From 4f0cd49202d8f9538d20fc51ea70e0f8b7727052 Mon Sep 17 00:00:00 2001
From: Endi Sukma Dewata <edewata@redhat.com>
Date: Wed, 21 Nov 2012 14:30:45 -0500
Subject: Reorganized TPS templates and scripts.

The templates, JS, and CGI scripts for TPS have been reorganized
into the TPS core package.

Ticket #407
---
 base/tps/apache/cgi-bin/sow/ajax-list.cgi    |  79 ++++++++
 base/tps/apache/cgi-bin/sow/cfg.pl           | 168 +++++++++++++++++
 base/tps/apache/cgi-bin/sow/enroll.cgi       | 246 +++++++++++++++++++++++++
 base/tps/apache/cgi-bin/sow/enroll.html      | 260 +++++++++++++++++++++++++++
 base/tps/apache/cgi-bin/sow/enroll_temp.cgi  | 246 +++++++++++++++++++++++++
 base/tps/apache/cgi-bin/sow/enroll_temp.html | 231 ++++++++++++++++++++++++
 base/tps/apache/cgi-bin/sow/format.cgi       | 207 +++++++++++++++++++++
 base/tps/apache/cgi-bin/sow/format.html      | 236 ++++++++++++++++++++++++
 base/tps/apache/cgi-bin/sow/formatso.cgi     | 207 +++++++++++++++++++++
 base/tps/apache/cgi-bin/sow/formatso.html    | 186 +++++++++++++++++++
 base/tps/apache/cgi-bin/sow/index.cgi        |  42 +++++
 base/tps/apache/cgi-bin/sow/is_agent.cgi     |  69 +++++++
 base/tps/apache/cgi-bin/sow/is_user.cgi      |  71 ++++++++
 base/tps/apache/cgi-bin/sow/main.cgi         |  70 ++++++++
 base/tps/apache/cgi-bin/sow/main.html        |  67 +++++++
 base/tps/apache/cgi-bin/sow/noaccess.cgi     |  56 ++++++
 base/tps/apache/cgi-bin/sow/noaccess.html    |  63 +++++++
 base/tps/apache/cgi-bin/sow/read.cgi         | 128 +++++++++++++
 base/tps/apache/cgi-bin/sow/read.html        |  78 ++++++++
 base/tps/apache/cgi-bin/sow/read_temp.cgi    | 125 +++++++++++++
 base/tps/apache/cgi-bin/sow/read_temp.html   |  78 ++++++++
 base/tps/apache/cgi-bin/sow/search.cgi       |  70 ++++++++
 base/tps/apache/cgi-bin/sow/search.html      |  71 ++++++++
 base/tps/apache/cgi-bin/sow/search_temp.cgi  |  70 ++++++++
 base/tps/apache/cgi-bin/sow/search_temp.html |  71 ++++++++
 base/tps/apache/cgi-bin/sow/seturl.cgi       | 207 +++++++++++++++++++++
 base/tps/apache/cgi-bin/sow/seturl.html      | 174 ++++++++++++++++++
 base/tps/apache/cgi-bin/sow/welcome.cgi      |  57 ++++++
 base/tps/apache/cgi-bin/sow/welcome.html     |  63 +++++++
 29 files changed, 3696 insertions(+)
 create mode 100755 base/tps/apache/cgi-bin/sow/ajax-list.cgi
 create mode 100755 base/tps/apache/cgi-bin/sow/cfg.pl
 create mode 100755 base/tps/apache/cgi-bin/sow/enroll.cgi
 create mode 100755 base/tps/apache/cgi-bin/sow/enroll.html
 create mode 100755 base/tps/apache/cgi-bin/sow/enroll_temp.cgi
 create mode 100755 base/tps/apache/cgi-bin/sow/enroll_temp.html
 create mode 100755 base/tps/apache/cgi-bin/sow/format.cgi
 create mode 100755 base/tps/apache/cgi-bin/sow/format.html
 create mode 100755 base/tps/apache/cgi-bin/sow/formatso.cgi
 create mode 100755 base/tps/apache/cgi-bin/sow/formatso.html
 create mode 100755 base/tps/apache/cgi-bin/sow/index.cgi
 create mode 100755 base/tps/apache/cgi-bin/sow/is_agent.cgi
 create mode 100755 base/tps/apache/cgi-bin/sow/is_user.cgi
 create mode 100755 base/tps/apache/cgi-bin/sow/main.cgi
 create mode 100755 base/tps/apache/cgi-bin/sow/main.html
 create mode 100755 base/tps/apache/cgi-bin/sow/noaccess.cgi
 create mode 100755 base/tps/apache/cgi-bin/sow/noaccess.html
 create mode 100755 base/tps/apache/cgi-bin/sow/read.cgi
 create mode 100755 base/tps/apache/cgi-bin/sow/read.html
 create mode 100755 base/tps/apache/cgi-bin/sow/read_temp.cgi
 create mode 100755 base/tps/apache/cgi-bin/sow/read_temp.html
 create mode 100755 base/tps/apache/cgi-bin/sow/search.cgi
 create mode 100755 base/tps/apache/cgi-bin/sow/search.html
 create mode 100755 base/tps/apache/cgi-bin/sow/search_temp.cgi
 create mode 100755 base/tps/apache/cgi-bin/sow/search_temp.html
 create mode 100755 base/tps/apache/cgi-bin/sow/seturl.cgi
 create mode 100755 base/tps/apache/cgi-bin/sow/seturl.html
 create mode 100755 base/tps/apache/cgi-bin/sow/welcome.cgi
 create mode 100755 base/tps/apache/cgi-bin/sow/welcome.html

(limited to 'base/tps/apache/cgi-bin/sow')

diff --git a/base/tps/apache/cgi-bin/sow/ajax-list.cgi b/base/tps/apache/cgi-bin/sow/ajax-list.cgi
new file mode 100755
index 000000000..0f4ac094f
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/ajax-list.cgi
@@ -0,0 +1,79 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+use Mozilla::LDAP::Conn;
+use PKI::TPS::Common;
+
+[REQUIRE_CFG_PL]
+
+sub main()
+{
+
+  my $q = new CGI;
+
+  my $host = get_ldap_host();
+  my $port = get_ldap_port();
+  my $secureconn = get_ldap_secure();
+  my $basedn = get_base_dn();
+  my $certdir = get_ldap_certdir();
+
+  my $letters = $q->param('letters');
+  if ($letters eq "") {
+    # HACK: ajax.js posts parameters into POST URL
+    $letters = $ENV{'QUERY_STRING'};
+    $letters =~ s/.*letters=//g;
+    $letters =~ s/\+/ /g;
+  }
+
+  my $result = "";
+
+  print "Content-Type: text/html\n\n";
+
+  my $conn =  PKI::TPS::Common::make_connection(
+                  {host => $host, port => $port, cert => $certdir},
+                  $secureconn);
+
+  return if (!$conn);
+
+  my $entry = $conn->search ( { base =>$basedn,
+                                scope => "sub",
+                                filter => "cn=$letters*",
+                                attrsonly => 0,
+                                attrs => qw(cn uid),
+                                sortattrs => qw(cn)}
+                            );
+
+  while ($entry) {
+    my $cn =  ($entry->getValues("cn"))[0]  || "";
+    my $uid = ($entry->getValues("uid"))[0] || "";
+    $result .= $uid . "###" . $cn . "|";
+    $entry  $conn->nextEntry();
+  }
+
+  $conn->close();
+
+  print $result;
+}
+
+&main();
diff --git a/base/tps/apache/cgi-bin/sow/cfg.pl b/base/tps/apache/cgi-bin/sow/cfg.pl
new file mode 100755
index 000000000..64e612aaa
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/cfg.pl
@@ -0,0 +1,168 @@
+#! /usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+#
+# Establish platform-dependent variables:
+#
+my $ldapsearch="/usr/bin/ldapsearch";
+
+#
+# Feel free to modify the following parameters:
+#
+my $ldapHost = "localhost";
+my $ldapPort = "389";
+my $basedn = "ou=People,dc=sfbay,dc=redhat,dc=com";
+my $port = "7888";
+my $secure_port = "7889";
+my $host = "localhost";
+
+my $cfg = "/var/lib/pki-tps/conf/CS.cfg";
+
+sub get_ldapsearch()
+{
+  return $ldapsearch;
+}
+
+sub get_ldap_host()
+{
+  my $ldapport = `grep auth.instance.0.hostport $cfg | cut -c26-`;
+  chomp($ldapport);
+  my ($ldapHost, $p) = split(/:/, $ldapport);
+  return $ldapHost;
+}
+
+sub get_ldap_port()
+{
+  my $ldapport = `grep auth.instance.0.hostport $cfg | cut -c26-`;
+  chomp($ldapport);
+  my ($p, $ldapPort) = split(/:/, $ldapport);
+  return $ldapPort;
+}
+
+sub get_base_dn()
+{
+  my $basedn = `grep auth.instance.0.baseDN $cfg | cut -c24-`;
+  chomp($basedn);
+  return $basedn;
+}
+
+sub get_port()
+{
+  my $port = `grep service.unsecurePort $cfg | cut -c22-`;
+  chomp($port);
+  return $port;
+}
+
+sub get_secure_port()
+{
+  my $secure_port = `grep service.securePort $cfg | cut -c20-`;
+  chomp($secure_port);
+  return $secure_port;
+}
+
+sub get_host()
+{
+  my $host = `grep service.machineName $cfg | cut -c21-`;
+  chomp($host);
+  return $host;
+}
+
+sub is_agent()
+{
+  my ($dn) = @_;
+
+  my $uid = $dn;
+  # need to map a subject dn into user DN
+  $uid =~ /uid=([^,]*)/; # retrieve the uid
+  $uid = $1;
+
+  my $x_hostport = `grep -e "^tokendb.hostport" $cfg | cut -c18-`;
+  chomp($x_hostport);
+  my ($x_host, $x_port) = split(/:/, $x_hostport);
+  my $x_basedn = `grep -e "^tokendb.userBaseDN" $cfg | cut -c20-`;
+  chomp($x_basedn);
+  my $x_binddn = `grep -e "^tokendb.bindDN" $cfg | cut -c16-`;
+  chomp($x_binddn);
+  my $x_bindpwdpath = `grep -e "^tokendb.bindPassPath" $cfg | cut -c22-`;
+  chomp($x_bindpwdpath);
+  my $x_bindpwd = `grep -e "^tokendbBindPass" $x_bindpwdpath | cut -c17-`;
+  chomp($x_bindpwd);
+
+   my $cmd = $ldapsearch . " " .
+            "-x" .
+            "-D \"" . $x_binddn . "\" " .
+            "-w \"" . $x_bindpwd . "\" " .
+            "-b \"" . "cn=TUS Officers,ou=Groups,".$x_basedn . "\" " .
+            "-h \"" . $x_host . "\" " .
+            "-p \"" . $x_port ."\" " .
+            "-LLL \"(uid=" . $uid . "*)\" | wc -l";
+
+  my $matched = `$cmd`;
+
+  chomp($matched);
+
+  if ($matched eq "0" || $matched eq "") {
+    return 0;
+  } else {
+    return 1;
+  }
+}
+
+sub is_user()
+{
+  my ($dn) = @_;
+
+  my $uid = $dn;
+  # need to map a subject dn into user DN
+  $uid =~ /uid=([^,]*)/; # retrieve the uid
+  $uid = $1;
+
+  my $x_host = get_ldap_host();
+  $x_port = get_ldap_port();
+  my $x_basedn = get_base_dn();
+  chomp($x_basedn);
+  my $x_binddn = `grep -e "^tokendb.bindDN" $cfg | cut -c16-`;
+  chomp($x_binddn);
+  my $x_bindpwdpath = `grep -e "^tokendb.bindPassPath" $cfg | cut -c22-`;
+  chomp($x_bindpwdpath);
+  my $x_bindpwd = `grep -e "^tokendbBindPass" $x_bindpwdpath | cut -c17-`;
+  chomp($x_bindpwd);
+
+   my $cmd = $ldapsearch . " " .
+            "-x" .
+            "-D \"" . $x_binddn . "\" " .
+            "-w \"" . $x_bindpwd . "\" " .
+            "-b \"" . "ou=people,".$x_basedn . "\" " .
+            "-h \"" . $x_host . "\" " .
+            "-p \"" . $x_port ."\" " .
+            "-LLL \"(uid=" . $uid . "*)\" | wc -l";
+
+
+  my $matched = `$cmd`;
+
+  chomp($matched);
+
+  if ($matched eq "0" || $matched eq "") {
+    return 0;
+  } else {
+    return 1;
+  }
+}
diff --git a/base/tps/apache/cgi-bin/sow/enroll.cgi b/base/tps/apache/cgi-bin/sow/enroll.cgi
new file mode 100755
index 000000000..8a6431e52
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/enroll.cgi
@@ -0,0 +1,246 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+[REQUIRE_CFG_PL]
+
+use CGI;
+use Mozilla::LDAP::Conn;
+use PKI::TPS::Common;
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GenerateEnrollmentPage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+  my $ldap_host = get_ldap_host();
+  my $ldap_port = get_ldap_port();
+  my $secureconn = get_ldap_secure();
+  my $basedn = get_base_dn();
+  my $port = get_port();
+  my $host = get_host();
+  my $secure_port = get_secure_port();
+  my $certdir = get_ldap_certdir();
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< enroll.html"));
+
+  print $gQuery->header();
+
+  my $uid = $gQuery->param("uid");
+
+  my $conn =  PKI::TPS::Common::make_connection(
+                  {host => $ldap_host, port => $ldap_port, cert => $certdir},
+                  $secureconn);
+
+  ExitError("Failed to connect to the database. $msg") if (!$conn);
+
+  my $entry = $conn->search ( $basedn,
+                              "sub",
+                              "uid=$uid",
+                              0
+                            );
+
+  if (!$entry) {
+    $conn->close();
+    ExitError("User $uid not found");
+  }
+
+  my $givenName = ($entry->getValues("givenName"))[0] ||  "-";
+  my $cn = ($entry->getValues("cn"))[0] || "-";
+  my $sn = ($entry->getValues("sn"))[0] ||"-";
+  $uid = ($entry->getValues("uid"))[0] || "-";
+  my $mail = ($entry->getValues("mail"))[0] || "-";
+  my $phone = ($entry->getValues("telephoneNumber"))[0] || "-";
+  my $departmentNumber = ($entry->getValues("departmentNumber"))[0] || "";
+  my $employeeNumber = ($entry->getValues("employeeNumber"))[0] || "";
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$mail/$mail/g;
+    $l =~ s/\$uid/$uid/g;
+    $l =~ s/\$givenName/$givenName/g;
+    $l =~ s/\$sn/$sn/g;
+    $l =~ s/\$cn/$cn/g;
+    $l =~ s/\$phone/$phone/g;
+    $l =~ s/\$departmentNumber/$departmentNumber/g;
+    $l =~ s/\$employeeNumber/$employeeNumber/g;
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/base/tps/apache/cgi-bin/sow/enroll.html b/base/tps/apache/cgi-bin/sow/enroll.html
new file mode 100755
index 000000000..81ec73443
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/enroll.html
@@ -0,0 +1,260 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Enrollment</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<script type="text/JavaScript" src="/esc/sow/util.js"></script>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+<script type="text/javascript">
+<!--
+function UserOnCOOLKeyStateError()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function UserSelectRowByKeyID(keyType, keyID)
+{
+  DoCoolKeySetConfigValue("Operation-" + keyID,
+           "https://$host:$secure_port/nk_service");
+  DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey");
+  SelectRowByKeyID(keyType, keyID);
+}
+
+function updateKeyText(text)
+{
+  var f = document.getElementById('keytext');
+  new Effect.Shake(f);
+  var text = document.createTextNode(text);
+  var len= f.childNodes.length;  
+  for (i=0;i<len;i++){
+       f.removeChild(f.childNodes[0]);
+  }
+  f.appendChild(text);
+}
+
+var officerToken = null;
+
+function UserOnDoneInitializeBindingTable()
+{
+  document.body.onkeyup = onUserKeyUp;
+  var enrollbtn = document.getElementById('enrollbtn');
+  enrollbtn.disabled = true;
+  var pintf = document.getElementById('pintf');
+  pintf.focus();
+
+  // display existing blank smart
+  var arr = GetAvailableCOOLKeys();
+  if (!arr || arr.length < 1)
+    return;
+  var i;
+  for (i=0; i < arr.length; i++)
+  {
+    var keyType = arr[i][0];
+    var keyID = arr[i][1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+    if (keyStatus == "BLANK") {
+      updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    } else if (keyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    }
+    if(keyStatus == "ENROLLED" ) {
+        var uid =  GetCoolKeyIssuedTo(keyType,keyID);
+        if(uid)
+        {
+            isAgent = window.IsAgentOrUser(uid,"agent");
+        }
+        if(isAgent == true)
+        {
+            officerToken = keyID;
+        }
+    }
+
+  }
+}
+
+function UserOnCOOLKeyInserted(keyType, keyID)
+{
+  var arr = GetAvailableCOOLKeys();
+  var curKeyType = null;
+  var curKeyID = null;
+  var curKeyStatus = null;
+  var i = 0;
+  var enrollbtn = document.getElementById('enrollbtn');
+  while(1) {
+      if (arr && arr.length <= 1  )
+      {
+          toggleButton('enrollbtn','off');
+          return;
+      }
+      if (arr && arr.length > 1 )
+      {
+          toggleButton('enrollbtn','on');
+      }
+      curKeyType = arr[i][0];
+      curKeyID = arr[i][1];
+
+      var curKeyStatus = GetStatusForKeyID(curKeyType, curKeyID);
+      if(!(curKeyID == officerToken && curKeyStatus == "ENROLLED")) {
+          break;
+      }
+      i++;
+  }
+
+  if (curKeyStatus == "ENROLLED" || curKeyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!');
+  } else {
+      updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!');
+  }
+
+  var uid = null;
+  var isAgent = null;
+  UserSelectRowByKeyID(curKeyType, curKeyID);
+
+  if(curKeyStatus == "ENROLLED")
+  {
+    uid =  GetCoolKeyIssuedTo(curKeyType,curKeyID);
+    if(uid)
+    {
+        isAgent = window.IsAgentOrUser(uid,"agent");
+    }     
+    if(isAgent == true)
+    {
+        MyAlert("You can't Enroll a card that belongs to another Security Officer!");
+        updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" SECURITY OFFICER is detected!');
+        toggleButton('enrollbtn','off');
+    }
+  }
+}
+
+
+function UserOnCOOLKeyRemoved(keyType, keyID)
+{
+  updateKeyText('Please insert a blank smartcard now!');
+}
+
+function UserOnCOOLKeyStatusUpdate(data)
+{
+  var progress = document.getElementById("progress");
+  if(progress)
+      progress.innerHTML = data + "%";
+}
+
+function toggleAjaxProgress(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.style.display = 'none';
+  } else {
+    e.style.display = 'block';
+  }
+}
+
+function toggleButton(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.disabled = true;
+  } else {
+    e.disabled = false;
+  }
+}
+
+function onUserKeyUp(e)
+{
+  var pintf = document.getElementById('pintf');
+  var reenterpintf = document.getElementById('reenterpintf');
+  var enrollbtn = document.getElementById('enrollbtn');
+  if (e.keyCode == 13) {
+    if (e.target == pintf) {
+      reenterpintf.focus();
+    } else {
+      pintf.focus();
+    }
+  }
+  if (pintf.value != '' && pintf.value == reenterpintf.value) {
+    enrollbtn.disabled = false;
+  } else {
+    enrollbtn.disabled = true;
+  }
+  return e;
+}
+
+// -->
+</script>
+</head>
+
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<progressmeter id="progress-id" hidden="true" align = "center"/>
+
+<div id="pb" style="display:none;">
+  <table id="BindingTable" width="200px" align="center">
+    <tr id="HeaderRow">
+    </tr>
+  </table>
+</div>
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+  <blockquote><p>The security officer has identified the user as <strong>$cn</strong>. The User ID is <strong>$uid</strong>.</p>
+</blockquote>
+<h2><span id="keytext">Please insert new smartcard now!</span></h2>
+      <blockquote><p>The user must provide a password to protect the smart card.</p> </blockquote>
+        New Token Password:<br>
+        <input type="password" id="pintf" name="pintf" value=""><br/>
+        Re-Enter Token Password:<br>
+        <input type="password" id="reenterpintf" name="reenterpintf" value=""><br/>
+        <input type="hidden" id="snametf"  value="$uid">
+        User Password:<br>
+        <input type="password" id="snamepwd" value="">
+    <table width="100%">
+      <tr>
+<td>
+<div id="ajax-pb" style="display:none;">
+  <img src="/pki/esc/sow/images/indicator.gif">
+  <h2 id="progress" name="progress" value="0%" ></h2>
+  </table>
+
+</div>
+</td>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Start Enrollment" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoEnrollCOOLKey();">
+          <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';">
+        </td>
+      </tr>
+    </table>
+  </div>
+</div>
+</body></html>
diff --git a/base/tps/apache/cgi-bin/sow/enroll_temp.cgi b/base/tps/apache/cgi-bin/sow/enroll_temp.cgi
new file mode 100755
index 000000000..5817039a2
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/enroll_temp.cgi
@@ -0,0 +1,246 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+[REQUIRE_CFG_PL]
+
+use CGI;
+use Mozilla::LDAP::Conn;
+use PKI::TPS::Common;
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GenerateEnrollmentPage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+  my $ldap_host = get_ldap_host();
+  my $ldap_port = get_ldap_port();
+  my $secureconn = get_ldap_secure();
+  my $basedn = get_base_dn();
+  my $port = get_port();
+  my $host = get_host();
+  my $secure_port = get_secure_port();
+  my $certdir = get_ldap_certdir();
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< enroll_temp.html"));
+
+  print $gQuery->header();
+
+  my $uid = $gQuery->param("uid");
+
+  my $conn =  PKI::TPS::Common::make_connection(
+                  {host => $ldap_host, port => $ldap_port, cert => $certdir},
+                  $secureconn);
+
+  ExitError("Failed to connect to the database. $msg") if (!$conn);
+
+  my $entry = $conn->search ( $basedn,
+                              "sub",
+                              "uid=$uid",
+                              0
+                            );
+
+  if (!$entry) {
+    $conn->close();
+    ExitError("User $uid not found");
+  }
+
+  my $givenName = ($entry->getValues("givenName"))[0] ||  "-";
+  my $cn = ($entry->getValues("cn"))[0] || "-";
+  my $sn = ($entry->getValues("sn"))[0] ||"-";
+  $uid = ($entry->getValues("uid"))[0] || "-";
+  my $mail = ($entry->getValues("mail"))[0] || "-";
+  my $phone = ($entry->getValues("telephoneNumber"))[0] || "-";
+  my $departmentNumber = ($entry->getValues("departmentNumber"))[0] || "";
+  my $employeeNumber = ($entry->getValues("employeeNumber"))[0] || "";
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$mail/$mail/g;
+    $l =~ s/\$uid/$uid/g;
+    $l =~ s/\$givenName/$givenName/g;
+    $l =~ s/\$sn/$sn/g;
+    $l =~ s/\$cn/$cn/g;
+    $l =~ s/\$phone/$phone/g;
+    $l =~ s/\$departmentNumber/$departmentNumber/g;
+    $l =~ s/\$employeeNumber/$employeeNumber/g;
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/base/tps/apache/cgi-bin/sow/enroll_temp.html b/base/tps/apache/cgi-bin/sow/enroll_temp.html
new file mode 100755
index 000000000..342eddb1b
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/enroll_temp.html
@@ -0,0 +1,231 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Enrollment</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<script type="text/JavaScript" src="/esc/sow/util.js"></script>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+<script type="text/javascript">
+<!--
+function UserOnCOOLKeyStateError()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function UserSelectRowByKeyID(keyType, keyID)
+{
+  DoCoolKeySetConfigValue("Operation-" + keyID,
+           "https://$host:$secure_port/nk_service");
+  DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey");
+  SelectRowByKeyID(keyType, keyID);
+}
+
+function updateKeyText(text)
+{
+  var f = document.getElementById('keytext');
+  new Effect.Shake(f);
+  var text = document.createTextNode(text);
+  var len= f.childNodes.length;  
+  for (i=0;i<len;i++){
+       f.removeChild(f.childNodes[0]);
+  }
+  f.appendChild(text);
+}
+
+var officerToken = null;
+function UserOnDoneInitializeBindingTable()
+{
+  // display existing blank smart
+  var arr = GetAvailableCOOLKeys();
+  if (!arr || arr.length < 1)
+    return;
+  var i;
+  for (i=0; i < arr.length; i++)
+  {
+    var keyType = arr[i][0];
+    var keyID = arr[i][1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+    if (keyStatus == "BLANK") {
+      updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    } else if (keyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    }
+
+    if(keyStatus == "ENROLLED" ) {
+        var uid =  GetCoolKeyIssuedTo(keyType,keyID);
+        if(uid)
+        {
+            isAgent = window.IsAgentOrUser(uid,"agent");
+        }
+        if(isAgent == true)
+        {
+            officerToken = keyID;
+        }
+    }
+
+  }
+}
+
+function UserOnCOOLKeyInserted(keyType, keyID)
+{
+  var arr = GetAvailableCOOLKeys();
+  var curKeyType = null;
+  var curKeyID = null;
+  var curKeyStatus = null;
+  var i = 0;
+  var enrollbtn = document.getElementById('enrollbtn');
+  while(1) {
+      if (arr && arr.length <= 1  )
+      {
+          toggleButton('enrollbtn','off');
+          return;
+      }
+      if (arr && arr.length > 1 )
+      {
+          toggleButton('enrollbtn','on');
+      }
+      curKeyType = arr[i][0];
+      curKeyID = arr[i][1];
+
+      var curKeyStatus = GetStatusForKeyID(curKeyType, curKeyID);
+      if(!(curKeyID == officerToken && curKeyStatus == "ENROLLED")) {
+          break;
+      }
+      i++;
+  }
+
+  if (curKeyStatus == "ENROLLED" || curKeyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!');
+  } else {
+      updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!');
+  }
+
+  var uid = null;
+  var isAgent = null;
+  UserSelectRowByKeyID(curKeyType, curKeyID);
+
+  if(curKeyStatus == "ENROLLED")
+  {
+    uid =  GetCoolKeyIssuedTo(curKeyType,curKeyID);
+    if(uid)
+    {
+        isAgent = window.IsAgentOrUser(uid,"agent");
+    }     
+    if(isAgent == true)
+    {
+        MyAlert("You can't Enroll a temporary card that belongs to another Security Officer!");
+        updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" SECURITY OFFICER is detected!');
+        toggleButton('enrollbtn','off');
+    }
+  }
+}
+
+function UserOnCOOLKeyRemoved(keyType, keyID)
+{
+  updateKeyText('Please insert a blank smartcard now!');
+}
+
+function UserOnCOOLKeyStatusUpdate(data)
+{
+  var progress = document.getElementById("progress");
+  if(progress)
+      progress.innerHTML = data + "%";
+}
+
+
+function toggleAjaxProgress(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.style.display = 'none';
+  } else {
+    e.style.display = 'block';
+  }
+}
+
+function toggleButton(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.disabled = true;
+  } else {
+    e.disabled = false;
+  }
+}
+// -->
+</script>
+</head>
+
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<progressmeter id="progress-id" hidden="true" align = "center"/>
+
+<div id="pb" style="display:none;">
+  <table id="BindingTable" width="200px" align="center">
+    <tr id="HeaderRow">
+    </tr>
+  </table>
+</div>
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+  <blockquote><p>The security officer has identified the user as <strong>$cn</strong>. The User ID is <strong>$uid</strong>.</p>
+</blockquote>
+<h3><span id="keytext">Please insert new smartcard now!</span></h3>
+      <blockquote><p>The user must provide a password to protect the smart card.</p> </blockquote>
+        <h3>New Token Password:</h3>
+        <input type="password" id="pintf" name="pintf" value=""><br/>
+        <h3>Re-Enter Token Password:</h3>
+        <input type="password" id="reenterpintf" name="reenterpintf" value=""><br/>
+        <input type="hidden" id="snametf"  value="$uid">
+        <h3>User Password:</h3>
+        <input type="password" id="snamepwd" value=""><br/>
+    <table width="100%">
+      <tr>
+<td>
+<div id="ajax-pb" style="display:none;">
+  <img src="/pki/esc/sow/images/indicator.gif">
+  <h2 id="progress" name="progress" value="0%" ></h2>
+</div>
+</td>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Start Enrollment" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoEnrollTempCOOLKey();">
+          <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';">
+        </td>
+      </tr>
+    </table>
+  </div>
+</div>
+</body></html>
diff --git a/base/tps/apache/cgi-bin/sow/format.cgi b/base/tps/apache/cgi-bin/sow/format.cgi
new file mode 100755
index 000000000..9b310991d
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/format.cgi
@@ -0,0 +1,207 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+[REQUIRE_CFG_PL]
+
+use CGI;
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $host = get_host();
+my $port = get_port();
+my $secure_port = get_secure_port();
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GeneratePage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GeneratePage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< format.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/base/tps/apache/cgi-bin/sow/format.html b/base/tps/apache/cgi-bin/sow/format.html
new file mode 100755
index 000000000..66b19a624
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/format.html
@@ -0,0 +1,236 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Enrollment</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<script type="text/JavaScript" src="/esc/sow/util.js"></script>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+<script type="text/javascript">
+<!--
+
+function UserOnCOOLKeyStateError()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function UserOnCOOLKeyFormatComplete()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function updateKeyText(text)
+{
+  var f = document.getElementById('keytext');
+  new Effect.Shake(f);
+  var text = document.createTextNode(text);
+  var len= f.childNodes.length;  
+  for (i=0;i<len;i++){
+       f.removeChild(f.childNodes[0]);
+  }
+  f.appendChild(text);
+}
+
+function UserSelectRowByKeyID(keyType, keyID)
+{
+  DoCoolKeySetConfigValue("Operation-" + keyID, 
+           "https://$host:$secure_port/nk_service");
+  DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey");
+  SelectRowByKeyID(keyType, keyID);
+}
+
+var officerToken = null;
+
+function UserOnDoneInitializeBindingTable()
+{
+  // display existing blank smart
+  var arr = GetAvailableCOOLKeys();
+  if (!arr || arr.length < 1)
+    return;
+  var i;
+  for (i=0; i < arr.length; i++)
+  {
+    var keyType = arr[i][0];
+    var keyID = arr[i][1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+    if (keyStatus == "BLANK") {
+      updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    } else if (keyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    }
+
+    if(keyStatus == "ENROLLED" ) {
+        var uid =  GetCoolKeyIssuedTo(keyType,keyID);
+        if(uid)
+        {
+            isAgent = window.IsAgentOrUser(uid,"agent");
+        }
+        if(isAgent == true)
+        {
+            officerToken = keyID;
+        }
+    }
+  }
+
+  if (arr && arr.length <= 1  )
+  {
+    toggleButton('enrollbtn','off');
+  }
+}
+
+function UserOnCOOLKeyInserted(keyType, keyID)
+{
+  var arr = GetAvailableCOOLKeys();
+  var curKeyType = null;
+  var curKeyID = null;
+  var curKeyStatus = null;
+  var i = 0;
+  while(1) {
+      if (arr && arr.length <= 1  )
+      {
+          toggleButton('enrollbtn','off');
+          return;
+      }
+      if (arr && arr.length > 1 )
+      {
+          toggleButton('enrollbtn','on');
+      }
+      curKeyType = arr[i][0];
+      curKeyID = arr[i][1];
+      
+      var curKeyStatus = GetStatusForKeyID(curKeyType, curKeyID);
+      if(!(curKeyID == officerToken && curKeyStatus == "ENROLLED")) {
+          break;
+      }
+      i++; 
+  }
+
+  if (curKeyStatus == "ENROLLED" || curKeyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!');
+  } else {
+      updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!');
+  }
+
+  var uid = null;
+  var isAgent = null;
+  UserSelectRowByKeyID(curKeyType, curKeyID);
+
+  if(curKeyStatus == "ENROLLED")
+  {
+    uid =  GetCoolKeyIssuedTo(curKeyType,curKeyID);
+    if(uid)
+    {
+        isAgent = window.IsAgentOrUser(uid,"agent");
+    }      
+    if(isAgent == true)
+    {
+        MyAlert("You can't Format a card that belongs to another Security Officer!");
+        updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" SECURITY OFFICER is detected!');
+        toggleButton('enrollbtn','off');
+    }
+  }
+}
+
+function UserOnCOOLKeyRemoved(keyType, keyID)
+{
+  updateKeyText('Please insert a blank smartcard now!');
+}
+
+function UserOnCOOLKeyStatusUpdate(data)
+{
+  var progress = document.getElementById("progress");
+
+  if(progress)
+      progress.innerHTML = data + "%";
+}
+
+function toggleAjaxProgress(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.style.display = 'none';
+  } else {
+    e.style.display = 'block';
+  }
+}
+
+function toggleButton(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.disabled = true;
+  } else {
+    e.disabled = false;
+  }
+}
+// -->
+</script>
+</head>
+
+<body onload="InitializeBindingTable();" onunload="cleanup();">
+
+<progressmeter id="progress-id" hidden="true" align = "center"/> 
+
+<div id="pb" style="display:none;">
+  <table id="BindingTable" width="200px" align="center">
+     <tr id="HeaderRow">
+     </tr>
+  </table>
+</div>
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+<br/>
+<blockquote>This will erase the phone home URL and format the user token.</blockquote>
+<h3><span id="keytext">Please insert new smartcard now!</span></h3>
+    <br/>
+    <table width="100%">
+      <tr>
+<td>
+<div id="ajax-pb" style="display:none;">
+  <img src="/pki/esc/sow/images/indicator.gif">
+  <h2 id="progress" name="progress" value="0%" ></h2>
+</div>
+</td>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Format" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoFormatCOOLKey();">
+          <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';">
+        </td>
+      </tr>
+    </table>
+  </div>
+</div>
+</body></html>
diff --git a/base/tps/apache/cgi-bin/sow/formatso.cgi b/base/tps/apache/cgi-bin/sow/formatso.cgi
new file mode 100755
index 000000000..d53129139
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/formatso.cgi
@@ -0,0 +1,207 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+[REQUIRE_CFG_PL]
+
+use CGI;
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $host = get_host();
+my $port = get_port();
+my $secure_port = get_secure_port();
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GeneratePage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GeneratePage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< formatso.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/base/tps/apache/cgi-bin/sow/formatso.html b/base/tps/apache/cgi-bin/sow/formatso.html
new file mode 100755
index 000000000..3508d633e
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/formatso.html
@@ -0,0 +1,186 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Enrollment</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<script type="text/JavaScript" src="/esc/sow/util.js"></script>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+<script type="text/javascript">
+<!--
+function UserOnCOOLKeyStateError()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function UserOnCOOLKeyFormatComplete()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function updateKeyText(text)
+{
+  var f = document.getElementById('keytext');
+  new Effect.Shake(f);
+  var text = document.createTextNode(text);
+  var len= f.childNodes.length;  
+  for (i=0;i<len;i++){
+       f.removeChild(f.childNodes[0]);
+  }
+  f.appendChild(text);
+}
+
+function UserOnCOOLKeyStatusUpdate(data)
+{
+  var progress = document.getElementById("progress");
+
+  if(progress)
+      progress.innerHTML = data + "%";
+}
+
+function UserSelectRowByKeyID(keyType, keyID)
+{
+  DoCoolKeySetConfigValue("Operation-" + keyID, 
+           "https://$host:$secure_port/nk_service");
+  DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey");
+  SelectRowByKeyID(keyType, keyID);
+}
+
+function UserOnDoneInitializeBindingTable()
+{
+  // display existing blank smart
+  var arr = GetAvailableCOOLKeys();
+  if (!arr || arr.length < 1)
+    return;
+  var i;
+  for (i=0; i < arr.length; i++)
+  {
+    var keyType = arr[i][0];
+    var keyID = arr[i][1];
+    UserOnCOOLKeyInserted(keyType,keyID);
+  }
+}
+
+function UserOnCOOLKeyInserted(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  if (keyStatus == "ENROLLED" || keyStatus == "UNINITIALIZED") {
+    updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+  } else {
+    updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+  }
+  UserSelectRowByKeyID(keyType, keyID);
+   var uid = null;
+  var isUser = false;
+
+  if(keyStatus == "ENROLLED")
+  {
+    uid =  GetCoolKeyIssuedTo(keyType,keyID);
+
+    if(uid)
+    {
+        isUser = IsAgentOrUser(uid,"user");
+    }
+    if(isUser == true)
+    {
+        MyAlert("You can't Format a User card here!  Try another card.");
+
+        updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" USER is detected!');
+        toggleButton('enrollbtn','off');
+    }
+  }
+}
+
+function UserOnCOOLKeyRemoved(keyType, keyID)
+{
+  updateKeyText('Please insert a blank smartcard now!');
+}
+
+function toggleAjaxProgress(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.style.display = 'none';
+  } else {
+    e.style.display = 'block';
+  }
+}
+
+function toggleButton(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.disabled = true;
+  } else {
+    e.disabled = false;
+  }
+}
+// -->
+</script>
+</head>
+
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<progressmeter id="progress-id" hidden="true" align = "center"/>
+
+<div id="pb" style="display:none;">
+  <table id="BindingTable" width="200px" align="center">
+    <tr id="HeaderRow">
+    </tr>
+  </table>
+</div>
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+<br/>
+<blockquote>This will erase the phone home URL and format the SO token, so that you can start the demonstration all over again. <br/><br/>WARNING: You will not be able to access the security officer station after this operation.</blockquote>
+<h3><span id="keytext">Please insert new smartcard now!</span></h3>
+    <br/>
+    <table width="100%">
+      <tr>
+<td>
+<div id="ajax-pb" style="display:none;">
+  <img src="/pki/esc/sow/images/indicator.gif">
+  <h2 id="progress" name="progress" value="0%" ></h2>
+</div>
+</td>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Format" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoFormatSoCOOLKey();">
+          <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';">
+        </td>
+      </tr>
+    </table>
+  </div>
+</div>
+</body></html>
diff --git a/base/tps/apache/cgi-bin/sow/index.cgi b/base/tps/apache/cgi-bin/sow/index.cgi
new file mode 100755
index 000000000..7f7a98869
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/index.cgi
@@ -0,0 +1,42 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+print "Content-type: text/xml\n\n";
+print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>";
+print "<ServiceInfo>";
+print "<IssuerName>";
+print "Fedora Project";   # Vendor
+print "</IssuerName>\n";
+print "<Services>";
+print "<Operation>";
+print "https://[SERVER_NAME]:[SECURE_PORT]/nk_service";
+print "</Operation>";
+print "<UI>";
+print "https://[SERVER_NAME]:[SECURE_PORT]/cgi-bin/sow/search.cgi";
+print "</UI>";
+print "<EnrolledTokenBrowserURL>";
+print "</EnrolledTokenBrowserURL>";
+print "</Services>";
+print "</ServiceInfo>";
diff --git a/base/tps/apache/cgi-bin/sow/is_agent.cgi b/base/tps/apache/cgi-bin/sow/is_agent.cgi
new file mode 100755
index 000000000..c6b6a87f7
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/is_agent.cgi
@@ -0,0 +1,69 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+
+my $q = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoIsAgent
+{
+
+  print "Content-type: text/xml\n\n";
+  
+  if (!&authorize()) {
+    return;
+  }
+
+  my $uid = $q->param('uid');
+
+  if(&is_agent("uid=$uid"))
+  {
+      print "<response>yes</response>\n";
+  }
+  else
+  {
+      print "<response>no</response>\n";
+  }
+
+}
+
+&DoIsAgent(); 
diff --git a/base/tps/apache/cgi-bin/sow/is_user.cgi b/base/tps/apache/cgi-bin/sow/is_user.cgi
new file mode 100755
index 000000000..d7a551421
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/is_user.cgi
@@ -0,0 +1,71 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+use CGI::Carp qw(fatalsToBrowser);
+
+[REQUIRE_CFG_PL]
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+
+my $q = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoIsUser
+{
+
+  print "Content-type: text/xml\n\n";
+  
+  if (!&authorize()) {
+    return;
+  }
+
+  my $uid = $q->param('uid');
+
+  if(&is_user("uid=$uid"))
+  {
+      print "<response>yes</response>\n";
+  }
+  else
+  {
+      print "<response>no</response>\n";
+  }
+
+}
+
+&DoIsUser(); 
diff --git a/base/tps/apache/cgi-bin/sow/main.cgi b/base/tps/apache/cgi-bin/sow/main.cgi
new file mode 100755
index 000000000..c6f65e42e
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/main.cgi
@@ -0,0 +1,70 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+
+my $q = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $error = $q->param('error');
+  $error = "" if !defined $error;
+
+  open(FILE, "< main.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/base/tps/apache/cgi-bin/sow/main.html b/base/tps/apache/cgi-bin/sow/main.html
new file mode 100755
index 000000000..897be5920
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/main.html
@@ -0,0 +1,67 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Security Officer</title>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+     <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> | 
+    </div>
+  <blockquote><p>User Token Functions</p></blockquote>
+<ul style="font-size:1.2em;">
+    <a href="search.cgi">Enroll New Card</a> - enroll a new user smart card<br />
+    <a href="search_temp.cgi">Enroll Temporay Card</a> - enroll a temporary smart card<br />
+    <a href="format.cgi">Format Card</a> - format a user card<br />
+    <a href="seturl.cgi">Set Home URL</a> - set phone home URL to a user card<br />
+</ul>
+  <blockquote><p>Misc Functions</p></blockquote>
+<ul style="font-size:1.2em;">
+    <a href="formatso.cgi">Format SO Card</a> - format a SO card<br />
+</ul>
+
+    <br/>
+<font color="red">$error</font>
+    <br/>
+    <table width="100%">
+      <tr>
+        <td align="right">
+        </td>
+      </tr>
+    </table>
+</form>
+
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/base/tps/apache/cgi-bin/sow/noaccess.cgi b/base/tps/apache/cgi-bin/sow/noaccess.cgi
new file mode 100755
index 000000000..17166bcb6
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/noaccess.cgi
@@ -0,0 +1,56 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $host = get_host();
+my $secure_port = get_secure_port();
+my $port = get_port();
+
+my $q = new CGI;
+
+sub DoPage
+{
+
+  my $error = $q->param('error');
+
+  open(FILE, "< noaccess.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      $l =~ s/\$host/$host/g;
+      $l =~ s/\$secure_port/$secure_port/g;
+      $l =~ s/\$port/$port/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/base/tps/apache/cgi-bin/sow/noaccess.html b/base/tps/apache/cgi-bin/sow/noaccess.html
new file mode 100755
index 000000000..80cdd11d7
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/noaccess.html
@@ -0,0 +1,63 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Security Officer</title>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+     <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    </div>
+  <blockquote><p>Sorry, you do not have permission to perform the requested operation.</p></blockquote>
+<form method=post action="http://$host:$port/cgi-bin/sow/welcome.cgi">
+    <table>
+      <tr>
+      </tr>
+
+      </table>
+
+    <br/>
+<font color="red">$error</font>
+    <br/>
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="submit" id="search" name="search" value="Start Over">
+        </td>
+      </tr>
+    </table>
+</form>
+
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/base/tps/apache/cgi-bin/sow/read.cgi b/base/tps/apache/cgi-bin/sow/read.cgi
new file mode 100755
index 000000000..8a5793c2b
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/read.cgi
@@ -0,0 +1,128 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+use Mozilla::LDAP::Conn;
+use PKI::TPS::Common;
+
+[REQUIRE_CFG_PL]
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  my $q = new CGI;
+  my $host = get_ldap_host();
+  my $port = get_ldap_port();
+  my $secureconn = get_ldap_secure();
+  my $basedn = get_base_dn();
+  my $certdir = get_ldap_certdir();
+
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $name = $q->param('name');
+  my $uid = $q->param('name_ID');
+  $name = "" if !defined $name;
+
+  if ($name eq "") {
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=Name cannot be empty");
+    return;
+  }
+
+  my $conn =  PKI::TPS::Common::make_connection(
+                  {host => $host, port => $port, cert => $certdir},
+                  $secureconn);
+
+  if (!$conn) {
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=Failed to connect to the database.");
+    return;
+  };
+
+  my $entry = $conn->search ( $basedn,
+                         "sub",
+                         "cn=$name",
+                         0
+                       );
+
+  if (!$entry) {
+    $conn->close();
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found");
+    return;
+  }
+
+  my $givenName = ($entry->getValues("givenName"))[0] ||  "-";
+  my $cn = ($entry->getValues("cn"))[0] || "-";
+  my $sn = ($entry->getValues("sn"))[0] ||"-";
+  $uid = ($entry->getValues("uid"))[0] || "-";
+  my $mail = ($entry->getValues("mail"))[0] || "-";
+  my $phone = ($entry->getValues("telephoneNumber"))[0] || "-";
+  my $photoLarge = ($entry->getValues("photoLarge"))[0] || ""; # photo (full size)
+  my $photoSmall = ($entry->getValues("photoSmall"))[0] || ""; # photo (thumb)
+  my $height = ($entry->getValues("height"))[0] || "";
+  my $weight = ($entry->getValues("weight"))[0] || "";
+  my $eyecolor = ($entry->getValues("eyeColor"))[0] || "";
+
+  $conn->close();
+
+  if ($uid eq "-") {
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found");
+    return;
+  }
+
+  open(FILE, "< read.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$mail/$mail/g;
+      $l =~ s/\$uid/$uid/g;
+      $l =~ s/\$givenName/$givenName/g;
+      $l =~ s/\$sn/$sn/g;
+      $l =~ s/\$cn/$cn/g;
+      $l =~ s/\$phone/$phone/g;
+      $l =~ s/\$photoLarge/$photoLarge/g;
+      $l =~ s/\$photoSmall/$photoSmall/g;
+      $l =~ s/\$height/$height/g;
+      $l =~ s/\$weight/$weight/g;
+      $l =~ s/\$eyecolor/$eyecolor/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/base/tps/apache/cgi-bin/sow/read.html b/base/tps/apache/cgi-bin/sow/read.html
new file mode 100755
index 000000000..ca1c5f9d3
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/read.html
@@ -0,0 +1,78 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/css/style.css" type="text/css">
+
+<title>Security Officer</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+     <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+     </div>
+  <blockquote><p>Please check user's identification and verify the user information. If the information is correct, please insert a new smart card and continue.</p></blockquote>
+  <table>
+  <tr>
+    <td>
+<script type="text/javascript">
+ if ('$departmentNumber' != '') {
+   document.writeln('<img alt="" border=0 src="$photoSmall">');
+  }
+</script>
+    </td>
+    <td>
+       <span class="heading">UID:</span> $uid<br/>
+       <span class="heading">Given Name:</span> $givenName<br/>
+       <span class="heading">Last Name:</span> $sn<br/>
+       <span class="heading">Email:</span>$mail<br/>
+       <span class="heading">Height:</span> $height<br/>
+       <span class="heading">Weight:</span> $weight<br/>
+       <span class="heading">Eye Color:</span> $eyecolor<br/>
+    </td>
+    </table>
+    <br/>
+
+  <form method=post action="enroll.cgi">
+    <input type=hidden name=uid value="$uid">
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="submit" id="search" name="Enroll" value="Continue">
+        </td>
+      </tr>
+    </table>
+  </form>
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/base/tps/apache/cgi-bin/sow/read_temp.cgi b/base/tps/apache/cgi-bin/sow/read_temp.cgi
new file mode 100755
index 000000000..31c6fd7e3
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/read_temp.cgi
@@ -0,0 +1,125 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+use Mozilla::LDAP::Conn;
+use PKI::TPS::Common;
+
+[REQUIRE_CFG_PL]
+
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  my $q = new CGI;
+  my $host = get_ldap_host();
+  my $port = get_ldap_port();
+  my $secureconn = get_ldap_secure();
+  my $basedn = get_base_dn();
+  my $certdir = get_ldap_certdir();
+
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $name = $q->param('name');
+  my $uid = $q->param('name_ID');
+  $name = "" if !defined $name;
+
+  if ($name eq "") {
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=Name cannot be empty");
+    return;
+  }
+
+  my $conn =  PKI::TPS::Common::make_connection(
+                  {host => $host, port => $port, cert => $certdir},
+                  $secureconn);
+
+
+  my $entry = $conn->search ( $basedn,
+                              "sub",
+                              "cn=$name",
+                              0
+                            );
+
+  if (!$entry) {
+    $conn->close();
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found");
+    return;
+  }
+
+  my $givenName = ($entry->getValues("givenName"))[0] ||  "-";
+  my $cn = ($entry->getValues("cn"))[0] || "-";
+  my $sn = ($entry->getValues("sn"))[0] ||"-";
+  $uid = ($entry->getValues("uid"))[0] || "-";
+  my $mail = ($entry->getValues("mail"))[0] || "-";
+  my $phone = ($entry->getValues("telephoneNumber"))[0] || "-";
+  my $photoLarge = ($entry->getValues("photoLarge"))[0] || ""; # photo (full size)
+  my $photoSmall = ($entry->getValues("photoSmall"))[0] || ""; # photo (thumb)
+  my $height = ($entry->getValues("height"))[0] || "";
+  my $weight = ($entry->getValues("weight"))[0] || "";
+  my $eyecolor = ($entry->getValues("eyeColor"))[0] || "";
+
+  $conn->close();
+
+  if ($uid eq "-") {
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found");
+    return;
+  }
+
+  open(FILE, "< read_temp.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$mail/$mail/g;
+      $l =~ s/\$uid/$uid/g;
+      $l =~ s/\$givenName/$givenName/g;
+      $l =~ s/\$sn/$sn/g;
+      $l =~ s/\$cn/$cn/g;
+      $l =~ s/\$phone/$phone/g;
+      $l =~ s/\$photoLarge/$photoLarge/g;
+      $l =~ s/\$photoSmall/$photoSmall/g;
+      $l =~ s/\$height/$height/g;
+      $l =~ s/\$weight/$weight/g;
+      $l =~ s/\$eyecolor/$eyecolor/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/base/tps/apache/cgi-bin/sow/read_temp.html b/base/tps/apache/cgi-bin/sow/read_temp.html
new file mode 100755
index 000000000..ca1c5f9d3
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/read_temp.html
@@ -0,0 +1,78 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/css/style.css" type="text/css">
+
+<title>Security Officer</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+     <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+     </div>
+  <blockquote><p>Please check user's identification and verify the user information. If the information is correct, please insert a new smart card and continue.</p></blockquote>
+  <table>
+  <tr>
+    <td>
+<script type="text/javascript">
+ if ('$departmentNumber' != '') {
+   document.writeln('<img alt="" border=0 src="$photoSmall">');
+  }
+</script>
+    </td>
+    <td>
+       <span class="heading">UID:</span> $uid<br/>
+       <span class="heading">Given Name:</span> $givenName<br/>
+       <span class="heading">Last Name:</span> $sn<br/>
+       <span class="heading">Email:</span>$mail<br/>
+       <span class="heading">Height:</span> $height<br/>
+       <span class="heading">Weight:</span> $weight<br/>
+       <span class="heading">Eye Color:</span> $eyecolor<br/>
+    </td>
+    </table>
+    <br/>
+
+  <form method=post action="enroll.cgi">
+    <input type=hidden name=uid value="$uid">
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="submit" id="search" name="Enroll" value="Continue">
+        </td>
+      </tr>
+    </table>
+  </form>
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/base/tps/apache/cgi-bin/sow/search.cgi b/base/tps/apache/cgi-bin/sow/search.cgi
new file mode 100755
index 000000000..e681ed100
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/search.cgi
@@ -0,0 +1,70 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+
+my $q = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $error = $q->param('error');
+  $error = "" if !defined $error;
+
+  open(FILE, "< search.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/base/tps/apache/cgi-bin/sow/search.html b/base/tps/apache/cgi-bin/sow/search.html
new file mode 100755
index 000000000..5b66fcd48
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/search.html
@@ -0,0 +1,71 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Security Officer</title>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+  <blockquote><p>Please locate the user who is requesting a new smart card.</p></blockquote>
+<form method=post action="read.cgi">
+<div style="font-size:0.8em;">
+    <table>
+      <tr>
+        <td><h3>Name: </h3></td>
+        <td> </td>
+        <td><input type="text" id="name" name="name" value="" autocomplete="off"></td>
+        <input type="hidden" id="name_hidden" name="name_ID"><!-- THE ID OF the country will be inserted into this hidden input --></td>
+         <td> </td>
+      </tr>
+
+      </table>
+</div>
+
+    <br/>
+<font color="red">$error</font>
+    <br/>
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="submit" id="search" name="search" value="Continue">
+        </td>
+      </tr>
+    </table>
+</form>
+
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/base/tps/apache/cgi-bin/sow/search_temp.cgi b/base/tps/apache/cgi-bin/sow/search_temp.cgi
new file mode 100755
index 000000000..5d752a49d
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/search_temp.cgi
@@ -0,0 +1,70 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+
+my $q = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $error = $q->param('error');
+  $error = "" if !defined $error;
+
+  open(FILE, "< search_temp.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/base/tps/apache/cgi-bin/sow/search_temp.html b/base/tps/apache/cgi-bin/sow/search_temp.html
new file mode 100755
index 000000000..6f0096305
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/search_temp.html
@@ -0,0 +1,71 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Security Officer</title>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+  <blockquote><p>Please locate the user who is requesting a temporary smart card.</p></blockquote>
+<form method=post action="read_temp.cgi">
+<div style="font-size:0.8em;">
+    <table>
+      <tr>
+        <td><h3>Name: </h3></td>
+        <td> </td>
+        <td><input type="text" id="name" name="name" value="" autocomplete="off"></td>
+        <input type="hidden" id="name_hidden" name="name_ID"><!-- THE ID OF the country will be inserted into this hidden input --></td>
+         <td> </td>
+      </tr>
+
+      </table>
+</div>
+
+    <br/>
+<font color="red">$error</font>
+    <br/>
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="submit" id="search" name="search" value="Continue">
+        </td>
+      </tr>
+    </table>
+</form>
+
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/base/tps/apache/cgi-bin/sow/seturl.cgi b/base/tps/apache/cgi-bin/sow/seturl.cgi
new file mode 100755
index 000000000..dfac46d8f
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/seturl.cgi
@@ -0,0 +1,207 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+[REQUIRE_CFG_PL]
+
+use CGI;
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $host = get_host();
+my $port = get_port();
+my $secure_port = get_secure_port();
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GeneratePage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GeneratePage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< seturl.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/base/tps/apache/cgi-bin/sow/seturl.html b/base/tps/apache/cgi-bin/sow/seturl.html
new file mode 100755
index 000000000..f1cddb186
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/seturl.html
@@ -0,0 +1,174 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Enrollment</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<script type="text/JavaScript" src="/esc/sow/util.js"></script>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+<script type="text/javascript">
+<!--
+function UserOnCOOLKeyStateError()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function UserOnCOOLKeyFormatComplete()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function updateKeyText(text)
+{
+  var f = document.getElementById('keytext');
+  new Effect.Shake(f);
+  var text = document.createTextNode(text);
+  var len= f.childNodes.length;  
+  for (i=0;i<len;i++){
+       f.removeChild(f.childNodes[0]);
+  }
+  f.appendChild(text);
+}
+
+function UserSelectRowByKeyID(keyType, keyID)
+{
+  DoCoolKeySetConfigValue("Operation-" + keyID, 
+           "https://$host:$secure_port/nk_service");
+  DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey");
+  SelectRowByKeyID(keyType, keyID);
+}
+
+function UserOnDoneInitializeBindingTable()
+{
+  // display existing blank smart
+  var arr = GetAvailableCOOLKeys();
+  if (!arr || arr.length < 1)
+    return;
+  var i;
+  for (i=0; i < arr.length; i++)
+  {
+    var keyType = arr[i][0];
+    var keyID = arr[i][1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+    if (keyStatus == "BLANK") {
+      updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    } else if (keyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    }
+  }
+}
+
+function UserOnCOOLKeyStatusUpdate(data)
+{
+  var progress = document.getElementById("progress");
+
+  if(progress)
+      progress.innerHTML = data + "%";
+}
+
+function UserOnCOOLKeyInserted(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  if (keyStatus == "ENROLLED" || keyStatus == "UNINITIALIZED") {
+    updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+  } else {
+    updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+  }
+  UserSelectRowByKeyID(keyType, keyID);
+}
+
+function UserOnCOOLKeyRemoved(keyType, keyID)
+{
+  updateKeyText('Please insert a blank smartcard now!');
+}
+
+function toggleAjaxProgress(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.style.display = 'none';
+  } else {
+    e.style.display = 'block';
+  }
+}
+
+function toggleButton(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.disabled = true;
+  } else {
+    e.disabled = false;
+  }
+}
+// -->
+</script>
+</head>
+
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<progressmeter id="progress-id" hidden="true" align = "center"/>
+
+<div id="pb" style="display:none;">
+  <table id="BindingTable" width="200px" align="center">
+    <tr id="HeaderRow">
+    </tr>
+  </table>
+</div>
+<div id="header">
+  <div id="logo">
+     <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+<br/>
+<blockquote>This will burn a phone home URL on the user token.</blockquote>
+<h3><span id="keytext">Please insert new smartcard now!</span></h3>
+    <br/>
+    <table width="100%">
+      <tr>
+<td>
+<div id="ajax-pb" style="display:none;">
+  <img src="/pki/esc/sow/images/indicator.gif">
+  <h2 id="progress" name="progress" value="0%" ></h2>
+</div>
+</td>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Format" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoSetURLCOOLKey();">
+          <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';">
+        </td>
+      </tr>
+    </table>
+  </div>
+</div>
+</body></html>
diff --git a/base/tps/apache/cgi-bin/sow/welcome.cgi b/base/tps/apache/cgi-bin/sow/welcome.cgi
new file mode 100755
index 000000000..bc76dd3fa
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/welcome.cgi
@@ -0,0 +1,57 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $host = get_host();
+my $secure_port = get_secure_port();
+my $port = get_port();
+
+my $q = new CGI;
+
+sub DoPage
+{
+
+  my $error = $q->param('error');
+  $error = "" if !defined $error;
+
+  open(FILE, "< welcome.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      $l =~ s/\$host/$host/g;
+      $l =~ s/\$secure_port/$secure_port/g;
+      $l =~ s/\$port/$port/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/base/tps/apache/cgi-bin/sow/welcome.html b/base/tps/apache/cgi-bin/sow/welcome.html
new file mode 100755
index 000000000..c539f17b7
--- /dev/null
+++ b/base/tps/apache/cgi-bin/sow/welcome.html
@@ -0,0 +1,63 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Security Officer</title>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    </div>
+  <blockquote><p>Welcome to the security officer interface, you will be asked to identify yourself with your token. Please click the continue button below.</p></blockquote>
+<form method=post action="https://$host:$secure_port/cgi-bin/sow/main.cgi">
+    <table>
+      <tr>
+      </tr>
+
+      </table>
+
+    <br/>
+<font color="red">$error</font>
+    <br/>
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="submit" id="search" name="search" value="Continue">
+        </td>
+      </tr>
+    </table>
+</form>
+
+  </div>
+</div>
+
+</body>
+</html>
-- 
cgit