From abaa8473f51a5c436a2952920625b7447e226b29 Mon Sep 17 00:00:00 2001 From: Matthew Harmsen Date: Wed, 3 Sep 2014 21:07:07 -0700 Subject: Rename pki-tps-tomcat to pki-tps * PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps --- base/tps/shared/applets/1.2.4122DFB4.ijc | Bin 0 -> 11944 bytes base/tps/shared/applets/1.2.416DA155.ijc | Bin 0 -> 11945 bytes base/tps/shared/applets/1.3.42260AFA.ijc | Bin 0 -> 13117 bytes base/tps/shared/applets/1.3.4255CC01.ijc | Bin 0 -> 14909 bytes base/tps/shared/applets/1.3.42659461.ijc | Bin 0 -> 14879 bytes base/tps/shared/applets/1.3.427BDDB8.ijc | Bin 0 -> 14527 bytes base/tps/shared/applets/1.3.44724DDE.ijc | Bin 0 -> 14529 bytes base/tps/shared/applets/1.3.45787308.ijc | Bin 0 -> 14893 bytes base/tps/shared/applets/1.4.499dc06c.ijc | Bin 0 -> 14912 bytes base/tps/shared/applets/1.4.4d40a449.ijc | Bin 0 -> 14874 bytes base/tps/shared/applets/3FD00877.ijc | Bin 0 -> 13662 bytes base/tps/shared/applets/4003196C.ijc | Bin 0 -> 13683 bytes base/tps/shared/applets/402428AD.ijc | Bin 0 -> 13699 bytes base/tps/shared/applets/404E4697.ijc | Bin 0 -> 11995 bytes base/tps/shared/applets/4122DFB4.ijc | Bin 0 -> 11944 bytes base/tps/shared/applets/listappletdates | 42 + base/tps/shared/applets/readme.txt | 52 + base/tps/shared/conf/CMakeLists.txt | 8 + base/tps/shared/conf/CS.cfg.in | 1375 ++++++++++++++++++++ base/tps/shared/conf/Catalina/localhost/tps.xml | 37 + base/tps/shared/conf/acl.ldif | 33 + base/tps/shared/conf/acl.properties | 42 + base/tps/shared/conf/auth-method.properties | 27 + base/tps/shared/conf/catalina.policy | 182 +++ base/tps/shared/conf/catalina.properties | 87 ++ base/tps/shared/conf/database.ldif | 9 + base/tps/shared/conf/db.ldif | 54 + base/tps/shared/conf/index.ldif | 84 ++ base/tps/shared/conf/jk2.manifest | 2 + base/tps/shared/conf/jk2.properties | 31 + base/tps/shared/conf/jkconf.ant.xml | 55 + base/tps/shared/conf/jkconfig.manifest | 2 + base/tps/shared/conf/logging.properties | 70 + base/tps/shared/conf/manager.ldif | 46 + base/tps/shared/conf/phoneHome.xml | 10 + base/tps/shared/conf/registry.cfg | 5 + base/tps/shared/conf/schema.ldif | 58 + base/tps/shared/conf/server-minimal.xml | 29 + base/tps/shared/conf/server.xml | 258 ++++ base/tps/shared/conf/shm.manifest | 2 + base/tps/shared/conf/tomcat-jk2.manifest | 7 + base/tps/shared/conf/tomcat-users.xml | 45 + base/tps/shared/conf/tomcat6.conf | 58 + base/tps/shared/conf/uriworkermap.properties | 18 + base/tps/shared/conf/vlv.ldif | 51 + base/tps/shared/conf/vlvtasks.ldif | 28 + base/tps/shared/conf/web.xml | 993 ++++++++++++++ base/tps/shared/conf/workers.properties | 209 +++ base/tps/shared/conf/workers.properties.minimal | 22 + base/tps/shared/conf/workers2.properties | 136 ++ base/tps/shared/conf/workers2.properties.minimal | 60 + base/tps/shared/webapps/tps/404.html | 145 +++ base/tps/shared/webapps/tps/500.html | 138 ++ .../shared/webapps/tps/GenUnexpectedError.template | 67 + .../shared/webapps/tps/WEB-INF/velocity.properties | 13 + base/tps/shared/webapps/tps/WEB-INF/web.xml | 297 +++++ base/tps/shared/webapps/tps/index.html | 73 ++ base/tps/shared/webapps/tps/js/account.js | 37 + base/tps/shared/webapps/tps/js/activity.js | 97 ++ base/tps/shared/webapps/tps/js/audit.js | 232 ++++ base/tps/shared/webapps/tps/js/authenticator.js | 109 ++ base/tps/shared/webapps/tps/js/cert.js | 100 ++ base/tps/shared/webapps/tps/js/config.js | 51 + base/tps/shared/webapps/tps/js/connector.js | 109 ++ base/tps/shared/webapps/tps/js/group.js | 232 ++++ base/tps/shared/webapps/tps/js/profile-mapping.js | 109 ++ base/tps/shared/webapps/tps/js/profile.js | 109 ++ base/tps/shared/webapps/tps/js/selftest.js | 88 ++ base/tps/shared/webapps/tps/js/token.js | 258 ++++ base/tps/shared/webapps/tps/js/tps.js | 231 ++++ base/tps/shared/webapps/tps/js/user.js | 150 +++ base/tps/shared/webapps/tps/services.template | 106 ++ base/tps/shared/webapps/tps/ui/activities.html | 83 ++ base/tps/shared/webapps/tps/ui/activity.html | 47 + base/tps/shared/webapps/tps/ui/audit.html | 134 ++ base/tps/shared/webapps/tps/ui/authenticator.html | 131 ++ base/tps/shared/webapps/tps/ui/authenticators.html | 74 ++ base/tps/shared/webapps/tps/ui/cert.html | 49 + base/tps/shared/webapps/tps/ui/certs.html | 87 ++ base/tps/shared/webapps/tps/ui/config.html | 116 ++ base/tps/shared/webapps/tps/ui/connector.html | 131 ++ base/tps/shared/webapps/tps/ui/connectors.html | 75 ++ base/tps/shared/webapps/tps/ui/group.html | 125 ++ base/tps/shared/webapps/tps/ui/groups.html | 75 ++ base/tps/shared/webapps/tps/ui/home.html | 60 + base/tps/shared/webapps/tps/ui/index.html | 429 ++++++ .../tps/shared/webapps/tps/ui/profile-mapping.html | 131 ++ .../shared/webapps/tps/ui/profile-mappings.html | 75 ++ base/tps/shared/webapps/tps/ui/profile.html | 131 ++ base/tps/shared/webapps/tps/ui/profiles.html | 75 ++ base/tps/shared/webapps/tps/ui/selftest.html | 42 + base/tps/shared/webapps/tps/ui/selftests.html | 79 ++ base/tps/shared/webapps/tps/ui/token.html | 96 ++ base/tps/shared/webapps/tps/ui/tokens.html | 135 ++ base/tps/shared/webapps/tps/ui/user.html | 57 + base/tps/shared/webapps/tps/ui/users.html | 75 ++ 96 files changed, 9490 insertions(+) create mode 100644 base/tps/shared/applets/1.2.4122DFB4.ijc create mode 100755 base/tps/shared/applets/1.2.416DA155.ijc create mode 100755 base/tps/shared/applets/1.3.42260AFA.ijc create mode 100644 base/tps/shared/applets/1.3.4255CC01.ijc create mode 100755 base/tps/shared/applets/1.3.42659461.ijc create mode 100644 base/tps/shared/applets/1.3.427BDDB8.ijc create mode 100755 base/tps/shared/applets/1.3.44724DDE.ijc create mode 100755 base/tps/shared/applets/1.3.45787308.ijc create mode 100644 base/tps/shared/applets/1.4.499dc06c.ijc create mode 100644 base/tps/shared/applets/1.4.4d40a449.ijc create mode 100644 base/tps/shared/applets/3FD00877.ijc create mode 100644 base/tps/shared/applets/4003196C.ijc create mode 100644 base/tps/shared/applets/402428AD.ijc create mode 100644 base/tps/shared/applets/404E4697.ijc create mode 100644 base/tps/shared/applets/4122DFB4.ijc create mode 100755 base/tps/shared/applets/listappletdates create mode 100644 base/tps/shared/applets/readme.txt create mode 100644 base/tps/shared/conf/CMakeLists.txt create mode 100644 base/tps/shared/conf/CS.cfg.in create mode 100644 base/tps/shared/conf/Catalina/localhost/tps.xml create mode 100644 base/tps/shared/conf/acl.ldif create mode 100644 base/tps/shared/conf/acl.properties create mode 100644 base/tps/shared/conf/auth-method.properties create mode 100644 base/tps/shared/conf/catalina.policy create mode 100644 base/tps/shared/conf/catalina.properties create mode 100644 base/tps/shared/conf/database.ldif create mode 100644 base/tps/shared/conf/db.ldif create mode 100644 base/tps/shared/conf/index.ldif create mode 100644 base/tps/shared/conf/jk2.manifest create mode 100644 base/tps/shared/conf/jk2.properties create mode 100644 base/tps/shared/conf/jkconf.ant.xml create mode 100644 base/tps/shared/conf/jkconfig.manifest create mode 100644 base/tps/shared/conf/logging.properties create mode 100644 base/tps/shared/conf/manager.ldif create mode 100644 base/tps/shared/conf/phoneHome.xml create mode 100644 base/tps/shared/conf/registry.cfg create mode 100644 base/tps/shared/conf/schema.ldif create mode 100644 base/tps/shared/conf/server-minimal.xml create mode 100644 base/tps/shared/conf/server.xml create mode 100644 base/tps/shared/conf/shm.manifest create mode 100644 base/tps/shared/conf/tomcat-jk2.manifest create mode 100644 base/tps/shared/conf/tomcat-users.xml create mode 100644 base/tps/shared/conf/tomcat6.conf create mode 100644 base/tps/shared/conf/uriworkermap.properties create mode 100644 base/tps/shared/conf/vlv.ldif create mode 100644 base/tps/shared/conf/vlvtasks.ldif create mode 100644 base/tps/shared/conf/web.xml create mode 100644 base/tps/shared/conf/workers.properties create mode 100644 base/tps/shared/conf/workers.properties.minimal create mode 100644 base/tps/shared/conf/workers2.properties create mode 100644 base/tps/shared/conf/workers2.properties.minimal create mode 100755 base/tps/shared/webapps/tps/404.html create mode 100755 base/tps/shared/webapps/tps/500.html create mode 100644 base/tps/shared/webapps/tps/GenUnexpectedError.template create mode 100644 base/tps/shared/webapps/tps/WEB-INF/velocity.properties create mode 100644 base/tps/shared/webapps/tps/WEB-INF/web.xml create mode 100644 base/tps/shared/webapps/tps/index.html create mode 100644 base/tps/shared/webapps/tps/js/account.js create mode 100644 base/tps/shared/webapps/tps/js/activity.js create mode 100644 base/tps/shared/webapps/tps/js/audit.js create mode 100644 base/tps/shared/webapps/tps/js/authenticator.js create mode 100644 base/tps/shared/webapps/tps/js/cert.js create mode 100644 base/tps/shared/webapps/tps/js/config.js create mode 100644 base/tps/shared/webapps/tps/js/connector.js create mode 100644 base/tps/shared/webapps/tps/js/group.js create mode 100644 base/tps/shared/webapps/tps/js/profile-mapping.js create mode 100644 base/tps/shared/webapps/tps/js/profile.js create mode 100644 base/tps/shared/webapps/tps/js/selftest.js create mode 100644 base/tps/shared/webapps/tps/js/token.js create mode 100644 base/tps/shared/webapps/tps/js/tps.js create mode 100644 base/tps/shared/webapps/tps/js/user.js create mode 100644 base/tps/shared/webapps/tps/services.template create mode 100644 base/tps/shared/webapps/tps/ui/activities.html create mode 100644 base/tps/shared/webapps/tps/ui/activity.html create mode 100644 base/tps/shared/webapps/tps/ui/audit.html create mode 100644 base/tps/shared/webapps/tps/ui/authenticator.html create mode 100644 base/tps/shared/webapps/tps/ui/authenticators.html create mode 100644 base/tps/shared/webapps/tps/ui/cert.html create mode 100644 base/tps/shared/webapps/tps/ui/certs.html create mode 100644 base/tps/shared/webapps/tps/ui/config.html create mode 100644 base/tps/shared/webapps/tps/ui/connector.html create mode 100644 base/tps/shared/webapps/tps/ui/connectors.html create mode 100644 base/tps/shared/webapps/tps/ui/group.html create mode 100644 base/tps/shared/webapps/tps/ui/groups.html create mode 100644 base/tps/shared/webapps/tps/ui/home.html create mode 100644 base/tps/shared/webapps/tps/ui/index.html create mode 100644 base/tps/shared/webapps/tps/ui/profile-mapping.html create mode 100644 base/tps/shared/webapps/tps/ui/profile-mappings.html create mode 100644 base/tps/shared/webapps/tps/ui/profile.html create mode 100644 base/tps/shared/webapps/tps/ui/profiles.html create mode 100644 base/tps/shared/webapps/tps/ui/selftest.html create mode 100644 base/tps/shared/webapps/tps/ui/selftests.html create mode 100644 base/tps/shared/webapps/tps/ui/token.html create mode 100644 base/tps/shared/webapps/tps/ui/tokens.html create mode 100644 base/tps/shared/webapps/tps/ui/user.html create mode 100644 base/tps/shared/webapps/tps/ui/users.html (limited to 'base/tps/shared') diff --git a/base/tps/shared/applets/1.2.4122DFB4.ijc b/base/tps/shared/applets/1.2.4122DFB4.ijc new file mode 100644 index 000000000..2a8ea0733 Binary files /dev/null and b/base/tps/shared/applets/1.2.4122DFB4.ijc differ diff --git a/base/tps/shared/applets/1.2.416DA155.ijc b/base/tps/shared/applets/1.2.416DA155.ijc new file mode 100755 index 000000000..21b0312a8 Binary files /dev/null and b/base/tps/shared/applets/1.2.416DA155.ijc differ diff --git a/base/tps/shared/applets/1.3.42260AFA.ijc b/base/tps/shared/applets/1.3.42260AFA.ijc new file mode 100755 index 000000000..f17f98281 Binary files /dev/null and b/base/tps/shared/applets/1.3.42260AFA.ijc differ diff --git a/base/tps/shared/applets/1.3.4255CC01.ijc b/base/tps/shared/applets/1.3.4255CC01.ijc new file mode 100644 index 000000000..322fe86e2 Binary files /dev/null and b/base/tps/shared/applets/1.3.4255CC01.ijc differ diff --git a/base/tps/shared/applets/1.3.42659461.ijc b/base/tps/shared/applets/1.3.42659461.ijc new file mode 100755 index 000000000..ccf8ba451 Binary files /dev/null and b/base/tps/shared/applets/1.3.42659461.ijc differ diff --git a/base/tps/shared/applets/1.3.427BDDB8.ijc b/base/tps/shared/applets/1.3.427BDDB8.ijc new file mode 100644 index 000000000..4a633e8d3 Binary files /dev/null and b/base/tps/shared/applets/1.3.427BDDB8.ijc differ diff --git a/base/tps/shared/applets/1.3.44724DDE.ijc b/base/tps/shared/applets/1.3.44724DDE.ijc new file mode 100755 index 000000000..e56705dff Binary files /dev/null and b/base/tps/shared/applets/1.3.44724DDE.ijc differ diff --git a/base/tps/shared/applets/1.3.45787308.ijc b/base/tps/shared/applets/1.3.45787308.ijc new file mode 100755 index 000000000..164c7e0cd Binary files /dev/null and b/base/tps/shared/applets/1.3.45787308.ijc differ diff --git a/base/tps/shared/applets/1.4.499dc06c.ijc b/base/tps/shared/applets/1.4.499dc06c.ijc new file mode 100644 index 000000000..388482123 Binary files /dev/null and b/base/tps/shared/applets/1.4.499dc06c.ijc differ diff --git a/base/tps/shared/applets/1.4.4d40a449.ijc b/base/tps/shared/applets/1.4.4d40a449.ijc new file mode 100644 index 000000000..bd716adb0 Binary files /dev/null and b/base/tps/shared/applets/1.4.4d40a449.ijc differ diff --git a/base/tps/shared/applets/3FD00877.ijc b/base/tps/shared/applets/3FD00877.ijc new file mode 100644 index 000000000..5e6624d5a Binary files /dev/null and b/base/tps/shared/applets/3FD00877.ijc differ diff --git a/base/tps/shared/applets/4003196C.ijc b/base/tps/shared/applets/4003196C.ijc new file mode 100644 index 000000000..bed8a7900 Binary files /dev/null and b/base/tps/shared/applets/4003196C.ijc differ diff --git a/base/tps/shared/applets/402428AD.ijc b/base/tps/shared/applets/402428AD.ijc new file mode 100644 index 000000000..b91a64334 Binary files /dev/null and b/base/tps/shared/applets/402428AD.ijc differ diff --git a/base/tps/shared/applets/404E4697.ijc b/base/tps/shared/applets/404E4697.ijc new file mode 100644 index 000000000..9c927c0f0 Binary files /dev/null and b/base/tps/shared/applets/404E4697.ijc differ diff --git a/base/tps/shared/applets/4122DFB4.ijc b/base/tps/shared/applets/4122DFB4.ijc new file mode 100644 index 000000000..2a8ea0733 Binary files /dev/null and b/base/tps/shared/applets/4122DFB4.ijc differ diff --git a/base/tps/shared/applets/listappletdates b/base/tps/shared/applets/listappletdates new file mode 100755 index 000000000..cca5964b7 --- /dev/null +++ b/base/tps/shared/applets/listappletdates @@ -0,0 +1,42 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2014 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# + + +$f = `/bin/ls *.ijc`; + +@filenames = split /\n/ms, $f; + +foreach $file (@filenames) { + $timestamp = $file; + $timestamp =~ s/1\.\d\.//; + + ($root) = ($timestamp =~ /(.*).ijc/); + + ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(hex($root)); + + printf " %16s %4d/%02d/%02d %02d:%02d\n", $file, + $year+1900, $mon+1, $mday, + $hour, $min; + +} + diff --git a/base/tps/shared/applets/readme.txt b/base/tps/shared/applets/readme.txt new file mode 100644 index 000000000..773e3bac5 --- /dev/null +++ b/base/tps/shared/applets/readme.txt @@ -0,0 +1,52 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2014 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +This directory contains a list of CoolKey applets +that can be used by the TPS for applet upgrade. + + +Applet Information: +------------------ + +File Name Creation Date Applet Ver Major Ver Minor Ver Remark +============ ================ ========== ========= ========= ========== +427BDDB8.ijc 2005/05/06 14:12 427BDDB8 1 3 Official Applet + +Token Information: +----------------- + +Type CUID (Token ID) ATR Remark +======================== ==================== ======= ================== +Old "E" and ealier cards 40900062ff00ssssssss +(Acquired From WebSite) +"F" cards 40900062ff00ssssssss +(Acquired From WebSite) +"G" & later (Oct/Nov) 409000620103ssssssss +(Acquired From WebSite) +Fortezza cards 409000620103ssssssss +(Acquired From WebSite) +Developement Keyed cards 409000620101ssssssss 3B76940000FF6276010000 + +where ssssssss is the serial number. + + +Remark +====== +1.3.45787308.ijc - this is the unofficial jForte applet with hacks diff --git a/base/tps/shared/conf/CMakeLists.txt b/base/tps/shared/conf/CMakeLists.txt new file mode 100644 index 000000000..419289d03 --- /dev/null +++ b/base/tps/shared/conf/CMakeLists.txt @@ -0,0 +1,8 @@ +configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CS.cfg.in ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg @ONLY) + +install( + FILES + ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg + DESTINATION + ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf +) diff --git a/base/tps/shared/conf/CS.cfg.in b/base/tps/shared/conf/CS.cfg.in new file mode 100644 index 000000000..1647acc5d --- /dev/null +++ b/base/tps/shared/conf/CS.cfg.in @@ -0,0 +1,1375 @@ +_000=## +_001=## Token Processing System (TPS) Configuration File +_002=## +accessEvaluator.impl.group.class=com.netscape.cms.evaluators.GroupAccessEvaluator +accessEvaluator.impl.ipaddress.class=com.netscape.cms.evaluators.IPAddressAccessEvaluator +accessEvaluator.impl.user.class=com.netscape.cms.evaluators.UserAccessEvaluator +archive.configuration_file=true +applet._000=######################################### +applet._001=# applet information +applet._002=# SAF Key: +applet._003=# applet.aid.cardmgr_instance=A0000001510000 +applet._004=######################################### +applet.aid.cardmgr_instance=A0000000030000 +applet.aid.netkey_file=627601FF0000 +applet.aid.netkey_instance=627601FF000000 +applet.aid.netkey_old_file=A000000001 +applet.aid.netkey_old_instance=A00000000101 +applet.delete_old=true +applet.so_pin=000000000000 +auths._000=## +auths._001=## new authentication +auths._002=## +auths.impl._000=## +auths.impl._001=## authentication manager implementations +auths.impl._002=## +auths.impl.AgentCertAuth.class=com.netscape.cms.authentication.AgentCertAuthentication +auths.impl.CMCAuth.class=com.netscape.cms.authentication.CMCAuth +auths.impl.NISAuth.class=com.netscape.cms.authentication.NISAuth +auths.impl.PortalEnroll.class=com.netscape.cms.authentication.PortalEnroll +auths.impl.SSLclientCertAuth.class=com.netscape.cms.authentication.SSLclientCertAuthentication +auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication +auths.impl.UdnPwdDirAuth.class=com.netscape.cms.authentication.UdnPwdDirAuthentication +auths.impl.UidPwdDirAuth.class=com.netscape.cms.authentication.UidPwdDirAuthentication +auths.impl.UidPwdPinDirAuth.class=com.netscape.cms.authentication.UidPwdPinDirAuthentication +auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents +auths.instance.AgentCertAuth.pluginName=AgentCertAuth +auths.instance.TokenAuth.pluginName=TokenAuth +auths.instance.ldap1.authCredName=uid +auths.instance.ldap1.ui.retries=3 +auths.instance.ldap1.ui.title.en=LDAP Authentication +auths.instance.ldap1.ui.description.en=This authenticates user against the LDAP directory. +auths.instance.ldap1.ui.id.UID.description.en=LDAP User ID +auths.instance.ldap1.ui.id.UID.name.en=LDAP User ID +auths.instance.ldap1.ui.id.UID.credMap.authCred=uid +auths.instance.ldap1.ui.id.UID.credMap.msgCred.extlogin=UID +auths.instance.ldap1.ui.id.UID.credMap.msgCred.login=screen_name +auths.instance.ldap1.ui.id.PASSWORD.description.en=LDAP Password +auths.instance.ldap1.ui.id.PASSWORD.name.en=LDAP Password +auths.instance.ldap1.ui.id.PASSWORD.credMap.authCred=pwd +auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred.extlogin=PASSWORD +auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred.login=password +auths.instance.ldap1.dnpattern= +auths.instance.ldap1.ldapByteAttributes= +auths.instance.ldap1.ldapStringAttributes=mail,cn,uid +auths.instance.ldap1.ldap.basedn=[LDAP_ROOT] +auths.instance.ldap1.ldap.maxConns=15 +auths.instance.ldap1.ldap.minConns=3 +auths.instance.ldap1.ldap.ldapauth.authtype=BasicAuth +auths.instance.ldap1.ldap.ldapauth.bindDN= +auths.instance.ldap1.ldap.ldapauth.bindPWPrompt=ldap1 +auths.instance.ldap1.ldap.ldapauth.clientCertNickname=subsystemCert cert-[PKI_INSTANCE_NAME] +auths.instance.ldap1.ldap.ldapconn.host=localhost +auths.instance.ldap1.ldap.ldapconn.port=389 +auths.instance.ldap1.ldap.ldapconn.secureConn=false +auths.instance.ldap1.ldap.ldapconn.version=3 +auths.instance.ldap1.pluginName=UidPwdDirAuth +auths.instance.SSLclientCertAuth.pluginName=SSLclientCertAuth +auths.revocationChecking.bufferSize=50 +auths.revocationChecking.enabled=true +auths.revocationChecking.tps=tps +auths.revocationChecking.unknownStateInterval=0 +auths.revocationChecking.validityInterval=120 +authType=pwd +authz._000=## +authz._001=## new authorizatioin +authz._002=## +authz.evaluateOrder=deny,allow +authz.impl._000=## +authz.impl._001=## authorization manager implementations +authz.impl._002=## +authz.impl.BasicAclAuthz.class=com.netscape.cms.authorization.BasicAclAuthz +authz.impl.DirAclAuthz.class=com.netscape.cms.authorization.DirAclAuthz +authz.instance.BasicAclAuthz.pluginName=BasicAclAuthz +authz.instance.DirAclAuthz.ldap._000=## +authz.instance.DirAclAuthz.ldap._001=## Internal Database +authz.instance.DirAclAuthz.ldap._002=## +authz.instance.DirAclAuthz.ldap=internaldb +authz.instance.DirAclAuthz.pluginName=DirAclAuthz +authz.sourceType=ldap +channel._000=######################################### +channel._001=# channel.encryption: +channel._002=# +channel._003=# - enable encryption for all operation commands to token +channel._004=# - default is true +channel._005=# channel.blocksize=242 +channel._006=# channel.defKeyVersion=0 +channel._007=# channel.defKeyIndex=0 +channel._008=# +channel._009=# Config the size of memory managed memory in the applet +channel._010=# Default is 5000, try not go get close to the instanceSize +channel._011=# which defaults to 18000: +channel._012=# +channel._013=# * channel.instanceSize=18000 +channel._014=# * channel.appletMemorySize=5000 +channel._015=######################################### +channel.encryption=true +channel.blocksize=248 +channel.defKeyVersion=0 +channel.defKeyIndex=0 +cms.product.version=@APPLICATION_VERSION@ +cms.version=@APPLICATION_VERSION_MAJOR@.@APPLICATION_VERSION_MINOR@ +config.Generals.General.state=Enabled +config.Generals.General.timestamp=1280283607424406 +configurationRoot=/[PKI_SUBSYSTEM_TYPE]/conf/ +cs.state=0 +cs.type=TPS +dbs.ldap=internaldb +dbs.newSchemaEntryAdded=true +debug.append=true +debug.enabled=true +debug.filename=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/debug +debug.hashkeytypes= +debug.level=0 +debug.showcaller=false +failover.pod.enable=false +general.applet_ext=ijc +general.pwlength.min=16 +general.search.sizelimit.default=100 +general.search.sizelimit.max=2000 +general.search.timelimit.default=10 +general.search.timelimit.max=10 +general.verifyProof=1 +installDate=[INSTALL_TIME] +instanceId=[PKI_INSTANCE_NAME] +instanceRoot=[PKI_INSTANCE_PATH] +internaldb._000=## +internaldb._001=## Internal Database +internaldb._002=## +internaldb.ldapauth.authtype=BasicAuth +internaldb.ldapauth.bindDN=cn=Directory Manager +internaldb.ldapauth.bindPWPrompt=Internal LDAP Database +internaldb.ldapauth.clientCertNickname= +internaldb.ldapconn.host= +internaldb.ldapconn.port= +internaldb.ldapconn.secureConn=false +internaldb.maxConns=15 +internaldb.minConns=3 +internaldb.multipleSuffix.enable=false +jss._000=## +jss._001=## JSS +jss._002=## +jss.configDir=[PKI_INSTANCE_PATH]/alias/ +jss.enable=true +jss.ocspcheck.enable=false +jss.secmodName=secmod.db +jss.ssl.cipherfortezza=true +jss.ssl.cipherpref= +jss.ssl.cipherversion=cipherdomestic +keys.ecc.curve.default=nistp256 +keys.ecc.curve.display.list=nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 +keys.ecc.curve.list=nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 +keys.rsa.keysize.default=2048 +log._000=## +log._001=## Logging +log._002=## +logAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/access +logError.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/error +log.impl.file.class=com.netscape.cms.logging.RollingLogFile +log.instance.SignedAudit._000=## +log.instance.SignedAudit._001=## Signed Audit Logging +log.instance.SignedAudit._002=## +log.instance.SignedAudit._003=## +log.instance.SignedAudit._004=## Available Audit events: +log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,SECURITY_DOMAIN_UPDATE,CONFIG_SERIAL_NUMBER,TOKEN_CERT_ENROLLMENT,TOKEN_CERT_RENEWAL,TOKEN_CERT_STATUS_CHANGE_REQUEST,TOKEN_PIN_RESET_REQUEST,TOKEN_FORMAT_REQUEST,TOKEN_APPLET_UPGRADE,TOKEN_KEY_CHANGEOVER,CONFIG_TOKEN_PROFILE,CONFIG_TOKEN_GENERAL,TOKEN_STATE_CHANGE +log.instance.SignedAudit._006=## +log.instance.SignedAudit.bufferSize=512 +log.instance.SignedAudit.enable=true +log.instance.SignedAudit.events=SELFTESTS_EXECUTION,AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,AUTH_FAIL,ROLE_ASSUME,AUTHZ_SUCCESS,AUTHZ_FAIL,CIMC_CERT_VERIFICATION,CONFIG_SIGNED_AUDIT,CONFIG_ROLE,CONFIG_AUTH,TOKEN_CERT_ENROLLMENT,TOKEN_CERT_RENEWAL,TOKEN_CERT_STATUS_CHANGE_REQUEST,TOKEN_PIN_RESET_REQUEST,TOKEN_FORMAT_REQUEST,TOKEN_APPLET_UPGRADE,TOKEN_KEY_CHANGEOVER,CONFIG_TOKEN_PROFILE,CONFIG_TOKEN_GENERAL,TOKEN_STATE_CHANGE +log.instance.SignedAudit.unselected.events= +log.instance.SignedAudit.mandatory.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,LOGGING_SIGNED_AUDIT_SIGNING +log.instance.SignedAudit.expirationTime=0 +log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/signedAudit/tps_cert-tps_audit +log.instance.SignedAudit.flushInterval=5 +log.instance.SignedAudit.level=1 +log.instance.SignedAudit.logSigning=false +log.instance.SignedAudit.maxFileSize=2000 +log.instance.SignedAudit.pluginName=file +log.instance.SignedAudit.rolloverInterval=2592000 +log.instance.SignedAudit.signedAudit:_000=## +log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow TPS audit logs to be signed +log.instance.SignedAudit.signedAudit:_002=## +log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME] +log.instance.SignedAudit.type=signedAudit +log.instance.System._000=## +log.instance.System._001=## System Logging +log.instance.System._002=## +log.instance.System.bufferSize=512 +log.instance.System.enable=true +log.instance.System.expirationTime=0 +log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/system +log.instance.System.flushInterval=5 +log.instance.System.level=3 +log.instance.System.maxFileSize=2000 +log.instance.System.pluginName=file +log.instance.System.rolloverInterval=2592000 +log.instance.System.type=system +log.instance.Transactions._000=## +log.instance.Transactions._001=## Transaction Logging +log.instance.Transactions._002=## +log.instance.Transactions.bufferSize=512 +log.instance.Transactions.enable=true +log.instance.Transactions.expirationTime=0 +log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/transactions +log.instance.Transactions.flushInterval=5 +log.instance.Transactions.level=1 +log.instance.Transactions.maxFileSize=2000 +log.instance.Transactions.pluginName=file +log.instance.Transactions.rolloverInterval=2592000 +log.instance.Transactions.type=transaction +machineName=[PKI_HOSTNAME] +multiroles._000=## +multiroles._001=## multiroles +multiroles._002=## +multiroles.enable=true +multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Administrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group,ClonedSubsystems +multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Adminstrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group +multiroles=true +op.enroll._000=######################################### +op.enroll._001=# Default Operations +op.enroll._002=# +op.enroll._003=# op..mapping.order=,, +op.enroll._004=# - contains at least one value or a series +op.enroll._005=# of comma-separated mapping values which +op.enroll._006=# are checked in sequential order +op.enroll._007=# op..mapping..filter.tokenType=userKey +op.enroll._008=# - can be either empty or token type +op.enroll._009=# specified by the client +op.enroll._010=# op..mapping..filter.tokenATR= +op.enroll._011=# - can be either empty or token ATR +op.enroll._012=# specified by the client +op.enroll._013=# op..mapping..filter.appletMajorVersion=1 +op.enroll._014=# - can be either empty or applet major version +op.enroll._015=# specified by the client +op.enroll._016=# op..mapping..filter.appletMinorVersion= +op.enroll._017=# - can be either empty or applet minor version +op.enroll._018=# specified by the client +op.enroll._019=# - if major and minor versions are both zero, this +op.enroll._020=# indicate there is no applet on the token. +op.enroll._021=# op..mapping..target.tokenType=userKey +op.enroll._022=# - if tokenType, tokenATR, appletMajorVersion, +op.enroll._023=# and appletMinorVersion are matched, value in +op.enroll._024=# targetTokenType will be used to locate +op.enroll._025=# the corresponding token profile to +op.enroll._026=# process the request. +op.enroll._027=# +op.enroll._028=# where +op.enroll._029=# - operation; enroll,pinReset,format +op.enroll._030=# - mapping ID; order is specifiable +op.enroll._031=# +op.enroll._032=# Token ATR: +op.enroll._033=# Web Store - 3B759400006202020201 +op.enroll._034=######################################### +op.enroll.allowUnknownToken=true +op.enroll.tokenProfileResolver=enrollMappingResolver +op.enroll.soKey.auth.enable=true +op.enroll.soKey.auth.id=ldap2 +op.enroll.soKey.cardmgr_instance=A0000000030000 +op.enroll.soKey.issuerinfo.enable=true +op.enroll.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome +op.enroll.soKey.keyGen.encryption.ca.conn=ca1 +op.enroll.soKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment +op.enroll.soKey.keyGen.encryption.certAttrId=c2 +op.enroll.soKey.keyGen.encryption.certId=C2 +op.enroll.soKey.keyGen.encryption.cuid_label=$cuid$ +op.enroll.soKey.keyGen.encryption.keySize=1024 +op.enroll.soKey.keyGen.encryption.keyUsage=0 +op.enroll.soKey.keyGen.encryption.keyUser=0 +op.enroll.soKey.keyGen.encryption.label=encryption key for $userid$ +op.enroll.soKey.keyGen.encryption.overwrite=true +op.enroll.soKey.keyGen.encryption.privateKeyAttrId=k4 +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.decrypt=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.derive=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.encrypt=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.private=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sensitive=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sign=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.signRecover=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.token=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.unwrap=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verify=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.wrap=false +op.enroll.soKey.keyGen.encryption.privateKeyNumber=4 +op.enroll.soKey.keyGen.encryption.publicKeyAttrId=k5 +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.decrypt=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.derive=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.encrypt=true +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.private=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sensitive=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sign=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.signRecover=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.token=true +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.unwrap=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verify=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.wrap=true +op.enroll.soKey.keyGen.encryption.publicKeyNumber=5 +op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert=false +op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0 +op.enroll.soKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast +op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1 +op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true +op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey +op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6 +op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert=true +op.enroll.soKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey +op.enroll.soKey.keyGen.encryption.serverKeygen.archive=true +op.enroll.soKey.keyGen.encryption.serverKeygen.drm.conn=kra1 +op.enroll.soKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN] +op.enroll.soKey.keyGen.keyType.num=2 +op.enroll.soKey.keyGen.keyType.value.0=signing +op.enroll.soKey.keyGen.keyType.value.1=encryption +op.enroll.soKey.keyGen.recovery.destroyed.keyType.num=2 +op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.0=signing +op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.1=encryption +op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.num=2 +op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.0=signing +op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption +op.enroll.soKey.keyGen.recovery.onHold.keyType.num=2 +op.enroll.soKey.keyGen.recovery.onHold.keyType.value.0=signing +op.enroll.soKey.keyGen.recovery.onHold.keyType.value.1=encryption +op.enroll.soKey.keyGen.signing.ca.conn=ca1 +op.enroll.soKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment +op.enroll.soKey.keyGen.signing.certAttrId=c1 +op.enroll.soKey.keyGen.signing.certId=C1 +op.enroll.soKey.keyGen.signing.cuid_label=$cuid$ +op.enroll.soKey.keyGen.signing.keySize=1024 +op.enroll.soKey.keyGen.signing.keyUsage=0 +op.enroll.soKey.keyGen.signing.keyUser=0 +op.enroll.soKey.keyGen.signing.label=signing key for $userid$ +op.enroll.soKey.keyGen.signing.overwrite=true +op.enroll.soKey.keyGen.signing.privateKeyAttrId=k2 +op.enroll.soKey.keyGen.signing.private.keyCapabilities.decrypt=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.derive=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.encrypt=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.private=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.sensitive=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.signRecover=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.sign=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.token=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.unwrap=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.verify=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.verifyRecover=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.wrap=false +op.enroll.soKey.keyGen.signing.privateKeyNumber=2 +op.enroll.soKey.keyGen.signing.publicKeyAttrId=k3 +op.enroll.soKey.keyGen.signing.public.keyCapabilities.decrypt=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.derive=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.encrypt=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.private=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.sensitive=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.sign=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.signRecover=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.token=true +op.enroll.soKey.keyGen.signing.public.keyCapabilities.unwrap=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.verifyRecover=true +op.enroll.soKey.keyGen.signing.public.keyCapabilities.verify=true +op.enroll.soKey.keyGen.signing.public.keyCapabilities.wrap=false +op.enroll.soKey.keyGen.signing.publicKeyNumber=3 +op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0 +op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert=true +op.enroll.soKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey +op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1 +op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert=true +op.enroll.soKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey +op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert.reason=6 +op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert=true +op.enroll.soKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey +op.enroll.soKey.keyGen.tokenName=$auth.cn$ +op.enroll.soKey.loginRequest.enable=true +op.enroll.soKey.pinReset.enable=true +op.enroll.soKey.pinReset.pin.maxLen=10 +op.enroll.soKey.pinReset.pin.maxRetries=127 +op.enroll.soKey.pinReset.pin.minLen=4 +op.enroll.soKey.pkcs11obj.compress.enable=true +op.enroll.soKey.pkcs11obj.enable=true +op.enroll.soKeyTemporary.auth.enable=true +op.enroll.soKeyTemporary.auth.id=ldap2 +op.enroll.soKeyTemporary.cardmgr_instance=A0000000030000 +op.enroll.soKeyTemporary.keyGen.auth.ca.conn=ca1 +op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment +op.enroll.soKeyTemporary.keyGen.auth.certAttrId=c0 +op.enroll.soKeyTemporary.keyGen.auth.certId=C0 +op.enroll.soKeyTemporary.keyGen.auth.cuid_label=$cuid$ +op.enroll.soKeyTemporary.keyGen.auth.keySize=1024 +op.enroll.soKeyTemporary.keyGen.auth.keyUsage=0 +op.enroll.soKeyTemporary.keyGen.auth.keyUser=15 +op.enroll.soKeyTemporary.keyGen.auth.label=Temporary Key for $userid$ +op.enroll.soKeyTemporary.keyGen.auth.overwrite=false +op.enroll.soKeyTemporary.keyGen.auth.privateKeyAttrId=k0 +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.private=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.auth.privateKeyNumber=0 +op.enroll.soKeyTemporary.keyGen.auth.publicKeyAttrId=k1 +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.private=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.auth.publicKeyNumber=1 +op.enroll.soKeyTemporary.keyGen.encryption.ca.conn=ca1 +op.enroll.soKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment +op.enroll.soKeyTemporary.keyGen.encryption.certAttrId=c2 +op.enroll.soKeyTemporary.keyGen.encryption.certId=C2 +op.enroll.soKeyTemporary.keyGen.encryption.cuid_label=$cuid$ +op.enroll.soKeyTemporary.keyGen.encryption.keySize=1024 +op.enroll.soKeyTemporary.keyGen.encryption.keyUsage=0 +op.enroll.soKeyTemporary.keyGen.encryption.keyUser=0 +op.enroll.soKeyTemporary.keyGen.encryption.label=encryption key for $userid$ +op.enroll.soKeyTemporary.keyGen.encryption.overwrite=true +op.enroll.soKeyTemporary.keyGen.encryption.privateKeyAttrId=k4 +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.encryption.privateKeyNumber=4 +op.enroll.soKeyTemporary.keyGen.encryption.publicKeyAttrId=k5 +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true +op.enroll.soKeyTemporary.keyGen.encryption.publicKeyNumber=5 +op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0 +op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true +op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast +op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.archive=true +op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=kra1 +op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.enable=true +op.enroll.soKeyTemporary.keyGen.keyType.num=3 +op.enroll.soKeyTemporary.keyGen.keyType.value.0=auth +op.enroll.soKeyTemporary.keyGen.keyType.value.1=signing +op.enroll.soKeyTemporary.keyGen.keyType.value.2=encryption +op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.num=2 +op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing +op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption +op.enroll.soKeyTemporary.keyGen.signing.ca.conn=ca1 +op.enroll.soKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment +op.enroll.soKeyTemporary.keyGen.signing.certAttrId=c1 +op.enroll.soKeyTemporary.keyGen.signing.certId=C1 +op.enroll.soKeyTemporary.keyGen.signing.cuid_label=$cuid$ +op.enroll.soKeyTemporary.keyGen.signing.keySize=1024 +op.enroll.soKeyTemporary.keyGen.signing.keyUsage=0 +op.enroll.soKeyTemporary.keyGen.signing.keyUser=0 +op.enroll.soKeyTemporary.keyGen.signing.label=signing key for $userid$ +op.enroll.soKeyTemporary.keyGen.signing.overwrite=true +op.enroll.soKeyTemporary.keyGen.signing.privateKeyAttrId=k2 +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.private=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.signing.privateKeyNumber=2 +op.enroll.soKeyTemporary.keyGen.signing.publicKeyAttrId=k3 +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.private=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.signing.publicKeyNumber=3 +op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0 +op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true +op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey +op.enroll.soKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary) +op.enroll.soKeyTemporary.loginRequest.enable=true +op.enroll.soKeyTemporary.pinReset.enable=true +op.enroll.soKeyTemporary.pinReset.pin.maxLen=10 +op.enroll.soKeyTemporary.pinReset.pin.maxRetries=127 +op.enroll.soKeyTemporary.pinReset.pin.minLen=4 +op.enroll.soKeyTemporary.pkcs11obj.compress.enable=true +op.enroll.soKeyTemporary.pkcs11obj.enable=true +op.enroll.soKeyTemporary.tks.conn=tks1 +op.enroll.soKeyTemporary.tks.keySet=defKeyset +op.enroll.soKey.temporaryToken.tokenType=soKeyTemporary +op.enroll.soKeyTemporary.update.applet.directory=[TPS_DIR]/applets +op.enroll.soKeyTemporary.update.applet.emptyToken.enable=true +op.enroll.soKeyTemporary.update.applet.enable=true +op.enroll.soKeyTemporary.update.applet.encryption=true +op.enroll.soKeyTemporary.update.applet.requiredVersion=1.4.4d40a449 +op.enroll.soKeyTemporary.update.symmetricKeys.enable=false +op.enroll.soKeyTemporary.update.symmetricKeys.requiredVersion=1 +op.enroll.soKey.tks.conn=tks1 +op.enroll.soKey.update.applet.directory=[TPS_DIR]/applets +op.enroll.soKey.update.applet.emptyToken.enable=true +op.enroll.soKey.update.applet.enable=true +op.enroll.soKey.update.applet.encryption=true +op.enroll.soKey.update.applet.requiredVersion=1.4.4d40a449 +op.enroll.soKey.update.symmetricKeys.enable=false +op.enroll.soKey.update.symmetricKeys.requiredVersion=1 +op.enroll.userKey.auth.enable=true +op.enroll.userKey.auth.id=ldap1 +op.enroll.userKey.cardmgr_instance=A0000000030000 +op.enroll.userKey.issuerinfo.enable=true +op.enroll.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome +op.enroll.userKey.keyGen.encryption.ca.conn=ca1 +op.enroll.userKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment +op.enroll.userKey.keyGen.encryption.certAttrId=c2 +op.enroll.userKey.keyGen.encryption.certId=C2 +op.enroll.userKey.keyGen.encryption.cuid_label=$cuid$ +op.enroll.userKey.keyGen.encryption.keySize=1024 +op.enroll.userKey.keyGen.encryption.keyUsage=0 +op.enroll.userKey.keyGen.encryption.keyUser=0 +op.enroll.userKey.keyGen.encryption.label=encryption key for $userid$ +op.enroll.userKey.keyGen.encryption.overwrite=true +op.enroll.userKey.keyGen.encryption.privateKeyAttrId=k4 +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.decrypt=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.derive=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.encrypt=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.private=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sensitive=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sign=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.signRecover=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.token=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.unwrap=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verify=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.wrap=false +op.enroll.userKey.keyGen.encryption.privateKeyNumber=4 +op.enroll.userKey.keyGen.encryption.publicKeyAttrId=k5 +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.decrypt=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.derive=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.encrypt=true +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.private=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sensitive=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sign=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.signRecover=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.token=true +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.unwrap=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verify=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.wrap=true +op.enroll.userKey.keyGen.encryption.publicKeyNumber=5 +op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert=false +op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0 +op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast +op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1 +op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true +op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey +op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6 +op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert=true +op.enroll.userKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey +op.enroll.userKey.keyGen.encryption.serverKeygen.archive=true +op.enroll.userKey.keyGen.encryption.serverKeygen.drm.conn=kra1 +op.enroll.userKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN] +op.enroll.userKey.keyGen.keyType.num=2 +op.enroll.userKey.keyGen.keyType.value.0=signing +op.enroll.userKey.keyGen.keyType.value.1=encryption +op.enroll.userKey.keyGen.recovery.destroyed.keyType.num=2 +op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.0=signing +op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.1=encryption +op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.num=2 +op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.0=signing +op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption +op.enroll.userKey.keyGen.recovery.onHold.keyType.num=2 +op.enroll.userKey.keyGen.recovery.onHold.keyType.value.0=signing +op.enroll.userKey.keyGen.recovery.onHold.keyType.value.1=encryption +op.enroll.userKey.keyGen.signing.ca.conn=ca1 +op.enroll.userKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment +op.enroll.userKey.keyGen.signing.certAttrId=c1 +op.enroll.userKey.keyGen.signing.certId=C1 +op.enroll.userKey.keyGen.signing.cuid_label=$cuid$ +op.enroll.userKey.keyGen.signing.keySize=1024 +op.enroll.userKey.keyGen.signing.keyUsage=0 +op.enroll.userKey.keyGen.signing.keyUser=0 +op.enroll.userKey.keyGen.signing.label=signing key for $userid$ +op.enroll.userKey.keyGen.signing.overwrite=true +op.enroll.userKey.keyGen.signing.privateKeyAttrId=k2 +op.enroll.userKey.keyGen.signing.private.keyCapabilities.decrypt=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.derive=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.encrypt=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.private=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.sensitive=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.signRecover=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.sign=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.token=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.unwrap=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.verify=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.verifyRecover=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.wrap=false +op.enroll.userKey.keyGen.signing.privateKeyNumber=2 +op.enroll.userKey.keyGen.signing.publicKeyAttrId=k3 +op.enroll.userKey.keyGen.signing.public.keyCapabilities.decrypt=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.derive=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.encrypt=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.private=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.sensitive=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.sign=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.signRecover=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.token=true +op.enroll.userKey.keyGen.signing.public.keyCapabilities.unwrap=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.verifyRecover=true +op.enroll.userKey.keyGen.signing.public.keyCapabilities.verify=true +op.enroll.userKey.keyGen.signing.public.keyCapabilities.wrap=false +op.enroll.userKey.keyGen.signing.publicKeyNumber=3 +op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0 +op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert=true +op.enroll.userKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey +op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1 +op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert=true +op.enroll.userKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey +op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert.reason=6 +op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert=true +op.enroll.userKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey +op.enroll.userKey.keyGen.tokenName=$auth.cn$ +op.enroll.userKey.loginRequest.enable=true +op.enroll.userKey.pinReset.enable=true +op.enroll.userKey.pinReset.pin.maxLen=10 +op.enroll.userKey.pinReset.pin.maxRetries=127 +op.enroll.userKey.pinReset.pin.minLen=4 +op.enroll.userKey.pkcs11obj.compress.enable=true +op.enroll.userKey.pkcs11obj.enable=true +op.enroll.userKey.renewal.encryption.ca.conn=ca1 +op.enroll.userKey.renewal.encryption.ca.profileId=caTokenUserEncryptionKeyRenewal +op.enroll.userKey.renewal.encryption.certAttrId=c2 +op.enroll.userKey.renewal.encryption.certId=C2 +op.enroll.userKey.renewal.encryption.enable=true +op.enroll.userKey.renewal.encryption.gracePeriod.after=30 +op.enroll.userKey.renewal.encryption.gracePeriod.before=30 +op.enroll.userKey.renewal.encryption.gracePeriod.enable=false +op.enroll.userKey.renewal.keyType.num=2 +op.enroll.userKey.renewal.keyType.value.0=signing +op.enroll.userKey.renewal.keyType.value.1=encryption +op.enroll.userKey.renewal.signing.ca.conn=ca1 +op.enroll.userKey.renewal.signing.ca.profileId=caTokenUserSigningKeyRenewal +op.enroll.userKey.renewal.signing.certAttrId=c1 +op.enroll.userKey.renewal.signing.certId=C1 +op.enroll.userKey.renewal.signing.enable=true +op.enroll.userKey.renewal.signing.gracePeriod.after=30 +op.enroll.userKey.renewal.signing.gracePeriod.before=30 +op.enroll.userKey.renewal.signing.gracePeriod.enable=false +op.enroll.userKeyTemporary.auth.enable=true +op.enroll.userKeyTemporary.auth.id=ldap1 +op.enroll.userKeyTemporary.cardmgr_instance=A0000000030000 +op.enroll.userKeyTemporary.keyGen.auth.ca.conn=ca1 +op.enroll.userKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment +op.enroll.userKeyTemporary.keyGen.auth.certAttrId=c0 +op.enroll.userKeyTemporary.keyGen.auth.certId=C0 +op.enroll.userKeyTemporary.keyGen.auth.cuid_label=$cuid$ +op.enroll.userKeyTemporary.keyGen.auth.keySize=1024 +op.enroll.userKeyTemporary.keyGen.auth.keyUsage=0 +op.enroll.userKeyTemporary.keyGen.auth.keyUser=15 +op.enroll.userKeyTemporary.keyGen.auth.label=Temporary Key for $userid$ +op.enroll.userKeyTemporary.keyGen.auth.overwrite=false +op.enroll.userKeyTemporary.keyGen.auth.privateKeyAttrId=k0 +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.private=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.auth.privateKeyNumber=0 +op.enroll.userKeyTemporary.keyGen.auth.publicKeyAttrId=k1 +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.private=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.auth.publicKeyNumber=1 +op.enroll.userKeyTemporary.keyGen.encryption.ca.conn=ca1 +op.enroll.userKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment +op.enroll.userKeyTemporary.keyGen.encryption.certAttrId=c2 +op.enroll.userKeyTemporary.keyGen.encryption.certId=C2 +op.enroll.userKeyTemporary.keyGen.encryption.cuid_label=$cuid$ +op.enroll.userKeyTemporary.keyGen.encryption.keySize=1024 +op.enroll.userKeyTemporary.keyGen.encryption.keyUsage=0 +op.enroll.userKeyTemporary.keyGen.encryption.keyUser=0 +op.enroll.userKeyTemporary.keyGen.encryption.label=encryption key for $userid$ +op.enroll.userKeyTemporary.keyGen.encryption.overwrite=true +op.enroll.userKeyTemporary.keyGen.encryption.privateKeyAttrId=k4 +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.encryption.privateKeyNumber=4 +op.enroll.userKeyTemporary.keyGen.encryption.publicKeyAttrId=k5 +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true +op.enroll.userKeyTemporary.keyGen.encryption.publicKeyNumber=5 +op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0 +op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true +op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast +op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.archive=true +op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=kra1 +op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable=true +op.enroll.userKeyTemporary.keyGen.keyType.num=3 +op.enroll.userKeyTemporary.keyGen.keyType.value.0=auth +op.enroll.userKeyTemporary.keyGen.keyType.value.1=signing +op.enroll.userKeyTemporary.keyGen.keyType.value.2=encryption +op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.num=2 +op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing +op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption +op.enroll.userKeyTemporary.keyGen.signing.ca.conn=ca1 +op.enroll.userKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment +op.enroll.userKeyTemporary.keyGen.signing.certAttrId=c1 +op.enroll.userKeyTemporary.keyGen.signing.certId=C1 +op.enroll.userKeyTemporary.keyGen.signing.cuid_label=$cuid$ +op.enroll.userKeyTemporary.keyGen.signing.keySize=1024 +op.enroll.userKeyTemporary.keyGen.signing.keyUsage=0 +op.enroll.userKeyTemporary.keyGen.signing.keyUser=0 +op.enroll.userKeyTemporary.keyGen.signing.label=signing key for $userid$ +op.enroll.userKeyTemporary.keyGen.signing.overwrite=true +op.enroll.userKeyTemporary.keyGen.signing.privateKeyAttrId=k2 +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.private=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.signing.privateKeyNumber=2 +op.enroll.userKeyTemporary.keyGen.signing.publicKeyAttrId=k3 +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.private=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.signing.publicKeyNumber=3 +op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0 +op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true +op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey +op.enroll.userKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary) +op.enroll.userKeyTemporary.loginRequest.enable=true +op.enroll.userKeyTemporary.pinReset.enable=true +op.enroll.userKeyTemporary.pinReset.pin.maxLen=10 +op.enroll.userKeyTemporary.pinReset.pin.maxRetries=127 +op.enroll.userKeyTemporary.pinReset.pin.minLen=4 +op.enroll.userKeyTemporary.pkcs11obj.compress.enable=true +op.enroll.userKeyTemporary.pkcs11obj.enable=true +op.enroll.userKeyTemporary.tks.conn=tks1 +op.enroll.userKey.temporaryToken.tokenType=userKeyTemporary +op.enroll.userKeyTemporary.update.applet.directory=[TPS_DIR]/applets +op.enroll.userKeyTemporary.update.applet.emptyToken.enable=true +op.enroll.userKeyTemporary.update.applet.enable=true +op.enroll.userKeyTemporary.update.applet.encryption=true +op.enroll.userKeyTemporary.update.applet.requiredVersion=1.4.4d40a449 +op.enroll.userKeyTemporary.update.symmetricKeys.enable=false +op.enroll.userKeyTemporary.update.symmetricKeys.requiredVersion=1 +op.enroll.userKey.tks.conn=tks1 +op.enroll.userKey.update.applet.directory=[TPS_DIR]/applets +op.enroll.userKey.update.applet.emptyToken.enable=true +op.enroll.userKey.update.applet.enable=true +op.enroll.userKey.update.applet.encryption=true +op.enroll.userKey.update.applet.requiredVersion=1.4.4d40a449 +op.enroll.userKey.update.symmetricKeys.enable=false +op.enroll.userKey.update.symmetricKeys.requiredVersion=1 +op.format.allowUnknownToken=true +op.format.tokenProfileResolver=formatMappingResolver +op.format.cleanToken.auth.enable=false +op.format.cleanToken.auth.id=ldap1 +op.format.cleanToken.ca.conn=ca1 +op.format.cleanToken.cardmgr_instance=A0000000030000 +op.format.cleanToken.issuerinfo.enable=true +op.format.cleanToken.issuerinfo.value= +op.format.cleanToken.loginRequest.enable=true +op.format.cleanToken.revokeCert=true +op.format.cleanToken.tks.conn=tks1 +op.format.cleanToken.update.applet.directory=[TPS_DIR]/applets +op.format.cleanToken.update.applet.emptyToken.enable=true +op.format.cleanToken.update.applet.encryption=true +op.format.cleanToken.update.applet.requiredVersion=1.4.4d40a449 +op.format.cleanToken.update.symmetricKeys.enable=false +op.format.cleanToken.update.symmetricKeys.requiredVersion=1 +op.format.soCleanSOToken.auth.enable=false +op.format.soCleanSOToken.auth.id=ldap1 +op.format.soCleanSOToken.ca.conn=ca1 +op.format.soCleanSOToken.cardmgr_instance=A0000000030000 +op.format.soCleanSOToken.issuerinfo.enable=true +op.format.soCleanSOToken.issuerinfo.value= +op.format.soCleanSOToken.loginRequest.enable=false +op.format.soCleanSOToken.revokeCert=true +op.format.soCleanSOToken.tks.conn=tks1 +op.format.soCleanSOToken.update.applet.directory=[TPS_DIR]/applets +op.format.soCleanSOToken.update.applet.emptyToken.enable=true +op.format.soCleanSOToken.update.applet.encryption=true +op.format.soCleanSOToken.update.applet.requiredVersion=1.4.4d40a449 +op.format.soCleanSOToken.update.symmetricKeys.enable=false +op.format.soCleanSOToken.update.symmetricKeys.requiredVersion=1 +op.format.soCleanUserToken.auth.enable=false +op.format.soCleanUserToken.auth.id=ldap1 +op.format.soCleanUserToken.ca.conn=ca1 +op.format.soCleanUserToken.cardmgr_instance=A0000000030000 +op.format.soCleanUserToken.issuerinfo.enable=true +op.format.soCleanUserToken.issuerinfo.value= +op.format.soCleanUserToken.loginRequest.enable=false +op.format.soCleanUserToken.revokeCert=true +op.format.soCleanUserToken.tks.conn=tks1 +op.format.soCleanUserToken.update.applet.directory=[TPS_DIR]/applets +op.format.soCleanUserToken.update.applet.emptyToken.enable=true +op.format.soCleanUserToken.update.applet.encryption=true +op.format.soCleanUserToken.update.applet.requiredVersion=1.4.4d40a449 +op.format.soCleanUserToken.update.symmetricKeys.enable=false +op.format.soCleanUserToken.update.symmetricKeys.requiredVersion=1 +op.format.soKey.auth.enable=true +op.format.soKey.auth.id=ldap2 +op.format.soKey.ca.conn=ca1 +op.format.soKey.cardmgr_instance=A0000000030000 +op.format.soKey.issuerinfo.enable=true +op.format.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome +op.format.soKey.loginRequest.enable=true +op.format.soKey.revokeCert=true +op.format.soKey.tks.conn=tks1 +op.format.soKey.update.applet.directory=[TPS_DIR]/applets +op.format.soKey.update.applet.emptyToken.enable=true +op.format.soKey.update.applet.encryption=true +op.format.soKey.update.applet.requiredVersion=1.4.4d40a449 +op.format.soKey.update.symmetricKeys.enable=false +op.format.soKey.update.symmetricKeys.requiredVersion=1 +op.format.soUserKey.auth.enable=false +op.format.soUserKey.auth.id=ldap1 +op.format.soUserKey.ca.conn=ca1 +op.format.soUserKey.cardmgr_instance=A0000000030000 +op.format.soUserKey.issuerinfo.enable=true +op.format.soUserKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome +op.format.soUserKey.loginRequest.enable=false +op.format.soUserKey.revokeCert=true +op.format.soUserKey.tks.conn=tks1 +op.format.soUserKey.update.applet.directory=[TPS_DIR]/applets +op.format.soUserKey.update.applet.emptyToken.enable=true +op.format.soUserKey.update.applet.encryption=true +op.format.soUserKey.update.applet.requiredVersion=1.4.4d40a449 +op.format.soUserKey.update.symmetricKeys.enable=false +op.format.soUserKey.update.symmetricKeys.requiredVersion=1 +op.format.tokenKey.auth.enable=true +op.format.tokenKey.auth.id=ldap1 +op.format.tokenKey.ca.conn=ca1 +op.format.tokenKey.cardmgr_instance=A0000000030000 +op.format.tokenKey.issuerinfo.enable=true +op.format.tokenKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome +op.format.tokenKey.loginRequest.enable=true +op.format.tokenKey.revokeCert=true +op.format.tokenKey.tks.conn=tks1 +op.format.tokenKey.update.applet.directory=[TPS_DIR]/applets +op.format.tokenKey.update.applet.emptyToken.enable=true +op.format.tokenKey.update.applet.encryption=true +op.format.tokenKey.update.applet.requiredVersion=1.4.4d40a449 +op.format.tokenKey.update.symmetricKeys.enable=false +op.format.tokenKey.update.symmetricKeys.requiredVersion=1 +op.format.userKey.auth.enable=true +op.format.userKey.auth.id=ldap1 +op.format.userKey.ca.conn=ca1 +op.format.userKey.cardmgr_instance=A0000000030000 +op.format.userKey.issuerinfo.enable=true +op.format.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome +op.format.userKey.loginRequest.enable=true +op.format.userKey.revokeCert=true +op.format.userKey.tks.conn=tks1 +op.format.userKey.update.applet.directory=[TPS_DIR]/applets +op.format.userKey.update.applet.emptyToken.enable=true +op.format.userKey.update.applet.encryption=true +op.format.userKey.update.applet.requiredVersion=1.4.4d40a449 +op.format.userKey.update.symmetricKeys.enable=false +op.format.userKey.update.symmetricKeys.requiredVersion=1 +op.pinReset.tokenProfileResolver=pinResetMappingResolver +op.pinReset.userKey.auth.enable=true +op.pinReset.userKey.auth.id=ldap1 +op.pinReset.userKey.cardmgr_instance=A0000000030000 +op.pinReset.userKey.loginRequest.enable=true +op.pinReset.userKey.pinReset.pin.maxLen=10 +op.pinReset.userKey.pinReset.pin.minLen=4 +op.pinReset.userKey.tks.conn=tks1 +op.pinReset.userKey.update.applet.directory=[TPS_DIR]/applets +op.pinReset.userKey.update.applet.emptyToken.enable=true +op.pinReset.userKey.update.applet.enable=false +op.pinReset.userKey.update.applet.encryption=true +op.pinReset.userKey.update.applet.requiredVersion=1.4.4d40a449 +op.pinReset.userKey.update.symmetricKeys.enable=false +op.pinReset.userKey.update.symmetricKeys.requiredVersion=1 +os.serverName=cert-[PKI_INSTANCE_NAME] +os.userid=nobody +passwordClass=com.netscape.cmsutil.password.PlainPasswordFile +passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf +pidDir=[PKI_PIDDIR] +pkicreate.admin_secure_port=[PKI_ADMIN_SECURE_PORT] +pkicreate.agent_secure_port=[PKI_AGENT_SECURE_PORT] +pkicreate.ee_secure_port=[PKI_EE_SECURE_PORT] +pkicreate.group=[PKI_GROUP] +pkicreate.pki_instance_name=[PKI_INSTANCE_NAME] +pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] +pkicreate.secure_port=[PKI_SECURE_PORT] +pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] +pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME] +pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT] +pkicreate.unsecure_port=[PKI_UNSECURE_PORT] +pkicreate.user=[PKI_USER] +pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] +preop.admincert.profile=caAdminCert +preop.admin.group=TPS Agents,TPS Operators,Administrators,TPS Officers +preop.admin.name=Token Processing Service Manager Administrator +preop.cert.admin.defaultSigningAlgorithm=SHA256withRSA +preop.cert.admin.dn=uid=admin,cn=admin +preop.cert.admin.keysize.custom_size=2048 +preop.cert.admin.keysize.size=2048 +preop.cert.admin.profile=adminCert.profile +preop.cert.audit_signing.cncomponent.override=true +preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA +preop.cert.audit_signing.dn=CN=TPS Audit Signing Certificate +preop.cert.audit_signing.enable=true +preop.cert.audit_signing.keysize.custom_size=2048 +preop.cert.audit_signing.keysize.size=2048 +preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_NAME] +preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert +preop.cert.audit_signing.signing.required=false +preop.cert.audit_signing.subsystem=tps +preop.cert.audit_signing.type=remote +preop.cert.audit_signing.userfriendlyname=TPS Audit Signing Certificate +preop.cert.list=sslserver,subsystem,audit_signing +preop.cert.rsalist=audit_signing +preop.cert.sslserver.cncomponent.override=false +preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA +preop.cert.sslserver.dn=CN=[PKI_HOSTNAME] +preop.cert.sslserver.enable=true +preop.cert.sslserver.keysize.custom_size=2048 +preop.cert.sslserver.keysize.size=2048 +preop.cert.sslserver.nickname=[PKI_SSL_SERVER_NICKNAME] +preop.cert.sslserver.profile=caInternalAuthServerCert +preop.cert.sslserver.signing.required=false +preop.cert.sslserver.subsystem=tps +preop.cert.sslserver.type=remote +preop.cert.sslserver.userfriendlyname=SSL Server Certificate +preop.cert.subsystem.cncomponent.override=true +preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA +preop.cert.subsystem.dn=CN=TPS Subsystem Certificate +preop.cert.subsystem.enable=true +preop.cert.subsystem.keysize.custom_size=2048 +preop.cert.subsystem.keysize.size=2048 +preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] +preop.cert.subsystem.profile=caInternalAuthSubsystemCert +preop.cert.subsystem.signing.required=false +preop.cert.subsystem.subsystem=tps +preop.cert.subsystem.type=remote +preop.cert.subsystem.userfriendlyname=Subsystem Certificate +preop.configModules.count=3 +preop.configModules.module0.commonName=NSS Internal PKCS #11 Module +preop.configModules.module0.imagePath=/pki/images/clearpixel.gif +preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module +preop.configModules.module1.commonName=nfast +preop.configModules.module1.imagePath=/pki/images/clearpixel.gif +preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module +preop.configModules.module2.commonName=lunasa +preop.configModules.module2.imagePath=/pki/images/clearpixel.gif +preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module +preop.hierarchy.profile=caCert.profile +preop.internaldb.data_ldif=/usr/share/pki/tps/conf/db.ldif,/usr/share/pki/tps/conf/acl.ldif +preop.internaldb.index_ldif=/usr/share/pki/tps/conf/index.ldif +preop.internaldb.ldif=/usr/share/pki/tps/conf/database.ldif +preop.internaldb.manager_ldif=/usr/share/pki/tps/conf/manager.ldif +preop.internaldb.post_ldif=/usr/share/pki/tps/conf/vlv.ldif,/usr/share/pki/tps/conf/vlvtasks.ldif +preop.internaldb.schema.ldif=/usr/share/pki/tps/conf/schema.ldif +preop.internaldb.wait_dn=cn=index1160528734, cn=index, cn=tasks, cn=config +preop.module.token=Internal Key Storage Token +preop.pin=[PKI_RANDOM_NUMBER] +preop.product.name=CS +preop.securitydomain.admin_url=https://[PKI_HOSTNAME]:8443 +preop.system.fullname=Token Processing Service +preop.system.name=TPS +preop.wizard.name=TPS Setup Wizard +proxy.securePort=[PKI_PROXY_SECURE_PORT] +proxy.unsecurePort=[PKI_PROXY_UNSECURE_PORT] +tokenProfileResolver.list=formatMappingResolver,enrollMappingResolver,pinResetMappingResolver +tokenProfileResolver.enrollMappingResolver.class_id=mappingTokenProfileResolverImpl +tokenProfileResolver.enrollMappingResolver.mapping.0.filter.appletMajorVersion=1 +tokenProfileResolver.enrollMappingResolver.mapping.0.filter.appletMinorVersion= +tokenProfileResolver.enrollMappingResolver.mapping.0.filter.tokenATR= +tokenProfileResolver.enrollMappingResolver.mapping.0.filter.tokenCUID.end= +tokenProfileResolver.enrollMappingResolver.mapping.0.filter.tokenCUID.start= +tokenProfileResolver.enrollMappingResolver.mapping.0.filter.tokenType=userKey +tokenProfileResolver.enrollMappingResolver.mapping.0.target.tokenType=userKey +tokenProfileResolver.enrollMappingResolver.mapping.1.filter.appletMajorVersion= +tokenProfileResolver.enrollMappingResolver.mapping.1.filter.appletMinorVersion= +tokenProfileResolver.enrollMappingResolver.mapping.1.filter.tokenATR= +tokenProfileResolver.enrollMappingResolver.mapping.1.filter.tokenCUID.end= +tokenProfileResolver.enrollMappingResolver.mapping.1.filter.tokenCUID.start= +tokenProfileResolver.enrollMappingResolver.mapping.1.filter.tokenType=soKey +tokenProfileResolver.enrollMappingResolver.mapping.1.target.tokenType=soKey +tokenProfileResolver.enrollMappingResolver.mapping.2.filter.appletMajorVersion= +tokenProfileResolver.enrollMappingResolver.mapping.2.filter.appletMinorVersion= +tokenProfileResolver.enrollMappingResolver.mapping.2.filter.tokenATR= +tokenProfileResolver.enrollMappingResolver.mapping.2.filter.tokenCUID.end= +tokenProfileResolver.enrollMappingResolver.mapping.2.filter.tokenCUID.start= +tokenProfileResolver.enrollMappingResolver.mapping.2.filter.tokenType= +tokenProfileResolver.enrollMappingResolver.mapping.2.target.tokenType=userKey +tokenProfileResolver.enrollMappingResolver.mapping.order=0,1,2 +tokenProfileResolver.formatMappingResolver.class_id=mappingTokenProfileResolverImpl +tokenProfileResolver.formatMappingResolver.mapping.0.filter.appletMajorVersion= +tokenProfileResolver.formatMappingResolver.mapping.0.filter.appletMinorVersion= +tokenProfileResolver.formatMappingResolver.mapping.0.filter.tokenATR= +tokenProfileResolver.formatMappingResolver.mapping.0.filter.tokenCUID.end= +tokenProfileResolver.formatMappingResolver.mapping.0.filter.tokenCUID.start= +tokenProfileResolver.formatMappingResolver.mapping.0.filter.tokenType=soCleanUserToken +tokenProfileResolver.formatMappingResolver.mapping.0.target.tokenType=soCleanUserToken +tokenProfileResolver.formatMappingResolver.mapping.1.filter.appletMajorVersion= +tokenProfileResolver.formatMappingResolver.mapping.1.filter.appletMinorVersion= +tokenProfileResolver.formatMappingResolver.mapping.1.filter.tokenATR= +tokenProfileResolver.formatMappingResolver.mapping.1.filter.tokenCUID.end= +tokenProfileResolver.formatMappingResolver.mapping.1.filter.tokenCUID.start= +tokenProfileResolver.formatMappingResolver.mapping.1.filter.tokenType=soUserKey +tokenProfileResolver.formatMappingResolver.mapping.1.target.tokenType=soUserKey +tokenProfileResolver.formatMappingResolver.mapping.2.filter.appletMajorVersion= +tokenProfileResolver.formatMappingResolver.mapping.2.filter.appletMinorVersion= +tokenProfileResolver.formatMappingResolver.mapping.2.filter.tokenATR= +tokenProfileResolver.formatMappingResolver.mapping.2.filter.tokenCUID.end= +tokenProfileResolver.formatMappingResolver.mapping.2.filter.tokenCUID.start= +tokenProfileResolver.formatMappingResolver.mapping.2.filter.tokenType=soKey +tokenProfileResolver.formatMappingResolver.mapping.2.target.tokenType=soKey +tokenProfileResolver.formatMappingResolver.mapping.3.filter.appletMajorVersion= +tokenProfileResolver.formatMappingResolver.mapping.3.filter.appletMinorVersion= +tokenProfileResolver.formatMappingResolver.mapping.3.filter.tokenATR= +tokenProfileResolver.formatMappingResolver.mapping.3.filter.tokenCUID.end= +tokenProfileResolver.formatMappingResolver.mapping.3.filter.tokenCUID.start= +tokenProfileResolver.formatMappingResolver.mapping.3.filter.tokenType=userKey +tokenProfileResolver.formatMappingResolver.mapping.3.target.tokenType=userKey +tokenProfileResolver.formatMappingResolver.mapping.4.filter.appletMajorVersion= +tokenProfileResolver.formatMappingResolver.mapping.4.filter.appletMinorVersion= +tokenProfileResolver.formatMappingResolver.mapping.4.filter.tokenATR= +tokenProfileResolver.formatMappingResolver.mapping.4.filter.tokenCUID.end= +tokenProfileResolver.formatMappingResolver.mapping.4.filter.tokenCUID.start= +tokenProfileResolver.formatMappingResolver.mapping.4.filter.tokenType=soCleanSOToken +tokenProfileResolver.formatMappingResolver.mapping.4.target.tokenType=soCleanSOToken +tokenProfileResolver.formatMappingResolver.mapping.5.filter.appletMajorVersion= +tokenProfileResolver.formatMappingResolver.mapping.5.filter.appletMinorVersion= +tokenProfileResolver.formatMappingResolver.mapping.5.filter.tokenATR= +tokenProfileResolver.formatMappingResolver.mapping.5.filter.tokenCUID.end= +tokenProfileResolver.formatMappingResolver.mapping.5.filter.tokenCUID.start= +tokenProfileResolver.formatMappingResolver.mapping.5.filter.tokenType=cleanToken +tokenProfileResolver.formatMappingResolver.mapping.5.target.tokenType=cleanToken +tokenProfileResolver.formatMappingResolver.mapping.6.filter.appletMajorVersion= +tokenProfileResolver.formatMappingResolver.mapping.6.filter.appletMinorVersion= +tokenProfileResolver.formatMappingResolver.mapping.6.filter.tokenATR= +tokenProfileResolver.formatMappingResolver.mapping.6.filter.tokenCUID.end= +tokenProfileResolver.formatMappingResolver.mapping.6.filter.tokenCUID.start= +tokenProfileResolver.formatMappingResolver.mapping.6.target.tokenType=tokenKey +tokenProfileResolver.formatMappingResolver.mapping.order=0,1,2,3,4,5,6 +tokenProfileResolver.pinResetMappingResolver.class_id=mappingTokenProfileResolverImpl +tokenProfileResolver.pinResetMappingResolver.mapping.0.filter.appletMajorVersion= +tokenProfileResolver.pinResetMappingResolver.mapping.0.filter.appletMinorVersion= +tokenProfileResolver.pinResetMappingResolver.mapping.0.filter.tokenATR= +tokenProfileResolver.pinResetMappingResolver.mapping.0.filter.tokenCUID.end= +tokenProfileResolver.pinResetMappingResolver.mapping.0.filter.tokenCUID.start= +tokenProfileResolver.pinResetMappingResolver.mapping.0.filter.tokenType= +tokenProfileResolver.pinResetMappingResolver.mapping.0.target.tokenType=userKey +tokenProfileResolver.pinResetMappingResolver.mapping.order=0 +registry.file=[PKI_INSTANCE_PATH]/conf/tps/registry.cfg +selftests._000=## +selftests._001=## Self Tests +selftests._002=## +selftests._003=## The Self-Test plugin TPSSystemCertsVerification uses the +selftests._004=## following parameters (where certusage is optional): +selftests._005=## tps.cert.list = +selftests._006=## tps.cert..nickname +selftests._007=## tps.cert..certusage +selftests._008=## +selftests.container.instance.TPSPresence=org.dogtagpki.server.tps.selftests.TPSPresence +selftests.container.instance.TPSValidity=org.dogtagpki.server.tps.selftests.TPSValidity +selftests.container.instance.SystemCertsVerification=com.netscape.cms.selftests.common.SystemCertsVerification +selftests.container.logger.bufferSize=512 +selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile +selftests.container.logger.enable=true +selftests.container.logger.expirationTime=0 +selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/selftests.log +selftests.container.logger.flushInterval=5 +selftests.container.logger.level=1 +selftests.container.logger.maxFileSize=2000 +selftests.container.logger.register=false +selftests.container.logger.rolloverInterval=2592000 +selftests.container.logger.type=transaction +selftests.container.order.onDemand=TPSPresence:critical, SystemCertsVerification:critical, TPSValidity:critical +selftests.container.order.startup=TPSPresence:critical, SystemCertsVerification:critical +selftests.plugin.TPSPresence.TpsSubId=tps +selftests.plugin.TPSValidity.TpsSubId=tps +selftests.plugin.SystemCertsVerification.SubId=tps +service.instanceDir=[PKI_INSTANCE_ROOT] +service.instanceID=[PKI_INSTANCE_NAME] +service.machineName=[PKI_HOSTNAME] +service.non_clientauth_securePort=[PKI_EE_SECURE_PORT] +service.securePort=[PKI_AGENT_SECURE_PORT] +service.unsecurePort=[PKI_UNSECURE_PORT] +smtp.host=localhost +smtp.port=25 +subsystem.0.class=org.dogtagpki.server.tps.TPSSubsystem +subsystem.0.id=tps +subsystem.1.class=com.netscape.cmscore.selftests.SelfTestSubsystem +subsystem.1.id=selftests +subsystem.2.class=com.netscape.cmscore.util.StatsSubsystem +subsystem.2.id=stats +target._000=######################################### +target._001=# entries to enable configuration of parameter sets through the TPS UI agent and admin tabs +target._002=# +target._003=# target.configure.list = comma separated lists of all parameter sets that can be configured by the admin. +target._004=# Each entry will show up (with underscore replaced by space) under Advanced Configuration on the admin tab. +target._005=# +target._006=# target.agent_approve.list = comma separated subset of above list. Parameter sets in this list +target._007=# will show up in the agent tab (under advanced configuration) and will require agent involvement +target._008=# (enable/ disable) to be edited. +target._009=# +target._010=# For the wording to display correctly, the values in the above list should be plurals. +target._011=# +target._012=# Each parameter set in the lists above requires three parameters: +target._013=# target..list : list of choices of this parameter set type (will display in the drop down box) +target._014=# target..pattern : the regular expression to select parameters in CS.cfg for this parameter set. +target._015=# target..displayname: used in the UI display text. This should be the singular form of . +target._016=# +target._017=# The exception is the parameter set Generals, which has only a pattern and displayname defined. +target._018=# +target._019=######################################## +target.agent_approve.list=Profiles +target.Authentication_Sources.displayname=Authentication Source +target.Authentication_Sources.list=ldap1 +target.Authentication_Sources.pattern=auths\.instance\.$name\..* +target.configure.list=Profiles,Subsystem_Connections,Profile_Mappings,Authentication_Sources +target.Generals.displayname=General +target.Generals.pattern=^applet\..*\|^general\..*\|^failover.pod.enable\|^channel\..* +target.Profile_Mappings.displayname=Token Profile Mapping Resolvers +target.Profile_Mappings.list=enrollMappingResolver,formatMappingResolver,pinResetMappingResolver +target.Profile_Mappings.pattern=tokenProfileResolver\.$name\.mapping\..* +target.Profiles.displayname=Token Profile +target.Profiles.list=userKey,soKey,soCleanUserToken,soUserKey,cleanToken,soCleanSoToken,tokenKey +target.Profiles.pattern=op\..*\.$name\..* +target.Subsystem_Connections.displayname=Subsystem Connection +target.Subsystem_Connections.list= +target.Subsystem_Connections.pattern=tps.connector\.$name\..* +tokendb._000=######################################### +tokendb._001=# tokendb.auditLog: +tokendb._002=# - audit log path +tokendb._003=# tokendb.host: +tokendb._004=# - tokendb host name +tokendb._005=# tokendb.port: +tokendb._006=# - tokendb port number +tokendb._007=# tokendb.bindDN: +tokendb._008=# - tokendb administration DN (i.e. cn=Directory Manager) +tokendb._009=# tokendb.bindPassPath: +tokendb._010=# - tokendb administration password file path +tokendb._011=# tokendb.templateDir +tokendb._012=# - directory where all the tokendb templates are located +tokendb._013=# tokendb.userBaseDN: +tokendb._014=# - directory base DN for users and groups +tokendb._015=# tokendb.baseDN: +tokendb._016=# - directory base DN for tokens +tokendb._017=# tokendb.activityBaseDN: +tokendb._018=# - directory base DN for activities +tokendb._019=# tokendb.indexTemplate=index.template +tokendb._020=# - index template +tokendb._021=# tokendb.newTemplate=new.template +tokendb._022=# - add template +tokendb._023=# tokendb.showTemplate=show.template +tokendb._024=# - show template +tokendb._025=# tokendb.errorTemplate=error.template +tokendb._026=# - error template +tokendb._027=# tokendb.searchTemplate=search.template +tokendb._028=# - search template +tokendb._029=# tokendb.searchResultTemplate=searchResults.template +tokendb._030=# - search result template +tokendb._031=# tokendb.editTemplate=edit.template +tokendb._032=# - edit template +tokendb._033=# tokendb.editResultTemplate=editResults.template +tokendb._034=# - edit result template +tokendb._035=# tokendb.addResultTemplate=addResults.template +tokendb._036=# - add result template +tokendb._037=# tokendb.deleteResultTemplate=deleteResults.template +tokendb._038=# - delete result template +tokendb._039=# tokendb.searchActivityTemplate=searchActivity.template +tokendb._040=# - search activity template +tokendb._041=# tokendb.searchActivityResultTemplate=searchActivityResults.template +tokendb._042=# - search activity result template +tokendb._043=# tokendb.showAdminTemplate=showAdmin.template +tokendb._044=# - show admin template +tokendb._045=# tokendb.editAdminTemplate=editAdmin.template +tokendb._046=# - edit admin template +tokendb._047=# tokendb.editAdminResultTemplate=editAdminResults.template +tokendb._048=# - edit admin result template +tokendb._049=# tokendb.searchAdminTemplate=searchAdmin.template +tokendb._050=# - search admin template +tokendb._051=# tokendb.searchAdminResultTemplate=searchAdminResults.template +tokendb._052=# - search admin result template +tokendb._053=# tokendb.defaultPolicy: +tokendb._054=# Supported Policy (Separated by ; [Semicolon]): +tokendb._055=# For example, PIN_RESET=YES|NO;RE_ENROLL=YES|NO +tokendb._056=# PIN_RESET=YES|NO +tokendb._057=# - If not present, pin reset by user is allowed. +tokendb._058=# - If present and agent change PIN_RESET from NO +tokendb._059=# to YES, user is allowed to do pin reset. This +tokendb._060=# policy will be changed back to NO after pin reset. +tokendb._061=# RE_ENROLL=YES|NO +tokendb._062=# - If not present, re-enrollment is allowed. +tokendb._063=# - If present, re-enrollment is allowed when RE_ENROLL +tokendb._064=# is set to YES. Otherwise, re-enrollment is not +tokendb._065=# allowed. +tokendb._066=# tokendb.allowedTransitions: +tokendb._067=# - has transitions between the following states +tokendb._068=# TOKEN_UNINITIALIZED = 0, +tokendb._069=# TOKEN_DAMAGED =1, +tokendb._070=# TOKEN_PERM_LOST=2, +tokendb._071=# TOKEN_TEMP_LOST=3, +tokendb._072=# TOKEN_FOUND =4, +tokendb._073=# TOKEN_TEMP_LOST_PERM_LOST =5, +tokendb._074=# TOKEN_TERMINATED = 6 +tokendb._075=######################################### +tokendb.activityBaseDN=ou=Activities,[TOKENDB_ROOT] +tokendb.addConfigTemplate=addConfig.template +tokendb.addResultTemplate=addResults.template +tokendb.agentSelectConfigTemplate=agentSelectConfig.template +tokendb.agentViewConfigTemplate=agentViewConfig.template +tokendb.allowedTransitions=0:1,0:2,0:3,0:4,0:5,0:6,3:4,3:5,3:6,4:1,4:2,4:3,4:6 +tokendb.auditAdminTemplate=auditAdmin.template +tokendb.auditLog=[PKI_INSTANCE_PATH]/logs/tokendb-audit.log +tokendb.baseDN=ou=Tokens,[TOKENDB_ROOT] +tokendb.bindDN=cn=Directory Manager +tokendb.bindPassPath=[PKI_INSTANCE_PATH]/conf/password.conf +tokendb.certBaseDN=ou=Certificates,[TOKENDB_ROOT] +tokendb.confirmConfigChangesTemplate=confirmConfigChanges.template +tokendb.confirmDeleteConfigTemplate=confirmDeleteConfig.template +tokendb.defaultPolicy=RE_ENROLL=YES;RENEW=NO;FORCE_FORMAT=NO;PIN_RESET=NO;RESET_PIN_RESET_TO_NO=NO +tokendb.deleteResultTemplate=deleteResults.template +tokendb.deleteTemplate=delete.template +tokendb.doTokenConfirmTemplate=doTokenConfirm.template +tokendb.doTokenTemplate=doToken.template +tokendb.editConfigTemplate=editConfig.template +tokendb.editResultTemplate=editResults.template +tokendb.editTemplate=edit.template +tokendb.editUserTemplate=editUser.template +tokendb.errorTemplate=error.template +tokendb.hostport=[TOKENDB_HOST]:[TOKENDB_PORT] +tokendb.indexAdminTemplate=indexAdmin.template +tokendb.indexOperatorTemplate=indexOperator.template +tokendb.indexTemplate=index.template +tokendb.newTemplate=new.template +tokendb.newUserTemplate=newUser.template +tokendb.revokeTemplate=revoke.template +tokendb.searchActivityAdminResultTemplate=searchActivityAdminResults.template +tokendb.searchActivityAdminTemplate=searchActivityAdmin.template +tokendb.searchActivityResultTemplate=searchActivityResults.template +tokendb.searchActivityTemplate=searchActivity.template +tokendb.searchAdminResultTemplate=searchAdminResults.template +tokendb.searchAdminTemplate=searchAdmin.template +tokendb.searchCertificateResultTemplate=searchCertificateResults.template +tokendb.searchCertificateTemplate=searchCertificate.template +tokendb.searchResultTemplate=searchResults.template +tokendb.searchTemplate=search.template +tokendb.searchUserResultTemplate=searchUserResults.template +tokendb.searchUserTemplate=searchUser.template +tokendb.selectConfigTemplate=selectConfig.template +tokendb.selfTestResultsTemplate=selfTestResults.template +tokendb.selfTestTemplate=selfTest.template +tokendb.showAdminTemplate=showAdmin.template +tokendb.showCertTemplate=showCert.template +tokendb.showTemplate=show.template +tokendb.ssl=false +tokendb.templateDir=[PKI_INSTANCE_PATH]/docroot/tus +tokendb.userBaseDN=[TOKENDB_ROOT] +tokendb.userDeleteTemplate=userDelete.template +tps._000=######################################## +tps._001=# For verifying system certificates +tps._002=# tps.cert.list=sslserver,subsystem,audit_signing +tps._003=# tps.cert.sslserver.nickname=xxx +tps._005=# tps.cert.subsystem.nickname=xxx +tps._007=# tps.cert.audit_signing.nickname=xxx +tps._008=# operations.allowedTransitions: +tps._009=# - token operations, like formatting and enrollment have transitions between the following states +tps._010=# TOKEN_UNINITIALIZED = 0, +tps._011=# TOKEN_DAMAGED =1, +tps._012=# TOKEN_PERM_LOST=2, +tps._013=# TOKEN_TEMP_LOST=3, +tps._014=# TOKEN_FOUND =4, +tps._015=# TOKEN_TEMP_LOST_PERM_LOST =5, +tps._016=# TOKEN_TERMINATED = 6 +tps._017=# Sample: tps.operations.allowedTransitions=0:0,0:4,4:6,6:0 +tps._018=######################################## +tps.cert.audit_signing.certusage=ObjectSigner +tps.cert.audit_signing.nickname=[HSM_LABEL][NICKNAME] +tps.cert.list=sslserver,subsystem,audit_signing +tps.cert.sslserver.certusage=SSLServer +tps.cert.subsystem.certusage=SSLClient +tps.operations.allowedTransitions=0:0,0:4,4:0 +usrgrp._000=## +usrgrp._001=## User/Group +usrgrp._002=## +usrgrp.ldap=internaldb diff --git a/base/tps/shared/conf/Catalina/localhost/tps.xml b/base/tps/shared/conf/Catalina/localhost/tps.xml new file mode 100644 index 000000000..d80c1296d --- /dev/null +++ b/base/tps/shared/conf/Catalina/localhost/tps.xml @@ -0,0 +1,37 @@ + + + + + + + + + + + + + diff --git a/base/tps/shared/conf/acl.ldif b/base/tps/shared/conf/acl.ldif new file mode 100644 index 000000000..41b38137b --- /dev/null +++ b/base/tps/shared/conf/acl.ldif @@ -0,0 +1,33 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2006 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +dn: cn=aclResources,{rootSuffix} +objectClass: top +objectClass: CertACLS +cn: aclResources +resourceACLS: certServer.general.configuration:read,modify,delete:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";allow (modify,delete) group="Administrators":Administrators, auditors, and agents are allowed to read CMS general configuration but only administrators are allowed to modify and delete +resourceACLS: certServer.acl.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";allow (modify) group="Administrators":Administrators, agents and auditors are allowed to read ACL configuration but only administrators allowed to modify +resourceACLS: certServer.log.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";allow (modify) group="Administrators":Administrators, Agents, and auditors are allowed to read the log configuration but only administrators are allowed to modify +resourceACLS: certServer.log.configuration.fileName:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";deny (modify) user=anybody:Nobody is allowed to modify a fileName parameter +#resourceACLS: certServer.log.configuration.signedAudit.expirationTime:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";deny (modify) user=anybody:Nobody is allowed to modify an expirationTime parameter +resourceACLS: certServer.log.content.signedAudit:read:allow (read) group="Auditors":Only auditor is allowed to read the signed audit log +resourceACLS: certServer.log.content.system:read:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents":Administrators, auditors, and agents are allowed to read the log content +resourceACLS: certServer.log.content.transactions:read:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents":Administrators, auditors, and agents are allowed to read the log content +resourceACLS: certServer.auth.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";allow (modify) group="Administrators":Administrators, agents, and auditors are allowed to read authentication configuration but only administrators allowed to modify +resourceACLS: certServer.registry.configuration:read,modify:allow (read) group="Administrators" || group="Auditors" || group="Token Processing Service Manager Agents";allow (modify) group="Administrators":this acl is shared by all admin servlets +resourceACLS: certServer.admin.certificate:import:allow (import) user="anybody":Any user may import a certificate +resourceACLS: certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody":Anybody may submit an enrollment request +resourceACLS: certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to clone the configuration. +resourceACLS: certServer.tps.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout +resourceACLS: certServer.tps.authenticators:read,add,modify,approve,remove:allow (read,add,modify,approve,remove) group="Administrators":Only admins can access authenticators. +resourceACLS: certServer.tps.audit:read,modify:allow (read,modify) group="Administrators":Only admins can access configuration. +resourceACLS: certServer.tps.config:read,modify:allow (read,modify) group="Administrators":Only admins can access configuration. +resourceACLS: certServer.tps.connectors:read,add,modify,approve,remove:allow (read,add,modify,approve,remove) group="Administrators":Only admins can access connectors. +resourceACLS: certServer.tps.groups:execute:allow (execute) group="Administrators":Admins may execute group operations +resourceACLS: certServer.tps.users:execute:allow (execute) group="Administrators":Admins may execute user operations +resourceACLS: certServer.tps.profiles:read,add,modify,approve,remove:allow (read) group="Administrators" || group="TPS Agents" ; allow (add,modify,remove) group="Administrators" ; allow (approve) group="TPS Agents":Admins and agents can read, but only admins can add, modify, and remove, and only agents can approve. +resourceACLS: certServer.tps.profile-mappings:read,add,modify,approve,remove:allow (read,add,modify,approve,remove) group="Administrators" :Only admins can access profile mappings. +resourceACLS: certServer.tps.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests. +resourceACLS: certServer.tps.tokens:read,add,modify,remove:allow (read) group="Administrators" || group="TPS Agents" || group="TPS Operators"; allow (add,remove) group="Administrators" ; allow (modify) group="TPS Agents":Admins, agents, operators can read tokens, but only admins can add and remove tokens, and only agents can modify tokens. diff --git a/base/tps/shared/conf/acl.properties b/base/tps/shared/conf/acl.properties new file mode 100644 index 000000000..840c0610e --- /dev/null +++ b/base/tps/shared/conf/acl.properties @@ -0,0 +1,42 @@ +# ACL mapping +# +# Format: +# = , +# Example: +# users = certServer.ca.users,execute + + +account.login = certServer.tps.account,login +account.logout = certServer.tps.account,logout +audit.read = certServer.tps.audit,read +audit.modify = certServer.tps.audit,modify +authenticators.read = certServer.tps.authenticators,read +authenticators.add = certServer.tps.authenticators,add +authenticators.modify = certServer.tps.authenticators,modify +authenticators.approve = certServer.tps.authenticators,approve +authenticators.remove = certServer.tps.authenticators,remove +config.read = certServer.tps.config,read +config.modify = certServer.tps.config,modify +connectors.read = certServer.tps.connectors,read +connectors.add = certServer.tps.connectors,add +connectors.modify = certServer.tps.connectors,modify +connectors.approve = certServer.tps.connectors,approve +connectors.remove = certServer.tps.connectors,remove +groups = certServer.tps.groups,execute +profiles.read = certServer.tps.profiles,read +profiles.add = certServer.tps.profiles,add +profiles.modify = certServer.tps.profiles,modify +profiles.approve = certServer.tps.profiles,approve +profiles.remove = certServer.tps.profiles,remove +profile-mappings.read = certServer.tps.profile-mappings,read +profile-mappings.add = certServer.tps.profile-mappings,add +profile-mappings.modify = certServer.tps.profile-mappings,modify +profile-mappings.approve = certServer.tps.profiles-mappings,approve +profile-mappings.remove = certServer.tps.profile-mappings,remove +selftests.read = certServer.tps.selftests,read +selftests.execute = certServer.tps.selftests,execute +tokens.read = certServer.tps.tokens,read +tokens.add = certServer.tps.tokens,add +tokens.modify = certServer.tps.tokens,modify +tokens.remove = certServer.tps.tokens,remove +users = certServer.tps.users,execute diff --git a/base/tps/shared/conf/auth-method.properties b/base/tps/shared/conf/auth-method.properties new file mode 100644 index 000000000..4a97df1c6 --- /dev/null +++ b/base/tps/shared/conf/auth-method.properties @@ -0,0 +1,27 @@ +# Authentication method mapping +# +# Format: +# = ,... +# Example: +# default = * +# account = certUserDBAuthMgr,passwdUserDBAuthMgr + +default = * +account = certUserDBAuthMgr,passwdUserDBAuthMgr +audit = certUserDBAuthMgr +authenticators = certUserDBAuthMgr +certs = certUserDBAuthMgr +certrequests = certUserDBAuthMgr +config = certUserDBAuthMgr +connectors = certUserDBAuthMgr +groups = certUserDBAuthMgr +keys = certUserDBAuthMgr +keyrequests = certUserDBAuthMgr +kraconnectors = certUserDBAuthMgr +profiles = certUserDBAuthMgr +profile-mappings = certUserDBAuthMgr +securityDomain.installToken = passwdUserDBAuthMgr +selftests = certUserDBAuthMgr +tokens = certUserDBAuthMgr +tpsconnectors = certUserDBAuthMgr +users = certUserDBAuthMgr diff --git a/base/tps/shared/conf/catalina.policy b/base/tps/shared/conf/catalina.policy new file mode 100644 index 000000000..5ccc7959e --- /dev/null +++ b/base/tps/shared/conf/catalina.policy @@ -0,0 +1,182 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// Copyright (C) 2006-2010 Red Hat, Inc. +// All rights reserved. +// Modifications: configuration parameters +// --- END COPYRIGHT BLOCK --- + +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// ============================================================================ +// catalina.corepolicy - Security Policy Permissions for Tomcat 6 +// +// This file contains a default set of security policies to be enforced (by the +// JVM) when Catalina is executed with the "-security" option. In addition +// to the permissions granted here, the following additional permissions are +// granted to the codebase specific to each web application: +// +// * Read access to the document root directory +// +// $Id$ +// ============================================================================ + + +// ========== SYSTEM CODE PERMISSIONS ========================================= + + +// These permissions apply to javac +grant codeBase "file:${java.home}/lib/-" { + permission java.security.AllPermission; +}; + +// These permissions apply to all shared system extensions +grant codeBase "file:${java.home}/jre/lib/ext/-" { + permission java.security.AllPermission; +}; + +// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre +grant codeBase "file:${java.home}/../lib/-" { + permission java.security.AllPermission; +}; + +// These permissions apply to all shared system extensions when +// ${java.home} points at $JAVA_HOME/jre +grant codeBase "file:${java.home}/lib/ext/-" { + permission java.security.AllPermission; +}; + + +// ========== CATALINA CODE PERMISSIONS ======================================= + + +// These permissions apply to the daemon code +grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" { + permission java.security.AllPermission; +}; + +// These permissions apply to the logging API +grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { + permission java.util.PropertyPermission "java.util.logging.config.class", "read"; + permission java.util.PropertyPermission "java.util.logging.config.file", "read"; + permission java.io.FilePermission "${java.home}${file.separator}lib${file.separator}logging.properties", "read"; + permission java.lang.RuntimePermission "shutdownHooks"; + permission java.io.FilePermission "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read"; + permission java.util.PropertyPermission "catalina.base", "read"; + permission java.util.logging.LoggingPermission "control"; + permission java.io.FilePermission "${catalina.base}${file.separator}logs", "read, write"; + permission java.io.FilePermission "${catalina.base}${file.separator}logs${file.separator}*", "read, write"; + permission java.lang.RuntimePermission "getClassLoader"; + // To enable per context logging configuration, permit read access to the appropriate file. + // Be sure that the logging configuration is secure before enabling such access + // eg for the examples web application: + // permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read"; +}; + +// These permissions apply to the server startup code +grant codeBase "file:${catalina.home}/bin/bootstrap.jar" { + permission java.security.AllPermission; +}; + +// These permissions apply to the servlet API classes +// and those that are shared across all class loaders +// located in the "lib" directory +grant codeBase "file:${catalina.home}/lib/-" { + permission java.security.AllPermission; +}; + + +// ========== WEB APPLICATION PERMISSIONS ===================================== + + +// These permissions are granted by default to all web applications +// In addition, a web application will be given a read FilePermission +// and JndiPermission for all files and directories in its document root. +grant { + // Required for JNDI lookup of named JDBC DataSource's and + // javamail named MimePart DataSource used to send mail + permission java.util.PropertyPermission "java.home", "read"; + permission java.util.PropertyPermission "java.naming.*", "read"; + permission java.util.PropertyPermission "javax.sql.*", "read"; + + // OS Specific properties to allow read access + permission java.util.PropertyPermission "os.name", "read"; + permission java.util.PropertyPermission "os.version", "read"; + permission java.util.PropertyPermission "os.arch", "read"; + permission java.util.PropertyPermission "file.separator", "read"; + permission java.util.PropertyPermission "path.separator", "read"; + permission java.util.PropertyPermission "line.separator", "read"; + + // JVM properties to allow read access + permission java.util.PropertyPermission "java.version", "read"; + permission java.util.PropertyPermission "java.vendor", "read"; + permission java.util.PropertyPermission "java.vendor.url", "read"; + permission java.util.PropertyPermission "java.class.version", "read"; + permission java.util.PropertyPermission "java.specification.version", "read"; + permission java.util.PropertyPermission "java.specification.vendor", "read"; + permission java.util.PropertyPermission "java.specification.name", "read"; + + permission java.util.PropertyPermission "java.vm.specification.version", "read"; + permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; + permission java.util.PropertyPermission "java.vm.specification.name", "read"; + permission java.util.PropertyPermission "java.vm.version", "read"; + permission java.util.PropertyPermission "java.vm.vendor", "read"; + permission java.util.PropertyPermission "java.vm.name", "read"; + + // Required for OpenJMX + permission java.lang.RuntimePermission "getAttribute"; + + // Allow read of JAXP compliant XML parser debug + permission java.util.PropertyPermission "jaxp.debug", "read"; + + // Precompiled JSPs need access to this package. + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*"; + + // Precompiled JSPs need access to this system property. + permission java.util.PropertyPermission "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read"; +}; + + +// You can assign additional permissions to particular web applications by +// adding additional "grant" entries here, based on the code base for that +// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files. +// +// Different permissions can be granted to JSP pages, classes loaded from +// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/ +// directory, or even to individual jar files in the /WEB-INF/lib/ directory. +// +// For instance, assume that the standard "examples" application +// included a JDBC driver that needed to establish a network connection to the +// corresponding database and used the scrape taglib to get the weather from +// the NOAA web server. You might create a "grant" entries like this: +// +// The permissions granted to the context root directory apply to JSP pages. +// grant codeBase "file:${catalina.home}/webapps/examples/-" { +// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; +// permission java.net.SocketPermission "*.noaa.gov:80", "connect"; +// }; +// +// The permissions granted to the context WEB-INF/classes directory +// grant codeBase "file:${catalina.home}/webapps/examples/WEB-INF/classes/-" { +// }; +// +// The permission granted to your JDBC driver +// grant codeBase "jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar!/-" { +// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect"; +// }; +// The permission granted to the scrape taglib +// grant codeBase "jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/scrape.jar!/-" { +// permission java.net.SocketPermission "*.noaa.gov:80", "connect"; +// }; diff --git a/base/tps/shared/conf/catalina.properties b/base/tps/shared/conf/catalina.properties new file mode 100644 index 000000000..f6d1d1415 --- /dev/null +++ b/base/tps/shared/conf/catalina.properties @@ -0,0 +1,87 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2006-2010 Red Hat, Inc. +# All rights reserved. +# Modifications: configuration parameters +# --- END COPYRIGHT BLOCK --- + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# List of comma-separated packages that start with or equal this string +# will cause a security exception to be thrown when +# passed to checkPackageAccess unless the +# corresponding RuntimePermission ("accessClassInPackage."+package) has +# been granted. +package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.,sun.beans. +# +# List of comma-separated packages that start with or equal this string +# will cause a security exception to be thrown when +# passed to checkPackageDefinition unless the +# corresponding RuntimePermission ("defineClassInPackage."+package) has +# been granted. +# +# by default, no packages are restricted for definition, and none of +# the class loaders supplied with the JDK call checkPackageDefinition. +# +package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper. + +# +# +# List of comma-separated paths defining the contents of the "common" +# classloader. Prefixes should be used to define what is the repository type. +# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute. +# If left as blank,the JVM system loader will be used as Catalina's "common" +# loader. +# Examples: +# "foo": Add this folder as a class repository +# "foo/*.jar": Add all the JARs of the specified folder as class +# repositories +# "foo/bar.jar": Add bar.jar as a class repository +common.loader=${catalina.home}/lib,${catalina.home}/lib/*.jar,[TOMCAT_INSTANCE_COMMON_LIB] + +# +# List of comma-separated paths defining the contents of the "server" +# classloader. Prefixes should be used to define what is the repository type. +# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute. +# If left as blank, the "common" loader will be used as Catalina's "server" +# loader. +# Examples: +# "foo": Add this folder as a class repository +# "foo/*.jar": Add all the JARs of the specified folder as class +# repositories +# "foo/bar.jar": Add bar.jar as a class repository +server.loader= + +# +# List of comma-separated paths defining the contents of the "shared" +# classloader. Prefixes should be used to define what is the repository type. +# Path may be relative to the CATALINA_BASE path or absolute. If left as blank, +# the "common" loader will be used as Catalina's "shared" loader. +# Examples: +# "foo": Add this folder as a class repository +# "foo/*.jar": Add all the JARs of the specified folder as class +# repositories +# "foo/bar.jar": Add bar.jar as a class repository +# Please note that for single jars, e.g. bar.jar, you need the URL form +# starting with file:. +shared.loader= + +# +# String cache configuration. +tomcat.util.buf.StringCache.byte.enabled=true +#tomcat.util.buf.StringCache.char.enabled=true +#tomcat.util.buf.StringCache.trainThreshold=500000 +#tomcat.util.buf.StringCache.cacheSize=5000 diff --git a/base/tps/shared/conf/database.ldif b/base/tps/shared/conf/database.ldif new file mode 100644 index 000000000..d3c5f9e68 --- /dev/null +++ b/base/tps/shared/conf/database.ldif @@ -0,0 +1,9 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2006 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +dn: cn=config +changetype: modify +replace: nsslapd-maxbersize +nsslapd-maxbersize: 209715200 diff --git a/base/tps/shared/conf/db.ldif b/base/tps/shared/conf/db.ldif new file mode 100644 index 000000000..afa0c3920 --- /dev/null +++ b/base/tps/shared/conf/db.ldif @@ -0,0 +1,54 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2006 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +dn: ou=Tokens,{rootSuffix} +objectclass: top +objectclass: organizationalunit +ou: Tokens + +dn: ou=Activities,{rootSuffix} +objectclass: top +objectclass: organizationalunit +ou: Activities + +dn: ou=Certificates,{rootSuffix} +objectclass: top +objectclass: organizationalunit +ou: Certificates + +dn: ou=People,{rootSuffix} +objectclass: top +objectclass: organizationalunit +ou: People +aci: (targetattr!="userPassword")(version 3.0; acl "Enable anonymous access"; allow (read, search, compare)userdn="ldap:///anyone";) + +dn: ou=Groups,{rootSuffix} +objectclass: top +objectclass: organizationalunit +ou: Groups + +dn: cn=TPS Agents,ou=Groups,{rootSuffix} +objectClass: top +objectClass: groupOfUniqueNames +cn: TPS Agents +description: Agents for TPS + +dn: cn=TPS Officers,ou=Groups,{rootSuffix} +objectClass: top +objectClass: groupOfUniqueNames +cn: TPS Officers +description: Security Officers for TPS + +dn: cn=Administrators,ou=Groups,{rootSuffix} +objectClass: top +objectClass: groupOfUniqueNames +cn: Administrators +description: Administrators for TPS + +dn: cn=TPS Operators,ou=Groups,{rootSuffix} +objectClass: top +objectClass: groupOfUniqueNames +cn: TPS Operators +description: Operators for TPS diff --git a/base/tps/shared/conf/index.ldif b/base/tps/shared/conf/index.ldif new file mode 100644 index 000000000..defe17a63 --- /dev/null +++ b/base/tps/shared/conf/index.ldif @@ -0,0 +1,84 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +dn: cn=tokenUserID,cn=index,cn={database},cn=ldbm database,cn=plugins,cn=config +objectclass: top +objectclass: nsIndex +cn: tokenUserID +nsindextype: eq +nsindextype: pres +nsindextype: sub +nssystemindex: false + +dn: cn=tokenID,cn=index,cn={database},cn=ldbm database,cn=plugins,cn=config +objectclass: top +objectclass: nsIndex +cn: tokenID +nsindextype: eq +nsindextype: pres +nsindextype: sub +nssystemindex: false + +dn: cn=dateOfCreate,cn=index,cn={database},cn=ldbm database,cn=plugins,cn=config +objectclass: top +objectclass: nsIndex +cn: dateOfCreate +nsindextype: eq +nsindextype: pres +nsindextype: sub +nssystemindex: false + +dn: cn=dateOfModify,cn=index,cn={database},cn=ldbm database,cn=plugins,cn=config +objectclass: top +objectclass: nsIndex +cn: dateOfModify +nsindextype: eq +nsindextype: pres +nsindextype: sub +nssystemindex: false + +dn: cn=userCertificate,cn=index,cn={database},cn=ldbm database,cn=plugins,cn=config +objectclass: top +objectclass: nsIndex +cn: userCertificate +nsindextype: eq +nssystemindex: false + +dn: cn=tokenSerial,cn=index,cn={database},cn=ldbm database,cn=plugins,cn=config +objectclass: top +objectclass: nsIndex +cn: tokenSerial +nsindextype: eq +nssystemindex: false + +dn: cn=tokenKeyType,cn=index,cn={database},cn=ldbm database,cn=plugins,cn=config +objectclass: top +objectclass: nsIndex +cn: tokenKeyType +nsindextype: eq +nssystemindex: false + +dn: cn=description,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config +objectClass: top +objectClass: nsIndex +nsIndexType: eq +nsIndexType: pres +nsSystemIndex: false +cn: description diff --git a/base/tps/shared/conf/jk2.manifest b/base/tps/shared/conf/jk2.manifest new file mode 100644 index 000000000..986d7b874 --- /dev/null +++ b/base/tps/shared/conf/jk2.manifest @@ -0,0 +1,2 @@ +Main-Class: org.apache.jk.apr.TomcatStarter +Class-Path: ../lib/tomcat.jar log4j.jar log4j-core.jar ../lib/common/log4j.jar ../lib/common/log4j-core.jar ../lib/common/classes ../lib/common/commons-logging.jar bootstrap.jar ../server/lib/commons-logging.jar ../server/lib/jmx.jar jmx.jar commons-logging-api.jar diff --git a/base/tps/shared/conf/jk2.properties b/base/tps/shared/conf/jk2.properties new file mode 100644 index 000000000..934d6ed54 --- /dev/null +++ b/base/tps/shared/conf/jk2.properties @@ -0,0 +1,31 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2006 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +## THIS FILE MAY BE OVERRIDEN AT RUNTIME. MAKE SURE TOMCAT IS STOPED +## WHEN YOU EDIT THE FILE. + +## COMMENTS WILL BE _LOST_ + +## DOCUMENTATION OF THE FORMAT IN JkMain javadoc. + +# Set the desired handler list +# handler.list=apr,request,channelJni +# +# Override the default port for the socketChannel +# channelSocket.port=8019 +# Default: +# channelUnix.file=${jkHome}/work/jk2.socket +# Just to check if the the config is working +# shm.file=${jkHome}/work/jk2.shm + +# In order to enable jni use any channelJni directive +# channelJni.disabled = 0 +# And one of the following directives: + +# apr.jniModeSo=/opt/apache2/modules/mod_jk2.so + +# If set to inprocess the mod_jk2 will Register natives itself +# This will enable the starting of the Tomcat from mod_jk2 +# apr.jniModeSo=inprocess diff --git a/base/tps/shared/conf/jkconf.ant.xml b/base/tps/shared/conf/jkconf.ant.xml new file mode 100644 index 000000000..48396f1b7 --- /dev/null +++ b/base/tps/shared/conf/jkconf.ant.xml @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/base/tps/shared/conf/jkconfig.manifest b/base/tps/shared/conf/jkconfig.manifest new file mode 100644 index 000000000..3ba1f2e3e --- /dev/null +++ b/base/tps/shared/conf/jkconfig.manifest @@ -0,0 +1,2 @@ +Main-Class: org.apache.jk.config.WebXml2Jk +Class-Path: tomcat-jk2.jar commons-logging.jar crimson.jar xercesImpl.jar xmlApis.jar tomcat-util.jar log4j.jar log4j-core.jar diff --git a/base/tps/shared/conf/logging.properties b/base/tps/shared/conf/logging.properties new file mode 100644 index 000000000..796cfc071 --- /dev/null +++ b/base/tps/shared/conf/logging.properties @@ -0,0 +1,70 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2006-2010 Red Hat, Inc. +# All rights reserved. +# Modifications: configuration parameters +# --- END COPYRIGHT BLOCK --- + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, 3manager.org.apache.juli.FileHandler, 4host-manager.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler + +.handlers = 1catalina.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler + +############################################################ +# Handler specific properties. +# Describes specific configuration info for Handlers. +############################################################ + +1catalina.org.apache.juli.FileHandler.level = FINE +1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs +1catalina.org.apache.juli.FileHandler.prefix = catalina. + +2localhost.org.apache.juli.FileHandler.level = FINE +2localhost.org.apache.juli.FileHandler.directory = ${catalina.base}/logs +2localhost.org.apache.juli.FileHandler.prefix = localhost. + +3manager.org.apache.juli.FileHandler.level = FINE +3manager.org.apache.juli.FileHandler.directory = ${catalina.base}/logs +3manager.org.apache.juli.FileHandler.prefix = manager. + +4host-manager.org.apache.juli.FileHandler.level = FINE +4host-manager.org.apache.juli.FileHandler.directory = ${catalina.base}/logs +4host-manager.org.apache.juli.FileHandler.prefix = host-manager. + +java.util.logging.ConsoleHandler.level = FINE +java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter + + +############################################################ +# Facility specific properties. +# Provides extra control for each logger. +############################################################ + +org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO +org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.FileHandler + +org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO +org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = 3manager.org.apache.juli.FileHandler + +org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO +org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = 4host-manager.org.apache.juli.FileHandler + +# For example, set the com.xyz.foo logger to only log SEVERE +# messages: +#org.apache.catalina.startup.ContextConfig.level = FINE +#org.apache.catalina.startup.HostConfig.level = FINE +#org.apache.catalina.session.ManagerBase.level = FINE +#org.apache.catalina.core.AprLifecycleListener.level=FINE diff --git a/base/tps/shared/conf/manager.ldif b/base/tps/shared/conf/manager.ldif new file mode 100644 index 000000000..18700dd4b --- /dev/null +++ b/base/tps/shared/conf/manager.ldif @@ -0,0 +1,46 @@ +# acis for cert manager + +dn: ou=csusers,cn=config +objectClass: top +objectClass: organizationalUnit +ou: csusers + +dn: {rootSuffix} +changetype: modify +add: aci +aci: (targetattr=*)(version 3.0; acl "cert manager access v2"; allow (all) userdn = "ldap:///{dbuser}";) + +dn: cn=ldbm database,cn=plugins,cn=config +changetype: modify +add: aci +aci: (targetattr=*)(version 3.0; acl "Cert Manager access for VLV searches"; allow (read) userdn="ldap:///{dbuser}";) + +dn: cn=config +changetype: modify +add: aci +aci: (targetattr != aci)(version 3.0; aci "cert manager read access"; allow (read, search, compare) userdn = "ldap:///{dbuser}";) + +dn: ou=csusers,cn=config +changetype: modify +add: aci +aci: (targetattr != aci)(version 3.0; aci "cert manager manage replication users"; allow (all) userdn = "ldap:///{dbuser}";) + +dn: cn="{rootSuffix}",cn=mapping tree,cn=config +changetype: modify +add: aci +aci: (targetattr=*)(version 3.0;acl "cert manager: Add Replication Agreements";allow (add) userdn = "ldap:///{dbuser}";) + +dn: cn="{rootSuffix}",cn=mapping tree,cn=config +changetype: modify +add: aci +aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "cert manager: Modify Replication Agreements"; allow (read, write, search) userdn = "ldap:///{dbuser}";) + +dn: cn="{rootSuffix}",cn=mapping tree,cn=config +changetype: modify +add: aci +aci: (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "cert manager: Remove Replication Agreements";allow (delete) userdn = "ldap:///{dbuser}";) + +dn: cn=tasks,cn=config +changetype: modify +add: aci +aci: (targetattr=*)(version 3.0; acl "cert manager: Run tasks after replica re-initialization"; allow (add) userdn = "ldap:///{dbuser}";) diff --git a/base/tps/shared/conf/phoneHome.xml b/base/tps/shared/conf/phoneHome.xml new file mode 100644 index 000000000..314e1bb64 --- /dev/null +++ b/base/tps/shared/conf/phoneHome.xml @@ -0,0 +1,10 @@ + +FedoraProject + +https://[PKI_HOSTNAME]:[PKI_SECURE_PORT]/tps/tps + +http://fedoraproject.org + +userKey + + diff --git a/base/tps/shared/conf/registry.cfg b/base/tps/shared/conf/registry.cfg new file mode 100644 index 000000000..dc26ae861 --- /dev/null +++ b/base/tps/shared/conf/registry.cfg @@ -0,0 +1,5 @@ +types=tpsTokenProfileResolver +tpsTokenProfileResolver.ids=mappingTokenProfileResolverImpl +tpsTokenProfileResolver.mappingTokenProfileResolverImpl.class=org.dogtagpki.server.tps.profile.MappingTokenProfileResolver +tpsTokenProfileResolver.mappingTokenProfileResolverImpl.desc=Mapping-based Token profile resolver +tpsTokenProfileResolver.mappingTokenProfileResolverImpl.name=Mapping-based Token profile resolver diff --git a/base/tps/shared/conf/schema.ldif b/base/tps/shared/conf/schema.ldif new file mode 100644 index 000000000..bde045630 --- /dev/null +++ b/base/tps/shared/conf/schema.ldif @@ -0,0 +1,58 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( dateOfCreate-oid NAME 'dateOfCreate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( dateOfModify-oid NAME 'dateOfModify' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( modified-oid NAME 'modified' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenUserID-oid NAME 'tokenUserID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenStatus-oid NAME 'tokenStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenAppletID-oid NAME 'tokenAppletID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( keyInfo-oid NAME 'keyInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( numberOfResets-oid NAME 'numberOfResets' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) +attributeTypes: ( numberOfEnrollments-oid NAME 'numberOfEnrollments' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) +attributeTypes: ( numberOfRenewals-oid NAME 'numberOfRenewals' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) +attributeTypes: ( numberOfRecoveries-oid NAME 'numberOfRecoveries' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) +attributeTypes: ( allowPinReset-oid NAME 'allowPinReset' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( extensions-oid NAME 'extensions' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenOp-oid NAME 'tokenOp' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenID-oid NAME 'tokenID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenMsg-oid NAME 'tokenMsg' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenResult-oid NAME 'tokenResult' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenIP-oid NAME 'tokenIP' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenPolicy-oid NAME 'tokenPolicy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenIssuer-oid NAME 'tokenIssuer' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenSubject-oid NAME 'tokenSubject' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenSerial-oid NAME 'tokenSerial' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenOrigin-oid NAME 'tokenOrigin' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenType-oid NAME 'tokenType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenKeyType-oid NAME 'tokenKeyType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenReason-oid NAME 'tokenReason' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenNotBefore-oid NAME 'tokenNotBefore' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenNotAfter-oid NAME 'tokenNotAfter' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( profileID-oid NAME 'profileID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +- +add: objectClasses +objectClasses: ( tokenRecord-oid NAME 'tokenRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ modified $ tokenReason $ tokenUserID $ tokenStatus $ tokenAppletID $ keyInfo $ tokenPolicy $ extensions $ numberOfResets $ numberOfEnrollments $ numberOfRenewals $ numberOfRecoveries $ userCertificate $ tokenType ) X-ORIGIN 'user defined' ) +objectClasses: ( tokenActivity-oid NAME 'tokenActivity' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ tokenOp $ tokenIP $ tokenResult $ tokenID $ tokenUserID $ tokenMsg $ extensions $ tokenType ) X-ORIGIN 'user defined' ) +objectClasses: ( tokenCert-oid NAME 'tokenCert' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ userCertificate $ tokenUserID $ tokenID $ tokenIssuer $ tokenOrigin $ tokenSubject $ tokenSerial $ tokenStatus $ tokenType $ tokenKeyType $ tokenNotBefore $ tokenNotAfter $ extensions ) X-ORIGIN 'user defined' ) +objectClasses: ( tpsProfileID-oid NAME 'tpsProfileID' DESC 'CMS defined class' SUP top AUXILIARY MAY ( profileID ) X-ORIGIN 'user-defined' ) diff --git a/base/tps/shared/conf/server-minimal.xml b/base/tps/shared/conf/server-minimal.xml new file mode 100644 index 000000000..fc855c6e3 --- /dev/null +++ b/base/tps/shared/conf/server-minimal.xml @@ -0,0 +1,29 @@ + + + + + + + + + + + + + + + + + + + + + diff --git a/base/tps/shared/conf/server.xml b/base/tps/shared/conf/server.xml new file mode 100644 index 000000000..23e4f5fde --- /dev/null +++ b/base/tps/shared/conf/server.xml @@ -0,0 +1,258 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + [PKI_UNSECURE_PORT_SERVER_COMMENT] + + + + [PKI_SECURE_PORT_SERVER_COMMENT] + + + + + [PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT][PKI_ADMIN_SECURE_PORT_SERVER_COMMENT] + + [PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT] + + [PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT][PKI_EE_SECURE_PORT_SERVER_COMMENT] + + [PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT] + + + + + + + +[PKI_OPEN_AJP_PORT_COMMENT] + +[PKI_CLOSE_AJP_PORT_COMMENT] + + + + + + + + + + + + + + + + + + + + + + + + [PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT] + + [PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT] + + + + + diff --git a/base/tps/shared/conf/shm.manifest b/base/tps/shared/conf/shm.manifest new file mode 100644 index 000000000..0505c085b --- /dev/null +++ b/base/tps/shared/conf/shm.manifest @@ -0,0 +1,2 @@ +Main-Class: org.apache.jk.common.Shm +Class-Path: tomcat-jk2.jar commons-logging.jar tomcat-util.jar log4j.jar log4j-core.jar diff --git a/base/tps/shared/conf/tomcat-jk2.manifest b/base/tps/shared/conf/tomcat-jk2.manifest new file mode 100644 index 000000000..acfef4a90 --- /dev/null +++ b/base/tps/shared/conf/tomcat-jk2.manifest @@ -0,0 +1,7 @@ +Manifest-version: 1.0 +Extension-Name: org.apache.jk +Specification-Vendor: Apache Software Foundation +Specification-Version: 2.0 +Implementation-Vendor-Id: org.apache +Implementation-Vendor: Apache Software Foundation +Implementation-Version: 2.1 diff --git a/base/tps/shared/conf/tomcat-users.xml b/base/tps/shared/conf/tomcat-users.xml new file mode 100644 index 000000000..daa9260cc --- /dev/null +++ b/base/tps/shared/conf/tomcat-users.xml @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/base/tps/shared/conf/tomcat6.conf b/base/tps/shared/conf/tomcat6.conf new file mode 100644 index 000000000..2d7def5ec --- /dev/null +++ b/base/tps/shared/conf/tomcat6.conf @@ -0,0 +1,58 @@ +# Service-specific configuration file for tomcat6. This will be sourced by +# the SysV init script after the global configuration file +# /etc/tomcat6/tomcat6.conf, thus allowing values to be overridden in +# a per-service manner. +# +# NEVER change the init script itself. To change values for all services make +# your changes in /etc/tomcat6/tomcat6.conf +# +# To change values for a specific service make your edits here. +# To create a new service create a link from /etc/init.d/ to +# /etc/init.d/tomcat6 (do not copy the init script) and make a copy of the +# /etc/sysconfig/tomcat6 file to /etc/sysconfig/ and change +# the property values so the two services won't conflict. Register the new +# service in the system as usual (see chkconfig and similars). +# + +# Where your java installation lives +#JAVA_HOME="/usr/lib/jvm/java" + +# Where your tomcat installation lives +CATALINA_BASE="[PKI_INSTANCE_PATH]" +#CATALINA_HOME="/usr/share/tomcat6" +#JASPER_HOME="/usr/share/tomcat6" +#CATALINA_TMPDIR="/var/cache/tomcat6/temp" + +# You can pass some parameters to java here if you wish to +#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3" + +# Use JAVA_OPTS to set java.library.path for libtcnative.so +#JAVA_OPTS="-Djava.library.path=/usr/lib64" + +# What user should run tomcat +TOMCAT_USER="[PKI_USER]" + +# You can change your tomcat locale here +#LANG="en_US" + +# Run tomcat under the Java Security Manager +#SECURITY_MANAGER="false" + +# Time to wait in seconds, before killing process +#SHUTDOWN_WAIT="30" + +# Whether to annoy the user with "attempting to shut down" messages or not +#SHUTDOWN_VERBOSE="false" + +# Set the TOMCAT_PID location +CATALINA_PID="[TOMCAT_PIDFILE]" + +# Set the tomcat log file +TOMCAT_LOG="[TOMCAT_LOG_DIR]/tomcat-initd.log" + +# Connector port is 8080 for this tomcat6 instance +#CONNECTOR_PORT="8080" + +# If you wish to further customize your tomcat environment, +# put your own definitions here +# (i.e. LD_LIBRARY_PATH for some jdbc drivers) diff --git a/base/tps/shared/conf/uriworkermap.properties b/base/tps/shared/conf/uriworkermap.properties new file mode 100644 index 000000000..c89dd82a6 --- /dev/null +++ b/base/tps/shared/conf/uriworkermap.properties @@ -0,0 +1,18 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2006 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# uriworkermap.properties - IIS +# +# This file provides sample mappings for example ajp13w +# worker defined in workermap.properties.minimal +# The general sytax for this file is: +# [URL]=[Worker name] + +/servlet-examples/*=ajp13w + +# Optionally filter out all .jpeg files inside that context +# For no mapping the url has to start with exclamation (!) + +!/servlet-examples/*.jpeg=ajp13w diff --git a/base/tps/shared/conf/vlv.ldif b/base/tps/shared/conf/vlv.ldif new file mode 100644 index 000000000..db7988e36 --- /dev/null +++ b/base/tps/shared/conf/vlv.ldif @@ -0,0 +1,51 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +dn: cn=tus-listTokens-vlv,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +cn: tus-listtokens-vlv +objectClass: top +objectClass: vlvsearch +vlvBase: ou=Tokens,{rootSuffix} +vlvFilter: (&(cn=*)(tokenUserID=*)) +vlvScope: 2 + +dn: cn=tus-listActivities-vlv,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +cn: tus-listActivities-vlv +objectClass: top +objectClass: vlvsearch +vlvBase: ou=Activities,{rootSuffix} +vlvFilter: (&(tokenID=*)(tokenUserID=*)) +vlvScope: 2 + +dn: cn=listTokensIndex,cn=tus-listTokens-vlv,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +cn: listTokensIndex +objectClass: top +objectClass: vlvindex +vlvSort: -dateOfModify +vlvEnabled: 1 +vlvUses: 0 + +dn: cn=listActivitiesIndex,cn=tus-listActivities-vlv,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +cn: listActivitiesIndex +objectClass: top +objectClass: vlvindex +vlvSort: -dateOfCreate +vlvEnabled: 1 +vlvUses: 0 diff --git a/base/tps/shared/conf/vlvtasks.ldif b/base/tps/shared/conf/vlvtasks.ldif new file mode 100644 index 000000000..b1b93aabf --- /dev/null +++ b/base/tps/shared/conf/vlvtasks.ldif @@ -0,0 +1,28 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +dn: cn=index1160528734, cn=index, cn=tasks, cn=config +objectclass: top +objectclass: extensibleObject +cn: index1160528734 +ttl: 4 +nsinstance: userRoot +nsindexVLVAttribute: listTokensIndex +nsindexVLVAttribute: listActivitiesIndex diff --git a/base/tps/shared/conf/web.xml b/base/tps/shared/conf/web.xml new file mode 100644 index 000000000..8330ecca8 --- /dev/null +++ b/base/tps/shared/conf/web.xml @@ -0,0 +1,993 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + default + org.apache.catalina.servlets.DefaultServlet + + debug + 0 + + + listings + false + + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + jsp + org.apache.jasper.servlet.JspServlet + + fork + false + + + xpoweredBy + false + + 3 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + default + / + + + + + + + + jsp + *.jsp + + + + jsp + *.jspx + + + + + + + + + + + + + + + + 30 + + + + + + + + + + + + abs + audio/x-mpeg + + + ai + application/postscript + + + aif + audio/x-aiff + + + aifc + audio/x-aiff + + + aiff + audio/x-aiff + + + aim + application/x-aim + + + art + image/x-jg + + + asf + video/x-ms-asf + + + asx + video/x-ms-asf + + + au + audio/basic + + + avi + video/x-msvideo + + + avx + video/x-rad-screenplay + + + bcpio + application/x-bcpio + + + bin + application/octet-stream + + + bmp + image/bmp + + + body + text/html + + + cdf + application/x-cdf + + + cer + application/x-x509-ca-cert + + + class + application/java + + + cpio + application/x-cpio + + + csh + application/x-csh + + + css + text/css + + + dib + image/bmp + + + doc + application/msword + + + dtd + application/xml-dtd + + + dv + video/x-dv + + + dvi + application/x-dvi + + + eps + application/postscript + + + etx + text/x-setext + + + exe + application/octet-stream + + + gif + image/gif + + + gtar + application/x-gtar + + + gz + application/x-gzip + + + hdf + application/x-hdf + + + hqx + application/mac-binhex40 + + + htc + text/x-component + + + htm + text/html + + + html + text/html + + + hqx + application/mac-binhex40 + + + ief + image/ief + + + jad + text/vnd.sun.j2me.app-descriptor + + + jar + application/java-archive + + + java + text/plain + + + jnlp + application/x-java-jnlp-file + + + jpe + image/jpeg + + + jpeg + image/jpeg + + + jpg + image/jpeg + + + js + text/javascript + + + jsf + text/plain + + + jspf + text/plain + + + kar + audio/x-midi + + + latex + application/x-latex + + + m3u + audio/x-mpegurl + + + mac + image/x-macpaint + + + man + application/x-troff-man + + + mathml + application/mathml+xml + + + me + application/x-troff-me + + + mid + audio/x-midi + + + midi + audio/x-midi + + + mif + application/x-mif + + + mov + video/quicktime + + + movie + video/x-sgi-movie + + + mp1 + audio/x-mpeg + + + mp2 + audio/x-mpeg + + + mp3 + audio/x-mpeg + + + mpa + audio/x-mpeg + + + mpe + video/mpeg + + + mpeg + video/mpeg + + + mpega + audio/x-mpeg + + + mpg + video/mpeg + + + mpv2 + video/mpeg2 + + + ms + application/x-wais-source + + + nc + application/x-netcdf + + + oda + application/oda + + + ogg + application/ogg + + + pbm + image/x-portable-bitmap + + + pct + image/pict + + + pdf + application/pdf + + + pgm + image/x-portable-graymap + + + pic + image/pict + + + pict + image/pict + + + pls + audio/x-scpls + + + png + image/png + + + pnm + image/x-portable-anymap + + + pnt + image/x-macpaint + + + ppm + image/x-portable-pixmap + + + ppt + application/powerpoint + + + ps + application/postscript + + + psd + image/x-photoshop + + + qt + video/quicktime + + + qti + image/x-quicktime + + + qtif + image/x-quicktime + + + ras + image/x-cmu-raster + + + rdf + application/rdf+xml + + + rgb + image/x-rgb + + + rm + application/vnd.rn-realmedia + + + roff + application/x-troff + + + rtf + application/rtf + + + rtx + text/richtext + + + sh + application/x-sh + + + shar + application/x-shar + + + smf + audio/x-midi + + + sit + application/x-stuffit + + + snd + audio/basic + + + src + application/x-wais-source + + + sv4cpio + application/x-sv4cpio + + + sv4crc + application/x-sv4crc + + + svg + image/svg+xml + + + swf + application/x-shockwave-flash + + + t + application/x-troff + + + tar + application/x-tar + + + tcl + application/x-tcl + + + tex + application/x-tex + + + texi + application/x-texinfo + + + texinfo + application/x-texinfo + + + tif + image/tiff + + + tiff + image/tiff + + + tr + application/x-troff + + + tsv + text/tab-separated-values + + + txt + text/plain + + + ulw + audio/basic + + + ustar + application/x-ustar + + + vxml + application/voicexml+xml + + + xbm + image/x-xbitmap + + + xht + application/xhtml+xml + + + xhtml + application/xhtml+xml + + + xml + application/xml + + + xpm + image/x-xpixmap + + + xsl + application/xml + + + xslt + application/xslt+xml + + + xul + application/vnd.mozilla.xul+xml + + + xwd + image/x-xwindowdump + + + wav + audio/x-wav + + + svg + image/svg + + + svgz + image/svg + + + vsd + application/x-visio + + + + wbmp + image/vnd.wap.wbmp + + + + wml + text/vnd.wap.wml + + + + wmlc + application/vnd.wap.wmlc + + + + wmls + text/vnd.wap.wmlscript + + + + wmlscriptc + application/vnd.wap.wmlscriptc + + + wrl + x-world/x-vrml + + + Z + application/x-compress + + + z + application/x-compress + + + zip + application/zip + + + + + + + + + + + + + + + + + index.html + index.htm + index.jsp + + + + 404 + /404.html + + + + 500 + /500.html + + + diff --git a/base/tps/shared/conf/workers.properties b/base/tps/shared/conf/workers.properties new file mode 100644 index 000000000..ae26a983c --- /dev/null +++ b/base/tps/shared/conf/workers.properties @@ -0,0 +1,209 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2006 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# workers.properties - +# +# This file provides jk derived plugins with the needed information to +# connect to the different tomcat workers. Note that the distributed +# version of this file requires modification before it is usable by a +# plugin. +# +# As a general note, the characters $( and ) are used internally to define +# macros. Do not use them in your own configuration!!! +# +# Whenever you see a set of lines such as: +# x=value +# y=$(x)\something +# +# the final value for y will be value\something +# +# Normaly all you will need to do is un-comment and modify the first three +# properties, i.e. workers.tomcat_home, workers.java_home and ps. +# Most of the configuration is derived from these. +# +# When you are done updating workers.tomcat_home, workers.java_home and ps +# you should have 3 workers configured: +# +# - An ajp12 worker that connects to localhost:8007 +# - An ajp13 worker that connects to localhost:8009 +# - A jni inprocess worker. +# - A load balancer worker +# +# However by default the plugins will only use the ajp12 worker. To have +# the plugins use other workers you should modify the worker.list property. +# +# + +# OPTIONS ( very important for jni mode ) + +# +# workers.tomcat_home should point to the location where you +# installed tomcat. This is where you have your conf, webapps and lib +# directories. +# +workers.tomcat_home=/var/tomcat3 + +# +# workers.java_home should point to your Java installation. Normally +# you should have a bin and lib directories beneath it. +# +workers.java_home=/opt/IBMJava2-13 + +# +# You should configure your environment slash... ps=\ on NT and / on UNIX +# and maybe something different elsewhere. +# +ps=/ + +# +#------ ADVANCED MODE ------------------------------------------------ +#--------------------------------------------------------------------- +# + +# +#------ DEFAULT worket list ------------------------------------------ +#--------------------------------------------------------------------- +# +# +# The workers that your plugins should create and work with +# +# Add 'inprocess' if you want JNI connector +worker.list=ajp12, ajp13 +# , inprocess + + +# +#------ DEFAULT ajp12 WORKER DEFINITION ------------------------------ +#--------------------------------------------------------------------- +# + +# +# Defining a worker named ajp12 and of type ajp12 +# Note that the name and the type do not have to match. +# +worker.ajp12.port=8007 +worker.ajp12.host=localhost +worker.ajp12.type=ajp12 +# +# Specifies the load balance factor when used with +# a load balancing worker. +# Note: +# ----> lbfactor must be > 0 +# ----> Low lbfactor means less work done by the worker. +worker.ajp12.lbfactor=1 + +# +#------ DEFAULT ajp13 WORKER DEFINITION ------------------------------ +#--------------------------------------------------------------------- +# + +# +# Defining a worker named ajp13 and of type ajp13 +# Note that the name and the type do not have to match. +# +worker.ajp13.port=8009 +worker.ajp13.host=localhost +worker.ajp13.type=ajp13 +# +# Specifies the load balance factor when used with +# a load balancing worker. +# Note: +# ----> lbfactor must be > 0 +# ----> Low lbfactor means less work done by the worker. +worker.ajp13.lbfactor=1 + +# +# Specify the size of the open connection cache. +#worker.ajp13.cachesize + +# +#------ DEFAULT LOAD BALANCER WORKER DEFINITION ---------------------- +#--------------------------------------------------------------------- +# + +# +# The loadbalancer (type lb) workers perform wighted round-robin +# load balancing with sticky sessions. +# Note: +# ----> If a worker dies, the load balancer will check its state +# once in a while. Until then all work is redirected to peer +# workers. +worker.loadbalancer.type=lb +worker.loadbalancer.balanced_workers=ajp12, ajp13 + + +# +#------ DEFAULT JNI WORKER DEFINITION--------------------------------- +#--------------------------------------------------------------------- +# + +# +# Defining a worker named inprocess and of type jni +# Note that the name and the type do not have to match. +# +worker.inprocess.type=jni + +# +#------ CLASSPATH DEFINITION ----------------------------------------- +#--------------------------------------------------------------------- +# + +# +# Additional class path components. +# +worker.inprocess.class_path=$(workers.tomcat_home)$(ps)lib$(ps)tomcat.jar + +# +# Setting the command line for tomcat. +# Note: The cmd_line string may not contain spaces. +# +worker.inprocess.cmd_line=start + +# Not needed, but can be customized. +#worker.inprocess.cmd_line=-config +#worker.inprocess.cmd_line=$(workers.tomcat_home)$(ps)conf$(ps)server.xml +#worker.inprocess.cmd_line=-home +#worker.inprocess.cmd_line=$(workers.tomcat_home) + +# +# The JVM that we are about to use +# +# This is for Java2 +# +# Windows +worker.inprocess.jvm_lib=$(workers.java_home)$(ps)jre$(ps)bin$(ps)classic$(ps)jvm.dll +# IBM JDK1.3 +#worker.inprocess.jvm_lib=$(workers.java_home)$(ps)jre$(ps)bin$(ps)classic$(ps)libjvm.so +# Unix - Sun VM or blackdown +#worker.inprocess.jvm_lib=$(workers.java_home)$(ps)jre$(ps)lib$(ps)i386$(ps)classic$(ps)libjvm.so + +# +# And this is for jdk1.1.X +# +#worker.inprocess.jvm_lib=$(workers.java_home)$(ps)bin$(ps)javai.dll + + +# +# Setting the place for the stdout and stderr of tomcat +# +worker.inprocess.stdout=$(workers.tomcat_home)$(ps)logs$(ps)inprocess.stdout +worker.inprocess.stderr=$(workers.tomcat_home)$(ps)logs$(ps)inprocess.stderr + +# +# Setting the tomcat.home Java property +# +#worker.inprocess.sysprops=tomcat.home=$(workers.tomcat_home) + +# +# Java system properties +# +# worker.inprocess.sysprops=java.compiler=NONE +# worker.inprocess.sysprops=myprop=mypropvalue + +# +# Additional path components. +# +# worker.inprocess.ld_path=d:$(ps)SQLLIB$(ps)bin +# diff --git a/base/tps/shared/conf/workers.properties.minimal b/base/tps/shared/conf/workers.properties.minimal new file mode 100644 index 000000000..51980ac49 --- /dev/null +++ b/base/tps/shared/conf/workers.properties.minimal @@ -0,0 +1,22 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2006 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# workers.properties.minimal - +# +# This file provides minimal jk configuration properties needed to +# connect to Tomcat. +# +# The workers that jk should create and work with +# +worker.list=ajp13w + + +# +# Defining a worker named ajp13w and of type ajp13 +# Note that the name and the type do not have to match. +# +worker.ajp13w.type=ajp13 +worker.ajp13w.host=localhost +worker.ajp13w.port=8009 diff --git a/base/tps/shared/conf/workers2.properties b/base/tps/shared/conf/workers2.properties new file mode 100644 index 000000000..3c8e0f4a5 --- /dev/null +++ b/base/tps/shared/conf/workers2.properties @@ -0,0 +1,136 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2006 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +[logger] +level=DEBUG + +[config:] +file=${serverRoot}/conf/workers2.properties +debug=0 +debugEnv=0 + +[uriMap:] +info=Maps the requests. Options: debug +debug=0 + +# Alternate file logger +#[logger.file:0] +#level=DEBUG +#file=${serverRoot}/logs/jk2.log + +[shm:] +info=Scoreboard. Required for reconfiguration and status with multiprocess servers +file=${serverRoot}/logs/jk2.shm +size=1000000 +debug=0 +disabled=0 + +[workerEnv:] +info=Global server options +timing=1 +debug=0 +# Default Native Logger (apache2 or win32 ) +# can be overriden to a file logger, useful +# when tracing win32 related issues +#logger=logger.file:0 + +[lb:lb] +info=Default load balancer. +debug=0 + +[lb:lb_1] +info=A second load balancer. +debug=0 + +[channel.socket:localhost:8009] +info=Ajp13 forwarding over socket +debug=0 +tomcatId=localhost:8009 + +[channel.socket:localhost:8019] +info=A second tomcat instance. +debug=0 +tomcatId=localhost:8019 +lb_factor=1 +#group=lb +group:lb:lb +#group=lb_1 +group:lb:lb_1 +disabled=0 + +[channel.un:/opt/33/work/jk2.socket] +info=A second channel connecting to localhost:8019 via unix socket +tomcatId=localhost:8019 +lb_factor=1 +debug=0 + +[channel.jni:jni] +info=The jni channel, used if tomcat is started inprocess + +[status:] +info=Status worker, displays runtime informations + +[vm:] +info=Parameters used to load a JVM in the server process +#JVM=C:\jdk\jre\bin\hotspot\jvm.dll +classpath=${TOMCAT_HOME}/bin/tomcat-jni.jar +classpath=${TOMCAT_HOME}/server/lib/commons-logging.jar +OPT=-Dtomcat.home=${TOMCAT_HOME} +OPT=-Dcatalina.home=${TOMCAT_HOME} +OPT=-Xmx128M +#OPT=-Djava.compiler=NONE +disabled=1 + +[worker.jni:onStartup] +info=Command to be executed by the VM on startup. This one will start tomcat. +class=org/apache/jk/apr/TomcatStarter +ARG=start +# For Tomcat 5 use the 'stard' for startup argument +# ARG=stard +disabled=1 +stdout=${serverRoot}/logs/stdout.log +stderr=${serverRoot}/logs/stderr.log + +[worker.jni:onShutdown] +info=Command to be executed by the VM on shutdown. This one will stop tomcat. +class=org/apache/jk/apr/TomcatStarter +ARG=stop +disabled=1 + +[uri:/jkstatus/*] +info=Display status information and checks the config file for changes. +group=status: + +[uri:127.0.0.1:8003] +info=Example virtual host. Make sure myVirtualHost is in /etc/hosts to test it +alias=myVirtualHost:8003 + +[uri:127.0.0.1:8003/ex] +info=Example webapp in the virtual host. It'll go to lb_1 ( i.e. localhost:8019 ) +context=/ex +group=lb_1 + +[uri:/examples] +info=Example webapp in the default context. +context=/examples +debug=0 + +[uri:/examples1/*] +info=A second webapp, this time going to the second tomcat only. +group=lb_1 +debug=0 + +[uri:/examples/servlet/*] +info=Prefix mapping + +[uri:/examples/*.jsp] +info=Extension mapping + +[uri:/examples/*] +info=Map the whole webapp + +[uri:/examples/servlet/HelloW] +info=Example with debug enabled. +debug=10 diff --git a/base/tps/shared/conf/workers2.properties.minimal b/base/tps/shared/conf/workers2.properties.minimal new file mode 100644 index 000000000..0e88d14c7 --- /dev/null +++ b/base/tps/shared/conf/workers2.properties.minimal @@ -0,0 +1,60 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2006 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# This is the minimal JK2 connector configuration file. +# + +[logger] +info=Native logger +level=ERROR + +[config:] +file=${serverRoot}/conf/workers2.properties +debug=0 +debugEnv=0 + +[uriMap:] +info=Maps the requests. +debug=0 + +[shm:] +info=Scoreboard. Required for reconfiguration and status with multiprocess servers +file=anonymous +debug=0 + +[workerEnv:] +info=Global server options +timing=0 +debug=0 + +[lb:lb] +info=Default load balancer. +debug=0 + +[channel.socket:localhost:8009] +info=Ajp13 forwarding over socket +debug=0 +tomcatId=localhost:8009 + +[uri:/admin] +info=Tomcat HTML based administration web application. +debug=0 + +[uri:/manager] +info=A scriptable management web application for the Tomcat Web Server. +debug=0 + +[uri:/jsp-examples] +info=JSP 2.0 Examples. +debug=0 + +[uri:/servlets-examples] +info=Servlet 2.4 Examples. +debug=0 + +[uri:/*.jsp] +info=JSP Extension mapping. +debug=0 diff --git a/base/tps/shared/webapps/tps/404.html b/base/tps/shared/webapps/tps/404.html new file mode 100755 index 000000000..0bf93578c --- /dev/null +++ b/base/tps/shared/webapps/tps/404.html @@ -0,0 +1,145 @@ + + + + + + +TPS 404 Error! + + + + + + + + + +
+ +
+
+ +
+ - +
+ + +
+
+ +
+ +Certificate System TPS Error Page +
+

+ +

+ +

+ + + diff --git a/base/tps/shared/webapps/tps/500.html b/base/tps/shared/webapps/tps/500.html new file mode 100755 index 000000000..3e1e8bb66 --- /dev/null +++ b/base/tps/shared/webapps/tps/500.html @@ -0,0 +1,138 @@ + + + + + + +TPS 500 Error! + + + + + + + + + +
+ +
+
+ +
+ - +
+ + +
+
+ +
+ +Certificate System TPS Error Page +
+

+ +

+ +

+ + + diff --git a/base/tps/shared/webapps/tps/GenUnexpectedError.template b/base/tps/shared/webapps/tps/GenUnexpectedError.template new file mode 100644 index 000000000..ea545c145 --- /dev/null +++ b/base/tps/shared/webapps/tps/GenUnexpectedError.template @@ -0,0 +1,67 @@ + + + + + +TPS Processing Error! + + + + +Problem Processing Your Request + + + + + + +
 
+ + + + + + + + diff --git a/base/tps/shared/webapps/tps/WEB-INF/velocity.properties b/base/tps/shared/webapps/tps/WEB-INF/velocity.properties new file mode 100644 index 000000000..c1c6e4ea9 --- /dev/null +++ b/base/tps/shared/webapps/tps/WEB-INF/velocity.properties @@ -0,0 +1,13 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2006 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +resource.loader = file +file.resource.loader.class = org.apache.velocity.runtime.resource.loader.FileResourceLoader +file.resource.loader.path = /usr/share/pki/server/webapps/pki +file.resource.loader.cache = true +file.resource.loader.modificationCheckInterval = 2 +input.encoding=UTF-8 +output.encoding=UTF-8 +runtime.log.logsystem.class=org.apache.velocity.runtime.log.NullLogSystem diff --git a/base/tps/shared/webapps/tps/WEB-INF/web.xml b/base/tps/shared/webapps/tps/WEB-INF/web.xml new file mode 100644 index 000000000..8506b2725 --- /dev/null +++ b/base/tps/shared/webapps/tps/WEB-INF/web.xml @@ -0,0 +1,297 @@ + + + + + + Token Processing Service + + + tpsstart + com.netscape.cms.servlet.base.CMSStartServlet + + AuthzMgr + BasicAclAuthz + + + ID + tpsstart + + 1 + + + + tpsug + com.netscape.cms.servlet.admin.UsrGrpAdminServlet + + ID + tpsug + + + AuthzMgr + BasicAclAuthz + + + + + tpslog + com.netscape.cms.servlet.admin.LogAdminServlet + + ID + tpslog + + AuthzMgr + BasicAclAuthz + + + + + tpsGetStatus + com.netscape.cms.servlet.csadmin.GetStatus + + GetClientCert + false + + + authority + tps + + + ID + tpsGetStatus + + + + + phoneHome + org.dogtagpki.server.tps.TPSPhoneHome + + + + tps + org.dogtagpki.server.tps.TPSServlet + + + + org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap + + + + resteasy.servlet.mapping.prefix + /rest + + + + resteasy.resource.method-interceptors + org.jboss.resteasy.core.ResourceMethodSecurityInterceptor + + + + Resteasy + org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher + + javax.ws.rs.Application + org.dogtagpki.server.tps.rest.TPSApplication + + + + + Resteasy + /rest/* + + + + tpsstart + /start + + + + tpsug + /ug + + + + tpslog + /log + + + + tpsGetStatus + /admin/tps/getStatus + + + + phoneHome + /phoneHome + + + + tps + /tps + + + + + + + + + + 30 + + + + + Account Services + /rest/account/* + + + * + + + CONFIDENTIAL + + + + + + Admin Services + /rest/admin/* + + + * + + + CONFIDENTIAL + + + + + + Audit + /rest/audit/* + + + * + + + CONFIDENTIAL + + + + + + Authenticators + /rest/authenticators/* + + + * + + + CONFIDENTIAL + + + + + + Configuration + /rest/config/* + + + * + + + CONFIDENTIAL + + + + + + Connectors + /rest/connectors/* + + + * + + + CONFIDENTIAL + + + + + + Profiles + /rest/profiles/* + + + * + + + CONFIDENTIAL + + + + + + Profile Mappings + /rest/profile-mappings/* + + + * + + + CONFIDENTIAL + + + + + + Self Tests + /rest/selftests/* + + + * + + + CONFIDENTIAL + + + + + + Token Services + /rest/tokens/* + + + * + + + CONFIDENTIAL + + + + + + UI + /ui/* + + + * + + + CONFIDENTIAL + + + + + Token Processing Service + + + + * + + + diff --git a/base/tps/shared/webapps/tps/index.html b/base/tps/shared/webapps/tps/index.html new file mode 100644 index 000000000..c48da3307 --- /dev/null +++ b/base/tps/shared/webapps/tps/index.html @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + +
+ +
+
+

Welcome to the Dogtag Token Processing System 10.2 +

The Token Processing System (TPS) is the conduit between the user-centered Enterprise Security Client, +which interacts with the tokens, and the Certificate System backend subsystems, such as the Certificate Manager. +

+ +
+
+ +
+ + + diff --git a/base/tps/shared/webapps/tps/js/account.js b/base/tps/shared/webapps/tps/js/account.js new file mode 100644 index 000000000..97b222aaa --- /dev/null +++ b/base/tps/shared/webapps/tps/js/account.js @@ -0,0 +1,37 @@ +/* --- BEGIN COPYRIGHT BLOCK --- + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Copyright (C) 2013 Red Hat, Inc. + * All rights reserved. + * --- END COPYRIGHT BLOCK --- + * + * @author Endi S. Dewata + */ + +function Account() { + + this.url = "/tps/rest/account"; + + this.login = function(options) { + var jqxhr = $.get(this.url + "/login", null, null, "json"); + jqxhr.done(options.success); + jqxhr.fail(options.error); + }; + + this.logout = function(options) { + var jqxhr = $.get(this.url + "/logout"); + jqxhr.done(options.success); + jqxhr.fail(options.error); + }; +}; \ No newline at end of file diff --git a/base/tps/shared/webapps/tps/js/activity.js b/base/tps/shared/webapps/tps/js/activity.js new file mode 100644 index 000000000..cbc724e23 --- /dev/null +++ b/base/tps/shared/webapps/tps/js/activity.js @@ -0,0 +1,97 @@ +/* --- BEGIN COPYRIGHT BLOCK --- + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Copyright (C) 2013 Red Hat, Inc. + * All rights reserved. + * --- END COPYRIGHT BLOCK --- + * + * @author Endi S. Dewata + */ + +var ActivityModel = Model.extend({ + urlRoot: "/tps/rest/activities", + parseResponse: function(response) { + return { + id: response.id, + tokenID: response.TokenID, + userID: response.UserID, + ip: response.IP, + operation: response.Operation, + result: response.Result, + message: response.Message, + date: new Date(response.Date) + }; + }, + createRequest: function(attributes) { + return { + id: attributes.id, + TokenID: attributes.tokenID, + UserID: attributes.userID, + IP: attributes.ip, + Operation: attributes.operation, + Result: attributes.result, + Message: attributes.message, + Date: attributes.date.getTime()/1000 + 'Z' + }; + } +}); + +var ActivityCollection = Collection.extend({ + urlRoot: "/tps/rest/activities", + getEntries: function(response) { + return response.entries; + }, + getLinks: function(response) { + return response.Link; + }, + parseEntry: function(entry) { + return new ActivityModel({ + id: entry.id, + tokenID: entry.TokenID, + userID: entry.UserID, + ip: entry.IP, + operation: entry.Operation, + result: entry.Result, + message: entry.Message, + date: new Date(entry.Date) + }); + } +}); + +var ActivityPage = EntryPage.extend({ + initialize: function(options) { + var self = this; + ActivityPage.__super__.initialize.call(self, options); + } +}); + +var ActivitiesTable = ModelTable.extend({ + initialize: function(options) { + var self = this; + ActivitiesTable.__super__.initialize.call(self, options); + } +}); + +var ActivitiesPage = Page.extend({ + load: function() { + var self = this; + + var table = new ActivitiesTable({ + el: $("table[name='activities']"), + collection: new ActivityCollection() + }); + + table.render(); + } +}); diff --git a/base/tps/shared/webapps/tps/js/audit.js b/base/tps/shared/webapps/tps/js/audit.js new file mode 100644 index 000000000..986596e1d --- /dev/null +++ b/base/tps/shared/webapps/tps/js/audit.js @@ -0,0 +1,232 @@ +/* --- BEGIN COPYRIGHT BLOCK --- + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Copyright (C) 2013 Red Hat, Inc. + * All rights reserved. + * --- END COPYRIGHT BLOCK --- + * + * @author Endi S. Dewata + */ + +var AuditModel = Model.extend({ + url: function() { + return "/tps/rest/audit"; + }, + parseResponse: function(response) { + return { + id: "audit", + status: response.Status, + signed: response.Signed, + interval: response.Interval, + bufferSize: response.BufferSize, + events: response.Events.Event + }; + }, + createRequest: function(entry) { + return { + Status: entry.status, + Signed: entry.signed, + Interval: entry.interval, + BufferSize: entry.bufferSize, + Events: { + Event: entry.events + } + }; + }, + enable: function(options) { + var self = this; + $.ajax({ + type: "POST", + url: self.url() + "?action=enable", + dataType: "json" + }).done(function(data, textStatus, jqXHR) { + self.set(self.parseResponse(data)); + if (options.success) options.success.call(self, data, textStatus, jqXHR); + }).fail(function(jqXHR, textStatus, errorThrown) { + if (options.error) options.error.call(self, jqXHR, textStatus, errorThrown); + }); + }, + disable: function(options) { + var self = this; + $.ajax({ + type: "POST", + url: self.url() + "?action=disable", + dataType: "json" + }).done(function(data, textStatus, jqXHR) { + self.set(self.parseResponse(data)); + if (options.success) options.success.call(self, data, textStatus, jqXHR); + }).fail(function(jqXHR, textStatus, errorThrown) { + if (options.error) options.error.call(self, jqXHR, textStatus, errorThrown); + }); + } +}); + +var AuditTableItem = TableItem.extend({ + initialize: function(options) { + var self = this; + AuditTableItem.__super__.initialize.call(self, options); + }, + renderColumn: function(td, templateTD) { + var self = this; + + AuditTableItem.__super__.renderColumn.call(self, td, templateTD); + + $("a", td).click(function(e) { + e.preventDefault(); + self.open(); + }); + }, + open: function() { + var self = this; + + var value = self.get("value"); + var dialog; + + if (self.table.mode == "view" || value == "mandatory") { + // In view mode all events are read-only. + // Mandatory events are always read-only. + dialog = new Dialog({ + el: self.table.parent.$("#event-dialog"), + title: "Event", + readonly: ["name", "value"], + actions: ["close"] + }); + + } else if (self.table.mode == "edit" && value != "mandatory") { + // Optional events are editable in edit mode. + dialog = new Dialog({ + el: self.table.parent.$("#event-dialog"), + title: "Edit Event", + readonly: ["name"], + actions: ["cancel", "save"] + }); + + dialog.handler("save", function() { + + // save changes + dialog.save(); + _.extend(self.entry, dialog.entry); + + // redraw table + self.table.render(); + dialog.close(); + }); + } + + dialog.entry = _.clone(self.entry); + + dialog.open(); + } +}); + +var AuditPage = EntryPage.extend({ + initialize: function(options) { + var self = this; + options.model = new AuditModel(); + options.editable = ["signed", "interval", "bufferSize"]; + AuditPage.__super__.initialize.call(self, options); + }, + setup: function() { + var self = this; + + AuditPage.__super__.setup.call(self); + + self.enableLink = $("a[name='enable']", self.menu); + self.disableLink = $("a[name='disable']", self.menu); + + self.enableLink.click(function(e) { + + e.preventDefault(); + + var message = "Are you sure you want to enable this entry?"; + if (!confirm(message)) return; + self.model.enable({ + success: function(data, textStatus, jqXHR) { + self.entry = _.clone(self.model.attributes); + self.render(); + }, + error: function(jqXHR, textStatus, errorThrown) { + new ErrorDialog({ + el: $("#error-dialog"), + title: "HTTP Error " + jqXHR.responseJSON.Code, + content: jqXHR.responseJSON.Message + }).open(); + } + }); + }); + + self.disableLink.click(function(e) { + + e.preventDefault(); + + var message = "Are you sure you want to disable this entry?"; + if (!confirm(message)) return; + self.model.disable({ + success: function(data, textStatus, jqXHR) { + self.entry = _.clone(self.model.attributes); + self.render(); + }, + error: function(jqXHR, textStatus, errorThrown) { + new ErrorDialog({ + el: $("#error-dialog"), + title: "HTTP Error " + jqXHR.responseJSON.Code, + content: jqXHR.responseJSON.Message + }).open(); + } + }); + }); + + self.eventsTable = new Table({ + el: self.$("table[name='events']"), + columnMappings: { + id: "name" + }, + pageSize: 10, + tableItem: AuditTableItem, + parent: self + }); + }, + renderContent: function() { + var self = this; + + AuditPage.__super__.renderContent.call(self); + + var status = self.entry.status; + if (status == "Disabled") { + self.enableLink.show(); + self.disableLink.hide(); + + } else if (status == "Enabled") { + self.enableLink.hide(); + self.disableLink.show(); + } + + if (self.mode == "edit") { + self.eventsTable.mode = "edit"; + + } else { // self.mode == "view" + self.eventsTable.mode = "view"; + } + + self.eventsTable.entries = self.entry.events; + self.eventsTable.render(); + }, + saveFields: function() { + var self = this; + + AuditPage.__super__.saveFields.call(self); + + self.entry.events = self.eventsTable.entries; + } +}); diff --git a/base/tps/shared/webapps/tps/js/authenticator.js b/base/tps/shared/webapps/tps/js/authenticator.js new file mode 100644 index 000000000..f91cf6bfe --- /dev/null +++ b/base/tps/shared/webapps/tps/js/authenticator.js @@ -0,0 +1,109 @@ +/* --- BEGIN COPYRIGHT BLOCK --- + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Copyright (C) 2013 Red Hat, Inc. + * All rights reserved. + * --- END COPYRIGHT BLOCK --- + * + * @author Endi S. Dewata + */ + +var AuthenticatorModel = Model.extend({ + urlRoot: "/tps/rest/authenticators", + parseResponse: function(response) { + return { + id: response.id, + authenticatorID: response.id, + status: response.Status, + properties: response.Properties.Property + }; + }, + createRequest: function(attributes) { + return { + id: attributes.authenticatorID, + Status: attributes.status, + Properties: { + Property: attributes.properties + } + }; + }, + enable: function(options) { + var self = this; + $.ajax({ + type: "POST", + url: self.url() + "?action=enable", + dataType: "json" + }).done(function(data, textStatus, jqXHR) { + self.set(self.parseResponse(data)); + if (options.success) options.success.call(self, data, textStatus, jqXHR); + }).fail(function(jqXHR, textStatus, errorThrown) { + if (options.error) options.error.call(self, jqXHR, textStatus, errorThrown); + }); + }, + disable: function(options) { + var self = this; + $.ajax({ + type: "POST", + url: self.url() + "?action=disable", + dataType: "json" + }).done(function(data, textStatus, jqXHR) { + self.set(self.parseResponse(data)); + if (options.success) options.success.call(self, data, textStatus, jqXHR); + }).fail(function(jqXHR, textStatus, errorThrown) { + if (options.error) options.error.call(self, jqXHR, textStatus, errorThrown); + }); + } +}); + +var AuthenticatorCollection = Collection.extend({ + urlRoot: "/tps/rest/authenticators", + getEntries: function(response) { + return response.entries; + }, + getLinks: function(response) { + return response.Link; + }, + parseEntry: function(entry) { + return new AuthenticatorModel({ + id: entry.id, + status: entry.Status + }); + } +}); + +var AuthenticatorsTable = ModelTable.extend({ + initialize: function(options) { + var self = this; + AuthenticatorsTable.__super__.initialize.call(self, options); + }, + add: function() { + var self = this; + + window.location.hash = "#new-authenticator"; + } +}); + +var AuthenticatorsPage = Page.extend({ + load: function() { + var self = this; + + var table = new AuthenticatorsTable({ + el: $("table[name='authenticators']"), + collection: new AuthenticatorCollection(), + parent: self + }); + + table.render(); + } +}); diff --git a/base/tps/shared/webapps/tps/js/cert.js b/base/tps/shared/webapps/tps/js/cert.js new file mode 100644 index 000000000..016b56ee0 --- /dev/null +++ b/base/tps/shared/webapps/tps/js/cert.js @@ -0,0 +1,100 @@ +/* --- BEGIN COPYRIGHT BLOCK --- + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Copyright (C) 2013 Red Hat, Inc. + * All rights reserved. + * --- END COPYRIGHT BLOCK --- + * + * @author Endi S. Dewata + */ + +var CertificateModel = Model.extend({ + urlRoot: "/tps/rest/certs", + parseResponse: function(response) { + return { + id: response.id, + serialNumber: response.SerialNumber, + subject: response.Subject, + tokenID: response.TokenID, + userID: response.UserID, + keyType: response.KeyType, + status: response.Status, + createTime: response.CreateTime, + modifyTime: response.ModifyTime + }; + }, + createRequest: function(attributes) { + return { + id: attributes.id, + SerialNumber: attributes.serialNumber, + Subject: attributes.subject, + TokenID: attributes.tokenID, + UserID: attributes.userID, + KeyType: attributes.keyType, + Status: attributes.status, + CreateTime: attributes.createTime, + ModifyTime: attributes.modifyTime + }; + } +}); + +var CertificateCollection = Collection.extend({ + urlRoot: "/tps/rest/certs", + getEntries: function(response) { + return response.entries; + }, + getLinks: function(response) { + return response.Link; + }, + parseEntry: function(entry) { + return new CertificateModel({ + id: entry.id, + serialNumber: entry.SerialNumber, + subject: entry.Subject, + tokenID: entry.TokenID, + userID: entry.UserID, + keyType: entry.KeyType, + status: entry.Status, + createTime: entry.CreateTime, + modifyTime: entry.ModifyTime + }); + } +}); + +var CertificatePage = EntryPage.extend({ + initialize: function(options) { + var self = this; + CertificatePage.__super__.initialize.call(self, options); + } +}); + +var CertificatesTable = ModelTable.extend({ + initialize: function(options) { + var self = this; + CertificatesTable.__super__.initialize.call(self, options); + } +}); + +var CertificatesPage = Page.extend({ + load: function() { + var self = this; + + var table = new CertificatesTable({ + el: $("table[name='certificates']"), + collection: new CertificateCollection() + }); + + table.render(); + } +}); diff --git a/base/tps/shared/webapps/tps/js/config.js b/base/tps/shared/webapps/tps/js/config.js new file mode 100644 index 000000000..5b651a09d --- /dev/null +++ b/base/tps/shared/webapps/tps/js/config.js @@ -0,0 +1,51 @@ +/* --- BEGIN COPYRIGHT BLOCK --- + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Copyright (C) 2013 Red Hat, Inc. + * All rights reserved. + * --- END COPYRIGHT BLOCK --- + * + * @author Endi S. Dewata + */ + +var ConfigModel = Model.extend({ + url: function() { + return "/tps/rest/config"; + }, + parseResponse: function(response) { + return { + id: "config", + status: response.Status, + properties: response.Properties.Property + }; + }, + createRequest: function(entry) { + return { + Status: entry.status, + Properties: { + Property: entry.properties + } + }; + } +}); + +var ConfigPage = ConfigEntryPage.extend({ + initialize: function(options) { + var self = this; + options.model = new ConfigModel(); + options.tableItem = PropertiesTableItem; + options.tableSize = 15; + ConfigPage.__super__.initialize.call(self, options); + } +}); diff --git a/base/tps/shared/webapps/tps/js/connector.js b/base/tps/shared/webapps/tps/js/connector.js new file mode 100644 index 000000000..bc7e4c2bd --- /dev/null +++ b/base/tps/shared/webapps/tps/js/connector.js @@ -0,0 +1,109 @@ +/* --- BEGIN COPYRIGHT BLOCK --- + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Copyright (C) 2013 Red Hat, Inc. + * All rights reserved. + * --- END COPYRIGHT BLOCK --- + * + * @author Endi S. Dewata + */ + +var ConnectorModel = Model.extend({ + urlRoot: "/tps/rest/connectors", + parseResponse: function(response) { + return { + id: response.id, + connectorID: response.id, + status: response.Status, + properties: response.Properties.Property + }; + }, + createRequest: function(attributes) { + return { + id: attributes.connectorID, + Status: attributes.status, + Properties: { + Property: attributes.properties + } + }; + }, + enable: function(options) { + var self = this; + $.ajax({ + type: "POST", + url: self.url() + "?action=enable", + dataType: "json" + }).done(function(data, textStatus, jqXHR) { + self.set(self.parseResponse(data)); + if (options.success) options.success.call(self, data, textStatus, jqXHR); + }).fail(function(jqXHR, textStatus, errorThrown) { + if (options.error) options.error.call(self, jqXHR, textStatus, errorThrown); + }); + }, + disable: function(options) { + var self = this; + $.ajax({ + type: "POST", + url: self.url() + "?action=disable", + dataType: "json" + }).done(function(data, textStatus, jqXHR) { + self.set(self.parseResponse(data)); + if (options.success) options.success.call(self, data, textStatus, jqXHR); + }).fail(function(jqXHR, textStatus, errorThrown) { + if (options.error) options.error.call(self, jqXHR, textStatus, errorThrown); + }); + } +}); + +var ConnectorCollection = Collection.extend({ + urlRoot: "/tps/rest/connectors", + getEntries: function(response) { + return response.entries; + }, + getLinks: function(response) { + return response.Link; + }, + parseEntry: function(entry) { + return new ConnectorModel({ + id: entry.id, + status: entry.Status + }); + } +}); + +var ConnectorsTable = ModelTable.extend({ + initialize: function(options) { + var self = this; + ConnectorsTable.__super__.initialize.call(self, options); + }, + add: function() { + var self = this; + + window.location.hash = "#new-connector"; + } +}); + +var ConnectorsPage = Page.extend({ + load: function() { + var self = this; + + var table = new ConnectorsTable({ + el: $("table[name='connectors']"), + collection: new ConnectorCollection(), + parent: self + }); + + table.render(); + } +}); diff --git a/base/tps/shared/webapps/tps/js/group.js b/base/tps/shared/webapps/tps/js/group.js new file mode 100644 index 000000000..50d7d6c67 --- /dev/null +++ b/base/tps/shared/webapps/tps/js/group.js @@ -0,0 +1,232 @@ +/* --- BEGIN COPYRIGHT BLOCK --- + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Copyright (C) 2013 Red Hat, Inc. + * All rights reserved. + * --- END COPYRIGHT BLOCK --- + * + * @author Endi S. Dewata + */ + +var GroupModel = Model.extend({ + urlRoot: "/tps/rest/admin/groups", + parseResponse: function(response) { + return { + id: response.id, + groupID: response.GroupID, + description: response.Description + }; + }, + createRequest: function(attributes) { + return { + id: this.id, + GroupID: attributes.groupID, + Description: attributes.description + }; + } +}); + +var GroupCollection = Collection.extend({ + model: GroupModel, + urlRoot: "/tps/rest/admin/groups", + getEntries: function(response) { + return response.entries; + }, + getLinks: function(response) { + return response.Link; + }, + parseEntry: function(entry) { + return new GroupModel({ + id: entry.id, + groupID: entry.GroupID, + description: entry.Description + }); + } +}); + +var GroupMemberModel = Model.extend({ + url: function() { + var self = this; + + // There's an attribute name mismatch for group ID: the + // server uses GroupID and the client uses groupID. In other + // models the mismatch can be translated just fine, but in + // this model it becomes a problem because the model needs + // to construct the URL using the attribute. + // + // During read operation it needs to use the attribute that's + // already translated for client (i.e. groupID), but during + // add it needs to use the attribute meant for server (i.e. + // GroupID). So the workaround is to read whichever available. + var groupID = self.get("groupID"); // for read + groupID = groupID || self.get("GroupID"); // for add + + var url = "/tps/rest/admin/groups/" + groupID + "/members"; + + // append member ID for read + if (self.id) url = url + "/" + self.id; + + return url; + }, + parseResponse: function(response) { + return { + id: response.id, + memberID: response.id, + groupID: response.GroupID + }; + }, + createRequest: function(entry) { + return { + id: entry.memberID, + GroupID: entry.groupID + }; + } +}); + +var GroupMemberCollection = Collection.extend({ + initialize: function(models, options) { + var self = this; + GroupMemberCollection.__super__.initialize.call(self, models, options); + options = options || {}; + self.groupID = options.groupID; + self.urlRoot = "/tps/rest/admin/groups/" + self.groupID + "/members"; + }, + getEntries: function(response) { + return response.Member; + }, + getLinks: function(response) { + return response.Link; + }, + model: function(attrs, options) { + return new GroupMemberModel({ + groupID: this.groupID + }); + }, + parseEntry: function(entry) { + return new GroupMemberModel({ + id: entry.id, + memberID: entry.id, + groupID: entry.GroupID + }); + } +}); + +var GroupMembersTableItem = TableItem.extend({ + initialize: function(options) { + var self = this; + GroupMembersTableItem.__super__.initialize.call(self, options); + }, + renderColumn: function(td, templateTD) { + var self = this; + + GroupMembersTableItem.__super__.renderColumn.call(self, td, templateTD); + + $("a", td).click(function(e) { + e.preventDefault(); + self.table.open(self); + }); + } +}); + +var GroupPage = EntryPage.extend({ + initialize: function(options) { + var self = this; + GroupPage.__super__.initialize.call(self, options); + }, + setup: function() { + var self = this; + + GroupPage.__super__.setup.call(self); + + var dialog = self.$("#member-dialog"); + + var addDialog = new Dialog({ + el: dialog, + title: "Add Member", + readonly: ["groupID"], + actions: ["cancel", "add"] + }); + + var editDialog = new Dialog({ + el: dialog, + title: "Member", + readonly: ["groupID", "memberID"], + actions: ["close"] + }); + + self.membersTable = new ModelTable({ + el: self.$("table[name='members']"), + pageSize: 10, + addDialog: addDialog, + editDialog: editDialog, + tableItem: GroupMembersTableItem, + parent: self + }); + }, + renderContent: function() { + var self = this; + + GroupPage.__super__.renderContent.call(self); + + // Since the members table is backed by a REST resource any + // changes will be executed immediately even if the page is + // in view mode. To avoid confusion, the members table will + // be disabled in page edit mode. + if (self.mode == "edit") { + // In page edit mode, the members tables is read-only. + self.membersTable.mode = "view"; + + self.membersTable.collection = new GroupMemberCollection(null, { groupID: self.entry.id }); + + } else if (self.mode == "add") { + // In page add mode, the members table is read-only. + self.membersTable.mode = "view"; + + // self.membersTable.collection is undefined for new group + + } else { // self.mode == "view" + // In page view mode, the members table is editable. + self.membersTable.mode = "edit"; + + self.membersTable.collection = new GroupMemberCollection(null, { groupID: self.entry.id }); + } + + self.membersTable.render(); + } +}); + +var GroupsTable = ModelTable.extend({ + initialize: function(options) { + var self = this; + GroupsTable.__super__.initialize.call(self, options); + }, + add: function() { + var self = this; + + window.location.hash = "#new-group"; + } +}); + +var GroupsPage = Page.extend({ + load: function() { + var self = this; + + var table = new GroupsTable({ + el: $("table[name='groups']"), + collection: new GroupCollection() + }); + + table.render(); + } +}); diff --git a/base/tps/shared/webapps/tps/js/profile-mapping.js b/base/tps/shared/webapps/tps/js/profile-mapping.js new file mode 100644 index 000000000..54c042562 --- /dev/null +++ b/base/tps/shared/webapps/tps/js/profile-mapping.js @@ -0,0 +1,109 @@ +/* --- BEGIN COPYRIGHT BLOCK --- + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Copyright (C) 2014 Red Hat, Inc. + * All rights reserved. + * --- END COPYRIGHT BLOCK --- + * + * @author Endi S. Dewata + */ + +var ProfileMappingModel = Model.extend({ + urlRoot: "/tps/rest/profile-mappings", + parseResponse: function(response) { + return { + id: response.id, + profileMappingID: response.id, + status: response.Status, + properties: response.Properties.Property + }; + }, + createRequest: function(attributes) { + return { + id: attributes.profileMappingID, + Status: attributes.status, + Properties: { + Property: attributes.properties + } + }; + }, + enable: function(options) { + var self = this; + $.ajax({ + type: "POST", + url: self.url() + "?action=enable", + dataType: "json" + }).done(function(data, textStatus, jqXHR) { + self.set(self.parseResponse(data)); + if (options.success) options.success.call(self, data, textStatus, jqXHR); + }).fail(function(jqXHR, textStatus, errorThrown) { + if (options.error) options.error.call(self, jqXHR, textStatus, errorThrown); + }); + }, + disable: function(options) { + var self = this; + $.ajax({ + type: "POST", + url: self.url() + "?action=disable", + dataType: "json" + }).done(function(data, textStatus, jqXHR) { + self.set(self.parseResponse(data)); + if (options.success) options.success.call(self, data, textStatus, jqXHR); + }).fail(function(jqXHR, textStatus, errorThrown) { + if (options.error) options.error.call(self, jqXHR, textStatus, errorThrown); + }); + } +}); + +var ProfileMappingCollection = Collection.extend({ + urlRoot: "/tps/rest/profile-mappings", + getEntries: function(response) { + return response.entries; + }, + getLinks: function(response) { + return response.Link; + }, + parseEntry: function(entry) { + return new ProfileMappingModel({ + id: entry.id, + status: entry.Status + }); + } +}); + +var ProfileMappingsTable = ModelTable.extend({ + initialize: function(options) { + var self = this; + ProfileMappingsTable.__super__.initialize.call(self, options); + }, + add: function() { + var self = this; + + window.location.hash = "#new-profile-mapping"; + } +}); + +var ProfileMappingsPage = Page.extend({ + load: function() { + var self = this; + + var table = new ProfileMappingsTable({ + el: $("table[name='profile-mappings']"), + collection: new ProfileMappingCollection(), + parent: self + }); + + table.render(); + } +}); diff --git a/base/tps/shared/webapps/tps/js/profile.js b/base/tps/shared/webapps/tps/js/profile.js new file mode 100644 index 000000000..0454686a9 --- /dev/null +++ b/base/tps/shared/webapps/tps/js/profile.js @@ -0,0 +1,109 @@ +/* --- BEGIN COPYRIGHT BLOCK --- + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Copyright (C) 2013 Red Hat, Inc. + * All rights reserved. + * --- END COPYRIGHT BLOCK --- + * + * @author Endi S. Dewata + */ + +var ProfileModel = Model.extend({ + urlRoot: "/tps/rest/profiles", + parseResponse: function(response) { + return { + id: response.id, + profileID: response.id, + status: response.Status, + properties: response.Properties.Property + }; + }, + createRequest: function(attributes) { + return { + id: attributes.profileID, + Status: attributes.status, + Properties: { + Property: attributes.properties + } + }; + }, + enable: function(options) { + var self = this; + $.ajax({ + type: "POST", + url: self.url() + "?action=enable", + dataType: "json" + }).done(function(data, textStatus, jqXHR) { + self.set(self.parseResponse(data)); + if (options.success) options.success.call(self, data, textStatus, jqXHR); + }).fail(function(jqXHR, textStatus, errorThrown) { + if (options.error) options.error.call(self, jqXHR, textStatus, errorThrown); + }); + }, + disable: function(options) { + var self = this; + $.ajax({ + type: "POST", + url: self.url() + "?action=disable", + dataType: "json" + }).done(function(data, textStatus, jqXHR) { + self.set(self.parseResponse(data)); + if (options.success) options.success.call(self, data, textStatus, jqXHR); + }).fail(function(jqXHR, textStatus, errorThrown) { + if (options.error) options.error.call(self, jqXHR, textStatus, errorThrown); + }); + } +}); + +var ProfileCollection = Collection.extend({ + urlRoot: "/tps/rest/profiles", + getEntries: function(response) { + return response.entries; + }, + getLinks: function(response) { + return response.Link; + }, + parseEntry: function(entry) { + return new ProfileModel({ + id: entry.id, + status: entry.Status + }); + } +}); + +var ProfilesTable = ModelTable.extend({ + initialize: function(options) { + var self = this; + ProfilesTable.__super__.initialize.call(self, options); + }, + add: function() { + var self = this; + + window.location.hash = "#new-profile"; + } +}); + +var ProfilesPage = Page.extend({ + load: function() { + var self = this; + + var table = new ProfilesTable({ + el: $("table[name='profiles']"), + collection: new ProfileCollection(), + parent: self + }); + + table.render(); + } +}); diff --git a/base/tps/shared/webapps/tps/js/selftest.js b/base/tps/shared/webapps/tps/js/selftest.js new file mode 100644 index 000000000..d28907817 --- /dev/null +++ b/base/tps/shared/webapps/tps/js/selftest.js @@ -0,0 +1,88 @@ +/* --- BEGIN COPYRIGHT BLOCK --- + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Copyright (C) 2013 Red Hat, Inc. + * All rights reserved. + * --- END COPYRIGHT BLOCK --- + * + * @author Endi S. Dewata + */ + +var SelfTestModel = Model.extend({ + urlRoot: "/tps/rest/selftests", + parseResponse: function(response) { + return { + id: response.id, + enabledAtStartup: response.EnabledAtStartup, + criticalAtStartup: response.CriticalAtStartup, + enabledOnDemand: response.EnabledOnDemand, + criticalOnDemand: response.CriticalOnDemand, + }; + }, + createRequest: function(attributes) { + return { + id: attributes.id, + EnabledAtStartup: attributes.enabledAtStartup, + CriticalAtStartup: attributes.criticalAtStartup, + EnabledOnDemand: attributes.enabledOnDemand, + CriticalOnDemand: attributes.criticalOnDemand + }; + } +}); + +var SelfTestCollection = Collection.extend({ + urlRoot: "/tps/rest/selftests", + getEntries: function(response) { + return response.entries; + }, + getLinks: function(response) { + return response.Link; + }, + parseEntry: function(entry) { + return new SelfTestModel({ + id: entry.id, + enabledAtStartup: entry.EnabledAtStartup, + criticalAtStartup: entry.CriticalAtStartup, + enabledOnDemand: entry.EnabledOnDemand, + criticalOnDemand: entry.CriticalOnDemand, + }); + } +}); + +var SelfTestPage = EntryPage.extend({ + initialize: function(options) { + var self = this; + SelfTestPage.__super__.initialize.call(self, options); + } +}); + +var SelfTestsTable = ModelTable.extend({ + initialize: function(options) { + var self = this; + SelfTestsTable.__super__.initialize.call(self, options); + } +}); + +var SelfTestsPage = Page.extend({ + load: function() { + var self = this; + + var table = new SelfTestsTable({ + el: $("table[name='selftests']"), + collection: new SelfTestCollection() + }); + + table.render(); + } +}); diff --git a/base/tps/shared/webapps/tps/js/token.js b/base/tps/shared/webapps/tps/js/token.js new file mode 100644 index 000000000..2ea17714e --- /dev/null +++ b/base/tps/shared/webapps/tps/js/token.js @@ -0,0 +1,258 @@ +/* --- BEGIN COPYRIGHT BLOCK --- + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Copyright (C) 2013 Red Hat, Inc. + * All rights reserved. + * --- END COPYRIGHT BLOCK --- + * + * @author Endi S. Dewata + */ + +var TokenStatus = { + UNINITIALIZED: "Uninitialized", + ACTIVE: "Active", + TEMP_LOST: "Temporarily lost", + PERM_LOST: "Permanently lost", + DAMAGED: "Physically damaged", + TERMINATED: "Terminated" +}; + +var TokenModel = Model.extend({ + urlRoot: "/tps/rest/tokens", + parseResponse: function(response) { + return { + id: response.id, + tokenID: response.TokenID, + userID: response.UserID, + type: response.Type, + status: response.Status, + statusLabel: TokenStatus[response.Status], + appletID: response.AppletID, + keyInfo: response.KeyInfo, + policy: response.Policy, + createTimestamp: response.CreateTimestamp, + modifyTimestamp: response.ModifyTimestamp + }; + }, + createRequest: function(attributes) { + return { + id: this.id, + TokenID: attributes.tokenID, + UserID: attributes.userID, + Type: attributes.type, + Status: attributes.status, + AppletID: attributes.appletID, + KeyInfo: attributes.keyInfo, + Policy: attributes.policy, + CreateTimestamp: attributes.createTimestamp, + ModifyTimestamp: attributes.modifyTimestamp + }; + }, + changeStatus: function(options) { + var self = this; + $.ajax({ + type: "POST", + url: self.url() + "?status=" + options.status, + dataType: "json" + }).done(function(data, textStatus, jqXHR) { + self.set(self.parseResponse(data)); + if (options.success) options.success.call(self, data, textStatus, jqXHR); + }).fail(function(jqXHR, textStatus, errorThrown) { + if (options.error) options.error.call(self, jqXHR, textStatus, errorThrown); + }); + } +}); + +var TokenCollection = Collection.extend({ + model: TokenModel, + urlRoot: "/tps/rest/tokens", + getEntries: function(response) { + return response.entries; + }, + getLinks: function(response) { + return response.Link; + }, + parseEntry: function(entry) { + return new TokenModel({ + id: entry.id, + tokenID: entry.TokenID, + userID: entry.UserID, + type: entry.Type, + status: entry.Status, + statusLabel: TokenStatus[entry.Status], + appletID: entry.AppletID, + keyInfo: entry.KeyInfo, + policy: entry.Policy, + createTimestamp: entry.CreateTimestamp, + modifyTimestamp: entry.ModifyTimestamp + }); + } +}); + +var TokenPage = EntryPage.extend({ + initialize: function(options) { + var self = this; + TokenPage.__super__.initialize.call(self, options); + }, + setup: function() { + var self = this; + + TokenPage.__super__.setup.call(self); + + self.changeStatusLink = $("a[name='changeStatus']", self.menu); + + self.changeStatusLink.click(function(e) { + + e.preventDefault(); + + var dialog = new Dialog({ + el: $("#token-status-dialog"), + title: "Change Token Status", + readonly: ["tokenID"], + actions: ["cancel", "save"] + }); + + dialog.entry = _.clone(self.model.attributes); + + dialog.handler("save", function() { + + // save changes + dialog.save(); + + // check if the status was changed + if (dialog.entry.status != self.model.attributes.status) { + + self.model.changeStatus({ + status: dialog.entry.status, + success: function(data, textStatus, jqXHR) { + self.render(); + }, + error: function(jqXHR, textStatus, errorThrow) { + new ErrorDialog({ + el: $("#error-dialog"), + title: "HTTP Error " + jqXHR.responseJSON.Code, + content: jqXHR.responseJSON.Message + }).open(); + } + }); + } + + dialog.close(); + }); + + dialog.open(); + }); + }, + renderContent: function() { + var self = this; + + TokenPage.__super__.renderContent.call(self); + + if (self.mode == "add") { + self.changeStatusLink.hide(); + } else { + self.changeStatusLink.show(); + } + } +}); + +var TokenTableItem = TableItem.extend({ + initialize: function(options) { + var self = this; + TokenTableItem.__super__.initialize.call(self, options); + }, + renderColumn: function(td, templateTD) { + var self = this; + + TokenTableItem.__super__.renderColumn.call(self, td, templateTD); + + var name = td.attr("name"); + if (name == "status") { + $("a", td).click(function(e) { + e.preventDefault(); + self.editStatus(); + }); + } + }, + editStatus: function() { + var self = this; + + var model = self.table.collection.get(self.entry.id); + + var dialog = new Dialog({ + el: $("#token-status-dialog"), + title: "Change Token Status", + readonly: ["tokenID", "userID", "type", + "appletID", "keyInfo", "policy", + "createTimestamp", "modifyTimestamp"], + actions: ["cancel", "save"] + }); + + dialog.entry = _.clone(model.attributes); + + dialog.handler("save", function() { + + // save changes + dialog.save(); + + // check if the status was changed + if (dialog.entry.status != model.attributes.status) { + + model.changeStatus({ + status: dialog.entry.status, + success: function(data, textStatus, jqXHR) { + self.table.render(); + }, + error: function(jqXHR, textStatus, errorThrow) { + new ErrorDialog({ + el: $("#error-dialog"), + title: "HTTP Error " + jqXHR.responseJSON.Code, + content: jqXHR.responseJSON.Message + }).open(); + } + }); + } + + dialog.close(); + }); + + dialog.open(); + } +}); + +var TokensTable = ModelTable.extend({ + initialize: function(options) { + var self = this; + options.tableItem = TokenTableItem; + TokensTable.__super__.initialize.call(self, options); + }, + add: function() { + var self = this; + + window.location.hash = "#new-token"; + } +}); + +var TokensPage = Page.extend({ + load: function() { + var self = this; + + var table = new TokensTable({ + el: $("table[name='tokens']"), + collection: new TokenCollection() + }); + + table.render(); + } +}); diff --git a/base/tps/shared/webapps/tps/js/tps.js b/base/tps/shared/webapps/tps/js/tps.js new file mode 100644 index 000000000..476533759 --- /dev/null +++ b/base/tps/shared/webapps/tps/js/tps.js @@ -0,0 +1,231 @@ +/* --- BEGIN COPYRIGHT BLOCK --- + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Copyright (C) 2014 Red Hat, Inc. + * All rights reserved. + * --- END COPYRIGHT BLOCK --- + * + * @author Endi S. Dewata + */ + +var PropertiesTableItem = TableItem.extend({ + initialize: function(options) { + var self = this; + PropertiesTableItem.__super__.initialize.call(self, options); + }, + get: function(name) { + var self = this; + + if (name.substring(0, 7) == "parent.") { + name = name.substring(7); + return self.table.parent.entry[name]; + } + + return PropertiesTableItem.__super__.get.call(self, name); + }, + renderColumn: function(td, templateTD) { + var self = this; + + PropertiesTableItem.__super__.renderColumn.call(self, td, templateTD); + + $("a", td).click(function(e) { + e.preventDefault(); + self.open(); + }); + }, + open: function() { + var self = this; + + var dialog; + + if (self.table.mode == "view") { + // In view mode all properties are read-only. + dialog = new Dialog({ + el: self.table.parent.$("#property-dialog"), + title: "Property", + readonly: ["name", "value"], + actions: ["close"] + }); + + } else { + // In edit mode all properties are editable. + dialog = new Dialog({ + el: self.table.parent.$("#property-dialog"), + title: "Edit Property", + readonly: ["name"], + actions: ["cancel", "save"] + }); + + dialog.handler("save", function() { + + // save changes + dialog.save(); + _.extend(self.entry, dialog.entry); + + // redraw table + self.table.render(); + dialog.close(); + }); + } + + dialog.entry = _.clone(self.entry); + + dialog.open(); + } +}); + +var PropertiesTable = Table.extend({ + initialize: function(options) { + var self = this; + options.columnMappings = { + id: "name" + }; + PropertiesTable.__super__.initialize.call(self, options); + }, + sort: function() { + var self = this; + + // sort properties by name + self.filteredEntries = _.sortBy(self.filteredEntries, function(entry) { + return entry.name; + }); + }, + remove: function(items) { + var self = this; + + // remove selected entries + self.entries = _.reject(self.entries, function(entry) { + return _.contains(items, entry.name); + }); + + // redraw table + self.render(); + } +}); + +var ConfigEntryPage = EntryPage.extend({ + initialize: function(options) { + var self = this; + ConfigEntryPage.__super__.initialize.call(self, options); + self.tableItem = options.tableItem || PropertiesTableItem; + self.tableSize = options.tableSize || 10; + }, + setup: function() { + var self = this; + + ConfigEntryPage.__super__.setup.call(self); + + self.enableLink = $("a[name='enable']", self.menu); + self.disableLink = $("a[name='disable']", self.menu); + + self.enableLink.click(function(e) { + + e.preventDefault(); + + var message = "Are you sure you want to enable this entry?"; + if (!confirm(message)) return; + self.model.enable({ + success: function(data, textStatus, jqXHR) { + self.entry = _.clone(self.model.attributes); + self.render(); + }, + error: function(jqXHR, textStatus, errorThrown) { + new ErrorDialog({ + el: $("#error-dialog"), + title: "HTTP Error " + jqXHR.responseJSON.Code, + content: jqXHR.responseJSON.Message + }).open(); + } + }); + }); + + self.disableLink.click(function(e) { + + e.preventDefault(); + + var message = "Are you sure you want to disable this entry?"; + if (!confirm(message)) return; + self.model.disable({ + success: function(data, textStatus, jqXHR) { + self.entry = _.clone(self.model.attributes); + self.render(); + }, + error: function(jqXHR, textStatus, errorThrown) { + new ErrorDialog({ + el: $("#error-dialog"), + title: "HTTP Error " + jqXHR.responseJSON.Code, + content: jqXHR.responseJSON.Message + }).open(); + } + }); + }); + + var dialog = self.$("#property-dialog"); + + var addDialog = new Dialog({ + el: dialog, + title: "Add Property", + actions: ["cancel", "add"] + }); + + var table = self.$("table[name='properties']"); + self.addButton = $("button[name='add']", table); + self.removeButton = $("button[name='remove']", table); + + self.propertiesTable = new PropertiesTable({ + el: table, + addDialog: addDialog, + tableItem: self.tableItem, + pageSize: self.tableSize, + parent: self + }); + }, + renderContent: function() { + var self = this; + + ConfigEntryPage.__super__.renderContent.call(self); + + var status = self.entry.status; + if (status == "Disabled") { + self.enableLink.show(); + self.disableLink.hide(); + + } else if (status == "Enabled") { + self.enableLink.hide(); + self.disableLink.show(); + } + + if (self.mode == "add") { + self.propertiesTable.mode = "edit"; + self.propertiesTable.entries = []; + + } else if (self.mode == "edit") { + self.propertiesTable.mode = "edit"; + self.propertiesTable.entries = self.entry.properties; + + } else { // self.mode == "view" + self.propertiesTable.mode = "view"; + self.propertiesTable.entries = self.entry.properties; + } + + self.propertiesTable.render(); + }, + saveFields: function() { + var self = this; + + ConfigEntryPage.__super__.saveFields.call(self); + + self.entry.properties = self.propertiesTable.entries; + } +}); diff --git a/base/tps/shared/webapps/tps/js/user.js b/base/tps/shared/webapps/tps/js/user.js new file mode 100644 index 000000000..3a29f1dd1 --- /dev/null +++ b/base/tps/shared/webapps/tps/js/user.js @@ -0,0 +1,150 @@ +/* --- BEGIN COPYRIGHT BLOCK --- + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Copyright (C) 2013 Red Hat, Inc. + * All rights reserved. + * --- END COPYRIGHT BLOCK --- + * + * @author Endi S. Dewata + */ + +var UserModel = Model.extend({ + urlRoot: "/tps/rest/admin/users", + parseResponse: function(response) { + + var attrs = {}; + if (response.Attributes) { + var attributes = response.Attributes.Attribute; + attributes = attributes == undefined ? [] : [].concat(attributes); + + _(attributes).each(function(attribute) { + var name = attribute.name; + var value = attribute.value; + attrs[name] = value; + }); + } + + return { + id: response.id, + userID: response.UserID, + fullName: response.FullName, + email: response.Email, + state: response.State, + type: response.Type, + attributes: attrs + }; + }, + createRequest: function(attributes) { + var attrs = []; + _(attributes.attributes).each(function(value, name) { + attrs.push({ + name: name, + value: value + }); + }); + + return { + id: this.id, + UserID: attributes.userID, + FullName: attributes.fullName, + Email: attributes.email, + State: attributes.state, + Type: attributes.type, + Attributes: { + Attribute: attrs + } + }; + } +}); + +var UserCollection = Collection.extend({ + model: UserModel, + urlRoot: "/tps/rest/admin/users", + getEntries: function(response) { + return response.entries; + }, + getLinks: function(response) { + return response.Link; + }, + parseEntry: function(entry) { + return new UserModel({ + id: entry.id, + userID: entry.UserID, + fullName: entry.FullName + }); + } +}); + +var UserPage = EntryPage.extend({ + initialize: function(options) { + var self = this; + UserPage.__super__.initialize.call(self, options); + }, + loadField: function(input) { + var self = this; + + var name = input.attr("name"); + if (name != "tpsProfiles") { + UserPage.__super__.loadField.call(self, input); + return; + } + + var attributes = self.entry.attributes; + if (attributes) { + var value = attributes.tpsProfiles; + input.val(value); + } + }, + saveField: function(input) { + var self = this; + + var name = input.attr("name"); + if (name != "tpsProfiles") { + UserPage.__super__.saveField.call(self, input); + return; + } + + var attributes = self.entry.attributes; + if (attributes == undefined) { + attributes = {}; + self.entry.attributes = attributes; + } + attributes.tpsProfiles = input.val(); + } +}); + +var UsersTable = ModelTable.extend({ + initialize: function(options) { + var self = this; + UsersTable.__super__.initialize.call(self, options); + }, + add: function() { + var self = this; + + window.location.hash = "#new-user"; + } +}); + +var UsersPage = Page.extend({ + load: function() { + var self = this; + + var table = new UsersTable({ + el: $("table[name='users']"), + collection: new UserCollection() + }); + + table.render(); + } +}); diff --git a/base/tps/shared/webapps/tps/services.template b/base/tps/shared/webapps/tps/services.template new file mode 100644 index 000000000..c6792fea1 --- /dev/null +++ b/base/tps/shared/webapps/tps/services.template @@ -0,0 +1,106 @@ + + + + +TKS Services + + + + + + + + + + + + +
+ +
+
+ +
+ - +
+ + +
+
+ +
+ + + +Certificate System TKS Services Page +
+

+ +

+

+ + + + + + + + + + +
  
  
+
+ + + diff --git a/base/tps/shared/webapps/tps/ui/activities.html b/base/tps/shared/webapps/tps/ui/activities.html new file mode 100644 index 000000000..0762401fd --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/activities.html @@ -0,0 +1,83 @@ + +
+
    +
  1. Home
    2. +
  2. Activities
    3. +
+ +Activities +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + +
Activity IDToken IDUser IDIPOperationResultDate
${id}${tokenID}${userID}${ip}${operation}${result}${date}
+
+ Total: 0 entries +
+
+
    +
    • +
    • +
+ + of 1 + +
    +
    • +
    • +
+
+
diff --git a/base/tps/shared/webapps/tps/ui/activity.html b/base/tps/shared/webapps/tps/ui/activity.html new file mode 100644 index 000000000..5ba96a4e1 --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/activity.html @@ -0,0 +1,47 @@ + +
+
    +
  1. Home
    2. +
  2. Activities
    3. +
  3. Activity ${id}
    4. +
+ +Activity ${id} +
+ +
+
+ +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
+
+
diff --git a/base/tps/shared/webapps/tps/ui/audit.html b/base/tps/shared/webapps/tps/ui/audit.html new file mode 100644 index 000000000..3e6cc6cbb --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/audit.html @@ -0,0 +1,134 @@ + +
+
    +
  1. Home
    2. +
  2. Audit Logging
    3. +
+ +Audit Logging + + + + + + + + + +
+ +
+
+ + +
+ + +
+ + +
+ + +
+
+
+ +

Events

+ + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + +
NameValue
${id}${value}
+
+ Total: 0 entries +
+
+
    +
    • +
    • +
+ + of 1 + +
    +
    • +
    • +
+
+
+ + diff --git a/base/tps/shared/webapps/tps/ui/authenticator.html b/base/tps/shared/webapps/tps/ui/authenticator.html new file mode 100644 index 000000000..6da1fbf12 --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/authenticator.html @@ -0,0 +1,131 @@ + +
+
    +
  1. Home
    2. +
  2. Authentication Sources
    3. +
  3. Authentication Source ${id}
    4. +
+ +Authentication Source ${id} + + + + + + + + + +
+ +
+
+ + +
+ + +
+
+
+ +

Properties

+ + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + +
NameValue
${id}${value}
+
+ Total: 0 entries +
+
+
    +
    • +
    • +
+ + of 1 + +
    +
    • +
    • +
+
+
+ + diff --git a/base/tps/shared/webapps/tps/ui/authenticators.html b/base/tps/shared/webapps/tps/ui/authenticators.html new file mode 100644 index 000000000..f9b0b0a28 --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/authenticators.html @@ -0,0 +1,74 @@ + +
+
    +
  1. Home
    2. +
  2. Authentication Sources
    3. +
+Authentication Sources +
+ + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + +
Source IDStatus
${id}${status}
+
+ Total: 0 entries +
+
+
    +
    • +
    • +
+ + of 1 + +
    +
    • +
    • +
+
+
diff --git a/base/tps/shared/webapps/tps/ui/cert.html b/base/tps/shared/webapps/tps/ui/cert.html new file mode 100644 index 000000000..456f23355 --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/cert.html @@ -0,0 +1,49 @@ + +
+
    +
  1. Home
    2. +
  2. Certificates
    3. +
  3. Certificate ${id}
    4. +
+ +Certificate ${id} +
+ +
+
+ +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
+
+
diff --git a/base/tps/shared/webapps/tps/ui/certs.html b/base/tps/shared/webapps/tps/ui/certs.html new file mode 100644 index 000000000..a87c2dd32 --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/certs.html @@ -0,0 +1,87 @@ + +
+
    +
  1. Home
    2. +
  2. Certificates
    3. +
+ +Certificates +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + +
+ Certificate IDSerial NumberSubjectToken IDUser IDKey TypeStatusCreate TimeModify Time
${id}${serialNumber}${subject}${tokenID}${userID}${keyType}${status}${createTime}${modifyTime}
+
+ Total: 0 entries +
+
+
    +
    • +
    • +
+ + of 1 + +
    +
    • +
    • +
+
+
diff --git a/base/tps/shared/webapps/tps/ui/config.html b/base/tps/shared/webapps/tps/ui/config.html new file mode 100644 index 000000000..d94a0fa28 --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/config.html @@ -0,0 +1,116 @@ + +
+
    +
  1. Home
    2. +
  2. General Configuration
    3. +
+ +General Configuration + + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + +
NameValue
${id}${value}
+
+ Total: 0 entries +
+
+
    +
    • +
    • +
+ + of 1 + +
    +
    • +
    • +
+
+
+ + diff --git a/base/tps/shared/webapps/tps/ui/connector.html b/base/tps/shared/webapps/tps/ui/connector.html new file mode 100644 index 000000000..015a7ac6d --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/connector.html @@ -0,0 +1,131 @@ + +
+
    +
  1. Home
    2. +
  2. Subsystem Connections
    3. +
  3. Subsystem Connection ${id}
    4. +
+ +Subsystem Connection ${id} + + + + + + + + + +
+ +
+
+ + +
+ + +
+
+
+ +

Properties

+ + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + +
NameValue
${id}${value}
+
+ Total: 0 entries +
+
+
    +
    • +
    • +
+ + of 1 + +
    +
    • +
    • +
+
+
+ + diff --git a/base/tps/shared/webapps/tps/ui/connectors.html b/base/tps/shared/webapps/tps/ui/connectors.html new file mode 100644 index 000000000..4d4d59772 --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/connectors.html @@ -0,0 +1,75 @@ + +
+
    +
  1. Home
    2. +
  2. Subsystem Connections
    3. +
+ +Subsystem Connections +
+ + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + +
Connector IDStatus
${id}${status}
+
+ Total: 0 entries +
+
+
    +
    • +
    • +
+ + of 1 + +
    +
    • +
    • +
+
+
diff --git a/base/tps/shared/webapps/tps/ui/group.html b/base/tps/shared/webapps/tps/ui/group.html new file mode 100644 index 000000000..493b79488 --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/group.html @@ -0,0 +1,125 @@ + +
+
    +
  1. Home
    2. +
  2. Groups
    3. +
  3. Group ${id}
    4. +
+ +Group ${id} + + + + + + + + + +
+ +
+
+ +
+ +
+
+
+ +

Members

+ + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + +
User ID
${id}
+
+ Total: 0 entries +
+
+
    +
    • +
    • +
+ + of 1 + +
    +
    • +
    • +
+
+
+ + diff --git a/base/tps/shared/webapps/tps/ui/groups.html b/base/tps/shared/webapps/tps/ui/groups.html new file mode 100644 index 000000000..9f4239db8 --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/groups.html @@ -0,0 +1,75 @@ + +
+
    +
  1. Home
    2. +
  2. Groups
    3. +
+ +Groups +
+ + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + +
Group IDDescription
${id}${description}
+
+ Total: 0 entries +
+
+
    +
    • +
    • +
+ + of 1 + +
    +
    • +
    • +
+
+
diff --git a/base/tps/shared/webapps/tps/ui/home.html b/base/tps/shared/webapps/tps/ui/home.html new file mode 100644 index 000000000..8502ca448 --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/home.html @@ -0,0 +1,60 @@ + +
+
    +
  1. Home
    2. +
+ +Token Processing Service +
+ +
+
+

Token Management

+
+
+ Tokens
+ Certificates
+ Activities
+
+
+ +
+
+

Account Management

+
+
+ Users
+ Groups
+
+
+ +
+
+

System Management

+
+
+ General Configuration
+ Authentication Sources
+ Subsystem Connections
+ Profiles
+ Profile Mappings
+ Audit Logging
+ Self Tests
+
+
diff --git a/base/tps/shared/webapps/tps/ui/index.html b/base/tps/shared/webapps/tps/ui/index.html new file mode 100644 index 000000000..eddceefd7 --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/index.html @@ -0,0 +1,429 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + + + + diff --git a/base/tps/shared/webapps/tps/ui/profile-mapping.html b/base/tps/shared/webapps/tps/ui/profile-mapping.html new file mode 100644 index 000000000..139d21262 --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/profile-mapping.html @@ -0,0 +1,131 @@ + +
+
    +
  1. Home
    2. +
  2. Profile Mappings
    3. +
  3. Profile Mapping ${id}
    4. +
+ +Profile Mapping ${id} + + + + + + + + + +
+ +
+
+ + +
+ + +
+
+
+ +

Properties

+ + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + +
NameValue
${id}${value}
+
+ Total: 0 entries +
+
+
    +
    • +
    • +
+ + of 1 + +
    +
    • +
    • +
+
+
+ + diff --git a/base/tps/shared/webapps/tps/ui/profile-mappings.html b/base/tps/shared/webapps/tps/ui/profile-mappings.html new file mode 100644 index 000000000..dc797bc18 --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/profile-mappings.html @@ -0,0 +1,75 @@ + +
+
    +
  1. Home
    2. +
  2. Profile Mappings
    3. +
+ +Profile Mappings +
+ + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + +
Profile Mapping IDStatus
${id}${status}
+
+ Total: 0 entries +
+
+
    +
    • +
    • +
+ + of 1 + +
    +
    • +
    • +
+
+
diff --git a/base/tps/shared/webapps/tps/ui/profile.html b/base/tps/shared/webapps/tps/ui/profile.html new file mode 100644 index 000000000..61811bcc3 --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/profile.html @@ -0,0 +1,131 @@ + +
+
    +
  1. Home
    2. +
  2. Profiles
    3. +
  3. Profile ${id}
    4. +
+ +Profile ${id} + + + + + + + + + +
+ +
+
+ + +
+ + +
+
+
+ +

Properties

+ + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + +
NameValue
${id}${value}
+
+ Total: 0 entries +
+
+
    +
    • +
    • +
+ + of 1 + +
    +
    • +
    • +
+
+
+ + diff --git a/base/tps/shared/webapps/tps/ui/profiles.html b/base/tps/shared/webapps/tps/ui/profiles.html new file mode 100644 index 000000000..00218e5f7 --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/profiles.html @@ -0,0 +1,75 @@ + +
+
    +
  1. Home
    2. +
  2. Profiles
    3. +
+ +Profiles +
+ + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + +
Profile IDStatus
${id}${status}
+
+ Total: 0 entries +
+
+
    +
    • +
    • +
+ + of 1 + +
    +
    • +
    • +
+
+
diff --git a/base/tps/shared/webapps/tps/ui/selftest.html b/base/tps/shared/webapps/tps/ui/selftest.html new file mode 100644 index 000000000..8a680355a --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/selftest.html @@ -0,0 +1,42 @@ + +
+
    +
  1. Home
    2. +
  2. Self Tests
    3. +
  3. Self Test ${id}
    4. +
+ +Self Test ${id} + +
+ +
+
+ +
+ +
+ +
+ +
+ +
+
+
diff --git a/base/tps/shared/webapps/tps/ui/selftests.html b/base/tps/shared/webapps/tps/ui/selftests.html new file mode 100644 index 000000000..2b428e2d2 --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/selftests.html @@ -0,0 +1,79 @@ + +
+
    +
  1. Home
    2. +
  2. Self Tests
    3. +
+ +Self Tests +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + +
Self Test IDEnabled at StatupCritical at StartupEnabled on DemandCritical on Demand
${id}${enabledAtStartup}${criticalAtStartup}${enabledOnDemand}${criticalOnDemand}
+
+ Total: 0 entries +
+
+
    +
    • +
    • +
+ + of 1 + +
    +
    • +
    • +
+
+
diff --git a/base/tps/shared/webapps/tps/ui/token.html b/base/tps/shared/webapps/tps/ui/token.html new file mode 100644 index 000000000..78384acfe --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/token.html @@ -0,0 +1,96 @@ + +
+
    +
  1. Home
    2. +
  2. Tokens
    3. +
  3. Token ${id}
    4. +
+ +Token ${id} + + + + + + + + + +
+ +
+
+ +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
+
+
+ + diff --git a/base/tps/shared/webapps/tps/ui/tokens.html b/base/tps/shared/webapps/tps/ui/tokens.html new file mode 100644 index 000000000..aca579a68 --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/tokens.html @@ -0,0 +1,135 @@ + +
+
    +
  1. Home
    2. +
  2. Tokens
    3. +
+ +Tokens +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + +
Token IDUser IDTypeStatusApplet IDKey InfoPolicyCreatedModified
${id}${userID}${type}${statusLabel}${appletID}${keyInfo}${policy}${createTimestamp}${modifyTimestamp}
+
+ Total: 0 entries +
+
+
    +
    • +
    • +
+ + of 1 + +
    +
    • +
    • +
+
+
+ + diff --git a/base/tps/shared/webapps/tps/ui/user.html b/base/tps/shared/webapps/tps/ui/user.html new file mode 100644 index 000000000..8463d0bef --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/user.html @@ -0,0 +1,57 @@ + +
+
    +
  1. Home
    2. +
  2. Users
    3. +
  3. User ${id}
    4. +
+ +User ${id} + + + + + + + + + +
+ +
+
+ +
+ +
+ +
+ +
+ +
+ +
+
+
diff --git a/base/tps/shared/webapps/tps/ui/users.html b/base/tps/shared/webapps/tps/ui/users.html new file mode 100644 index 000000000..18d59c9de --- /dev/null +++ b/base/tps/shared/webapps/tps/ui/users.html @@ -0,0 +1,75 @@ + +
+
    +
  1. Home
    2. +
  2. Users
    3. +
+ +Users +
+ + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + +
User IDFull Name
${id}${fullName}
+
+ Total: 0 entries +
+
+
    +
    • +
    • +
+ + of 1 + +
    +
    • +
    • +
+
+
-- cgit