From edf9c2273c00b52b0c240bc0c75dc1ba7bdc396e Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Fri, 9 Nov 2012 01:51:54 -0500 Subject: Reorganized common templates. The common templates have moved from common-ui into base/common. The deployment tools have been updated to use the new location. Ticket #407 --- .../admin/console/config/adminauthenticatepanel.vm | 52 ++ .../webapps/pki/admin/console/config/adminpanel.vm | 219 +++++++ .../admin/console/config/agentauthenticatepanel.vm | 48 ++ .../pki/admin/console/config/backupkeycertpanel.vm | 57 ++ .../pki/admin/console/config/certchainpanel.vm | 49 ++ .../admin/console/config/certprettyprintpanel.vm | 49 ++ .../pki/admin/console/config/certrequestpanel.vm | 219 +++++++ .../pki/admin/console/config/config_addhsm.vm | 96 +++ .../admin/console/config/config_hsmloginpanel.vm | 79 +++ .../admin/console/config/createsubsystempanel.vm | 101 +++ .../pki/admin/console/config/databasepanel.vm | 132 ++++ .../admin/console/config/displaycertchainpanel.vm | 49 ++ .../webapps/pki/admin/console/config/donepanel.vm | 74 +++ .../webapps/pki/admin/console/config/footer.vm | 19 + .../webapps/pki/admin/console/config/header.vm | 25 + .../pki/admin/console/config/hierarchypanel.vm | 56 ++ .../admin/console/config/importadmincertpanel.vm | 66 ++ .../pki/admin/console/config/importcachainpanel.vm | 65 ++ .../webapps/pki/admin/console/config/login.vm | 113 ++++ .../pki/admin/console/config/modulepanel.vm | 162 +++++ .../webapps/pki/admin/console/config/namepanel.vm | 105 ++++ .../admin/console/config/restorekeycertpanel.vm | 54 ++ .../pki/admin/console/config/savepkcs12panel.vm | 40 ++ .../console/config/securitydomainloginpanel.vm | 109 ++++ .../admin/console/config/securitydomainpanel.vm | 115 ++++ .../webapps/pki/admin/console/config/sidemenu.vm | 30 + .../webapps/pki/admin/console/config/sizepanel.vm | 685 +++++++++++++++++++++ .../webapps/pki/admin/console/config/topmenu.vm | 21 + .../pki/admin/console/config/welcomepanel.vm | 56 ++ .../webapps/pki/admin/console/config/wizard.vm | 152 +++++ .../shared/webapps/pki/admin/console/config/xml.vm | 21 + .../shared/webapps/pki/admin/console/js/misc.js | 30 + base/deploy/src/scriptlets/instance_layout.py | 23 +- base/deploy/src/scriptlets/webapp_deployment.py | 32 +- base/setup/pkicreate | 40 +- 35 files changed, 3167 insertions(+), 76 deletions(-) create mode 100644 base/common/shared/webapps/pki/admin/console/config/adminauthenticatepanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/adminpanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/agentauthenticatepanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/backupkeycertpanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/certchainpanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/certprettyprintpanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/certrequestpanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/config_addhsm.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/config_hsmloginpanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/createsubsystempanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/databasepanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/displaycertchainpanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/donepanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/footer.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/header.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/hierarchypanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/importadmincertpanel.vm create mode 100755 base/common/shared/webapps/pki/admin/console/config/importcachainpanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/login.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/modulepanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/namepanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/restorekeycertpanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/savepkcs12panel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/securitydomainloginpanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/securitydomainpanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/sidemenu.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/sizepanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/topmenu.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/welcomepanel.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/wizard.vm create mode 100644 base/common/shared/webapps/pki/admin/console/config/xml.vm create mode 100644 base/common/shared/webapps/pki/admin/console/js/misc.js (limited to 'base') diff --git a/base/common/shared/webapps/pki/admin/console/config/adminauthenticatepanel.vm b/base/common/shared/webapps/pki/admin/console/config/adminauthenticatepanel.vm new file mode 100644 index 000000000..b27042cfb --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/adminauthenticatepanel.vm @@ -0,0 +1,52 @@ + + + +

Authentication

+

+The uid and password are used to authenticate to the master subsystem. These are the administrator's credential information for the master subsystem. +#if ($systemType != "tps") +
+If authentication is successful, a cloned subsystem will retrieve the configuration information from the master one. +#end +
+#if ($errorString != "") + $errorString +#end + + + + + + + + + + + +
Uid:
Password:
+

diff --git a/base/common/shared/webapps/pki/admin/console/config/adminpanel.vm b/base/common/shared/webapps/pki/admin/console/config/adminpanel.vm new file mode 100644 index 000000000..37d922764 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/adminpanel.vm @@ -0,0 +1,219 @@ + + + + + + +The administrator is a privileged user who manages this subsystem. Please enter the following relevant information, and a certificate request will be automatically generated and submitted. An administrator's entry will be created in the internal database and an administrator's certificate will be imported into this browser automatically in the next panel. +
+#if ($errorString != "") + $errorString +#end +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
UID:
Name:
Email:
Password:
Password (Again):
Key Type:
+

+
+
diff --git a/base/common/shared/webapps/pki/admin/console/config/agentauthenticatepanel.vm b/base/common/shared/webapps/pki/admin/console/config/agentauthenticatepanel.vm new file mode 100644 index 000000000..abb7678ae --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/agentauthenticatepanel.vm @@ -0,0 +1,48 @@ + + + +

Authentication

+
+The uid and password are used to authenticate to the CA from which this subsystem's certificates are issued. Enter the uid and password of the Certificate Manager Agent who will approve the certificate requests. +
+#if ($errorString != "") + $errorString +#end + + + + + + + + + + + +
Uid:
Password:
+
diff --git a/base/common/shared/webapps/pki/admin/console/config/backupkeycertpanel.vm b/base/common/shared/webapps/pki/admin/console/config/backupkeycertpanel.vm new file mode 100644 index 000000000..3ec3526d1 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/backupkeycertpanel.vm @@ -0,0 +1,57 @@ + + + +

Export Keys and Certificates

+

+To setup a cloned subsystem, the master subsystem's keys and certificates (with the exception of the SSL server key and certificate) as well as the CA certificate chains need to be exported, and later imported into the cloned subsystem. All of these keys and certificates are stored in a single file in the PKCS #12 format which is protected by the password specified below. This export operation is performed only when the master subsystem's keys and certificates are stored in the software token. +

+If these keys and certificates are stored in a hardware token, the hardware token vendor needs to be consulted for information on how to export them. +

+For cloning, if the keys and certificates are stored in a hardware token, clones should use the same hardware token as that of the Master. +

+#if ($errorString != "") + $errorString +#end +
+ Export subsystem keys and certificates +
+ + + + + + + + + + + +
Password to protect the PKCS #12 file:
Password again:
+
+ Don't export subsystem keys and certificates +
diff --git a/base/common/shared/webapps/pki/admin/console/config/certchainpanel.vm b/base/common/shared/webapps/pki/admin/console/config/certchainpanel.vm new file mode 100644 index 000000000..08bcc1331 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/certchainpanel.vm @@ -0,0 +1,49 @@ + + + +Pretty Print of Certificates on this subsystem. +

+#foreach ($item in $ppcerts) +

$item.getDN()

+ + + + + + + + +
Certificate: $item.getNickname()
+#end + +
+ +
+
+   +
diff --git a/base/common/shared/webapps/pki/admin/console/config/certprettyprintpanel.vm b/base/common/shared/webapps/pki/admin/console/config/certprettyprintpanel.vm new file mode 100644 index 000000000..ac8da10ee --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/certprettyprintpanel.vm @@ -0,0 +1,49 @@ + + + +The following certificates were installed on this instance. +

+#foreach ($item in $ppcerts) +

$item.getDN()

+ + + + + + + + +
Certificate: $item.getNickname()
+#end + +
+ +
+
+   +
diff --git a/base/common/shared/webapps/pki/admin/console/config/certrequestpanel.vm b/base/common/shared/webapps/pki/admin/console/config/certrequestpanel.vm new file mode 100644 index 000000000..0502834e4 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/certrequestpanel.vm @@ -0,0 +1,219 @@ + + + + +A certificate signing request (CSR) contains a public key and is an unsigned copy of the certificate. +

+If a given CSR has been successfully signed by a CA, then the certificate will be designated below by a certificate icon labeled Certificate Generated Successfully. +

+However, if a given CSR contains an action required label under its certificate icon, then those requests must be manually submitted to a CA for certificate generation. +

+Press the [Apply] button after certificates and chains are pasted in. +

+Press the [Next] button once all certificates have been generated successfully. +

+#foreach ($item in $reqscerts) +

$item.getDN()

+ + + + + + + + + +#if ($item.getCert() == "...paste certificate here...") + +#elseif ($item.getCert() == "...certificate be generated internally...") + +#elseif ($item.getCert() == "") + +#else + +#end + + + +
 action required
+		 +
+ certificate will be generated internally + 		+
+ No Certificate Generated. Please import.
+ 		+
+ Certificate Generated Successfully + 		+ + +#if ($item.getCert() == "...paste certificate here...") + Step 1: Copy the Certificate Request (CSR) to enroll at an external CA

+ Step 2: Import the PKCS #7 Certificate Chain (optional if the certificate already contains the chain)

+ Step 3: Paste in the Base64-encoded Certificate after enrollment at an external CA (NOTE: this text box does not accept PKCS #7 certificate chains)

+#elseif ($item.getCert() == "...certificate be generated internally...") +

+#else + View Certificate Request (CSR)

+ View Certificate in Base64-Encoding

+ View Certificate Pretty Print

+#end + + +

+ +
+
X
+ + + + + + + +
$item.getCert()
+
+ +
+
X
+ + + + + + + +
+
+ +
+
X
+ + + + + + + +
+
+ + +#end + +

+ + +

+
+   +
diff --git a/base/common/shared/webapps/pki/admin/console/config/config_addhsm.vm b/base/common/shared/webapps/pki/admin/console/config/config_addhsm.vm new file mode 100644 index 000000000..839cff56a --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/config_addhsm.vm @@ -0,0 +1,96 @@ + + + + + + + + Dogtag Certificate System + + + + + + + +
+ + + + + + +
+ + + + +
+

+ Security Modules

+Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure. +

+

Registering a New Security Module

+
+

+If the desired security module is not listed, it is possible that this security module's PKCS #11 library was not registered with the system. Please register a new security module here. + + + + + + + + +
+Library Path: +
+Module Name: +
+

+ + + + +
+ +
+

+
+ +
+
+ + + diff --git a/base/common/shared/webapps/pki/admin/console/config/config_hsmloginpanel.vm b/base/common/shared/webapps/pki/admin/console/config/config_hsmloginpanel.vm new file mode 100644 index 000000000..147425bae --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/config_hsmloginpanel.vm @@ -0,0 +1,79 @@ + + + +

+ Security Modules Login Panel

+Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure. +
+

Security Token Login

+
+

+The user has chosen to login to the following security module: $SecToken +

+#if ($status == "alreadyLoggedIn") + Token already logged in. +#elseif ($status == "tokenPasswordNotInitialized") + Token password not initialized. +#elseif ($status == "justLoggedIn") + Token logged in successfully. +#else + + + + + + + + +
+Security Module Token Name: +
+Security Module Token Password: +
+

+#end + + + + + +
+ +
+ + + + +

+ +

+
+   +
+ + diff --git a/base/common/shared/webapps/pki/admin/console/config/createsubsystempanel.vm b/base/common/shared/webapps/pki/admin/console/config/createsubsystempanel.vm new file mode 100644 index 000000000..8ae6f3f7b --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/createsubsystempanel.vm @@ -0,0 +1,101 @@ + + + +

Subsystem Configuration

+

+#if ($systemType != "tps") +This instance can be configured as either a new $systemname subsystem or a clone of an existing $systemname. If the cloning option is chosen, please provide the URL to an existing $systemname instance. +#else +This instance can be configured as a new $systemname subsystem. +#end +
+#if ($errorString != "") + $errorString +#end +

+ Configure this Instance as a New $systemname Subsystem +
+ + + + + + + + + + + + + + + + + + + + + +
Subsystem Name: (e.g. - $fullsystemname)
Subsystem HTTP EE URL (unsecure): http://$machineName:$http_port
Subsystem HTTPS Agent URL (clientauth): https://$machineName:$https_agent_port
Subsystem HTTPS EE URL (non-clientauth): https://$machineName:$https_ee_port
Subsystem HTTPS Admin URL (non-clientauth): https://$machineName:$https_admin_port
+

+#if ($disableClone == "true") + Clone an Existing $systemname Subsystem +#else + Clone an Existing $systemname Subsystem +#end +
+ + + +#if ($disableClone == "true") + +#else + +#end + + + +#if ($disableClone == "true") + + +
Subsystem Name: (e.g. - $fullsystemname Clone 1) (e.g. - $fullsystemname Clone 1)
Subsystem URL: +
+
diff --git a/base/common/shared/webapps/pki/admin/console/config/databasepanel.vm b/base/common/shared/webapps/pki/admin/console/config/databasepanel.vm new file mode 100644 index 000000000..174710110 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/databasepanel.vm @@ -0,0 +1,132 @@ + + + +Please provide information to an existing Fedora Directory Server that can be used as the internal database for this instance. [Details] + +

+

+Note: If the Fedora Directory Server is at a remote host, it is highly recommended that SSL should be used. +
+#if ($errorString != "") + $errorString +#end +
+ + + + + + + + + + + + + + +#if ($clone == "clone") + +#else + +#end + + + + + + + + + + + + + + + +
Host:
Port: + SSL +
Base DN:
Database:
Bind DN:
Bind Password:
+ + Remove the existing data from the Base DN shown above.

+ +#if ($clone == "clone") + + #set ($check_none="") + #set ($check_tls="") + #set ($check_ssl="") + #if ($replicationSecurity == "TLS") #set ($check_tls="CHECKED") + #elseif ($replicationSecurity == "SSL") #set ($check_ssl="CHECKED") + #else #set ($check_none="CHECKED") #end + + + + + + + + + + + + + + + + + +

+#end + +

+
+   +
diff --git a/base/common/shared/webapps/pki/admin/console/config/displaycertchainpanel.vm b/base/common/shared/webapps/pki/admin/console/config/displaycertchainpanel.vm new file mode 100644 index 000000000..26506c12f --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/displaycertchainpanel.vm @@ -0,0 +1,49 @@ + + + +

$panelname

+
+A certificate chain is a list of all certificates chained up to the root. +
+If a certificate chain is displayed below, click the Next button to trust this certificate chain for this instance. +
+If no certificate chain is listed below, simply click the Next button to move on to the next panel. +

+#if ($errorString != "") + $errorString +#end +

+ +#if ($certchain.size() > 0) +#foreach ($p in $certchain) +

+$p
+
+
+#end +#end diff --git a/base/common/shared/webapps/pki/admin/console/config/donepanel.vm b/base/common/shared/webapps/pki/admin/console/config/donepanel.vm new file mode 100644 index 000000000..136760171 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/donepanel.vm @@ -0,0 +1,74 @@ + + + + + + +#if ($errorString != "") + $errorString +#end +#if ($systemType.equals("tks")) +As 'root', restart the server on the command line by typing the following command: +
+$initCommand restart $instanceId +
+After performing this restart, the server should become operational. +#else +#if ($externalCA.equals("true") && $systemType.equals("kra")) +As 'root', restart the server on the command line by typing the following command: +
+$initCommand restart $instanceId +
+Startup the administration console to add the peer CA to the Trusted Manager's Group. Make sure to add the transport certificate and connector information to the peer CA. After performing this restart, the server should become operational. +#else +As 'root', restart the server on the command line by typing the following command: +
+$initCommand restart $instanceId +
+After performing this restart, the server should become operational. +
+Please go to the services page to access all of the available interfaces. +
+#end +#end +
+To create additional instances, type "/usr/bin/pkicreate" on the command line. +#if ($systemType != "tps") +
+To start the administration console, type "/usr/bin/pkiconsole" on the command line. +
+#end +#if (($systemType == "kra") && ($info != "")) +
+
+Important warning reported by Certificate Authority:
    $info +
+
+This instance of Data Recovery Manager (DRM) is not connected to any Certificate Authority (CA). Please consult the product documentation for the manual procedure of connecting a DRM to a CA. +
+#end diff --git a/base/common/shared/webapps/pki/admin/console/config/footer.vm b/base/common/shared/webapps/pki/admin/console/config/footer.vm new file mode 100644 index 000000000..a596e45b1 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/footer.vm @@ -0,0 +1,19 @@ + + diff --git a/base/common/shared/webapps/pki/admin/console/config/header.vm b/base/common/shared/webapps/pki/admin/console/config/header.vm new file mode 100644 index 000000000..e0fe6a962 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/header.vm @@ -0,0 +1,25 @@ + + diff --git a/base/common/shared/webapps/pki/admin/console/config/hierarchypanel.vm b/base/common/shared/webapps/pki/admin/console/config/hierarchypanel.vm new file mode 100644 index 000000000..e6c03a6b1 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/hierarchypanel.vm @@ -0,0 +1,56 @@ + + + +

PKI Hierarchy

+

+This CA instance can be either a Self-Signed Root CA or a Subordinate CA. [Details] + + +

+ +

+ Make this a Self-Signed Root CA within this new PKI hierarchy. +

+ Make this a subordinate CA of another CA. + +

diff --git a/base/common/shared/webapps/pki/admin/console/config/importadmincertpanel.vm b/base/common/shared/webapps/pki/admin/console/config/importadmincertpanel.vm new file mode 100644 index 000000000..53d445946 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/importadmincertpanel.vm @@ -0,0 +1,66 @@ + + + +An administrator's certificate has been created and imported into this browser. This certificate is used to access the agent interface of this subsystem. +

+#if ($errorString != "") + $errorString +#end +$info +

+

+ +

Replication Details
Master Replication Port:
Clone Replication Port:
Replication Security: + None + TLS + SSL +
+ + + + + + + + +
+

+
+
diff --git a/base/common/shared/webapps/pki/admin/console/config/importcachainpanel.vm b/base/common/shared/webapps/pki/admin/console/config/importcachainpanel.vm new file mode 100755 index 000000000..c53c3af2a --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/importcachainpanel.vm @@ -0,0 +1,65 @@ + + + +The CA's certificate chain needs to be imported into your browser. Also, you must trust the CA. Once this is done, click Next. +

+#if ($errorString != "") + $errorString +#end +

+

+ + + + + + +
+

+
+
diff --git a/base/common/shared/webapps/pki/admin/console/config/login.vm b/base/common/shared/webapps/pki/admin/console/config/login.vm new file mode 100644 index 000000000..2400bd2d3 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/login.vm @@ -0,0 +1,113 @@ + + + + + + + + Dogtag Certificate System + + + + + + +
+ +#include ( "admin/console/config/header.vm" ) + + + + +
+ +
+
+ +
+ - +
+ + +
+
+ +
+ + +
+ + + + + +
+ + +

+ Login

+ +A one time random pin has been generated during setup to protect unauthorized access to this configuration wizard. This pin has been stored in the "CS.cfg" configuration file as the value of the 'preop.pin' parameter. Please enter this pin to continue. + +

+#if ($errorString != "") + $errorString +#end +

+ + + + + + + +
PIN:
+

+
+
+ + +

+ + + + +
+ +
+ + +

+ +#include ( "admin/console/config/footer.vm" ) + +
+
+ + + diff --git a/base/common/shared/webapps/pki/admin/console/config/modulepanel.vm b/base/common/shared/webapps/pki/admin/console/config/modulepanel.vm new file mode 100644 index 000000000..f0952ecbe --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/modulepanel.vm @@ -0,0 +1,162 @@ + + + +Two lists of security modules are provided below. The Supported Security Modules list consists of both software-based and hardware-based security modules that this PKI solution supports, while the Other Security Modules list consists of any other security modules found by this PKI subsystem that are not recognized as one of the supported security modules. [Details] + + +
+

Supported Security Modules

+ + + + + + + +#foreach ($module in $sms) + + + + + + +#foreach ($token in $module.getTokens()) + + + + + + +#end +#end + +
Module/TokenStatusDefaultOperations

$module.getUserFriendlyName()		 + #if ($module.isFound()) + Found + #else + Not Found + #end +
- $token.getNickName() + #if ($token.isPresent() && $token.isLoggedIn()) + Logged In + #else + Not logged In + #end + + #if ($token.isPresent() && $token.isLoggedIn()) + #if ($defTok == $token.getNickName()) + + #else + + #end + #end + + #if ($token.isPresent() && !$token.isLoggedIn()) +Login + #end +
+

Other Security Modules

+

The security modules listed below are modules found by the server but not recognized as one of the supported modules. If the user believes that any listed modules below should have been supported, please check the "CS.cfg" configuration file to see if there is a name mismatch and adjust this accordingly.

+ + + + + + + +#foreach ($module in $oms) + + + + + + +#foreach ($token in $module.getTokens()) + + + + + + +#end +#end + +
Module/TokenStatusDefaultOperations
$module.getUserFriendlyName() + #if ($module.isFound()) + Found + #else + Not Found + #end +
- $token.getNickName() + #if ($token.isPresent() && $token.isLoggedIn()) + Logged In + #else + Not logged In + #end + + #if ($defTok == $token.getNickName()) + + #else + + #end + + #if ($token.isPresent() && !$token.isLoggedIn()) +Login + #end +
+ + +
+ +
+
+   +
diff --git a/base/common/shared/webapps/pki/admin/console/config/namepanel.vm b/base/common/shared/webapps/pki/admin/console/config/namepanel.vm new file mode 100644 index 000000000..a1fff3807 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/namepanel.vm @@ -0,0 +1,105 @@ + + + +Each certificate associated with this instance needs to have a unique name within the PKI hierarchy. The following information will be used to generate these unique names. Each certificate will be stored in the security module using a unique nickname.[Details] + + + + +

+#if ($errorString != "") + $errorString +#end +
+#foreach ($item in $certs) +

$item.getUserFriendlyName()

+ + + + +#if ($item.isEnable()) + +#else + +#end + + + +#if ($item.isEnable()) + +#else + +#end + +
DN:
Nickname:
+
+#end +
+
+

+A Certificate Authority (CA) is responsible for issuing different kinds of certificates. To obtain the certificates required internally by this subsystem, the user must select a URL to a CA that has been registered in the security domain or to an "External CA". +

+Note: An "External CA" is defined to be a CA that is not part of the 'Security Domain'. Verisign®, GeoTrust®, and Netscape® Certificate Management System (CMS) 6.x are examples of "External CAs". +
+ + + +#if ($isRoot == "true") + + +
URL: +
+ +

+
+
diff --git a/base/common/shared/webapps/pki/admin/console/config/restorekeycertpanel.vm b/base/common/shared/webapps/pki/admin/console/config/restorekeycertpanel.vm new file mode 100644 index 000000000..ab9b06f4c --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/restorekeycertpanel.vm @@ -0,0 +1,54 @@ + + + +

Import Keys and Certificates

+
+To setup a cloned subsystem, the master subsystem's keys and certificates (with the exception of the SSL server key and certificate) need to be imported. For a software token, all of these keys and certificates are stored in a single file in the PKCS #12 format which is protected by the password provided during the creation of this file. To import this PKCS #12 file, first copy the PKCS #12 file to the alias directory for the cloned subsystem. Then enter an appropriate filename and password in the form specified below. +

+If these keys and certificates are stored in a hardware token, the hardware token vendor needs to be consulted for information on how to import them. +

+For keys and certificates stored in an external software token, please refer to the Dogtag documentation for instructions. +

+By default, if the path is left blank, no PKCS #12 file will be imported. +
+#if ($errorString != "") + $errorString +#end + + + + + + + + + + + +
PKCS #12 filename:
PKCS #12 Password:
+
diff --git a/base/common/shared/webapps/pki/admin/console/config/savepkcs12panel.vm b/base/common/shared/webapps/pki/admin/console/config/savepkcs12panel.vm new file mode 100644 index 000000000..ce74ecae8 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/savepkcs12panel.vm @@ -0,0 +1,40 @@ + + + +

Save Keys and Certificates

+
+This Subsystem is attempting to return the keys and certificates in a PKCS #12 format. +

+A popup dialog box from the browser should appear, prompting the user to save these keys and certificates to a PKCS #12 file located on the local filesystem. Follow the instructions within this dialog to save this PKCS #12 file to a safe location. +
+#if ($errorString != "") + $errorString +#end +
+ +
diff --git a/base/common/shared/webapps/pki/admin/console/config/securitydomainloginpanel.vm b/base/common/shared/webapps/pki/admin/console/config/securitydomainloginpanel.vm new file mode 100644 index 000000000..e9e0763ab --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/securitydomainloginpanel.vm @@ -0,0 +1,109 @@ + + + + + + + + Dogtag Certificate System + + + + + + + +

+ + + + + + +
+ + + + +
+

+ Security Domain ($name) Login

+ +
+

The Enterprise $subsystem Administrator will register this $subsystem Subsystem located at $host under this Security Domain located at $sdhost. The credential information will be provided to the Security Domain for authentication.

+#if ($errorString != "") + $errorString +#end + + + + + + + + + + + + + + +
Uid:
Password:
+ +

+
+   +
+ + +

+ + + + +
+
+ +
+
+ +

+ +
+ +
+
+ + + diff --git a/base/common/shared/webapps/pki/admin/console/config/securitydomainpanel.vm b/base/common/shared/webapps/pki/admin/console/config/securitydomainpanel.vm new file mode 100644 index 000000000..a8ac15bf5 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/securitydomainpanel.vm @@ -0,0 +1,115 @@ + + + +

$panelname

+
+A security domain is a registry for all of the PKI services within an enterprise. Applications may use the security domain to locate other PKI services. [Details] + + + +#if ($errorString != "") + $errorString +#end +
+#if ($cstype == "CA") + Create a New Security Domain +
+If no security domain exists, a new one must be created for this CA. + + + + + + + + + + + + + + + + + + + + + +
Security Domain Name: (e.g. - Dogtag Security Domain)
Security Domain HTTP EE URL (unsecure): http://$machineName:$http_ee_port
Security Domain HTTPS Agent URL (clientauth): https://$machineName:$https_agent_port
Security Domain HTTPS EE URL (non-clientauth): https://$machineName:$https_ee_port
Security Domain HTTPS Admin URL (non-clientauth): https://$machineName:$https_admin_port
+
+ Join an Existing Security Domain +#else + Create a New Security Domain +
+If no security domain exists, a new one must be created for this CA. + + + + + +
Security Domain Name: (e.g. - Dogtag Security Domain)
+
+ Join an Existing Security Domain +#end +
+Enter the URL to an existing security domain. +
+ + + + + +
Security Domain HTTPS Admin URL (non-clientauth): (e.g. - https://example.com:9445)
+
+ + + + + +
NOTE:   Since a Security Domain MUST be a CA (although all CAs are NOT necessarily Security Domains), an appropriate value for this URL may be obtained by logging into the machine which hosts the desired Security Domain CA as 'root' and running the command "$initCommand status $instanceId" from the command-line.
+
diff --git a/base/common/shared/webapps/pki/admin/console/config/sidemenu.vm b/base/common/shared/webapps/pki/admin/console/config/sidemenu.vm new file mode 100644 index 000000000..09fe16870 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/sidemenu.vm @@ -0,0 +1,30 @@ + + + diff --git a/base/common/shared/webapps/pki/admin/console/config/sizepanel.vm b/base/common/shared/webapps/pki/admin/console/config/sizepanel.vm new file mode 100644 index 000000000..1dee1ce6b --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/sizepanel.vm @@ -0,0 +1,685 @@ + + + + + +Select the key pair type(s), associated key pair size(s) or curve name(s), and signature algorithm(s) from the pulldown menus. + + [Details] + + +#if ($select == "clone") +For a cloned subsystem, only the key for an SSL server certificate is generated. +#end +
+#if ($errorString != "") + $errorString +#end +
+
+
+ + + + +
[Advanced]
+
+

Common Key Settings

+
+ + + + + +
Key Type:
+ +#if ($subsystemtype == "ca") +#if ($hselect == "root") + + + + + +
Signed With:
+#end +#end + +#if ($show_signing == "true") + + + + + +
Signing Algorithm:
+#end + +
+

+ + Use the default key size ($default_keysize bits). +

+ Use the following custom key size: + +

+ + + + + +
Key Size:
+ +

+ + + + + +
+

+ +

+
+
+
+#if ($firsttime == 'false') +New Keys

+#end +
+

+
+Note: After pressing Next, keys will be generated on the server, which will take some time to complete. Please wait for the next panel to appear. +   +
diff --git a/base/common/shared/webapps/pki/admin/console/config/topmenu.vm b/base/common/shared/webapps/pki/admin/console/config/topmenu.vm new file mode 100644 index 000000000..64881066f --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/topmenu.vm @@ -0,0 +1,21 @@ + + + diff --git a/base/common/shared/webapps/pki/admin/console/config/welcomepanel.vm b/base/common/shared/webapps/pki/admin/console/config/welcomepanel.vm new file mode 100644 index 000000000..07b0d641f --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/welcomepanel.vm @@ -0,0 +1,56 @@ + + + +

$panelname

+The $fullsystemname configuration wizard will guide the administrator through the process of configuring a single instance of the $fullsystemname ($systemname). [Details] + + + + diff --git a/base/common/shared/webapps/pki/admin/console/config/wizard.vm b/base/common/shared/webapps/pki/admin/console/config/wizard.vm new file mode 100644 index 000000000..cc868e572 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/wizard.vm @@ -0,0 +1,152 @@ + + + + + + + + Dogtag Certificate System + + + + + + + + + + + + +
+ +#include ( "admin/console/config/header.vm" ) + + + + +
+ +
+
+ +
+
+ +
+ + +
+ + + + + +
+ +
+
    +#foreach ($panel in $panels) +#if (!$panel.isSubPanel()) +#if ($panel.isPanelDone()) +
  • $panel.getName()
    • +#else +
  • $panel.getName()
    • +#end +#end + +#end +
+
+ + 		+

+ $title

+ + + + +
+ + +#parse ( $panel ) + + + +
+ + + + + + +
+ +#if ($showApplyButton == true) + +#end + +#if ($lastpanel == true) +  +#else + +#end + +
+ +
+ +#include ( "admin/console/config/footer.vm" ) + +
+
+ + + diff --git a/base/common/shared/webapps/pki/admin/console/config/xml.vm b/base/common/shared/webapps/pki/admin/console/config/xml.vm new file mode 100644 index 000000000..ee4bc2c97 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/xml.vm @@ -0,0 +1,21 @@ + + + + $xml + diff --git a/base/common/shared/webapps/pki/admin/console/js/misc.js b/base/common/shared/webapps/pki/admin/console/js/misc.js new file mode 100644 index 000000000..d4dc336ab --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/js/misc.js @@ -0,0 +1,30 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// Copyright (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +/** + * This function is to submit the form's parameters and to decide if the + * window should remain open. + * + * @param f The form + * @param fclose true if you want to close the window; otherwise false. + */ +function saveConfig(f, fclose) { + f.submit(); + if (fclose == true) + window.close(); +} diff --git a/base/deploy/src/scriptlets/instance_layout.py b/base/deploy/src/scriptlets/instance_layout.py index cf8e42d4f..995f4aacc 100644 --- a/base/deploy/src/scriptlets/instance_layout.py +++ b/base/deploy/src/scriptlets/instance_layout.py @@ -72,28 +72,13 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): util.directory.create(master['pki_tomcat_webapps_path']) util.directory.create(master['pki_tomcat_webapps_common_path']) - # Copy /usr/share/pki/common-ui/css - # to /webapp/pki/css + # Copy /usr/share/pki/common-ui + # to /webapp/pki util.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, - "common-ui", - "css"), - os.path.join( - master['pki_tomcat_webapps_common_path'], - "css"), - overwrite_flag=True) - - # Copy /usr/share/pki/common-ui/images - # to /webapp/pki/images - util.directory.copy( - os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - "common-ui", - "images"), - os.path.join( - master['pki_tomcat_webapps_common_path'], - "images"), + "common-ui"), + master['pki_tomcat_webapps_common_path'], overwrite_flag=True) util.directory.create(master['pki_tomcat_webapps_root_path']) diff --git a/base/deploy/src/scriptlets/webapp_deployment.py b/base/deploy/src/scriptlets/webapp_deployment.py index 4c15256bd..9fca206e9 100644 --- a/base/deploy/src/scriptlets/webapp_deployment.py +++ b/base/deploy/src/scriptlets/webapp_deployment.py @@ -48,36 +48,18 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # deploy webapp util.directory.create(master['pki_tomcat_webapps_subsystem_path']) - # Copy /usr/share/pki/common-ui/admin/console/config - # to /webapp//admin/console/config + # Copy /usr/share/pki/server/webapps/pki/admin + # to /webapp//admin util.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, - "common-ui", - "admin", - "console", - "config"), - os.path.join( - master['pki_tomcat_webapps_subsystem_path'], - "admin", - "console", - "config"), - overwrite_flag=True) - - # Copy /usr/share/pki/common-ui/admin/console/js - # to /webapp//admin/console/js - util.directory.copy( - os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - "common-ui", - "admin", - "console", - "js"), + "server", + "webapps", + "pki", + "admin"), os.path.join( master['pki_tomcat_webapps_subsystem_path'], - "admin", - "console", - "js"), + "admin"), overwrite_flag=True) util.directory.copy( diff --git a/base/setup/pkicreate b/base/setup/pkicreate index 6b503fe7e..6f63e96e8 100755 --- a/base/setup/pkicreate +++ b/base/setup/pkicreate @@ -2065,27 +2065,11 @@ sub process_pki_directories $default_dir_permissions, $default_file_permissions, $pki_user, $pki_group); - # Copy /usr/share/pki/common-ui/css - # to /docroot/pki/css + # Copy /usr/share/pki/common-ui + # to /docroot/pki return 0 if !copy_directory( - "$common_ui_subsystem_path/css", - "$docroot_instance_path/pki/css", - $default_dir_permissions, $default_file_permissions, - $pki_user, $pki_group); - - # Copy /usr/share/pki/common-ui/esc - # to /docroot/pki/esc - return 0 if !copy_directory( - "$common_ui_subsystem_path/esc", - "$docroot_instance_path/pki/esc", - $default_dir_permissions, $default_file_permissions, - $pki_user, $pki_group); - - # Copy /usr/share/pki/common-ui/images - # to /docroot/pki/images - return 0 if !copy_directory( - "$common_ui_subsystem_path/images", - "$docroot_instance_path/pki/images", + $common_ui_subsystem_path, + "$docroot_instance_path/pki", $default_dir_permissions, $default_file_permissions, $pki_user, $pki_group); @@ -2116,19 +2100,11 @@ sub process_pki_directories $default_dir_permissions, $default_file_permissions, $pki_user, $pki_group); - # Copy /usr/share/pki/common-ui/admin/console/config - # to /webapp//admin/console/config - return 0 if !copy_directory( - "$common_ui_subsystem_path/admin/console/config", - "$webapps_subsystem_instance_path/admin/console/config", - $default_dir_permissions, $default_file_permissions, - $pki_user, $pki_group); - - # Copy /usr/share/pki/common-ui/admin/console/js - # to /webapp//admin/console/js + # Copy /usr/share/pki/server/webapps/pki/admin + # to /webapp//admin return 0 if !copy_directory( - "$common_ui_subsystem_path/admin/console/js", - "$webapps_subsystem_instance_path/admin/console/js", + "$pki_subsystem_common_area/server/webapps/pki/admin", + "$webapps_subsystem_instance_path/admin", $default_dir_permissions, $default_file_permissions, $pki_user, $pki_group); -- cgit