diff options
author | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-03-29 03:53:19 +0000 |
---|---|---|
committer | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-03-29 03:53:19 +0000 |
commit | 6c20ba0ca3f1eba1ebe9483f21143f37b54e3197 (patch) | |
tree | 7d667ce6c2c9630872773455312b7e49b13f1635 /pki/base/tps | |
parent | ea9e8b305e9a50f45d79738389aca4df6bf52aaf (diff) | |
download | pki-6c20ba0ca3f1eba1ebe9483f21143f37b54e3197.tar.gz pki-6c20ba0ca3f1eba1ebe9483f21143f37b54e3197.tar.xz pki-6c20ba0ca3f1eba1ebe9483f21143f37b54e3197.zip |
Bugzilla Bug #492503 - Integrate "mod_revocator" as a runtime dependency for
RA and TPS
Bugzilla Bug #492180 - Security officer: token recovery for a security officer
throws error 28 'connection to server lost'.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@348 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/tps')
-rw-r--r-- | pki/base/tps/Makefile.am | 11 | ||||
-rw-r--r-- | pki/base/tps/Makefile.in | 11 | ||||
-rw-r--r-- | pki/base/tps/apache/conf/httpd.conf | 2 | ||||
-rw-r--r-- | pki/base/tps/apache/conf/revocator.conf | 19 | ||||
-rwxr-xr-x | pki/base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm | 6 | ||||
-rwxr-xr-x | pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm | 6 |
6 files changed, 45 insertions, 10 deletions
diff --git a/pki/base/tps/Makefile.am b/pki/base/tps/Makefile.am index 629058da..523e2caa 100644 --- a/pki/base/tps/Makefile.am +++ b/pki/base/tps/Makefile.am @@ -153,11 +153,12 @@ cgibin_sow_SCRIPTS = $(srcdir)/forms/esc/cgi-bin/sow/ajax-list.cgi \ $(srcdir)/forms/esc/cgi-bin/sow/seturl.cgi \ $(srcdir)/forms/esc/cgi-bin/sow/welcome.cgi -conf_DATA = $(srcdir)/apache/conf/httpd.conf \ - $(srcdir)/apache/conf/magic \ - $(srcdir)/apache/conf/mime.types \ - $(srcdir)/apache/conf/nss.conf \ - $(srcdir)/apache/conf/perl.conf \ +conf_DATA = $(srcdir)/apache/conf/httpd.conf \ + $(srcdir)/apache/conf/magic \ + $(srcdir)/apache/conf/mime.types \ + $(srcdir)/apache/conf/nss.conf \ + $(srcdir)/apache/conf/perl.conf \ + $(srcdir)/apache/conf/revocator.conf \ $(srcdir)/doc/CS.cfg docroot_DATA = $(srcdir)/forms/index.html diff --git a/pki/base/tps/Makefile.in b/pki/base/tps/Makefile.in index 0c7b22a1..c020a377 100644 --- a/pki/base/tps/Makefile.in +++ b/pki/base/tps/Makefile.in @@ -643,11 +643,12 @@ cgibin_sow_SCRIPTS = $(srcdir)/forms/esc/cgi-bin/sow/ajax-list.cgi \ $(srcdir)/forms/esc/cgi-bin/sow/seturl.cgi \ $(srcdir)/forms/esc/cgi-bin/sow/welcome.cgi -conf_DATA = $(srcdir)/apache/conf/httpd.conf \ - $(srcdir)/apache/conf/magic \ - $(srcdir)/apache/conf/mime.types \ - $(srcdir)/apache/conf/nss.conf \ - $(srcdir)/apache/conf/perl.conf \ +conf_DATA = $(srcdir)/apache/conf/httpd.conf \ + $(srcdir)/apache/conf/magic \ + $(srcdir)/apache/conf/mime.types \ + $(srcdir)/apache/conf/nss.conf \ + $(srcdir)/apache/conf/perl.conf \ + $(srcdir)/apache/conf/revocator.conf \ $(srcdir)/doc/CS.cfg docroot_DATA = $(srcdir)/forms/index.html diff --git a/pki/base/tps/apache/conf/httpd.conf b/pki/base/tps/apache/conf/httpd.conf index d3ec8e05..d1a4d486 100644 --- a/pki/base/tps/apache/conf/httpd.conf +++ b/pki/base/tps/apache/conf/httpd.conf @@ -254,6 +254,8 @@ LoadModule negotiation_module [FORTITUDE_LIB_DIR]/modules/mod_negotiation.so LoadModule cgi_module [FORTITUDE_LIB_DIR]/modules/mod_cgi.so # Required module for commands in nss.conf: [FORTITUDE_NSS_MODULES] +# Required module for commands in revocator.conf: +[FORTITUDE_REVOCATOR_MODULES] # Required module for command 'TPSConfigPathFile': LoadModule tps_module [FORTITUDE_MODULE]/mod_tps.so # Required module for command 'TokendbConfigPathFile': diff --git a/pki/base/tps/apache/conf/revocator.conf b/pki/base/tps/apache/conf/revocator.conf new file mode 100644 index 00000000..dda30132 --- /dev/null +++ b/pki/base/tps/apache/conf/revocator.conf @@ -0,0 +1,19 @@ +# CRL Engine Switch: +# Enable/Disable CRL retrieval + +CRLEngine on + +# CRL Age Check Switch: +# Shut the server down if a CRL expires +CRLAgeCheck off + +# CRL Update Critical Switch: +# Shut the server down if a CRL cannot be retrieved +CRLUpdateCritical off + +# CRL URLs: +# A space delimited list of URLs to retrieve and install. +# protocol://urldata;update_interval;max_age +#CRLFile "ldap://ldap.example.com:5000/o=example.net?usercertificate%3binary?sub?(sn=Jensen)??;30;30" +#CRLFile "exec:///usr/sbin/ldapget|ldap://ldap.example.com:3389/o=example.com?userCertificate%3bbinary?sub?(uid=crl)??;30;30" +#CRLFile "https://ca.example.com:1025/getCRL?op=getCRL&issuepoint=MasterCRL;30;30" diff --git a/pki/base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm index d9876073..2533a12d 100755 --- a/pki/base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm +++ b/pki/base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm @@ -101,6 +101,8 @@ sub update $::config->put("conn.tks1.serverKeygen", "true"); $::config->put("op.enroll.userKey.keyGen.encryption.serverKeygen.enable", "true"); $::config->put("op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable", "true"); + $::config->put("op.enroll.soKey.keyGen.encryption.serverKeygen.enable", "true"); + $::config->put("op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.enable", "true"); } else { # no keygen $::config->put("conn.tks1.serverKeygen", "false"); @@ -110,6 +112,10 @@ sub update $::config->put("op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.scheme", "GenerateNewKey"); $::config->put("conn.drm1.clientNickname", ""); $::config->put("conn.drm1.hostport", ""); + $::config->put("op.enroll.soKey.keyGen.encryption.serverKeygen.enable", "false"); + $::config->put("op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.enable", "false"); + $::config->put("op.enroll.soKey.keyGen.encryption.recovery.destroyed.scheme", "GenerateNewKey"); + $::config->put("op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.scheme", "GenerateNewKey"); } $::config->commit(); diff --git a/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm index d76ba775..a172a51e 100755 --- a/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm +++ b/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm @@ -340,6 +340,12 @@ sub display system( "rm $instDir/conf/nss.conf.tmp" ); } + # Append security domain getCRL URL to end of "revocator.conf" + open(REVOCATOR_CONF, ">>$instDir/conf/revocator.conf"); + print REVOCATOR_CONF "CRLFile \"" . $sdom + . "/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL;60;60\"\n"; + close(REVOCATOR_CONF); + &PKI::TPS::Wizard::debug_log("DonePanel: Connecting to Security Domain"); my $machineName = $::config->get("service.machineName"); |