Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 313719 Details for
Bug 458337
Provide separate listening ports for CS
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Fix for port separation
portseparation.diff (text/plain), 68.37 KB, created by
Jack Magne
on 2008-08-07 17:20:20 UTC
(
hide
)
Description:
Fix for port separation
Filename:
MIME Type:
Creator:
Jack Magne
Created:
2008-08-07 17:20:20 UTC
Size:
68.37 KB
patch
obsolete
>Index: linux/ca/pki-ca.spec >=================================================================== >--- linux/ca/pki-ca.spec (revision 67) >+++ linux/ca/pki-ca.spec (working copy) >@@ -34,7 +34,7 @@ > ## Package Header Definitions > %define base_name %{base_prefix}-%{base_component} > %define base_version 1.0.0 >-%define base_release 7 >+%define base_release 8 > %define base_group System Environment/Daemons > %define base_vendor Red Hat, Inc. > %define base_license GPLv2 with exceptions >@@ -282,6 +282,8 @@ > ############################################################################### > > %changelog >+* Thu Jul 10 2008 Jack Magne <jmagne@redhat.com> 1.0.0-8 >+- Fix for bug #433652. > * Wed Jun 25 2008 Andrew Wnuk <awnuk@redhat.com> 1.0.0-7 > - Fix for bug #443687. > * Mon Jun 9 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-6 >Index: linux/common/pki-common.spec >=================================================================== >--- linux/common/pki-common.spec (revision 67) >+++ linux/common/pki-common.spec (working copy) >@@ -33,7 +33,7 @@ > ## Package Header Definitions > %define base_name %{base_prefix}-%{base_component} > %define base_version 1.0.0 >-%define base_release 11 >+%define base_release 12 > %define base_group System Environment/Base > %define base_vendor Red Hat, Inc. > %define base_license GPLv2 with exceptions >@@ -298,6 +298,8 @@ > ############################################################################### > > %changelog >+* Thu Jul 10 2008 Jack Magne <jmagne@redhat.com> 1.0.0-12 >+- Fix for bug #433652. > * Wed Jul 9 2008 Christina Fu <cfu@redhat.com> 1.0.0-11 > - Fix for Bugzilla Bug #446685: LDAP publisher doesn't store the bind password properly > * Tue Jul 8 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-10 >Index: linux/setup/pki-setup.spec >=================================================================== >--- linux/setup/pki-setup.spec (revision 67) >+++ linux/setup/pki-setup.spec (working copy) >@@ -33,7 +33,7 @@ > ## Package Header Definitions > %define base_name %{base_prefix}-%{base_component} > %define base_version 1.0.0 >-%define base_release 2 >+%define base_release 3 > %define base_group System Environment/Shells > %define base_vendor Red Hat, Inc. > %define base_license GPLv2 with exceptions >@@ -217,6 +217,8 @@ > ############################################################################### > > %changelog >+* Thu Jul 10 2008 Jack Magne <jmagne@redhat.com> 1.0.0-3 >+- Fix for bug #433652. > * Tue Apr 1 2008 Jack Magne <jmagne@redhat.com> 1.0.0-2 > - Fix for Bug# 440084 - Installation Error Messages Need Improvement. > * Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 >Index: linux/tks/pki-tks.spec >=================================================================== >--- linux/tks/pki-tks.spec (revision 67) >+++ linux/tks/pki-tks.spec (working copy) >@@ -34,7 +34,7 @@ > ## Package Header Definitions > %define base_name %{base_prefix}-%{base_component} > %define base_version 1.0.0 >-%define base_release 2 >+%define base_release 3 > %define base_group System Environment/Daemons > %define base_vendor Red Hat, Inc. > %define base_license GPLv2 with exceptions >@@ -291,6 +291,8 @@ > ############################################################################### > > %changelog >+* Thu Jul 10 2008 Jack Magne <jmagne@redhat.com> 1.0.0-3 >+- Fix for bug #433652. > * Mon Jun 9 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-2 > - Bugzilla Bug #450345: Port Dogtag 1.0.0 to > Fedora 9 (32-bit i386 & 64-bit x86_64). >Index: linux/ocsp/pki-ocsp.spec >=================================================================== >--- linux/ocsp/pki-ocsp.spec (revision 67) >+++ linux/ocsp/pki-ocsp.spec (working copy) >@@ -34,7 +34,7 @@ > ## Package Header Definitions > %define base_name %{base_prefix}-%{base_component} > %define base_version 1.0.0 >-%define base_release 2 >+%define base_release 3 > %define base_group System Environment/Daemons > %define base_vendor Red Hat, Inc. > %define base_license GPLv2 with exceptions >@@ -298,6 +298,8 @@ > ############################################################################### > > %changelog >+* Thu Jul 10 2008 Jack Magne <jmagne@redhat.com> 1.0.0-3 >+- Fix for bug #433652. > * Mon Jun 9 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-2 > - Bugzilla Bug #450345: Port Dogtag 1.0.0 to > Fedora 9 (32-bit i386 & 64-bit x86_64). >Index: linux/kra/pki-kra.spec >=================================================================== >--- linux/kra/pki-kra.spec (revision 67) >+++ linux/kra/pki-kra.spec (working copy) >@@ -34,7 +34,7 @@ > ## Package Header Definitions > %define base_name %{base_prefix}-%{base_component} > %define base_version 1.0.0 >-%define base_release 2 >+%define base_release 3 > %define base_group System Environment/Daemons > %define base_vendor Red Hat, Inc. > %define base_license GPLv2 with exceptions >@@ -289,6 +289,8 @@ > ############################################################################### > > %changelog >+* Thu Jul 10 2008 Jack Magne <jmagne@redhat.com> 1.0.0-3 >+- Fix for bug #433652. > * Mon Jun 9 2008 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-2 > - Bugzilla Bug #450345: Port Dogtag 1.0.0 to > Fedora 9 (32-bit i386 & 64-bit x86_64). >Index: base/ca/shared/webapps/ca/WEB-INF/velocity.properties >=================================================================== >--- base/ca/shared/webapps/ca/WEB-INF/velocity.properties (revision 67) >+++ base/ca/shared/webapps/ca/WEB-INF/velocity.properties (working copy) >@@ -1,6 +1,6 @@ > resource.loader = file > file.resource.loader.class = org.apache.velocity.runtime.resource.loader.FileResourceLoader >-file.resource.loader.path = [PKI_INSTANCE_PATH]/webapps/[PKI_SUBSYSTEM_TYPE] >+file.resource.loader.path = [PKI_INSTANCE_PATH]/[PKI_WEBAPPS_NAME]/[PKI_SUBSYSTEM_TYPE] > file.resource.loader.cache = true > file.resource.loader.modificationCheckInterval = 2 > input.encoding=UTF-8 >Index: base/ca/shared/webapps/ca/WEB-INF/web.xml >=================================================================== >--- base/ca/shared/webapps/ca/WEB-INF/web.xml (revision 67) >+++ base/ca/shared/webapps/ca/WEB-INF/web.xml (working copy) >@@ -2033,10 +2033,12 @@ > <url-pattern> /registry </url-pattern> > </servlet-mapping> > >+[PKI_OPEN_SEPARATE_PORTS_COMMENT] > <servlet-mapping> > <servlet-name> caauths </servlet-name> > <url-pattern> /auths </url-pattern> > </servlet-mapping> >+[PKI_CLOSE_SEPARATE_PORTS_COMMENT] > > <servlet-mapping> > <servlet-name> castart </servlet-name> >Index: base/ca/shared/conf/server.xml >=================================================================== >--- base/ca/shared/conf/server.xml (revision 67) >+++ base/ca/shared/conf/server.xml (working copy) >@@ -88,7 +88,7 @@ > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="100" scheme="https" secure="true" >- clientAuth="false" sslProtocol="SSL" >+ clientAuth="agent" sslProtocol="SSL" > sslOptions="ssl2=true,ssl3=true,tls=true" > ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5" > ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >@@ -100,8 +100,6 @@ > certdbDir="[PKI_INSTANCE_PATH]/alias"/> > <!-- DO NOT REMOVE - End define PKI secure port --> > >- >- > <!-- Note : To disable connection timeouts, set connectionTimeout value > to 0 --> > >@@ -207,7 +205,7 @@ > Note: XML Schema validation will not work with Xerces 2.2. > --> > <Host name="localhost" appBase="webapps" >- unpackWARs="true" autoDeploy="true" >+ unpackWARs="true" autoDeploy="false" > xmlValidation="false" xmlNamespaceAware="false"> > > <!-- Defines a cluster for this node, >@@ -386,10 +384,87 @@ > pattern="common" resolveHosts="false"/> > --> > >+ <!-- <Context docBase="webapps" path="/webapps" reloadable="false"/> --> > </Host> > > </Engine> > > </Service> > >+[PKI_OPEN_SEPARATE_PORTS_COMMENT] >+ >+<Service name="CatalinaAdmin"> >+ >+<Connector port="[PKI_ADMIN_SECURE_PORT]" maxHttpHeaderSize="8192" >+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75" >+ enableLookups="false" disableUploadTimeout="true" >+ acceptCount="100" scheme="https" secure="true" >+ clientAuth="false" sslProtocol="SSL" >+ sslOptions="ssl2=true,ssl3=true,tls=true" >+ ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5" >+ ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >+ tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >+ SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" >+ serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf" >+ passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf" >+ passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile" >+ certdbDir="[PKI_INSTANCE_PATH]/alias"/> >+ >+ <Engine name="CatalinaAdmin" defaultHost="localhost"> >+ >+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm" >+ resourceName="UserDatabase"/> >+ >+ <Host name="localhost" appBase="webapps.admin" >+ unpackWARs="true" autoDeploy="false" >+ xmlValidation="false" xmlNamespaceAware="false"> >+ >+ <Valve className="org.apache.catalina.valves.AccessLogValve" >+ directory="logs" prefix="localhost_access_log." suffix=".txt" >+ pattern="common" resolveHosts="false"/> >+ >+ </Host> >+ >+ </Engine> >+ >+ </Service> >+ >+ >+<Service name="CatalinaEE"> >+ >+<Connector port="[PKI_EE_SECURE_PORT]" maxHttpHeaderSize="8192" >+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75" >+ enableLookups="false" disableUploadTimeout="true" >+ acceptCount="100" scheme="https" secure="true" >+ clientAuth="false" sslProtocol="SSL" >+ sslOptions="ssl2=true,ssl3=true,tls=true" >+ ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5" >+ ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >+ tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >+ SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" >+ serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf" >+ passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf" >+ passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile" >+ certdbDir="[PKI_INSTANCE_PATH]/alias"/> >+ >+ <Engine name="CatalinaEE" defaultHost="localhost"> >+ >+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm" >+ resourceName="UserDatabase"/> >+ >+ <Host name="localhost" appBase="webapps.ee" >+ unpackWARs="true" autoDeploy="false" >+ xmlValidation="false" xmlNamespaceAware="false"> >+ >+ >+ <Valve className="org.apache.catalina.valves.AccessLogValve" >+ directory="logs" prefix="localhost_access_log." suffix=".txt" >+ pattern="common" resolveHosts="false"/> >+ >+ </Host> >+ >+ </Engine> >+ >+ </Service> >+[PKI_CLOSE_SEPARATE_PORTS_COMMENT] > </Server> >Index: base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java >=================================================================== >--- base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java (revision 67) >+++ base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java (working copy) >@@ -143,7 +143,7 @@ > rarg.addStringValue("type", "agent"); > rarg.addStringValue("prefix", "https"); > rarg.addIntegerValue("port", >- Integer.valueOf(CMS.getEESSLPort()).intValue()); >+ Integer.valueOf(CMS.getAgentPort()).intValue()); > rarg.addStringValue("host", host); > rarg.addStringValue("uri", agentInterface); > argSet.addRepeatRecord(rarg); >Index: base/common/src/com/netscape/cmscore/apps/CMSEngine.java >=================================================================== >--- base/common/src/com/netscape/cmscore/apps/CMSEngine.java (revision 67) >+++ base/common/src/com/netscape/cmscore/apps/CMSEngine.java (working copy) >@@ -452,20 +452,41 @@ > DOMParser parser = new DOMParser(); > parser.parse(path); > NodeList nodes = parser.getDocument().getElementsByTagName("Connector"); >+ String parentName=""; >+ boolean secure=false; >+ String port=""; > for (int i=0; i<nodes.getLength(); i++) { > Element n = (Element)nodes.item(i); >- boolean secure = n.hasAttribute("sslProtocol"); >- String port = n.getAttribute("port"); >- if (secure) { >- mServerCertNickname = n.getAttribute("serverCert"); >- info[AGENT][PORT] = port; >- info[ADMIN][PORT] = port; >- info[EE_SSL][PORT] = port; >- } else { >- info[EE_NON_SSL][PORT] = port; >+ >+ parentName = ""; >+ Element p = (Element) n.getParentNode(); >+ if(p != null) { >+ parentName = p.getAttribute("name"); > } >- } >+ secure = n.hasAttribute("sslProtocol"); >+ port = n.getAttribute("port"); >+ >+ //Do agent port or every port, if there is only one port. >+ if ( parentName.equals("Catalina")) { >+ >+ if (secure) { >+ mServerCertNickname = n.getAttribute("serverCert"); >+ info[AGENT][PORT] = port; >+ info[ADMIN][PORT] = port; >+ info[EE_SSL][PORT] = port; >+ } else { >+ info[EE_NON_SSL][PORT] = port; >+ } >+ } >+ if( parentName.equals("CatalinaEE")) { >+ info[EE_SSL][PORT] = port; >+ } >+ if( parentName.equals("CatalinaAdmin")) { >+ info[ADMIN][PORT] = port; >+ } >+ } > } catch (Exception e) { >+ CMS.debug("CMSEngine: parseServerXML exception: " + e.toString()); > } > } > >Index: base/setup/pkicreate >=================================================================== >--- base/setup/pkicreate (revision 67) >+++ base/setup/pkicreate (working copy) >@@ -29,7 +29,9 @@ > # -pki_instance_root=/var/lib > # -pki_instance_name=pki-ca1 > # -subsystem_type=ca >-# -secure_port=9543 >+# -secure_port=9543 || -agent_secure_port=9543 >+# -ee_secure_port=9544 >+# -admin_secure_port=9545 > # -unsecure_port=9180 > # -tomcat_server_port=1801 > # -user=pkiuser >@@ -282,6 +284,9 @@ > my $webapps_root_base_instance_dir = "ROOT"; # CA, KRA, OCSP, TKS > my $webapps_root_base_subsystem_dir = "ROOT"; # CA, KRA, OCSP, TKS > my $webinf_base_instance_dir = "WEB-INF"; # CA, KRA, OCSP, TKS >+my $agent_base_ui_instance_dir = "agent"; # CA, KRA, OCSP, TKS >+my $ee_base_ui_instance_dir = "ee"; # CA, KRA, OCSP, TKS >+my $admin_base_ui_instance_dir = "admin"; # CA, KRA, OCSP, TKS > > # Defaults > my $default_apache_pids_path = "/var/run"; >@@ -338,12 +343,20 @@ > my $PKI_MACHINE_NAME_SLOT = "PKI_MACHINE_NAME"; > my $PKI_RANDOM_NUMBER_SLOT = "PKI_RANDOM_NUMBER"; > my $PKI_SECURE_PORT_SLOT = "PKI_SECURE_PORT"; >+my $PKI_EE_SECURE_PORT_SLOT = "PKI_EE_SECURE_PORT"; >+my $PKI_AGENT_SECURE_PORT_SLOT = "PKI_AGENT_SECURE_PORT"; >+my $PKI_ADMIN_SECURE_PORT_SLOT = "PKI_ADMIN_SECURE_PORT"; > my $PKI_SERVER_XML_CONF = "PKI_SERVER_XML_CONF"; > my $PKI_SUBSYSTEM_TYPE_SLOT = "PKI_SUBSYSTEM_TYPE"; > my $PKI_UNSECURE_PORT_SLOT = "PKI_UNSECURE_PORT"; > my $PKI_USER_SLOT = "PKI_USER"; > my $TOMCAT_SERVER_PORT_SLOT = "TOMCAT_SERVER_PORT"; > my $PKI_FLAVOR_SLOT = "PKI_FLAVOR"; >+my $PKI_OPEN_SEPARATE_PORTS_COMMENT_SLOT = "PKI_OPEN_SEPARATE_PORTS_COMMENT"; >+my $PKI_CLOSE_SEPARATE_PORTS_COMMENT_SLOT = "PKI_CLOSE_SEPARATE_PORTS_COMMENT"; >+my $PKI_OPEN_COMMENT = "<!--"; >+my $PKI_CLOSE_COMMENT = "-->"; >+my $PKI_WEBAPPS_NAME = "PKI_WEBAPPS_NAME"; > > # PKI removal constants > my $saved_cleanup_file_name = ".cleanup.dat"; >@@ -375,6 +388,9 @@ > my $tomcat_server_port = -1; > > # Command-line variables (optional) >+my $agent_secure_port = -1; >+my $ee_secure_port = -1; >+my $admin_secure_port = -1; > my $username = ""; > my $groupname = ""; > my $redirected_conf_path = ""; >@@ -697,7 +713,15 @@ > . " -secure_port=<secure_port> " > . "# Secure port\n\n" > . " -unsecure_port=<unsecure_port> " >- . "# Unsecure port\n\n" >+ . "#Unsecure port\n\n" >+ . "###################### Optional separate ports ############\n\n" >+ . " -agent_secure_port=<agent_secure_port> " >+ . "#Agent secure port, Same as 'secure_port'\n\n" >+ . " -ee_secure_port=<ee_secure_port> " >+ . "# EE secure port\n\n" >+ . " -admin_secure_port=<admin_secure_port> " >+ . "# Admin secureport\n\n" >+ . "###################### End Optional separate ports ########\n\n" > . " -tomcat_server_port=<tomcat_server_port> " > . "# Unique port\n" > . " " >@@ -751,7 +775,14 @@ > "Example: pkicreate -pki_instance_root=/var/lib\n" > . " -pki_instance_name=$pki_flavor-ca1\n" > . " -subsystem_type=ca\n" >+ . "[Either mandatory: \n" > . " -secure_port=9543\n" >+ . "] or\n" >+ . "[ Optional separate ports:\n" >+ . " -agent_secure_port=9543\n" >+ . " -ee_secure_port=9544\n" >+ . " -admin_secure_port=9545\n" >+ . "]\n" > . " -unsecure_port=9180\n" > . " -tomcat_server_port=1801\n" > . " -user=pkiuser\n" >@@ -795,6 +826,9 @@ > my $l_secure_port = -1; > my $l_unsecure_port = -1; > my $l_tomcat_server_port = -1; >+ my $l_agent_secure_port = -1; >+ my $l_ee_secure_port = -1; >+ my $l_admin_secure_port = -1; > my $show_help = 0; > > $result = GetOptions( "help" => \$show_help, >@@ -803,6 +837,9 @@ > "subsystem_type=s" => \$subsystem_type, > "secure_port:i" => \$l_secure_port, > "unsecure_port:i" => \$l_unsecure_port, >+ "agent_secure_port:i" => \$l_agent_secure_port, >+ "ee_secure_port:i" => \$l_ee_secure_port, >+ "admin_secure_port:i" => \$l_admin_secure_port, > "tomcat_server_port:i" => \$l_tomcat_server_port, > "user=s" => \$username, > "group=s" => \$groupname, >@@ -926,9 +963,12 @@ > > emit( " secure_port $secure_port\n" ); > } else { >- emit( "Must include value for secure_port!\n", "error" ); >- usage(); >- return 0; >+ if( $l_agent_secure_port == -1) >+ { >+ emit( "Must include value for secure_port!\n", "error" ); >+ usage(); >+ return 0; >+ } > } > > >@@ -943,7 +983,6 @@ > return 0; > } > >- > ## Mandatory "-tomcat_server_port=<tomcat_server_port>" option/exclusion > if( !($subsystem_type eq $RA || $subsystem_type eq $TPS ) ) { > ## Mandatory OPTION for CA, KRA, OCSP, and TKS subsystems >@@ -966,7 +1005,61 @@ > } > } > >+ if( ($subsystem_type eq $RA || $subsystem_type eq $TPS ) ) { >+ ## Don't do port separation for RA or TPS > >+ if( $l_agent_secure_port > 0 || $l_ee_secure_port > 0 >+ || $l_admin_secure_port > 0) { >+ >+ emit( "Must NOT include separate ports for RA or TPS!\n", >+ "error"); >+ usage(); >+ return 0; >+ } >+ } >+ >+ if( $l_agent_secure_port >= 0 ) { >+ $agent_secure_port = $l_agent_secure_port; >+ >+ emit( " agent_secure_port $agent_secure_port\n"); >+ >+ } >+ >+ ## Mandatory ee_secure_port if "-agent_secure_port" is given >+ >+ if( $l_ee_secure_port >= 0 ) { >+ $ee_secure_port = $l_ee_secure_port; >+ >+ emit( " ee_secure_port $ee_secure_port\n"); >+ >+ } else { >+ if(agent_secure_port >= 0) { >+ emit( "Must include value for ee_secure_port if agent_secure_port is given!\n"); >+ } >+ } >+ >+ ## Mandatory admin_secure_port if "-agent_secure_port" is given >+ >+ if( $l_admin_secure_port >= 0 ) { >+ $admin_secure_port = $l_admin_secure_port; >+ >+ emit( " admin_secure_port $admin_secure_port\n"); >+ >+ } else { >+ if(agent_secure_port >= 0) { >+ emit( "Must include value for admin_secure_port if agent_secure_port is given!\n"); >+ } >+ } >+ >+ if (!AreConnectorPortsValid($secure_port,$unsecure_port,$agent_secure_port, >+ $ee_secure_port,$admin_secure_port ) ) >+ { >+ emit( "Invalid port numbers submitted!\n","error" ); >+ usage(); >+ return 0; >+ } >+ >+ > ## Optional "-user=<username>" option > if( $username ne "" ) { > if( $groupname eq "" ) { >@@ -1459,6 +1552,12 @@ > { > my $result = 0; > >+ my $do_port_separation = 0; >+ if( $agent_secure_port >= 0 && ( $subsystem_type ne $RA ) && >+ ( $subsystem_type ne $TPS ) ) { >+ $do_port_separation = 1; >+ } >+ > emit( "Processing PKI directories for '$pki_instance_path' ...\n" ); > > ## Populate instance directory paths (instance independent) >@@ -1728,7 +1827,7 @@ > $result = copy_directory( $ui_subsystem_path, > $pki_instance_path ); > if( !$result ) { >- emit( "Failed to copy directory $webapps_subsystem_path ...\n" ); >+ emit( "Failed to copy directory $ui_subsystem_path ...\n" ); > return 0; > } > >@@ -1806,7 +1905,89 @@ > emit( "Failed to copy directory $webapps_subsystem_path ...\n" ); > return 0; > } >+ ## Take care of port separation directory manipulation here. >+ >+ if( $do_port_separation ) { >+ # Make 2 more copies of the webapps directory >+ # One for ee and one for admin, existing webapps is for agent > >+ $result = copy_directory( $webapps_instance_path , $webapps_instance_path . ".ee" ); >+ >+ if( !$result ) { >+ emit( "Failed to copy directory $webapps_subsystem_path for port separation ...\n" ); >+ return 0; >+ } >+ >+ $result = copy_directory( $webapps_instance_path , $webapps_instance_path . ".admin" ); >+ >+ if( !$result ) { >+ emit( "Failed to copy directory $webapps_subsystem_path for port separation ...\n" ); >+ return 0; >+ } >+ >+ # Remove unwanted content from the agent, webapps directory >+ >+ $result = remove_directory( $webapps_instance_path . "/" . >+ $subsystem_type . "/" . $ee_base_ui_instance_dir ); >+ >+ if( !$result ) { >+ emit( "Failed to delete directory for port separation ...\n" ); >+ return 0; >+ } >+ >+ # In this case for the agent port , we still need the webapps/$subsystem_type/admin/console directory >+ # for the configuration wizard to still run. >+ # Only remove the $subsystem_type portion of this directory. >+ >+ $result = remove_directory( $webapps_instance_path . "/" . >+ $subsystem_type . "/" . $admin_base_ui_instance_dir . "/" . $subsystem_type ); >+ >+ if( !$result ) { >+ emit( "Failed to delete directory for port separation ...\n" ); >+ return 0; >+ } >+ >+ >+ # Remove unwanted content from the ee, webapps directory >+ # In this case for the ee port , we still need the webapps/$subsystem_type/admin/console directory >+ # for the security domain requests from other subsystems. >+ # Only remove the $subsystem_type portion of this directory. >+ >+ $result = remove_directory( $webapps_instance_path . >+ ".ee" . "/" . $subsystem_type . "/" . $agent_base_ui_instance_dir ); >+ >+ if( !$result ) { >+ emit( "Failed to delete directory for port separation ...\n" ); >+ return 0; >+ } >+ >+ $result = remove_directory( $webapps_instance_path . >+ ".ee" ."/" . $subsystem_type . "/" . $admin_base_ui_instance_dir . "/" . $subsystem_type ); >+ >+ if( !$result ) { >+ emit( "Failed to delete directory for port separation ...\n" ); >+ return 0; >+ } >+ >+ # Remove unwanted content from the admin, webapps directory >+ >+ $result = remove_directory( $webapps_instance_path . >+ ".admin" . "/" . $subsystem_type . "/" . $agent_base_ui_instance_dir ); >+ >+ if( !$result ) { >+ emit( "Failed to delete directory for port separation ...\n" ); >+ return 0; >+ } >+ >+ $result = remove_directory( $webapps_instance_path . >+ ".admin" . "/" . $subsystem_type . "/" . $ee_base_ui_instance_dir ); >+ >+ if( !$result ) { >+ emit( "Failed to delete directory for port separation ...\n" ); >+ return 0; >+ } >+ } >+ ## > # Tomcat Specific > $result = copy_directory( $shared_subsystem_path, > $shared_instance_path ); >@@ -1906,6 +2087,13 @@ > # return 0 - failure > sub process_pki_templates() > { >+ #Are we doing port separation?,If so, we have enough info to set the PKI_SECURE_PORT here. >+ my $do_port_separation = 0; >+ if( $agent_secure_port >= 0 && ( $subsystem_type ne $RA ) && >+ ( $subsystem_type ne $TPS ) ) { >+ $do_port_separation = 1; >+ } >+ > my %slot_hash = (); > > emit( "Processing PKI templates for '$pki_instance_path' ...\n" ); >@@ -1976,10 +2164,31 @@ > $slot_hash{$PKI_INSTANCE_ROOT_SLOT} = $pki_instance_root; > $slot_hash{$PKI_MACHINE_NAME_SLOT} = $host; > $slot_hash{$PKI_RANDOM_NUMBER_SLOT} = $random; >- $slot_hash{$PKI_SECURE_PORT_SLOT} = $secure_port; >+ >+ if (! $do_port_separation) { >+ $slot_hash{$PKI_SECURE_PORT_SLOT} = $secure_port; >+ } else { >+ $slot_hash{$PKI_SECURE_PORT_SLOT} = $ee_secure_port; >+ } >+ > $slot_hash{$PKI_SERVER_XML_CONF} = $server_xml_instance_file_path; > $slot_hash{$PKI_SUBSYSTEM_TYPE_SLOT} = $subsystem_type; > $slot_hash{$PKI_UNSECURE_PORT_SLOT} = $unsecure_port; >+ >+ #Take care of the case where we want separate listening ports. >+ if( $do_port_separation) >+ { >+ $slot_hash{$PKI_SECURE_PORT_SLOT} = $agent_secure_port; >+ $slot_hash{$PKI_EE_SECURE_PORT_SLOT} = $ee_secure_port; >+ $slot_hash{$PKI_ADMIN_SECURE_PORT_SLOT} = $admin_secure_port; >+ $slot_hash{$PKI_OPEN_SEPARATE_PORTS_COMMENT_SLOT} = ""; >+ $slot_hash{$PKI_CLOSE_SEPARATE_PORTS_COMMENT_SLOT} = ""; >+ } else { >+ $slot_hash{$PKI_OPEN_SEPARATE_PORTS_COMMENT_SLOT} = $PKI_OPEN_COMMENT; >+ $slot_hash{$PKI_CLOSE_SEPARATE_PORTS_COMMENT_SLOT} = $PKI_CLOSE_COMMENT; >+ >+ } >+ $slot_hash{$PKI_WEBAPPS_NAME} = $webapps_base_subsystem_dir; > $slot_hash{$PKI_USER_SLOT} = $pki_user; > $slot_hash{$TOMCAT_SERVER_PORT_SLOT} = $tomcat_server_port; > $slot_hash{$PKI_FLAVOR_SLOT} = $pki_flavor; >@@ -2275,14 +2484,155 @@ > return 1; > } > >+# no args >+# return 1 - success, or >+# return 0 - failure >+sub process_pki_templates_for_port_separation() >+{ >+ #re do web.xml in the case of configurable port separation > >+ my %slot_hash = (); >+ my $do_port_separation = 0; >+ >+ #for webapps.ee >+ my $ee_webinf_instance_path = $webapps_instance_path >+ . ".ee" >+ . "/" . $subsystem_type >+ . "/" . $webinf_base_instance_dir ; >+ >+ my $ee_webapps_root_instance_path = $webapps_instance_path >+ . ".ee" >+ . "/" . $webapps_root_base_instance_dir ; >+ >+ >+ #for webapps.admin >+ my $admin_webinf_instance_path = $webapps_instance_path >+ . ".admin" >+ . "/" . $subsystem_type >+ . "/" . $webinf_base_instance_dir ; >+ >+ >+ my $admin_webapps_root_instance_path = $webapps_instance_path >+ . ".admin" >+ . "/" . $webapps_root_base_instance_dir ; >+ >+ >+ #for webapps, use $webinf_instance_path >+ >+ if( $agent_secure_port >= 0 && ( $subsystem_type ne $RA ) && >+ ( $subsystem_type ne $TPS ) ) { >+ $do_port_separation = 1; >+ } >+ >+ if ( ! $do_port_separation ) { >+ return 1; >+ } >+ >+ emit( "Processing PKI templates for '$pki_instance_path' for port separation ...\n" ); >+ >+ # We need to re-establish the PKI_INSTANCE_PATH >+ >+ $slot_hash{$PKI_INSTANCE_PATH_SLOT} = $pki_instance_path; >+ $slot_hash{$PKI_SUBSYSTEM_TYPE_SLOT} = $subsystem_type; >+ >+ # For webapps.ee and webapps, comment out the access to the admin port >+ >+ $slot_hash{$PKI_OPEN_SEPARATE_PORTS_COMMENT_SLOT} = $PKI_OPEN_COMMENT; >+ $slot_hash{$PKI_CLOSE_SEPARATE_PORTS_COMMENT_SLOT} = $PKI_CLOSE_COMMENT; >+ >+ $result = process_file_template( $web_xml_subsystem_file_path, >+ $ee_webinf_instance_path . "/" . $web_xml_base_name, >+ \%slot_hash ); >+ if( !$result ) { >+ return 0; >+ } >+ >+ >+ $result = process_file_template( $web_xml_subsystem_file_path, >+ $webinf_instance_path . "/" . $web_xml_base_name, >+ \%slot_hash ); >+ if( !$result ) { >+ return 0; >+ } >+ >+ >+ # For webapps.admin don't comment out the access to the admin port >+ >+ $slot_hash{$PKI_OPEN_SEPARATE_PORTS_COMMENT_SLOT} = ""; >+ $slot_hash{$PKI_CLOSE_SEPARATE_PORTS_COMMENT_SLOT} = ""; >+ >+ $result = process_file_template( $web_xml_subsystem_file_path, >+ $admin_webinf_instance_path . "/" . $web_xml_base_name, >+ \%slot_hash ); >+ if( !$result ) { >+ return 0; >+ } >+ >+ #Now massage the velocity.properties for webapps.ee and webapps.admin >+ >+ $slot_hash{$PKI_WEBAPPS_NAME}= $webapps_base_subsystem_dir . ".ee"; >+ >+ $result = process_file_template( $velocity_prop_subsystem_file_path, >+ $ee_webinf_instance_path . "/" . $velocity_prop_base_name, >+ \%slot_hash ); >+ if( !$result ) { >+ return 0; >+ } >+ >+ $slot_hash{$PKI_WEBAPPS_NAME}= $webapps_base_subsystem_dir . ".admin"; >+ >+ $result = process_file_template( $velocity_prop_subsystem_file_path, >+ $admin_webinf_instance_path . "/" . $velocity_prop_base_name, >+ \%slot_hash ); >+ if( !$result ) { >+ return 0; >+ } >+ >+ #Process the index.html file for ee and admin >+ >+ $slot_hash{$PKI_MACHINE_NAME_SLOT} = $host ; >+ $slot_hash{$PKI_SECURE_PORT_SLOT} = $ee_secure_port ; >+ $result = process_file_template( $index_html_subsystem_file_path, >+ $ee_webapps_root_instance_path . "/" . $index_html_base_name, >+ \%slot_hash ); >+ if( !$result ) { >+ return 0; >+ } >+ >+ $result = process_file_template( $index_html_subsystem_file_path, >+ $admin_webapps_root_instance_path . "/" . $index_html_base_name, >+ \%slot_hash ); >+ if( !$result ) { >+ return 0; >+ } >+ >+ >+ return 1; >+} >+ >+ > # no args > # return 1 - success, or > # return 0 - failure > sub process_pki_files_and_symlinks() > { > my $result = 0; >+ my $do_port_separation = 0; >+ my $ee_webinf_lib_instance_path = $webapps_instance_path >+ . ".ee" >+ . "/" . $subsystem_type >+ . "/" . $webinf_base_instance_dir . "/" . $lib_base_instance_dir; > >+ my $admin_webinf_lib_instance_path = $webapps_instance_path >+ . ".admin" >+ . "/" . $subsystem_type >+ . "/" . $webinf_base_instance_dir . "/" . $lib_base_instance_dir; >+ >+ if( $agent_secure_port >= 0 && ( $subsystem_type ne $RA ) && >+ ( $subsystem_type ne $TPS ) ) { >+ $do_port_separation = 1; >+ } >+ > emit( "Processing PKI files and symbolic links for " > . "'$pki_instance_path' ...\n" ); > >@@ -2416,7 +2766,21 @@ > return 0; > } > >+ if( $do_port_separation) { >+ # create instance "webapps.ee/$subsystem_type/WEB-INF/lib" subdirectory >+ $result = create_directory( $ee_webinf_lib_instance_path ); >+ if( !$result ) { >+ return 0; >+ } > >+ >+ # create instance "webapps.admin/$subsystem_type/WEB-INF/lib" subdirectory >+ $result = create_directory( $admin_webinf_lib_instance_path ); >+ if( !$result ) { >+ return 0; >+ } >+ } >+ > # create instance symlink to "$subsystem_type.jar" > $result = create_symbolic_link( $subsystem_jar_symlink_path, > $subsystem_jar_file_path ); >@@ -2533,23 +2897,52 @@ > } > > >- # create instance symlink to "osutil.jar" >- $result = create_symbolic_link( $osutil_jar_symlink_path, >+ if( !$do_port_separation) { >+ # create instance symlink to "osutil.jar" >+ $result = create_symbolic_link( $osutil_jar_symlink_path, > $osutil_jar_file_path ); >- if( !$result ) { >- return 0; >- } >+ if( !$result ) { >+ return 0; >+ } > >- $result = give_symbolic_link_to( $osutil_jar_symlink_path, >+ $result = give_symbolic_link_to( $osutil_jar_symlink_path, > $pki_user, > $pki_group ); >- if( !$result ) { >- emit( "$osutil_jar_symlink_path ownership problems!", >- "error" ); >- return 0; >+ if( !$result ) { >+ emit( "$osutil_jar_symlink_path ownership problems!", >+ "error" ); >+ return 0; >+ } >+ >+ } else { # put this important file in common instead for port separation >+ # create instance symlink to "osutil.jar" >+ $result = create_symbolic_link( $common_instance_symlink_path . $osutil_jar_base_name , >+ $osutil_jar_file_path ); >+ if( !$result ) { >+ return 0; >+ } >+ >+ $result = give_symbolic_link_to( $common_instance_symlink_path . $osutil_jar_base_name, >+ $pki_user, >+ $pki_group ); >+ if( !$result ) { >+ emit( "$osutil_jar_symlink_path ownership problems!", >+ "error" ); >+ return 0; >+ } >+ >+ #Now go back and massage the web.xml templates to restrict access to the admin port >+ >+ $result = process_pki_templates_for_port_separation(); >+ >+ if( !$result) { >+ emit("Can't process the web.xml template files!\n", >+ "error"); >+ return 0; >+ } >+ > } > >- > # Tomcat Specific > > # create instance symlink to tomcat "common" directory >@@ -2573,7 +2966,26 @@ > } > } > >- return 1; >+ #Now make copy of finished lib directory in webapps.ee and webapps.admin, if doing port separation >+ #Thus processing the files all at once instead of individually >+ >+ if( $do_port_separation) { >+ $result = copy_directory( $webinf_lib_instance_path, >+ $ee_webinf_lib_instance_path); >+ if( !$result ) { >+ emit( "Failed to copy directory $web_lib_instance_path ...\n" ); >+ return 0; >+ } >+ >+ $result = copy_directory( $webinf_lib_instance_path, >+ $admin_webinf_lib_instance_path); >+ if( !$result ) { >+ emit( "Failed to copy directory $webinf_lib_instance_path ...\n" ); >+ return 0; >+ } >+ >+ } >+ return 1; > } > > >@@ -2913,21 +3325,38 @@ > . "start | stop | restart\n", > "log" ); > >- print( STDOUT >- "Please start the configuration by accessing:\n" >- . "http://$host:$unsecure_port/$subsystem_type/admin/" >- . "console/config/login?pin=$random\n\n" ); >- emit( "Configuration Wizard listening on\n" >- . "http://$host:$unsecure_port/$subsystem_type/admin/" >- . "console/config/login?pin=$random\n", >- "log" ); >+ if( $ee_secure_port > 0 ) { >+ print( STDOUT >+ "Please start the configuration by accessing:\n" >+ . "https://$host:$ee_secure_port/$subsystem_type/admin/" >+ . "console/config/login?pin=$random\n\n" ); >+ emit( "Configuration Wizard listening on\n" >+ . "https://$host:$ee_secure_port/$subsystem_type/admin/" >+ . "console/config/login?pin=$random\n", >+ "log" ); > >- print( STDOUT >- "Before proceeding with the configuration, make sure \n" >- . "the firewall settings of this machine permit proper \n" >- . "access to this subsystem. \n"); >+ print( STDOUT >+ "Before proceeding with the configuration, make sure \n" >+ . "the firewall settings of this machine permit proper \n" >+ . "access to this subsystem. \n"); > >+ } else { >+ print( STDOUT >+ "Please start the configuration by accessing:\n" >+ . "http://$host:$unsecure_port/$subsystem_type/admin/" >+ . "console/config/login?pin=$random\n\n" ); >+ emit( "Configuration Wizard listening on\n" >+ . "http://$host:$unsecure_port/$subsystem_type/admin/" >+ . "console/config/login?pin=$random\n", >+ "log" ); > >+ print( STDOUT >+ "Before proceeding with the configuration, make sure \n" >+ . "the firewall settings of this machine permit proper \n" >+ . "access to this subsystem. \n"); >+ >+ } >+ > # If it exists, close the log file > close_logfile( $logfile ); > >Index: base/setup/pkicommon >=================================================================== >--- base/setup/pkicommon (revision 67) >+++ base/setup/pkicommon (working copy) >@@ -521,7 +521,52 @@ > return 0; > } > >+# arg0 secure_port >+# arg1 unsecure_port >+# arg2 agent_secure_port >+# arg3 ee_secure_port >+# arg4 admin_secure_port >+# return 1 - ports are valid (success) >+# return 0 - ports have a conflict (failure) >+sub AreConnectorPortsValid >+{ >+ # parse parameters >+ my( $secure_port, $unsecure_port, $agent_secure_port, >+ $ee_secure_port, $admin_secure_port ) = @_; > >+ >+ if( $secure_port == -1 && $agent_secure_port == -1) >+ { >+ return 0; >+ } >+ >+ if( $secure_port >= 0 && $agent_secure_port >= 0) >+ { >+ return 0; >+ } >+ >+ if( $secure_port >= 0) >+ { >+ if ( $secure_port == $unsecure_port) >+ { >+ return 0; >+ } >+ return 1; >+ } >+ >+ # Now make sure none of the separated ports are the same >+ if( ($agent_secure_port == $admin_secure_port) || >+ ( $agent_secure_port == $ee_secure_port) || >+ ( $ee_secure_port == $admin_secure_port) ) >+ { >+ return 0; >+ } >+ >+ return 1; >+ >+} >+ >+ > # arg0 username > # arg1 port > # return 1 - port is available (success) >@@ -1865,6 +1910,7 @@ > > my $result = 0; > >+ emit("copy_directory(): source=> $source_dir_path dest=> $dest_dir_path \n","debug"); > if( !is_path_valid( $source_dir_path ) ) { > emit( "copy_directory(): illegal source path => $source_dir_path.\n", > "error" ); >@@ -1917,6 +1963,7 @@ > { > my( $dir ) = $_[0]; > >+ emit("remove_directory(): " . $dir . "\n","debug"); > my $result = 0; > > if( !is_path_valid( $dir ) ) { >Index: base/tks/shared/webapps/tks/WEB-INF/velocity.properties >=================================================================== >--- base/tks/shared/webapps/tks/WEB-INF/velocity.properties (revision 67) >+++ base/tks/shared/webapps/tks/WEB-INF/velocity.properties (working copy) >@@ -5,7 +5,7 @@ > # > resource.loader = file > file.resource.loader.class = org.apache.velocity.runtime.resource.loader.FileResourceLoader >-file.resource.loader.path = [PKI_INSTANCE_PATH]/webapps/[PKI_SUBSYSTEM_TYPE] >+file.resource.loader.path = [PKI_INSTANCE_PATH]/[PKI_WEBAPPS_NAME]/[PKI_SUBSYSTEM_TYPE] > file.resource.loader.cache = true > file.resource.loader.modificationCheckInterval = 2 > input.encoding=UTF-8 >Index: base/tks/shared/webapps/tks/WEB-INF/web.xml >=================================================================== >--- base/tks/shared/webapps/tks/WEB-INF/web.xml (revision 67) >+++ base/tks/shared/webapps/tks/WEB-INF/web.xml (working copy) >@@ -330,11 +330,13 @@ > <servlet-name> tksregistry </servlet-name> > <url-pattern> /registry </url-pattern> > </servlet-mapping> >- >+ >+[PKI_OPEN_SEPARATE_PORTS_COMMENT] > <servlet-mapping> > <servlet-name> tksauths </servlet-name> > <url-pattern> /auths </url-pattern> > </servlet-mapping> >+[PKI_CLOSE_SEPARATE_PORTS_COMMENT] > > <servlet-mapping> > <servlet-name> tksjobsScheduler </servlet-name> >Index: base/tks/shared/conf/server.xml >=================================================================== >--- base/tks/shared/conf/server.xml (revision 67) >+++ base/tks/shared/conf/server.xml (working copy) >@@ -1,7 +1,3 @@ >-<!-- BEGIN COPYRIGHT BLOCK >- Copyright (C) 2006 Red Hat, Inc. >- All rights reserved. >- END COPYRIGHT BLOCK --> > <!-- Example Server Configuration File --> > <!-- Note that component elements are nested corresponding to their > parent-child relationships with each other --> >@@ -92,7 +88,7 @@ > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="100" scheme="https" secure="true" >- clientAuth="false" sslProtocol="SSL" >+ clientAuth="agent" sslProtocol="SSL" > sslOptions="ssl2=true,ssl3=true,tls=true" > ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5" > ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >@@ -209,7 +205,7 @@ > Note: XML Schema validation will not work with Xerces 2.2. > --> > <Host name="localhost" appBase="webapps" >- unpackWARs="true" autoDeploy="true" >+ unpackWARs="true" autoDeploy="false" > xmlValidation="false" xmlNamespaceAware="false"> > > <!-- Defines a cluster for this node, >@@ -388,10 +384,87 @@ > pattern="common" resolveHosts="false"/> > --> > >+ <!-- <Context docBase="webapps" path="/webapps" reloadable="false"/> --> > </Host> > > </Engine> > > </Service> > >+[PKI_OPEN_SEPARATE_PORTS_COMMENT] >+ >+<Service name="CatalinaAdmin"> >+ >+<Connector port="[PKI_ADMIN_SECURE_PORT]" maxHttpHeaderSize="8192" >+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75" >+ enableLookups="false" disableUploadTimeout="true" >+ acceptCount="100" scheme="https" secure="true" >+ clientAuth="false" sslProtocol="SSL" >+ sslOptions="ssl2=true,ssl3=true,tls=true" >+ ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5" >+ ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >+ tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >+ SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" >+ serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf" >+ passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf" >+ passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile" >+ certdbDir="[PKI_INSTANCE_PATH]/alias"/> >+ >+ <Engine name="CatalinaAdmin" defaultHost="localhost"> >+ >+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm" >+ resourceName="UserDatabase"/> >+ >+ <Host name="localhost" appBase="webapps.admin" >+ unpackWARs="true" autoDeploy="false" >+ xmlValidation="false" xmlNamespaceAware="false"> >+ >+ <Valve className="org.apache.catalina.valves.AccessLogValve" >+ directory="logs" prefix="localhost_access_log." suffix=".txt" >+ pattern="common" resolveHosts="false"/> >+ >+ </Host> >+ >+ </Engine> >+ >+ </Service> >+ >+ >+<Service name="CatalinaEE"> >+ >+<Connector port="[PKI_EE_SECURE_PORT]" maxHttpHeaderSize="8192" >+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75" >+ enableLookups="false" disableUploadTimeout="true" >+ acceptCount="100" scheme="https" secure="true" >+ clientAuth="false" sslProtocol="SSL" >+ sslOptions="ssl2=true,ssl3=true,tls=true" >+ ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5" >+ ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >+ tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >+ SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" >+ serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf" >+ passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf" >+ passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile" >+ certdbDir="[PKI_INSTANCE_PATH]/alias"/> >+ >+ <Engine name="CatalinaEE" defaultHost="localhost"> >+ >+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm" >+ resourceName="UserDatabase"/> >+ >+ <Host name="localhost" appBase="webapps.ee" >+ unpackWARs="true" autoDeploy="false" >+ xmlValidation="false" xmlNamespaceAware="false"> >+ >+ >+ <Valve className="org.apache.catalina.valves.AccessLogValve" >+ directory="logs" prefix="localhost_access_log." suffix=".txt" >+ pattern="common" resolveHosts="false"/> >+ >+ </Host> >+ >+ </Engine> >+ >+ </Service> >+[PKI_CLOSE_SEPARATE_PORTS_COMMENT] > </Server> >Index: base/ocsp/shared/webapps/ocsp/WEB-INF/velocity.properties >=================================================================== >--- base/ocsp/shared/webapps/ocsp/WEB-INF/velocity.properties (revision 67) >+++ base/ocsp/shared/webapps/ocsp/WEB-INF/velocity.properties (working copy) >@@ -5,7 +5,7 @@ > # > resource.loader = file > file.resource.loader.class = org.apache.velocity.runtime.resource.loader.FileResourceLoader >-file.resource.loader.path = [PKI_INSTANCE_PATH]/webapps/[PKI_SUBSYSTEM_TYPE] >+file.resource.loader.path = [PKI_INSTANCE_PATH]/[PKI_WEBAPPS_NAME]/[PKI_SUBSYSTEM_TYPE] > file.resource.loader.cache = true > file.resource.loader.modificationCheckInterval = 2 > input.encoding=UTF-8 >Index: base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml >=================================================================== >--- base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml (revision 67) >+++ base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml (working copy) >@@ -131,6 +131,7 @@ > <init-param><param-name> AuthzMgr </param-name> > <param-value> BasicAclAuthz </param-value> </init-param> > </servlet> >+ > <servlet> > <servlet-name> ocspauths </servlet-name> > <servlet-class> com.netscape.cms.servlet.admin.AuthAdminServlet </servlet-class> >@@ -481,11 +482,13 @@ > <servlet-name> ocsplog </servlet-name> > <url-pattern> /log </url-pattern> > </servlet-mapping> >- >+ >+[PKI_OPEN_SEPARATE_PORTS_COMMENT] > <servlet-mapping> > <servlet-name> ocspauths </servlet-name> > <url-pattern> /auths </url-pattern> > </servlet-mapping> >+[PKI_CLOSE_SEPARATE_PORTS_COMMENT] > > <servlet-mapping> > <servlet-name> ocspstart </servlet-name> >Index: base/ocsp/shared/conf/server.xml >=================================================================== >--- base/ocsp/shared/conf/server.xml (revision 67) >+++ base/ocsp/shared/conf/server.xml (working copy) >@@ -1,7 +1,3 @@ >-<!-- BEGIN COPYRIGHT BLOCK >- Copyright (C) 2006 Red Hat, Inc. >- All rights reserved. >- END COPYRIGHT BLOCK --> > <!-- Example Server Configuration File --> > <!-- Note that component elements are nested corresponding to their > parent-child relationships with each other --> >@@ -92,7 +88,7 @@ > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="100" scheme="https" secure="true" >- clientAuth="false" sslProtocol="SSL" >+ clientAuth="agent" sslProtocol="SSL" > sslOptions="ssl2=true,ssl3=true,tls=true" > ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5" > ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >@@ -104,8 +100,6 @@ > certdbDir="[PKI_INSTANCE_PATH]/alias"/> > <!-- DO NOT REMOVE - End define PKI secure port --> > >- >- > <!-- Note : To disable connection timeouts, set connectionTimeout value > to 0 --> > >@@ -211,7 +205,7 @@ > Note: XML Schema validation will not work with Xerces 2.2. > --> > <Host name="localhost" appBase="webapps" >- unpackWARs="true" autoDeploy="true" >+ unpackWARs="true" autoDeploy="false" > xmlValidation="false" xmlNamespaceAware="false"> > > <!-- Defines a cluster for this node, >@@ -390,10 +384,87 @@ > pattern="common" resolveHosts="false"/> > --> > >+ <!-- <Context docBase="webapps" path="/webapps" reloadable="false"/> --> > </Host> > > </Engine> > > </Service> > >+[PKI_OPEN_SEPARATE_PORTS_COMMENT] >+ >+<Service name="CatalinaAdmin"> >+ >+<Connector port="[PKI_ADMIN_SECURE_PORT]" maxHttpHeaderSize="8192" >+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75" >+ enableLookups="false" disableUploadTimeout="true" >+ acceptCount="100" scheme="https" secure="true" >+ clientAuth="false" sslProtocol="SSL" >+ sslOptions="ssl2=true,ssl3=true,tls=true" >+ ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5" >+ ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >+ tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >+ SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" >+ serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf" >+ passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf" >+ passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile" >+ certdbDir="[PKI_INSTANCE_PATH]/alias"/> >+ >+ <Engine name="CatalinaAdmin" defaultHost="localhost"> >+ >+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm" >+ resourceName="UserDatabase"/> >+ >+ <Host name="localhost" appBase="webapps.admin" >+ unpackWARs="true" autoDeploy="false" >+ xmlValidation="false" xmlNamespaceAware="false"> >+ >+ <Valve className="org.apache.catalina.valves.AccessLogValve" >+ directory="logs" prefix="localhost_access_log." suffix=".txt" >+ pattern="common" resolveHosts="false"/> >+ >+ </Host> >+ >+ </Engine> >+ >+ </Service> >+ >+ >+<Service name="CatalinaEE"> >+ >+<Connector port="[PKI_EE_SECURE_PORT]" maxHttpHeaderSize="8192" >+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75" >+ enableLookups="false" disableUploadTimeout="true" >+ acceptCount="100" scheme="https" secure="true" >+ clientAuth="false" sslProtocol="SSL" >+ sslOptions="ssl2=true,ssl3=true,tls=true" >+ ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5" >+ ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >+ tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >+ SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" >+ serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf" >+ passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf" >+ passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile" >+ certdbDir="[PKI_INSTANCE_PATH]/alias"/> >+ >+ <Engine name="CatalinaEE" defaultHost="localhost"> >+ >+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm" >+ resourceName="UserDatabase"/> >+ >+ <Host name="localhost" appBase="webapps.ee" >+ unpackWARs="true" autoDeploy="false" >+ xmlValidation="false" xmlNamespaceAware="false"> >+ >+ >+ <Valve className="org.apache.catalina.valves.AccessLogValve" >+ directory="logs" prefix="localhost_access_log." suffix=".txt" >+ pattern="common" resolveHosts="false"/> >+ >+ </Host> >+ >+ </Engine> >+ >+ </Service> >+[PKI_CLOSE_SEPARATE_PORTS_COMMENT] > </Server> >Index: base/kra/shared/webapps/kra/WEB-INF/velocity.properties >=================================================================== >--- base/kra/shared/webapps/kra/WEB-INF/velocity.properties (revision 67) >+++ base/kra/shared/webapps/kra/WEB-INF/velocity.properties (working copy) >@@ -1,6 +1,6 @@ > resource.loader = file > file.resource.loader.class = org.apache.velocity.runtime.resource.loader.FileResourceLoader >-file.resource.loader.path = [PKI_INSTANCE_PATH]/webapps/[PKI_SUBSYSTEM_TYPE] >+file.resource.loader.path = [PKI_INSTANCE_PATH]/[PKI_WEBAPPS_NAME]/[PKI_SUBSYSTEM_TYPE] > file.resource.loader.cache = true > file.resource.loader.modificationCheckInterval = 2 > input.encoding=UTF-8 >Index: base/kra/shared/webapps/kra/WEB-INF/web.xml >=================================================================== >--- base/kra/shared/webapps/kra/WEB-INF/web.xml (revision 67) >+++ base/kra/shared/webapps/kra/WEB-INF/web.xml (working copy) >@@ -848,11 +848,12 @@ > <url-pattern> /acl </url-pattern> > </servlet-mapping> > >- >+[PKI_OPEN_SEPARATE_PORTS_COMMENT] > <servlet-mapping> > <servlet-name> kraauths </servlet-name> > <url-pattern> /auths </url-pattern> > </servlet-mapping> >+[PKI_CLOSE_SEPARATE_PORTS_COMMENT] > > <servlet-mapping> > <servlet-name> krajobsScheduler </servlet-name> >Index: base/kra/shared/conf/server.xml >=================================================================== >--- base/kra/shared/conf/server.xml (revision 67) >+++ base/kra/shared/conf/server.xml (working copy) >@@ -83,13 +83,12 @@ > connectionTimeout="20000" disableUploadTimeout="true" /> > > <!-- Define a SSL HTTP/1.1 Connector on port 8443 --> >- > <!-- DO NOT REMOVE - Begin define PKI secure port --> > <Connector port="[PKI_SECURE_PORT]" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="100" scheme="https" secure="true" >- clientAuth="false" sslProtocol="SSL" >+ clientAuth="agent" sslProtocol="SSL" > sslOptions="ssl2=true,ssl3=true,tls=true" > ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5" > ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >@@ -101,8 +100,6 @@ > certdbDir="[PKI_INSTANCE_PATH]/alias"/> > <!-- DO NOT REMOVE - End define PKI secure port --> > >- >- > <!-- Note : To disable connection timeouts, set connectionTimeout value > to 0 --> > >@@ -208,7 +205,7 @@ > Note: XML Schema validation will not work with Xerces 2.2. > --> > <Host name="localhost" appBase="webapps" >- unpackWARs="true" autoDeploy="true" >+ unpackWARs="true" autoDeploy="false" > xmlValidation="false" xmlNamespaceAware="false"> > > <!-- Defines a cluster for this node, >@@ -387,10 +384,87 @@ > pattern="common" resolveHosts="false"/> > --> > >+ <!-- <Context docBase="webapps" path="/webapps" reloadable="false"/> --> > </Host> > > </Engine> > > </Service> > >+[PKI_OPEN_SEPARATE_PORTS_COMMENT] >+ >+<Service name="CatalinaAdmin"> >+ >+<Connector port="[PKI_ADMIN_SECURE_PORT]" maxHttpHeaderSize="8192" >+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75" >+ enableLookups="false" disableUploadTimeout="true" >+ acceptCount="100" scheme="https" secure="true" >+ clientAuth="false" sslProtocol="SSL" >+ sslOptions="ssl2=true,ssl3=true,tls=true" >+ ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5" >+ ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >+ tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >+ SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" >+ serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf" >+ passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf" >+ passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile" >+ certdbDir="[PKI_INSTANCE_PATH]/alias"/> >+ >+ <Engine name="CatalinaAdmin" defaultHost="localhost"> >+ >+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm" >+ resourceName="UserDatabase"/> >+ >+ <Host name="localhost" appBase="webapps.admin" >+ unpackWARs="true" autoDeploy="false" >+ xmlValidation="false" xmlNamespaceAware="false"> >+ >+ <Valve className="org.apache.catalina.valves.AccessLogValve" >+ directory="logs" prefix="localhost_access_log." suffix=".txt" >+ pattern="common" resolveHosts="false"/> >+ >+ </Host> >+ >+ </Engine> >+ >+ </Service> >+ >+ >+<Service name="CatalinaEE"> >+ >+<Connector port="[PKI_EE_SECURE_PORT]" maxHttpHeaderSize="8192" >+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75" >+ enableLookups="false" disableUploadTimeout="true" >+ acceptCount="100" scheme="https" secure="true" >+ clientAuth="false" sslProtocol="SSL" >+ sslOptions="ssl2=true,ssl3=true,tls=true" >+ ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5" >+ ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >+ tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" >+ SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" >+ serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf" >+ passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf" >+ passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile" >+ certdbDir="[PKI_INSTANCE_PATH]/alias"/> >+ >+ <Engine name="CatalinaEE" defaultHost="localhost"> >+ >+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm" >+ resourceName="UserDatabase"/> >+ >+ <Host name="localhost" appBase="webapps.ee" >+ unpackWARs="true" autoDeploy="false" >+ xmlValidation="false" xmlNamespaceAware="false"> >+ >+ >+ <Valve className="org.apache.catalina.valves.AccessLogValve" >+ directory="logs" prefix="localhost_access_log." suffix=".txt" >+ pattern="common" resolveHosts="false"/> >+ >+ </Host> >+ >+ </Engine> >+ >+ </Service> >+[PKI_CLOSE_SEPARATE_PORTS_COMMENT] > </Server>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=313719">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 458337
: 313719 |
333112
|
333424
|
333425