1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
|
<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- BEGIN COPYRIGHT BLOCK
Copyright (C) 2006 Red Hat, Inc.
All rights reserved.
END COPYRIGHT BLOCK -->
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "file:///usr/share/pki/setup/web-app_2_3.dtd">
<web-app>
<display-name>Token Key Service</display-name>
<servlet>
<servlet-name>csadmin-wizard</servlet-name>
<servlet-class>com.netscape.cms.servlet.wizard.WizardServlet</servlet-class>
<init-param>
<param-name>properties</param-name>
<param-value>/WEB-INF/velocity.properties</param-value>
</init-param>
<init-param>
<param-name>name</param-name>
<param-value>TKS Setup Wizard</param-value>
</init-param>
<init-param>
<param-name>panels</param-name>
<param-value>welcome=com.netscape.cms.servlet.csadmin.WelcomePanel,module=com.netscape.cms.servlet.csadmin.ModulePanel,confighsmlogin=com.netscape.cms.servlet.csadmin.ConfigHSMLoginPanel,securitydomain=com.netscape.cms.servlet.csadmin.SecurityDomainPanel,securitydomain=com.netscape.cms.servlet.csadmin.DisplayCertChainPanel,subsystem=com.netscape.cms.servlet.csadmin.CreateSubsystemPanel,restorekeys=com.netscape.cms.servlet.csadmin.RestoreKeyCertPanel,databasepanel=com.netscape.cms.servlet.csadmin.DatabasePanel,sizepanel=com.netscape.cms.servlet.csadmin.SizePanel,namepanel=com.netscape.cms.servlet.csadmin.NamePanel,certrequestpanel=com.netscape.cms.servlet.csadmin.CertRequestPanel,backupkeys=com.netscape.cms.servlet.csadmin.BackupKeyCertPanel,savepk12=com.netscape.cms.servlet.csadmin.SavePKCS12Panel,adminpanel=com.netscape.cms.servlet.csadmin.AdminPanel,importadmincertpanel=com.netscape.cms.servlet.csadmin.ImportAdminCertPanel,donepanel=com.netscape.cms.servlet.csadmin.DonePanel</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>csadmin-login</servlet-name>
<servlet-class>com.netscape.cms.servlet.csadmin.LoginServlet</servlet-class>
<init-param>
<param-name>properties</param-name>
<param-value>/WEB-INF/velocity.properties</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name> tksstart </servlet-name>
<servlet-class> com.netscape.cms.servlet.base.CMSStartServlet </servlet-class>
<init-param><param-name> AuthzMgr </param-name>
<param-value> BasicAclAuthz </param-value> </init-param>
<init-param><param-name> cfgPath </param-name>
<param-value> [PKI_INSTANCE_PATH]/conf/[PKI_SUBSYSTEM_DIR]CS.cfg </param-value> </init-param>
<init-param><param-name> ID </param-name>
<param-value> tksstart </param-value> </init-param>
<load-on-startup> 1 </load-on-startup>
</servlet>
<servlet>
<servlet-name> tksug </servlet-name>
<servlet-class> com.netscape.cms.servlet.admin.UsrGrpAdminServlet </servlet-class>
<init-param><param-name> ID </param-name>
<param-value> tksug </param-value> </init-param>
<init-param><param-name> AuthzMgr </param-name>
<param-value> BasicAclAuthz </param-value> </init-param>
</servlet>
<servlet>
<servlet-name> tkslog </servlet-name>
<servlet-class> com.netscape.cms.servlet.admin.LogAdminServlet </servlet-class>
<init-param><param-name> ID </param-name>
<param-value> tkslog </param-value> </init-param>
<init-param><param-name> AuthzMgr </param-name>
<param-value> BasicAclAuthz </param-value> </init-param>
</servlet>
<servlet>
<servlet-name> tksauths </servlet-name>
<servlet-class> com.netscape.cms.servlet.admin.AuthAdminServlet </servlet-class>
<init-param><param-name> ID </param-name>
<param-value> tksauths </param-value> </init-param>
<init-param><param-name> AuthzMgr </param-name>
<param-value> BasicAclAuthz </param-value> </init-param>
</servlet>
<!--
<servlet>
<servlet-name> tksjobsScheduler </servlet-name>
<servlet-class> com.netscape.cms.servlet.admin.JobsAdminServlet </servlet-class>
<init-param><param-name> ID </param-name>
<param-value> tksjobsScheduler </param-value> </init-param>
<init-param><param-name> AuthzMgr </param-name>
<param-value> BasicAclAuthz </param-value> </init-param>
</servlet>
-->
<servlet>
<servlet-name> tksacl </servlet-name>
<servlet-class> com.netscape.cms.servlet.admin.ACLAdminServlet </servlet-class>
<init-param><param-name> ID </param-name>
<param-value> tksacl </param-value> </init-param>
<init-param><param-name> AuthzMgr </param-name>
<param-value> BasicAclAuthz </param-value> </init-param>
</servlet>
<servlet>
<servlet-name> tksserver </servlet-name>
<servlet-class> com.netscape.cms.servlet.admin.CMSAdminServlet </servlet-class>
<init-param><param-name> ID </param-name>
<param-value> tksserver </param-value> </init-param>
<init-param><param-name> AuthzMgr </param-name>
<param-value> BasicAclAuthz </param-value> </init-param>
</servlet>
<servlet>
<servlet-name> tksRegisterUser </servlet-name>
<servlet-class> com.netscape.cms.servlet.csadmin.RegisterUser </servlet-class>
<init-param><param-name> GetClientCert </param-name> <param-value> false </param-value> </init-param>
<init-param><param-name> authority </param-name>
<param-value> tks </param-value> </init-param> <init-param><param-name> ID </param-name>
<param-value> tksRegisterUser </param-value> </init-param>
<init-param><param-name> GroupName </param-name>
<param-value> Token Key Service Manager Agents </param-value> </init-param>
<init-param><param-name> AuthMgr </param-name> <param-value> TokenAuth </param-value> </init-param>
<init-param><param-name> AuthzMgr </param-name>
<param-value> BasicAclAuthz </param-value> </init-param>
<init-param><param-name> resourceID </param-name>
<param-value> certServer.tks.registerUser </param-value> </init-param>
</servlet>
<servlet> <servlet-name> tksImportTransportCert </servlet-name>
<servlet-class> com.netscape.cms.servlet.csadmin.ImportTransportCert </servlet-class>
<init-param><param-name> GetClientCert </param-name>
<param-value> false </param-value> </init-param>
<init-param><param-name> authority </param-name>
<param-value> tks </param-value> </init-param> <init-param><param-name> ID </param-name>
<param-value> tksImportTransportCert </param-value> </init-param> <init-param><param-name> AuthMgr </param-name>
<param-value> TokenAuth </param-value> </init-param>
<init-param><param-name> AuthzMgr </param-name>
<param-value> BasicAclAuthz </param-value> </init-param>
<init-param><param-name> resourceID </param-name>
<param-value> certServer.tks.importTransportCert </param-value> </init-param>
</servlet>
<servlet>
<servlet-name> tksEncryptData </servlet-name>
<servlet-class> com.netscape.cms.servlet.tks.TokenServlet </servlet-class>
<init-param><param-name> GetClientCert </param-name>
<param-value> true </param-value> </init-param>
<init-param><param-name> AuthzMgr </param-name>
<param-value> BasicAclAuthz </param-value> </init-param>
<init-param><param-name> ID </param-name>
<param-value> tksEncryptData </param-value> </init-param>
<init-param><param-name> template </param-name>
<param-value> index.template </param-value> </init-param>
<init-param><param-name> resourceID </param-name>
<param-value> certServer.tks.encrypteddata </param-value> </init-param>
<init-param><param-name> AuthMgr </param-name>
<param-value> certUserDBAuthMgr </param-value> </init-param>
</servlet>
<servlet>
<servlet-name> tksCreateKeySetData </servlet-name>
<servlet-class> com.netscape.cms.servlet.tks.TokenServlet </servlet-class>
<init-param><param-name> GetClientCert </param-name>
<param-value> true </param-value> </init-param>
<init-param><param-name> AuthzMgr </param-name>
<param-value> BasicAclAuthz </param-value> </init-param>
<init-param><param-name> ID </param-name>
<param-value> tksCreateKeySetData </param-value> </init-param>
<init-param><param-name> template </param-name>
<param-value> index.template </param-value> </init-param>
<init-param><param-name> resourceID </param-name>
<param-value> certServer.tks.keysetdata </param-value> </init-param>
<init-param><param-name> AuthMgr </param-name>
<param-value> certUserDBAuthMgr </param-value> </init-param>
</servlet>
<servlet>
<servlet-name> tksSessionKey </servlet-name>
<servlet-class> com.netscape.cms.servlet.tks.TokenServlet </servlet-class>
<init-param><param-name> GetClientCert </param-name>
<param-value> true </param-value> </init-param>
<init-param><param-name> AuthzMgr </param-name>
<param-value> BasicAclAuthz </param-value> </init-param>
<init-param><param-name> ID </param-name>
<param-value> tksSessionKey </param-value> </init-param>
<init-param><param-name> template </param-name>
<param-value> index.template </param-value> </init-param>
<init-param><param-name> resourceID </param-name>
<param-value> certServer.tks.sessionkey </param-value> </init-param>
<init-param><param-name> AuthMgr </param-name>
<param-value> certUserDBAuthMgr </param-value> </init-param>
</servlet>
<servlet>
<servlet-name> tksRandomData </servlet-name>
<servlet-class> com.netscape.cms.servlet.tks.TokenServlet </servlet-class>
<init-param><param-name> GetClientCert </param-name>
<param-value> true </param-value> </init-param>
<init-param><param-name> AuthzMgr </param-name>
<param-value> BasicAclAuthz </param-value> </init-param>
<init-param><param-name> ID </param-name>
<param-value> tksRandomData </param-value> </init-param>
<init-param><param-name> template </param-name>
<param-value> index.template </param-value> </init-param>
<init-param><param-name> resourceID </param-name>
<param-value> certServer.tks.randomdata </param-value> </init-param>
<init-param><param-name> AuthMgr </param-name>
<param-value> certUserDBAuthMgr </param-value> </init-param>
</servlet>
<servlet>
<servlet-name> tksports </servlet-name>
<servlet-class> com.netscape.cms.servlet.base.PortsServlet </servlet-class>
<init-param><param-name> ID </param-name>
<param-value> tksports </param-value> </init-param>
<init-param><param-name> GetClientCert </param-name>
<param-value> false </param-value> </init-param>
<init-param><param-name> interface </param-name>
<param-value> ee </param-value> </init-param>
</servlet>
<servlet>
<servlet-name> services </servlet-name>
<servlet-class> com.netscape.cms.servlet.csadmin.MainPageServlet </servlet-class>
<init-param><param-name> GetClientCert </param-name>
<param-value> false </param-value> </init-param>
<init-param><param-name> authorityId </param-name>
<param-value> tks </param-value> </init-param>
<init-param><param-name> ID </param-name>
<param-value> services </param-value> </init-param>
<init-param><param-name> templatePath </param-name>
<param-value> /services.template </param-value> </init-param>
</servlet>
<servlet>
<servlet-name> tksDownloadPKCS12 </servlet-name>
<servlet-class> com.netscape.cms.servlet.csadmin.DownloadPKCS12 </servlet-class>
<init-param><param-name> GetClientCert </param-name>
<param-value> false </param-value> </init-param>
<init-param><param-name> authority </param-name>
<param-value> tks </param-value> </init-param>
<init-param><param-name> ID </param-name>
<param-value> tksDownloadPKCS12 </param-value> </init-param>
<init-param><param-name> interface </param-name>
<param-value> ee </param-value> </init-param>
<init-param><param-name> AuthMgr </param-name>
<param-value> TokenAuth </param-value> </init-param>
<init-param><param-name> AuthzMgr </param-name>
<param-value> BasicAclAuthz </param-value> </init-param>
<init-param><param-name> resourceID </param-name>
<param-value> certServer.clone.configuration </param-value> </init-param>
</servlet>
<servlet>
<servlet-name> tksGetConfigEntries </servlet-name>
<servlet-class> com.netscape.cms.servlet.csadmin.GetConfigEntries </servlet-class>
<init-param><param-name> GetClientCert </param-name>
<param-value> false </param-value> </init-param>
<init-param><param-name> authority </param-name>
<param-value> tks </param-value> </init-param>
<init-param><param-name> ID </param-name>
<param-value> tksGetConfigEntries </param-value> </init-param>
<init-param><param-name> AuthzMgr </param-name>
<param-value> BasicAclAuthz </param-value> </init-param>
<init-param><param-name> AuthMgr </param-name>
<param-value> TokenAuth </param-value> </init-param>
<init-param><param-name> resourceID </param-name>
<param-value> certServer.clone.configuration.GetConfigEntries </param-value> </init-param>
</servlet>
<servlet>
<servlet-name> tksGetTokenInfo </servlet-name>
<servlet-class> com.netscape.cms.servlet.csadmin.GetTokenInfo </servlet-class>
<init-param><param-name> GetClientCert </param-name>
<param-value> false </param-value> </init-param>
<init-param><param-name> authority </param-name>
<param-value> tks </param-value> </init-param> <init-param><param-name> ID </param-name>
<param-value> tksGetTokenInfo </param-value> </init-param>
<init-param><param-name> interface </param-name>
<param-value> ee </param-value> </init-param>
</servlet>
<listener>
<listener-class> org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap </listener-class>
</listener>
<context-param>
<param-name>resteasy.servlet.mapping.prefix</param-name>
<param-value>/rest</param-value>
</context-param>
<context-param>
<param-name>resteasy.resource.method-interceptors</param-name>
<param-value>
org.jboss.resteasy.core.ResourceMethodSecurityInterceptor
</param-value>
</context-param>
<servlet>
<servlet-name>Resteasy</servlet-name>
<servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>com.netscape.tks.TKSApplication</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>Resteasy</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name> tksstart </servlet-name>
<url-pattern> /start </url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name> tksug </servlet-name>
<url-pattern> /ug </url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name> tkslog </servlet-name>
<url-pattern> /log </url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name> tksauths </servlet-name>
<url-pattern> /auths </url-pattern>
</servlet-mapping>
<!--
<servlet-mapping>
<servlet-name> tksjobsScheduler </servlet-name>
<url-pattern> /jobsScheduler </url-pattern>
</servlet-mapping>
-->
<servlet-mapping>
<servlet-name> tksacl </servlet-name>
<url-pattern> /acl </url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name> tksserver </servlet-name>
<url-pattern> /server </url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name> tksEncryptData </servlet-name>
<url-pattern> /agent/tks/encryptData </url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name> tksCreateKeySetData </servlet-name>
<url-pattern> /agent/tks/createKeySetData </url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name> tksSessionKey </servlet-name>
<url-pattern> /agent/tks/computeSessionKey </url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name> tksRandomData </servlet-name>
<url-pattern> /agent/tks/computeRandomData </url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>csadmin-wizard</servlet-name>
<url-pattern>/admin/console/config/wizard</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>csadmin-login</servlet-name>
<url-pattern>/admin/console/config/login</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name> tksGetConfigEntries </servlet-name>
<url-pattern> /admin/tks/getConfigEntries </url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name> tksports </servlet-name>
<url-pattern> /ee/tks/ports </url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name> tksRegisterUser </servlet-name>
<url-pattern> /admin/tks/registerUser </url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name> tksImportTransportCert </servlet-name>
<url-pattern> /admin/tks/importTransportCert </url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name> services </servlet-name>
<url-pattern> /services </url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name> tksDownloadPKCS12 </servlet-name>
<url-pattern> /admin/console/config/savepkcs12 </url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name> tksGetTokenInfo </servlet-name>
<url-pattern> /ee/tks/getTokenInfo </url-pattern>
</servlet-mapping>
<!-- ==================== Default Session Configuration =============== -->
<!-- You can set the default session timeout (in minutes) for all newly -->
<!-- created sessions by modifying the value below. -->
<!-- -->
<!-- To disable session timeouts for this instance, set a value of -1. -->
<session-config>
<session-timeout>30</session-timeout>
</session-config>
</web-app>
|