6a88
+#
+# Create Object APDU:
+#
+#op=var_set name=test_apdu_co_return_enable value=true
+#op=var_set name=test_apdu_co_return value=6a88
+#
+# Life Cycle APDU:
+#
+#op=var_set name=test_apdu_lc_return_enable value=true
+#op=var_set name=test_apdu_lc_return value=6a88
+#
+# Delete File APDU:
+#
+#op=var_set name=test_apdu_df_return_enable value=true
+#op=var_set name=test_apdu_df_return value=6a88
+#
+# Install Applet APDU:
+#
+#op=var_set name=test_apdu_ia_return_enable value=true
+#op=var_set name=test_apdu_ia_return value=6a88
+#
+# Install Load APDU:
+#
+#op=var_set name=test_apdu_il_return_enable value=true
+#op=var_set name=test_apdu_il_return value=6a88
+#
+# Load File APDU:
+#
+#op=var_set name=test_apdu_lf_return_enable value=true
+#op=var_set name=test_apdu_lf_return value=6a88
+#
+# Select Applet APDU:
+#
+#op=var_set name=test_apdu_se_return_enable value=true
+#op=var_set name=test_apdu_se_return value=6a88
+#
+# List PINs APDU:
+#
+#op=var_set name=test_apdu_lp_return_enable value=true
+#op=var_set name=test_apdu_lp_return value=6a88
+#
+# Create PIN APDU:
+#
+#op=var_set name=test_apdu_cp_return_enable value=true
+#op=var_set name=test_apdu_cp_return value=6a88
+#
+# Get Version APDU:
+#
+#op=var_set name=test_apdu_gv_return_enable value=true
+#op=var_set name=test_apdu_gv_return value=6a88
+#
+# Get Data APDU:
+#op=var_set name=test_apdu_gd_return_enable value=true
+#op=var_set name=test_apdu_gd_return value=6a88
+#
+# Get Status APDU:
+#
+#op=var_set name=test_apdu_gs_return_enable value=true
+#op=var_set name=test_apdu_gs_return value=6a88
+#
+# Put Key APDU:
+#
+#op=var_set name=test_apdu_pk_return_enable value=true
+#op=var_set name=test_apdu_pk_return value=6a88
+#
+# Import Key Enc APDU:
+#
+#op=var_set name=test_apdu_ik_return_enable value=true
+#op=var_set name=test_apdu_ik_return value=6a88
+#
+# Read Buffer APDU:
+#
+#op=var_set name=test_apdu_rb_return_enable value=true
+#op=var_set name=test_apdu_rb_return value=6a88
+#
+# Unblock PIN APDU:
+#
+#op=var_set name=test_apdu_up_return_enable value=true
+#op=var_set name=test_apdu_up_return value=6a88
+#
+# List Objects APDU:
+#
+#op=var_set name=test_apdu_lo_return_enable value=true
+#op=var_set name=test_apdu_lo_return value=6a88
+#
+# Read Object APDU:
+#
+#op=var_set name=test_apdu_ro_return_enable value=true
+#op=var_set name=test_apdu_ro_return value=6a88
+#
+# Write Buffer APDU:
+#
+#op=var_set name=test_apdu_wb_return_enable value=true
+#op=var_set name=test_apdu_wb_return value=6a88
+#
+# Set PIN APDU:
+#
+#op=var_set name=test_apdu_sp_return_enable value=true
+#op=var_set name=test_apdu_sp_return value=6a88
+#
+# ExtendedLoginRequest Message:
+#
+#op=var_set name=test_msg_el_resp_exclude_uid value=true
+#op=var_set name=test_msg_el_resp_exclude_pwd value=true
+#op=var_set name=test_msg_el_resp_add_invalid_param value=true
+#
+########################################################
+# print original token status
+op=token_set cuid=a00192030405060708c9 msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0
+op=token_set auth_key=404142434445464748494a4b4c4d4e4f
+op=token_set mac_key=404142434445464748494a4b4c4d4e4f
+op=token_set kek_key=404142434445464748494a4b4c4d4e4f
+op=token_status
+#op=ra_enroll uid=test pwd=password new_pin=password
+op=ra_enroll uid=testuser1 num_threads=1 pwd=netscape new_pin=password 
+# print changed token status
+op=token_status
+op=exit
diff --git a/pki/base/tps/tools/raclient/readme.txt b/pki/base/tps/tools/raclient/readme.txt
new file mode 100644
index 000000000..8997544ac
--- /dev/null
+++ b/pki/base/tps/tools/raclient/readme.txt
@@ -0,0 +1,247 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+Overview
+========
+
+tpsclient is a test utility that talks to the TPS
+directly using HTTP protocol.
+
+It is a software-based token. It can be used as a driver
+for stress/scalability testing.
+
+It can be used for the following operations:
+
+  enrollment     - This is for getting a certificate
+                   into the token.
+  pin reset      - This is for changing the token's pin. 
+  format         - This is for formatting the token to 
+                   remove the certificates from the token
+                   and load fresh applets.
+
+Configuration
+=============
+
+The tpsclient utility accepts a test script file. Each script 
+file contains a sequence of operations. Each operation 
+is composed of a set of name value pairs. For example,
+
+  op=var_set name=ra_host value=familiar
+
+It starts with an operation type such as 'op=var_set' and
+follows by a list of parameters as 'name=ra_host value=familiar'.
+
+The currently supported operation types are as follows:
+
+  op=var_list         - list all TPS connection parameters
+  op=var_get          - retrieve the value of a TPS connection parameter
+  op=var_set          - set the value of a TPS conection parameter
+
+  op=exit             - exit this utility
+  op=help             - get more information about each operation
+
+  op=token_status     - list all token parameters
+  op=token_set        - set the value of a token parameter
+
+  op=ra_enroll        - perform an enrollment operation
+  op=ra_reset_pin     - perform a pin reset operation
+  op=ra_format        - perform a format operation
+
+Configuration Examples
+======================
+
+Setup TPS's connection information:
+
+  op=var_set name=ra_host value=familiar
+  op=var_set name=ra_port value=9003
+  op=var_set name=ra_uri value=/nk_service
+
+Setup token's ID, Applet ID, and Key Set Version:
+
+  op=token_set cuid=a00192030405060708c9 app_ver=6FBBC105 key_info=0101
+
+Setup Key Data: (Note that '404142434445464748494a4b4c4d4e4f' is the
+default key created by the manufacturer in the real token)
+
+  op=token_set auth_key=404142434445464748494a4b4c4d4e4f
+  op=token_set mac_key=404142434445464748494a4b4c4d4e4f
+  op=token_set kek_key=404142434445464748494a4b4c4d4e4f
+
+Perform an enrollment operation:
+
+  op=ra_enroll uid=sectest13 pwd=home-boy new_pin=password
+
+Perform a pin reset operation:
+
+  op=ra_reset_pin uid=test pwd=password new_pin=newpassw
+
+Perform a format operation:
+
+  op=ra_format uid=test pwd=password new_pin=newpassw
+
+Print the information inside token:
+
+  op=token_status
+
+Applet Upgrade Example 
+======================
+
+To test applet upgrade, you should first setup TPS to enable
+applet upgrade. Please consult the TPS documentation for those
+details.
+
+You should try to do an enrollment operation with an applet
+version that's different from the one that's configured in
+the TPS's configuration file. For example, you should have 
+the following in the test script.
+
+    op=token_set cuid=18888883333300000004 app_ver=402428AD key_info=0101
+
+This indicates that the token's applet version is currently at 
+40248AD. 
+
+
+After execution, you should see an audit event logged on the
+TPS's audit log file like this,
+
+
+    ...
+    [2004-11-15 16:56:38] 847f220 Enrollment - op='applet_upgrade'
+    app_ver='0.0.402428AD' new_app_ver='1.2.416DA155'
+    ...
+    ...
+    [2004-11-15 16:56:43] 847f220 Enrollment - status='success'
+    app_ver='1.2.416DA155' key_ver='0101' cuid='18888883333300000004'
+    msn='00000000' uid='user1' auth='ldap1' time='7243 msec'
+
+Key Change Over Example
+=======================
+
+To test key change over, you should setup a version 2 master key
+in TKS and enable the key change over feature in TPS. Please
+consult the TPS documentation for details.
+
+You should try to do an enrollment with a version 1 key in the
+token. TPS should change the key in your token to 
+version 2. For example, you should have the following in 
+the test script:
+
+  op=token_set cuid=a00192030405060708c9 app_ver=6FBBC105 key_info=0101
+  op=token_set auth_key=404142434445464748494a4b4c4d4e4f
+  op=token_set mac_key=404142434445464748494a4b4c4d4e4f
+  op=token_set kek_key=404142434445464748494a4b4c4d4e4f
+
+Note 'key_info=0101' indicates a version 1 key set.
+
+After the execution, you should see the following in the output:
+
+  ...
+  Output> cuid : 'a00192030405060708c9' (10 bytes)
+  Output> key_info : '0201' (2 bytes)
+  Output> auth_key : 'a3523ec8c0740b621e18e9cdd99f75fc' (16 bytes)
+  Output> mac_key : '903af964eb7ede26ea189243a5caad9c' (16 bytes)
+  Output> kek_key : '44ef9de3775121a871c152563d9b9860' (16 bytes)
+  ...
+
+'key_info: 0201' indicates that the current key set in the
+token now changed from '0101' to '0201'. And as you noticed, 
+the key data for auth, mac, and kek keys are all different.
+
+If you check the TPS's log, you should see an audit event for
+the key change over operation. 
+
+After this, you should try to enroll with a version 2 keys.
+For example, create a new test script that contains:
+
+  op=token_set cuid=a00192030405060708c9 app_ver=6FBBC105 key_info=0201
+  op=token_set auth_key=a3523ec8c0740b621e18e9cdd99f75fc
+  op=token_set mac_key=903af964eb7ede26ea189243a5caad9c
+  op=token_set kek_key=44ef9de3775121a871c152563d9b9860
+
+Execute this test script, and you should NOT see an audit
+event for key change over. It is because your token already
+has a version 2 key set.
+
+You can also try to key change over from version 2 back to 
+version 1 with appropriate TPS configuration and test 
+script.
+
+Choose a specific profile in TPS
+================================
+
+TPS can be configured to support several profiles like 
+
+  1) devicekey profile  - used to issue only signing certs
+  2) userKey profile - used to issue signing and encryption certs
+
+the tpsclient can be configured to tell TPS to select the right
+profile by adding the following to the op=ra_enroll line in the
+test script
+  
+  op=ra_enroll uid=user1 num_threads=1 pwd=password new_pin=newpassw
+  extensions=tokenType=userKey
+
+  (OR)
+ 
+  op=ra_enroll uid=user1 num_threads=1 pwd=password new_pin=newpassw
+  extensions=tokenType=deviceKey
+
+Stress test Example
+===================
+
+tpsclient can be configured to start multiple threads to perform
+enrollment or pin reset or format operations, to stress the TPS
+installation.
+
+  op=ra_enroll uid=user1 num_threads=1 pwd=password new_pin=newpassw
+  extensions=tokenType=userKey
+
+In the above test script line, the num_threads parameter indicates
+the number of threads that will be started. 
+
+Also , to control the number of operations being performed, the
+following parameter should be set in the test script line.
+
+  op=ra_enroll uid=user1 num_threads=1 pwd=password new_pin=newpassw
+  extensions=tokenType=userKey max_ops=10
+
+max_ops, indicates the number of operations that will be performed
+by all the threads.
+
+
+
+
+Execution
+=========
+
+For Enrollment Operation:
+
+  tpsclient < enroll.test
+
+For Reset Pin Operation:
+
+  tpsclient < reset_pin.test
+
+Note
+====
+
+You may need to setup LD_LIBRARY_PATH (On Linux, and Solaris) to 
+point to the directory where you have NSPR, NSS, TPS shared libraries.
+
diff --git a/pki/base/tps/tools/raclient/reset_pin.tps b/pki/base/tps/tools/raclient/reset_pin.tps
new file mode 100644
index 000000000..1a81fd2a7
--- /dev/null
+++ b/pki/base/tps/tools/raclient/reset_pin.tps
@@ -0,0 +1,42 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################
+# Description:
+#    This data file tests pin reset operation.
+#
+# Execution:
+#    tpsclient < reset_pin.test
+#
+########################################################
+op=var_set name=ra_host value=air
+op=var_set name=ra_port value=8000
+op=var_set name=ra_uri value=/nk_service
+op=var_list
+# print original token status
+op=token_set cuid=a00192030405060708c9 app_ver=6FBBC105 key_info=0101
+op=token_set auth_key=404142434445464748494a4b4c4d4e4f
+op=token_set mac_key=404142434445464748494a4b4c4d4e4f
+op=token_set kek_key=404142434445464748494a4b4c4d4e4f
+op=token_status
+op=ra_reset_pin uid=test pwd=password num_threads=1 new_pin=password
+# print changed token status
+op=token_status
+op=exit
diff --git a/pki/base/tps/tools/raclient/reset_pin1.test b/pki/base/tps/tools/raclient/reset_pin1.test
new file mode 100644
index 000000000..2169e7ce2
--- /dev/null
+++ b/pki/base/tps/tools/raclient/reset_pin1.test
@@ -0,0 +1,40 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################
+# Description:
+#    This data file tests pin reset.
+#
+# Execution:
+#    tpsclient < reset_pin.test
+#
+# This one is failure case. The sectest12 requires securid but
+# the test doesnt provide one. 
+########################################################
+op=var_set name=ra_host value=broom
+op=var_set name=ra_port value=2020
+op=var_set name=ra_uri value=/nk_service
+op=var_list
+# print original token status
+op=token_status
+op=ra_reset_pin uid=sectest12 pwd=blue77 new_pin=password
+# print changed token status
+op=token_status
+op=exit
diff --git a/pki/base/tps/tools/raclient/reset_pin2.test b/pki/base/tps/tools/raclient/reset_pin2.test
new file mode 100644
index 000000000..77b5d20d2
--- /dev/null
+++ b/pki/base/tps/tools/raclient/reset_pin2.test
@@ -0,0 +1,39 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################
+# Description:
+#    This data file tests pin reset.
+#
+# Execution:
+#    tpsclient < reset_pin.test
+#
+# This one is success case. The sectest13 does not require securid.
+########################################################
+op=var_set name=ra_host value=broom
+op=var_set name=ra_port value=2020
+op=var_set name=ra_uri value=/nk_service
+op=var_list
+# print original token status
+op=token_status
+op=ra_reset_pin uid=sectest13 pwd=home-boy new_pin=password
+# print changed token status
+op=token_status
+op=exit
diff --git a/pki/base/tps/tools/tus/add.c b/pki/base/tps/tools/tus/add.c
new file mode 100644
index 000000000..4a464b97b
--- /dev/null
+++ b/pki/base/tps/tools/tus/add.c
@@ -0,0 +1,115 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "nsapi.h"
+
+#include <time.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include "ldap.h"
+
+#include "tus/tus_db.h"
+
+/* Specify the search criteria here. */
+static char *host = "localhost";
+static int  port = 389;
+static char *baseDN    = "ou=Tokens,dc=mcom,dc=com";
+static char *prefix = "0000";
+static char *suffix = "0000";
+static int  start = 1;
+static int  len = 0;
+static char *who = NULL;
+static char *password = NULL;
+
+
+#define SCOPE LDAP_SCOPE_SUBTREE
+#define FILTER "(cn=*)"
+
+int main (int argc, char **argv)
+{
+    int           i, h, rc;
+    char cn[256];
+    char *errorMsg = NULL;
+
+    if (argc < 8 || argc > 10) {
+        printf ("Usage:\n  %s baseDN prefix suffix start len who password host port", argv[0]);
+        return 1;
+    }
+
+    baseDN = argv[1];
+    prefix = argv[2];
+    suffix = argv[3];
+    start = atoi(argv[4]);
+    len = atoi(argv[5]);
+    who = argv[6];
+    password = argv[7];
+
+    if (argc > 8) {
+        host = argv[8];
+    }
+
+    if (argc > 9) {
+        port = atoi(argv[9]);
+    }
+
+    set_tus_db_baseDN(baseDN);
+    set_tus_db_port(port);
+    set_tus_db_host(host);
+    set_tus_db_bindDN(who);
+    set_tus_db_bindPass(password);
+    rc = tus_db_init(errorMsg);
+    if (rc != LDAP_SUCCESS) {
+        fprintf(stderr, "tus_db_init: (%d) %s\n", rc, errorMsg);
+        return 1;
+    }
+
+    for (i = 0; i < len; i++) {
+        h = start + i;
+        sprintf(cn, "%s%08X%s", prefix, h, suffix);
+        printf ("Adding %s\n", cn);
+
+        rc = add_default_tus_db_entry (NULL, "", cn, "active", "", "");
+        if (rc != LDAP_SUCCESS) {
+            fprintf( stderr, "ldap_add_ext_s: %s\n", ldap_err2string( rc ) );
+            return 1;
+        }
+    }
+    
+    /* STEP 4: Disconnect from the server. */
+    tus_db_end();
+
+    return( 0 );
+}
diff --git a/pki/base/tps/tools/tus/test.c b/pki/base/tps/tools/tus/test.c
new file mode 100644
index 000000000..8def4b390
--- /dev/null
+++ b/pki/base/tps/tools/tus/test.c
@@ -0,0 +1,112 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+#include "ldap.h"
+
+/* Specify the search criteria here. */
+#define HOSTNAME "localhost"
+#define PORTNUMBER 389
+#define BASEDN "ou=Tokens,dc=mcom,dc=com"
+#define SCOPE LDAP_SCOPE_SUBTREE
+#define FILTER "(cn=*)"
+
+int
+main( int argc, char **argv )
+{
+  LDAP          *ld;
+  LDAPMessage   *result = NULL, *e;
+  char          *dn = NULL;
+  int           version, rc;
+  /* Print out an informational message. */
+  printf( "Connecting to host %s at port %d...\n\n", HOSTNAME,
+    PORTNUMBER );
+
+  /* STEP 1: Get a handle to an LDAP connection and
+    set any session preferences. */
+  if ( (ld = ldap_init( HOSTNAME, PORTNUMBER )) == NULL ) {
+    perror( "ldap_init" );
+    return( 1 );
+  }
+
+  /* Use the LDAP_OPT_PROTOCOL_VERSION session preference to specify
+    that the client is an LDAPv3 client. */
+  version = LDAP_VERSION3;
+  ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version );
+
+  /* STEP 2: Bind to the server.
+    In this example, the client binds anonymously to the server
+    (no DN or credentials are specified). */
+  rc = ldap_simple_bind_s( ld, NULL, NULL );
+  if ( rc != LDAP_SUCCESS ) {
+    fprintf(stderr, "ldap_simple_bind_s: %s\n", ldap_err2string(rc));
+    return( 1 );
+  }
+  
+  /* Print out an informational message. */
+  printf( "Searching the directory for entries\n"
+    " starting from the base DN %s\n"
+    " within the scope %d\n"
+    " matching the search filter %s...\n\n",
+    BASEDN, SCOPE, FILTER );
+
+  /* STEP 3: Perform the LDAP operations.
+    In this example, a simple search operation is performed.
+    The client iterates through each of the entries returned and
+    prints out the DN of each entry. */
+  rc = ldap_search_ext_s( ld, BASEDN, SCOPE, FILTER, NULL, 0,
+    NULL, NULL, NULL, 0, &result );
+  if ( rc != LDAP_SUCCESS ) {
+    fprintf(stderr, "ldap_search_ext_s: %s\n", ldap_err2string(rc));
+    return( 1 );
+  }
+  for ( e = ldap_first_entry( ld, result ); e != NULL;
+   e = ldap_next_entry( ld, e ) ) {
+    if ( (dn = ldap_get_dn( ld, e )) != NULL ) {
+      printf( "dn: %s\n", dn );
+      ldap_memfree( dn );
+      dn = NULL;
+    }
+  }
+  if( result != NULL ) {
+      ldap_msgfree( result );
+      result = NULL;
+  }
+
+  /* STEP 4: Disconnect from the server. */
+  ldap_unbind( ld );
+  return( 0 );
+}
diff --git a/pki/base/tps/ui/perl/Velocity.pm b/pki/base/tps/ui/perl/Velocity.pm
new file mode 100755
index 000000000..f5f45431f
--- /dev/null
+++ b/pki/base/tps/ui/perl/Velocity.pm
@@ -0,0 +1,1047 @@
+#! /usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+
+use strict;
+
+package Template::Velocity::Executor;
+sub new;
+
+package Template::Velocity;
+
+
+# The Template::Velocity package implements a Template execution
+# engine similar to the Java Velocity package.
+
+use Parse::RecDescent;
+use Data::Dumper;
+
+
+$Template::Velocity::parser;
+
+my $docroot="docroot";
+my %parsetrees = ();
+my $debugflag = 0;
+
+
+#GRAMMAR defined here
+
+my $vmgrammar = q{
+
+	{
+			use Data::Dumper;
+			sub Dumper
+			{
+				$::debugdumper = undef;
+				if ($::debugflag && $::debugdumper ) { return Data::Dumper(@_); }
+				else {""};
+			}
+
+	}
+	
+
+# Template is the top-level object
+	template: <skip:'[ \t]*'> section(s) /\Z/
+
+	section: blockdirective
+		   | nonblockdirective
+		   | plainline 
+
+	blockdirective: ifblock
+				  | foreachblock
+
+	plainline : <skip:''> /[ \t]*/ ...!'#' linecomp(s?) /\n*/
+
+	HASH: '#'
+
+# HMM - this doesn't handle multiple variables on one line?
+	linecomp: variable 
+	        | <skip:'[ \t]*'> /[^\$\n]*/
+
+	nonblockdirective: '#' 'include' <commit> includeargs /\n*/ {  $item[4] ; }
+					 | '#' 'parse'   <commit> parseargs   /\n*/ {  $item[4] ; }
+					 | '#' 'set'     <commit> setargs     /\n*/ {  $item[4] ; }
+ 					 | <error:unknown command $text>
+
+
+	ifblock: ifdirective section(s) elseclause(?) enddirective 
+
+
+# this bubbles up the result of the expression inside the if()
+# which is from the 'ifargs' rule
+ 	ifdirective: '#' 'if' <skip:'[ \t]*'> ifargs /\n/  
+
+ 	enddirective: <skip:'[ \t]*'> '#' 'end' "\n"
+
+	elseclause: elsedirective section(s) 
+
+ 	elsedirective: '#' 'else' "\n"
+
+	foreachblock: foreachdirective section(s) enddirective
+
+ 	foreachdirective: '#' 'foreach' foreachargs "\n"
+
+   ifargs:        '(' expression ')' 
+			| <error:Argument to if must be an expression: $text>
+
+   foreachargs:   '(' variablename 'in' variable ')'
+			|  <error:Arguments to 'foreach' must be of form \$a in \$b: $text>
+
+   includeargs:   '(' string ')'
+			|  <error:invalid argument to include: $text>
+
+   parseargs:   '(' expression ')'
+			|  <error:invalid argument to parsearges: $text>
+
+
+   setargs:   <skip:'[ \t]*'>  '(' assignment ')'  
+			|  <error:Argument to set must be an assignment : $text>
+
+
+# expression evaluation
+
+# this goes roughly in order of precendence:
+#   ==
+#   &&, ||
+#   +, -
+#   *
+#   !
+
+# does not properly distinguish between lvalues and rvalues
+
+
+    expression: boolean
+			  | <error>
+
+
+    assignment: variablename '=' boolean 
+
+    boolean:    equality (boolean_operator equality)(?)
+
+	boolean_operator:     ( '&&' | '||' )
+
+	equality:   summation (equality_operator summation)(?)
+			
+
+	equality_operator:    ( '==' | '!=' )
+
+    summation:   product (summation_operator summation)(?)
+
+	summation_operator:   ( '+' | '-' )
+
+
+# must parenthesize operator '*' to get it to appear in the $item array
+
+    product:   negation ('*' product)(?)
+
+#XXX need to implement
+	negation:   notoperator(?) factor 
+
+	notoperator: "!"
+
+    factor:      number
+		|        string
+        |        variable
+
+
+
+#  These rules deal with variables
+#  handles $process
+#          $file.executablename
+#          $process.getpid()
+#          $person.getparent().getbrother().slap()
+#          $fred.getchildren()
+
+#   You'd make a dependency on the 'variable' rule if you want the value
+#   of the variable.
+#   You'd make a dependency on the 'variablename' rule if you want the
+#   name of the variable.
+#   (There's no real difference here - the expression evaluation is
+#   in the variable() subroutine)
+
+	variable:  variablename { ["variable", $item[1][1] ]; }
+
+	variablename: '$' identifier subfield(s?)
+		{
+			my $variableinfo = { 
+					top    => $item{identifier}, 
+					fields => $item{'subfield(s?)'}
+				};
+   			$return = [ "variablename", \$variableinfo ];
+		}
+
+	subfield:     '.' identifier arglist(?)
+		{
+			my $d;
+			my $a = $item{"arglist(?)"};
+			my $args;
+			
+			#::debug "arglist = ".Dumper($a)."\n";
+			if ($a) {
+
+				my ($argcount, $al, $alpresent);
+			
+				#$args = @{$a}->[2];
+				$args = $a->[0][2];
+				#::debug "arglist args=".Dumper($args)."\n";
+				$alpresent = $args;
+				$argcount = $#$args;
+				if ($alpresent && $argcount == -1) {
+					$args->[0] = [ ];
+				}
+			}
+
+			#::debug "arglist identifier=".$item{identifier}."\n";
+			$return = [ "subfield", { 
+					fieldname => $item{identifier},
+					arglist   => $args->[0],
+					} ];
+		}
+
+	arglist:      '(' list(?) ')'
+
+    list:         expression (',' list)(s?)
+	
+
+# Basic data types
+# identifiers, numbers and strings
+
+	identifier:  /[A-Za-z0-9_]+/ { $item[1]; }
+
+    number: /\d+/   {$item[1]; }
+
+	#XXX skip is all wrong here... should be in []
+    string:   <skip:'[ \t]'>   '"' <skip:""> /[^"]*/ '"' { $return = ["string",$item[4]]; }
+          |   <skip:'[ \t]'>   "'" <skip:""> /[^']*/ "'" { $return = ["string",$item[4]]; }
+
+
+# other literals
+	whitespace:  /\s*/
+
+  
+};
+
+
+# Get a parser object (transforming the built-in text grammar into RecDescent
+# data structure). This object can be reused for parsing multiple velocity files
+sub new
+{
+	#$::debugflag = 0;
+	my $class = shift;
+	$docroot = shift;
+	undef $::RD_HINT;
+	undef $::RD_WARN;
+	#$::RD_TRACE = 1;
+	my $parser = new Parse::RecDescent($vmgrammar) or die "Bad Grammar\n"; 
+	$Data::Dumper::Maxdepth = 1;;
+	my $self = {};
+	$self->{parser} = $parser;
+	# ugly - :-(
+	$Template::Velocity::parser = $parser;
+	bless $self, $class;
+	return $self;
+}
+
+
+# Execute a template.  Given a text string and a parser object, will return
+# a parse tree, useful for feeding into the executor.
+sub execute_string
+{
+	my $self = shift;
+	my $string = shift;
+	my $rule = shift;
+	if (! $rule ) { $rule = "template"; }
+	#print Dumper($self);
+
+	my $parser = $self->{parser};
+	my $parsetree = $parser->$rule($string);
+	my $executor = new Template::Velocity::Executor($parsetree, $parser );
+	
+	my @value = $executor->run();
+	#my @value = Template::Velocity::Executor::execute($parsetree, $parser);
+	my $value = shift @value;
+	return $value;
+}
+
+
+sub execute_file
+{
+
+	my $self = shift;
+	my $filename = shift;
+
+	my $parser = $self->{parser};
+
+	my $rule;
+	my $tree = $parsetrees{$filename};
+
+	if (! $tree) {
+		$rule = "template";
+		open my $fh, "<$docroot/$filename" or return undef;
+		my $string = join "",<$fh>;
+		close $fh;
+		$tree = $parser->$rule($string);
+		$parsetrees{$filename} = $tree;
+	}
+	
+	my $executor = new Template::Velocity::Executor($tree, $parser );
+
+	my @value = $executor->run();
+	my $value = shift @value;
+	return $value;
+	
+
+}
+
+
+
+
+
+
+
+
+sub Dumper
+{
+ return "";
+ if ($::debugflag && $::debugdumper) { 
+	return Data::Dumper->Dump([@_]); 
+ }
+ else {""};
+}
+
+
+
+
+# This autoaction returns an array of each parse element
+# The net result is a parse tree
+# I couldn't use <autotree> because I wanted to preserve
+# the order of the elements, and <autotree> returns a
+# hashtable, not an array
+
+$::RD_AUTOACTION = q{
+   [@item];
+};
+
+# debug flags set here
+
+
+
+
+
+
+#########   EXECUTE FUNCTIONS
+
+
+# These functions deal with executing the velocity parse tree
+{
+	package Template::Velocity::Executor::Rules;
+	use Data::Dumper;
+
+	# this imports symbols from these other packages, so
+    # we don't have to always use the fully-qualified names
+	*exe_all      = \&Template::Velocity::Executor::exe_all;
+	*exe_optional = \&Template::Velocity::Executor::exe_optional;
+	*execute      = \&Template::Velocity::Executor::execute;
+	*debug        = \&Template::Velocity::Executor::debug;
+	*indent       = \&Template::Velocity::Executor::indent;
+	*deindent     = \&Template::Velocity::Executor::deindent;
+	*docroot      = \&Template::Velocity::docroot;
+
+	sub Dumper
+	{
+		return "";
+ 		if ($::debugflag && $::debugdumper) { return Dumper(@_); }
+ 		else {""};
+	}
+
+	#template: <skip:'[ \t]*'> section(s) /\Z/
+	sub template {
+		my $f = "template";
+		my @item = exe_all(@_);
+		debug ("$::level $f - sections should be an array of text: .".Dumper($item[2])."\n");
+		my $sections = $item[2];
+		debug ("sections is a: ".(ref $sections)." - it should be an array\n");
+		my $r= ( join "", @{$item[2]});
+		return $r;
+	}
+	
+
+	#linecomp: variable 
+	#        | <skip:'[ \t]*'> /[^\$\n]*/
+	sub linecomp {
+		my $item;
+		debug ("linecomp: _[2] = '".$_[2]."'\n");
+		if ($_[2]) {
+			debug ("linecomp: inside if\n");
+			$item = $_[1].$_[2];
+		} else {
+			debug ("linecomp: inside else{\n");
+			($item) = exe_all($_[1]);
+			debug ("linecomp: end of else}\n");
+			debug ("linecomp: item =\n".Dumper($item)."\n");
+		}
+		debug ("linecomp: returning $item\n");
+		return $item;
+	}
+
+	# plainline : <skip:''> /[ \t]*/ ...!'#' linecomp(s?) /\n+/
+	sub plainline {
+		my @item = exe_all(@_);
+		debug ("$::level in plainline - linecomps should be an array of text: .".Dumper($item[4])."\n");
+		my $r = join "", @{$item[4]};
+		debug ("$::level in plainline - joined as: $r\n");
+		$r = $item[2] . $r. $item[5];
+		debug ("$::level in plainline - returning : $r\n");
+		return $r;
+	}
+
+	sub expression {
+		debug ("$::level expression  = ".Dumper($_[1])."\n");
+		my ($item) = exe_all($_[1]);
+		debug ("$::level expression returning $item\n");
+		return $item;
+	}
+
+	#foreachblock: foreachdirective section(s) enddirective
+	sub foreachblock {
+		my $f = "foreachblock";
+		debug ("$::level $f started!\n");
+		my ($directive)  = exe_all($_[1]);
+		debug ("$::level $f directive = \n".Dumper($directive)."\n");
+		my ($variable, $list) = @{$directive};
+		my $variablename = $$variable->{top};
+		debug ("$::level $f variable = $variablename\n");
+		debug ("$::level $f list = \n".Dumper($list)."\n");
+
+		my $result = "";
+		foreach my $q (@{$list}) {
+			debug ("$::level $f q=$q\n");
+			$::symbol{$variablename} = $q;
+			debug ("$::level $f setting variable $variablename = $q\n");
+			
+			my ($sections)  = exe_all($_[2]);
+			debug ("$::level $f sections was: ".Dumper($sections)."\n");
+			$result .= join "",@{$sections};
+		}
+		return $result;
+	}
+
+ 	#foreachdirective: '#' 'foreach' foreachargs "\n"
+	sub foreachdirective {
+		my ($item) = exe_all($_[3]);
+		return $item;
+	}
+
+    #foreachargs:   '(' variablename 'in' expression ')'
+	sub foreachargs {
+		my $f = "foreachargs";
+		my ($variable, $list) = exe_all($_[2], $_[4]);
+		debug ("$::level $f variable = \n".Dumper($variable)."\n");
+		debug ("$::level $f list = \n".Dumper($list)."\n");
+		return [$variable, $list];
+	}
+
+	# XXX if block should only execute section(s) if if arg is positve)
+	# likewise for else
+	#ifblock: ifdirective section(s) elseclause(?) enddirective 
+	sub ifblock {
+		my $f = "ifblock";
+		my @item = exe_all(@_);
+		debug ("$::level $f - sections should be an array of text: .".Dumper($item[2])."\n");
+		my $sections = $item[2];
+		my $else = $item[3];
+		debug ("$::level $f sections is a: ".(ref $sections)." - it should be an array\n");
+		debug ("$::level   item1: if expression = ".$item[1]."\n");
+		debug ("$::level $f elseclause is a: ".(ref $else)." - it should be an scalar\n");
+		my $r= ( 
+				$item[1]>0 ?                           # if expression
+					(join "", @{$item[2]}) : 
+					($item[3] ? join "",@{$item[3]} : "")
+			   );
+		# this is not quite right ... elseclause returns a scalar (it joins the sections)
+		# so why do I have to join again here? possibly because it's a '?'
+		return $r;
+	}
+
+	#elseclause: elsedirective section(s) 
+	sub elseclause {
+		my $f = "elseclause";
+		my ($sections) = exe_all($_[2]);
+		debug ("$::level $f sections is a: ".(ref $sections)." - it should be an array\n");
+		my $return = join "", @{$sections};
+		debug ("$::level $f returning: $return\n");
+		return $return;
+	}
+
+	sub ifargs {
+		debug ("$::level ifargs [2] = ".Dumper($_[2])."\n");
+		my ($item) = exe_all($_[2]);
+		debug ("$::level item  = ".Dumper($item)."\n");
+		my $r = $item>0 ? 1 : 0;  
+		debug ("$::level ifargs returning $r\n");
+		return $r;
+	}
+
+ 	#ifdirective: '#' 'if' <skip:'[ \t]*'> ifargs /\n/  
+	sub ifdirective {
+		my ($item) = exe_all($_[4]);
+		my $r = $item>0 ? 1 : 0;  
+		debug ("$::level ifdirective returning $r\n");
+		return $r;
+	}
+
+    #boolean:    equality (boolean_operator equality)(?)
+	sub boolean {
+		my $f = "boolean";
+		my ($equality, $alt) = ( execute($_[1]), $_[2]);
+		my $r = $equality;
+		if (scalar @$alt) {
+			my ($op, $equality2) = exe_optional($alt, 1,2);
+
+			if ($op eq '&&') { 
+				$r = $equality && $equality2;
+			}
+			if ($op eq '||') {
+				$r = $equality || $equality2;
+			}
+		}
+
+		return $r;
+	}
+
+
+    #summation:   product (summation_operator summation)(?)
+	sub summation {
+		#my @item = exe_all(@_);
+		my $f = "summation";
+		my ($product, $alt) = ( execute($_[1]), $_[2]);
+		debug("$::level $f - product = $product, alternation = $alt\n");
+		debug("$::level $f - alternation = \n".Dumper($alt)."\n");
+
+		if (scalar @$alt) {
+			if (0) {
+			debug("$::level $f - alt1= \n".Dumper($alt->[0][1])."\n");
+			debug("$::level $f - alt2= \n".Dumper($alt->[0][2])."\n");
+			my ($operator, $summation) = ( execute($alt->[0][1]), execute($alt->[0][2]),);
+			}
+			my ($operator, $summation) = exe_optional($alt, 1,2);
+
+			if ($operator eq '+') { return $product + $summation;
+			} else { return $product - $summation; }
+		} else {
+			return $product;
+		}
+	}
+
+	
+
+	#equality:   summation (equality_operator summation)(?)
+	sub equality {
+		my $f = "equality";
+		my ($summation, $alt) = ( execute($_[1]), $_[2] );
+
+		if (scalar @$alt) {
+			my ($operator, $summation2) = exe_optional($alt, 1,2);
+
+			# string comparison used, so (0.0) is NOT equal to (0)
+			if ($operator eq '==') { return ($summation eq $summation2) ? 1:0; }
+			else { return ($summation eq $summation2) ? 0:1; }
+		} else {
+			return $summation;
+		}
+	}
+
+
+	sub product {
+		my $f = "product";
+		my ($negation, $alt) = ( execute($_[1]), $_[2]);
+		debug("$::level $f negation = $negation, alternation = $alt\n");
+		debug("$::level $f - alternation = ".Dumper($alt)."\n");
+
+		if (scalar @$alt) {
+			if (0) {
+			debug("$::level $f - alt1= \n".Dumper($alt->[0][1])."\n");
+			debug("$::level $f - alt2= \n".Dumper($alt->[0][2])."\n");
+			my ($operator, $product) = ( execute($alt->[0][1]), execute($alt->[0][2]),);
+			}
+			my ($operator, $product) = exe_optional($alt,1,2);
+			return ($negation * $product);
+		} else {
+			return $negation;
+		}
+	}
+
+	sub factor {
+		my ($value) = exe_all($_[1]);
+		return $value;
+	}
+
+	#negation:   notoperator(?) factor 
+	sub negation {
+		debug ("$::level in negation... input = ".(join ",",@_)."\n");
+		#my @item = exe_all(@_);
+		my ($alt, $value) = ( $_[1], execute($_[2]) );
+		debug ("$::level negation: alternation= $alt\n");
+		debug ("$::level negation: value = $value\n");
+		my $operator = execute($alt->[0][1]);
+
+		my $r;
+		if ($operator && $operator eq '!') {
+			if ($value ) { $r = 0; }
+			else { $r = 1; }
+			debug ("$::level negation: inverting\n");
+		} else {
+			debug ("$::level negation: not inverting\n");
+			$r = $value;
+		}
+		debug ("$::level negation: returning $r\n");
+		return $r;
+	}
+
+   #setargs:   <skip:'[ \t]*'>  '(' assignment ')'  
+	sub setargs {
+		my $f = "setargs";
+		my ($args) = exe_all($_[3]);
+		debug("$::level $f args = \n".Dumper($args)."\n");
+		my ($variable, $value) = @{$args};
+		debug("$::level $f variable type =".(ref $variable)."\n");
+		debug("$::level $f variable = \n".Dumper($variable)."\n");
+		my $symbolname = $$variable->{top};
+		debug("$::level $f setting variable '$symbolname' = $value\n");
+		$::symbol{$symbolname} = $value;
+		return "";
+	}
+
+    #assignment: variablename '=' boolean 
+	sub assignment { 
+		my $f = "assignment";
+		my ($variable, $value) = exe_all($_[1],$_[3]);
+		debug("$::level $f variable = \n".Dumper($variable)."\n");
+		my $r = [ $variable, $value ];
+		debug("$::level $f returning: \n".Dumper($r)."\n");
+		return $r;
+	}
+
+   	#includeargs:   '(' string ')'
+	sub includeargs {
+		my $f = "includeargs";
+		my ($filename ) = execute($_[2]);
+
+		debug("including file: $filename\n");
+		open my $fh, "<$docroot/$filename" or return "filenotfound $docroot/$filename!\n";
+		my $file = join "", <$fh>;
+		close FILE;
+		
+		return $file;
+	}
+
+	sub parseargs {
+		my $f = "parseargs";
+		my ($filename ) = execute($_[2]);
+
+		debug("parsing file: $filename\n");
+		open my $fh, "<$docroot/$filename" or return "filenotfound $docroot/$filename!\n";
+		my $file = join "", <$fh>;
+		close FILE;
+
+		#$result = $parser->template($string);
+		my $parsetree = $Template::Velocity::parser->template($file);
+		my @value = execute($parsetree);
+		my $value = shift @value;
+		
+		return $value;
+	}
+
+# variables
+
+# variables
+# this rule converts a variable name/identifier into its value
+# $main.subfield(argument1,argument2).subfield2(arg1,arg2)
+# There are two data structures at work here.
+#  1. the data structure specifying the variable name to be queried
+# this represents  $a.b.c(100,9,5,4)
+#{
+# 'top' => 'a'
+# 'fields' => [
+#   { 'fieldname' => 'b', 'arglist' => undef },
+#   { 'fieldname' => 'c', 'arglist' => [ '100', 9, 5, '4', ], }
+#   ],
+#}
+#  2. Data structure specifying the symbol table
+
+# return value could be:
+#  a scalar: either a string/number value or reference to an array of values
+#  an array
+ 
+	sub  variable {
+# look up the root object in the symbol table
+		my $f = "variable";
+		debug("$::level $f: input\n".Dumper(\@_)."\n");
+		my $var    = $_[1];
+		debug("$::level $f var=\n".Dumper($var)."\n");
+# $$var works with # 27:   '#set (\$a=1+3)\n\$a\n'
+#0  REF(0x8fa0510)
+#   -> HASH(0x8fa1454)
+#        'fields' => ARRAY(0x8fa8c08)
+#            empty array
+#        'top' => 'a'
+
+# $var works with # 25:   '$employee.add(100,4+5,2+3,4,4,5,6)'
+#DB<2> x $var
+#0  HASH(0x9c7a340)
+#  'fields' => ARRAY(0xa06e7d8)
+#  0  ARRAY(0xa06e9ac)
+#     0  'subfield'
+#     1  HASH(0xa06e880)
+#        'arglist' => ARRAY(0xa074184)
+
+		my $top    = $$var->{top};    # name of the root object
+			debug("$::level $f top=\n".Dumper($top)."\n");
+		my $fields  = $$var->{fields}; # array of the subidentifiers
+			my $val    = "";
+
+		debug("$::level $f - top_id = $top\n");
+		debug("$::level $f : var: \n".Dumper($var)."\n");
+		debug("$::level $f - fields = \n".Dumper($fields)."\n");
+
+
+		debug("$::level $f : top = ".$top."\n");
+		if (! defined $::symbol{$top} ) {
+# XXX
+			debug ("symbol table = ",(join ",",sort keys %::symbol)."\n");
+			debug ("undefined variable: $top\n");
+			return 0;
+		}
+		debug("$::level $f symbol table: \n".Dumper(\%::symbol)."\n");
+		$val = $::symbol{$top};
+		debug("$::level $f val before: \n".Dumper($val)."\n");
+
+		debug("$::level $f - fields = \n".Dumper($fields)."\n");
+		my $pass = 1;
+		foreach my $field (@$fields) {
+			my $args;
+
+			my ($fieldname, $values);
+			{
+				debug("$::level $f pass $pass \@_=\n".Dumper(\@_)."\n");
+				debug("$::level $f before strip field = \n".Dumper($field)."\n");
+#shift @$fn;   # 'subfield' string
+#$fn = $fn->[0];
+#$fn = [ (@{$fn}) ];
+#shift @$fn;
+				debug("$::level $f after strip fn = \n".Dumper($field)."\n");
+
+				$fieldname = $field->[1]->{fieldname};
+				debug("$::level $f processing field: $fieldname\n");
+				$args= $field->[1]->{arglist};
+
+
+# convert the argument list (which could be expressions, other
+# variables, etc) into raw values
+				if ($args) {
+					debug("$::level $f executing $fieldname with args:\n".Dumper($args)."\n");
+					($values) = execute($args);
+					debug("$::level $f returned values:\n".Dumper($values)."\n");
+				}
+			}
+
+			debug("$::level $f after execute, \@_=\n".Dumper(\@_)."\n");
+
+#call the function
+			if (ref $val) {
+				debug("$::level $f : inside loop(before) {\n".Dumper($val)."\n");
+				debug("$::level $f : inside loop(before) {\n".Dumper($val)."\n");
+				if ($args) {
+					debug("$::level $f: function call\n");
+#$val = $$val->$fieldname ($args);    # method call
+					my $func = $val->{$fieldname};    # method call
+					debug("$::level $f: $fieldname func=\n ".Dumper($func)."\n");
+					no strict;
+					$val = &$func($val, @$values);
+					debug("$::level $f: $fieldname result=$val\n");
+					debug("$::level $f: $fieldname result=\n".Dumper($val)."\n");
+
+				} else {
+					&::debug("$::level $f: plain field access\n");
+					if (ref $val eq "REF") {
+						$val = $$val->{$fieldname};  # field access
+					} else {
+						$val = $val->{$fieldname};  # field access
+					}
+				}
+				debug("$::level $f } inside loop(after val retrieval) val=\n".Dumper($val)."\n");
+			} 
+			$pass++;
+
+		}
+
+		return $val;
+	}
+
+	#$return = [ "variablename", \$variableinfo ];
+	sub  variablename {
+		my $f = "variablename";
+		debug("$::level $f: input\n".Dumper(\@_)."\n");
+		my $var    = $_[1];
+		return $var;
+	}
+
+	#arglist:      '(' list(?) ')'
+	sub arglist {
+		my ($list) = exe_all($_[2]);
+		debug("$::level list: ".Dumper($list)."\n");
+		if ($list) {
+			my $ll = $list->[0];
+			debug("$::level ll \n".Dumper($ll)."\n");
+			debug("$::level \$\$list: \n");
+			return $ll;
+		}
+		return undef;
+	}
+
+    #list:         expression (',' list)(s?)
+	sub list {
+		my ($expr, $alt) = ( execute($_[1]), $_[2] );
+
+		if (scalar @$alt) {
+			my ($list) = exe_optional($alt, 2);
+
+			debug("$::level list: expr: $expr\n");
+			debug("$::level list: list: $list\n:");
+			debug("$::level list ".Dumper($list)."\n");
+			my $r = [ $expr, (@$list) ];
+			return $r;
+		}
+		debug("$::level returning simple expression: $expr\n:");
+		return [$expr];
+	}
+
+	
+
+	sub _default {
+		debug ("$::level default rule {\n");
+		indent();
+		debug ("$::level parsing parameters\n");
+		my @item = exe_all(@_);
+		debug ("$::level default rule - last item in array is: ".$item[$#item]."\n");
+		my $r = join "",@item[1..$#item];
+		debug ("$::level default rule - returning: $r\n");
+		deindent();
+		debug ("$::level }\n");
+		return $r;
+
+	}
+
+
+}
+
+
+package Template::Velocity::Executor;
+
+use Data::Dumper;
+
+
+
+sub new
+{
+	my $class = shift;
+
+	my $parsetree = shift;
+	my $parser    = shift;
+
+	my $self = {};
+	$self->{parser} = $parser;
+	$self->{parsetree} = $parsetree;
+	bless $self, $class;
+	return $self;
+}
+
+
+sub run {
+	my $self = shift;
+
+	return (execute($self->{parsetree}));
+}
+
+
+
+my $level = " ";
+
+sub debug {
+	if ($::debugflag) {
+		print @_;
+	}
+}
+
+# This basically all works calling execute($parsetree).
+# Execute will look the Parsetree, which is built by a special autoaction
+#
+# It will call top-down, into functions called 'Executor::XXX', (where XXX is
+# the name of the production)
+#
+# Additional trees, representing child productions, will be passed in
+# as arguments to the Executor::XXX function. These arguments be processed
+# before the Executor::XXX function can proceed.
+#
+# If no such function is present, Executor:_default will be run
+# 
+# To process the arguments, use this in the Executor function:
+#     my @item = exe(@_);
+# Which will give you an @item array similar to that in the RD rules, one
+# exception being that productions which return arrays are flattened into
+# the @item array. (bad idea?)
+# 
+
+
+
+# executes a parsetree (gotten as a result of calling recdescent $parser->rule()
+# and returns the string value of the result.
+
+sub Dumper {
+ "";
+}
+
+sub execute {
+		my $result;
+		my $tree = shift;   # a reference to a tree is passed in
+		debug "$level execute: {\n";	
+		indent();
+		debug ("$level tree = \n".Dumper($tree)."\n");
+
+# there are 3 possible things this tree could be:
+
+# 1 a scalar .. in which case this rule represents a literal, and the
+#              the literal is just returned
+#
+# 2 an array of the form (array, ...)   - in which case this is the result of a production
+#                                         which returned an array of trees. This happens
+#                                         if you specify (s), (?), etc, in a production.
+# 3 an array of the form (scalar, ...)  - in which case this refers to a subrule
+# 
+
+# case 1...
+		my $type = ref $tree;
+		if ($type) {
+			debug "\n$level tree type: ".(ref $tree)." \n";
+		} else {
+			debug "\n$level tree type: scalar \n";
+		}
+		if ($type ne "ARRAY") {
+			debug "$level   returning literal: '$tree'\n";
+			deindent();
+			debug "$level }\n\n";
+			return $tree;
+		}
+
+		my @result;
+
+# if this tree is the result of a auto-generated rule (e.g. alternation)
+# then tree[0] is not a name.. it is an array. just call the default action with
+# the arguments
+
+		my $rule = @{$tree}->[0];   # rule name is first
+
+		if ($rule && ref $rule eq "ARRAY") {    # case 2
+			debug "$level element[0] is an array (case 2) \n";
+			debug "$level contents of input: \n".Dumper(\@{$tree})."\n";
+			#@result = exe(@{$rule});
+			debug "$level running exe on the array..\n";
+		# not sure about this...
+			@result = (exe_all(@{$tree}));
+			debug "$level contents of output: \n".Dumper(\@result)."\n";
+			#shift @result;   # get rid of function name
+			$result = \@result;
+			
+		} else {                                # case 3
+			my @args = @{$tree};
+
+			debug "$level rule is a function to execute (case 3): '$rule'\n";
+			indent();
+			my $qr = "Template::Velocity::Executor::Rules::$rule";
+			if (defined &$qr) {
+				no strict ;
+				$result = (&$qr(@args));
+			} else {
+				debug "$level no function defined for: '$rule' - calling default action\n";
+				$result = Template::Velocity::Executor::Rules::_default(@args);
+			}
+		}
+		deindent();
+		debug "$level function: $rule returned=\n".Dumper($result)."\n";
+
+		debug "$level }\n";
+		return $result;
+
+		}
+
+# these hold and set the current indent level. It's only used for nested debug messages
+sub indent {
+	$level .= "  ";
+	$Data::Dumper::Pad = $level."  ";
+}
+sub deindent {
+	$level = substr ($level,0,-2);
+	$Data::Dumper::Pad = $level."  ";
+}
+
+
+sub exe_optional {
+	my @r;
+	my $f = shift;
+	foreach my $q (@_) {
+		debug("$level: getting arg# $q\n");
+		push @r, execute($f->[0][$q]);
+	}
+	return @r;
+}
+
+# exe: for each argument, run the 'execute' function
+#
+
+sub exe_all {
+	my $d = $Data::Dumper::Maxdepth;
+	$Data::Dumper::Maxdepth = 9;
+	debug "\n$level exe_all (".$_[0].") arguments: {\n".Dumper(\@_)." \n";
+	my @r;
+	indent();
+
+	foreach my $i (@_) {
+		push @r, execute($i);
+	}
+	deindent();
+	debug "$level exe_all: returning: \n".Dumper(\@r)."$level}\n\n";
+	$Data::Dumper::Maxdepth = $d;
+	return @r;
+}
+
+
+
+
+
+#package PKI::TPS::GlobalVar;
+
+#sub new { my $self = {}; bless $self; return $self; }
+
+
+1;
+
diff --git a/pki/base/tps/wrappers/tpsclient.in b/pki/base/tps/wrappers/tpsclient.in
new file mode 100755
index 000000000..5f2f6b3f5
--- /dev/null
+++ b/pki/base/tps/wrappers/tpsclient.in
@@ -0,0 +1,78 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+ 
+
+###############################################################################
+##  (1) Specify variables used by this script.                               ##
+###############################################################################
+
+LIB_DIR=@nss_libdir@:@nspr_libdir@:@ldapsdk_libdir@:@sasl_libdir@
+BIN_DIR=@libexecdir@
+COMMAND=tpsclient
+
+
+###############################################################################
+##  (2) Set the LD_LIBRARY_PATH environment variable to determine the        ##
+##      search order this command wrapper uses to find shared libraries.     ##
+###############################################################################
+
+LD_LIBRARY_PATH=${LIB_DIR}
+export LD_LIBRARY_PATH
+
+
+###############################################################################
+##  (3) Set the PATH environment variable to determine the search            ##
+##      order this command wrapper uses to find binary executables.          ##
+##                                                                           ##
+##      NOTE:  Since the wrappers themselves are ALWAYS located in           ##
+##             "/usr/bin", this directory will always be excluded            ##
+##             from the search path.  Since "/bin" is nothing more           ##
+##             than a symbolic link to "/usr/bin" on Solaris, this           ##
+##             directory will also always be excluded from the search        ##
+##             path on this platform.                                        ##
+###############################################################################
+
+PATH=${BIN_DIR}
+export PATH
+
+
+###############################################################################
+##  (4) Execute the binary executable specified by this command wrapper      ##
+##      based upon the preset LD_LIBRARY_PATH and PATH environment variables.##
+###############################################################################
+
+ORIGINAL_IFS=${IFS}
+IFS=:
+
+for dir in ${PATH}
+do
+	if [ -x ${dir}/${COMMAND} ]
+	then
+		IFS=${ORIGINAL_IFS}
+		${dir}/${COMMAND} "$@"
+		exit $?
+	fi
+done
+
+echo "Unable to find \"${COMMAND}\" in \"${PATH}\"!"
+
+exit 255
+