| blob | 92db747ded989da686f4ca4b0149101f68a79b8e |
1 <token_config>
3 <token id="default">
4 <backend>OpenXPKI::Crypto::Backend::OpenSSL</backend>
6 <!-- possible values are OpenSSL, nCipher, LunaCA -->
7 <engine>OpenSSL</engine>
8 <engine_section></engine_section>
9 <key_store>OPENXPKI</key_store>
10 <engine_usage></engine_usage>
12 <!-- OpenSSL binary location -->
13 <shell>[% file.openssl %]</shell>
15 <!-- OpenSSL binary call gets wrapped with this command -->
16 <wrapper></wrapper>
18 <!-- random file to use for OpenSSL -->
19 <!-- <randfile>t/25_crypto/rand</randfile> -->
20 <randfile>[% dir.openxpkistatedir %]/rand</randfile>
21 </token>
23 [% FOREACH realmsection = global.pkirealm %]
25 [% FOREACH ca = $realmsection.issuingca %]
27 [% THROW config "No 'id' defined for issuing CA $ca" IF ! $ca.id.defined %]
28 [% THROW config "No 'dir' defined for issuing CA $ca" IF ! $ca.dir.defined %]
30 <token id="[% $ca.id %]" super="../token{default}">
31 <!-- CA key (PEM encoded) -->
32 <key>[% $ca.dir %]/cakey.pem</key>
34 <!-- CA passphrase fragments -->
35 <secret>default</secret>
36 </token>
37 [% END %]
40 [% FOREACH entry = $realmsection.subsystem %]
42 [% THROW config "No 'id' defined for subsystem $entry" IF ! $entry.id.defined %]
43 [% THROW config "No 'dir' defined for subsystem $entry" IF ! $entry.dir.defined %]
45 <token id="[% $entry.id %]" super="../token{default}">
46 <!-- Backend class -->
47 <backend>[% $entry.backend %]</backend>
49 [% IF $entry.shell.defined %]
50 <!-- Backend shell command -->
51 <shell>[% $entry.shell %]</shell>
52 [% END %]
53 [% IF $entry.id != 'testcreatejavakeystore' %]
54 <!-- Private key (PEM encoded) -->
55 <key>[% $entry.dir %]/key.pem</key>
57 <!-- CA passphrase -->
58 <secret>default</secret>
59 [% END %]
60 </token>
61 [% END %]
64 [% END %]
66 </token_config>