From cc3f569d19fea3326bc1cd50420f980390c706ab Mon Sep 17 00:00:00 2001
From: Jennifer Richards <jennifer@painless-security.com>
Date: Tue, 20 Dec 2016 18:13:29 -0500
Subject: [PATCH] Update RPM spec file and installed config files.

---
 redhat/default-internal.cfg                       |  20 ++++
 redhat/default-main.cfg                           |   9 --
 redhat/organizations.cfg                          |  84 ++++++++++++++
 redhat/{tr-test-main.cfg => tr-test-internal.cfg} |   0
 redhat/trusts.cfg                                 | 128 ----------------------
 trust_router.spec                                 |  22 ++--
 6 files changed, 115 insertions(+), 148 deletions(-)
 create mode 100644 redhat/default-internal.cfg
 delete mode 100644 redhat/default-main.cfg
 create mode 100644 redhat/organizations.cfg
 rename redhat/{tr-test-main.cfg => tr-test-internal.cfg} (100%)
 delete mode 100644 redhat/trusts.cfg

diff --git a/redhat/default-internal.cfg b/redhat/default-internal.cfg
new file mode 100644
index 0000000..7bfe0f5
--- /dev/null
+++ b/redhat/default-internal.cfg
@@ -0,0 +1,20 @@
+{
+  "tr_internal": {
+    "max_tree_depth": 12,
+    "hostname":"beta.example.com",
+    "trps_port":25308,
+    "tids_port":25309,
+    "cfg_poll_interval": 1,
+    "cfg_settling_time": 5,
+    "trp_sweep_interval": 30,
+    "trp_update_interval": 30,
+    "trp_connect_interval": 10,
+    "tid_request_timeout": 5,
+    "tid_response_numerator": 2,
+    "tid_response_denominator": 3,
+    "logging": {
+      "log_threshold": "info",
+      "console_threshold":"notice"
+    }
+  }
+}
diff --git a/redhat/default-main.cfg b/redhat/default-main.cfg
deleted file mode 100644
index 1dca690..0000000
--- a/redhat/default-main.cfg
+++ /dev/null
@@ -1,9 +0,0 @@
-{"tr_internal": {"max_tree_depth": 4,
-		 "hostname":"tr.moonshot.local",
-		 "tids_port": 12309,
-
-		 "logging": { "console_threshold": "debug",
-			      "log_threshold": "info"
-			    }
-		}
-}
diff --git a/redhat/organizations.cfg b/redhat/organizations.cfg
new file mode 100644
index 0000000..5c190b8
--- /dev/null
+++ b/redhat/organizations.cfg
@@ -0,0 +1,84 @@
+{
+  "communities": [
+    {
+      "apcs": [],
+      "community_id": "apc.x",
+      "idp_realms": ["idp.x", "other.idp.x"],
+      "rp_realms": ["rp.x", "other.rp.x"],
+      "type": "apc",
+      "expiration_interval": 10
+    },
+    {
+      "apcs": ["apc."],
+      "community_id": "coi.x",
+      "idp_realms": ["idp.x"],
+      "rp_realms": ["rp.x"],
+      "type": "coi"
+    }
+  ],
+  "local_organizations": [
+    {
+      "organization_name": "Demo Organization",
+      "realms": [
+	{
+	  "realm": "rp.x",
+	  "gss_names": ["alpha-cred@apc.x",
+	                "beta-cred@apc.x",
+			"gamma-cred@apc.x"],
+	  "filters": {
+	    "tid_inbound": [
+	      {
+	        "action": "accept",
+		"domain_constraints": [
+		  "*.local"
+		],
+		"specs": [
+		  {
+		    "field": "rp_realm",
+		    "match": "rp.x"
+		  },
+		  {
+		    "field": "rp_realm",
+		    "match": "*.rp.x"
+		  }
+		],
+		"realm_constraints": [
+		  "rp.x", "*.rp.x"
+		]
+	      }
+	    ]
+	  }
+	},
+        {
+          "realm": "other.rp.x",
+          "gss_names": ["something@apc.x"]
+        },
+	{
+	  "realm": "idp.x",
+	  "gss_names": ["alpha-cred@apc.x"],
+	  "identity_provider": {
+	    "aaa_servers": ["alpha.local"],
+	    "apcs": ["apc.x"],
+	    "shared_config": "no"
+	  }
+        },
+	{
+	  "realm": "other.idp.x",
+	  "gss_names": ["beta-cred@apc.x"],
+	  "identity_provider": {
+	    "aaa_servers": ["alpha.local"],
+	    "apcs": ["apc.x"],
+	    "shared_config": "no"
+	  }
+	}
+      ]
+    }
+  ],
+  "peer_organizations": [
+    {
+      "hostname": "gamma.local",
+      "port": 12310,
+      "gss_names": ["gamma-cred@apc.x"]
+    }
+  ]
+}
diff --git a/redhat/tr-test-main.cfg b/redhat/tr-test-internal.cfg
similarity index 100%
rename from redhat/tr-test-main.cfg
rename to redhat/tr-test-internal.cfg
diff --git a/redhat/trusts.cfg b/redhat/trusts.cfg
deleted file mode 100644
index 0998e1f..0000000
--- a/redhat/trusts.cfg
+++ /dev/null
@@ -1,128 +0,0 @@
-{
-  "communities": [
-    {
-      "apcs": [
-        "pci-community.ja.net"
-      ],
-      "community_id": "comm.offcenter.org",
-      "idp_realms": [
-        "idr2.offcenter.org"
-      ],
-      "rp_realms": [
-        "sr3.offcenter.org"
-      ],
-      "type": "coi"
-    },
-    {
-      "apcs": [
-
-      ],
-      "community_id": "pci-community.ja.net",
-      "idp_realms": [
-        "idr1.offcenter.org",
-        "idr2.offcenter.org",
-        "ja.net",
-        "no-longer-untitled.offcenter.org"
-      ],
-      "rp_realms": [
-        "exchange.ja.net",
-        "sr3.offcenter.org"
-      ],
-      "type": "apc"
-    }
-  ],
-  "idp_realms": [
-    {
-      "aaa_servers": [
-        "127.0.0.1"
-      ],
-      "apcs": [
-        "pci-community.ja.net"
-      ],
-      "realm_id": "idr1.offcenter.org",
-      "shared_config": "yes"
-    },
-    {
-      "aaa_servers": [
-        "127.0.0.1"
-      ],
-      "apcs": [
-        "pci-community.ja.net"
-      ],
-      "realm_id": "idr2.offcenter.org",
-      "shared_config": "no"
-    },
-    {
-      "aaa_servers": [
-        "10.1.10.90"
-      ],
-      "apcs": [
-        "pci-community.ja.net"
-      ],
-      "realm_id": "ja.net",
-      "shared_config": "no"
-    },
-    {
-      "aaa_servers": [
-        "127.0.0.1"
-      ],
-      "apcs": [
-        "pci-community.ja.net"
-      ],
-      "realm_id": "no-longer-untitled.offcenter.org",
-      "shared_config": "yes"
-    }
-  ],
-  "rp_clients": [
-    {
-      "filter": {
-        "filter_lines": [
-          {
-            "action": "accept",
-            "domain_constraints": ["*.exchange.ja.net"],
-            "filter_specs": [
-              {
-                "field": "rp_realm",
-                "match": "exchange.ja.net"
-              },
-              {
-                "field": "rp_realm",
-                "match": "*.exchange.ja.net"
-              }
-            ],
-            "realm_constraints": ["*.exchange.ja.net", "a.com"]
-          }
-        ],
-        "type": "rp_permitted"
-      },
-      "gss_names": [
-        "01b80aa9-8753-4691-8f8a-f49f7793546f@portal-realm.ja.net"
-      ]
-    },
-    {
-      "filter": {
-        "filter_lines": [
-          {
-            "action": "accept",
-            "domain_constraints": ["*.bob.sr3.offcenter.org"],
-            "filter_specs": [
-              {
-                "field": "rp_realm",
-                "match": "sr3.offcenter.org"
-              },
-              {
-                "field": "rp_realm",
-                "match": "*.sr3.offcenter.org"
-              }
-            ],
-            "realm_constraints": ["*.sr3.offcenter.org" ]
-          }
-        ],
-        "type": "rp_permitted"
-      },
-      "gss_names": [
-        "895c308a-5624-4055-bb4f-ea24b77e6637@portal-realm.ja.net"
-      ]
-    }
-  ]
-}
diff --git a/trust_router.spec b/trust_router.spec
index 40dcc68..c6d6b00 100644
--- a/trust_router.spec
+++ b/trust_router.spec
@@ -1,6 +1,6 @@
 %global optflags %{optflags} -Wno-parentheses
 Name:           trust_router
-Version:        2.0.0
+Version:        2.1.0
 Release:        1%{?dist}
 Summary:        Moonshot Trust Router
 
@@ -57,16 +57,16 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
 
 # Install config files
 install -D -m 755 redhat/init $RPM_BUILD_ROOT/%{_initrddir}/trust_router
-install -D -m 640 redhat/trusts.cfg $RPM_BUILD_ROOT/%{_sysconfdir}/trust_router/trusts.cfg
-install -D -m 640 redhat/default-main.cfg $RPM_BUILD_ROOT/%{_sysconfdir}/trust_router/conf.d/default/main.cfg
-install -D -m 640 redhat/tr-test-main.cfg $RPM_BUILD_ROOT/%{_sysconfdir}/trust_router/conf.d/tr-test/main.cfg
+install -D -m 640 redhat/organizations.cfg $RPM_BUILD_ROOT/%{_sysconfdir}/trust_router/organizations.cfg
+install -D -m 640 redhat/default-internal.cfg $RPM_BUILD_ROOT/%{_sysconfdir}/trust_router/conf.d/default/internal.cfg
+install -D -m 640 redhat/tr-test-internal.cfg $RPM_BUILD_ROOT/%{_sysconfdir}/trust_router/conf.d/tr-test/internal.cfg
 install -D -m 640 redhat/sysconfig $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/trust_router
 install -D -m 640 redhat/sysconfig.tids $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/tids
 install -D -m 755 redhat/tids.init $RPM_BUILD_ROOT/%{_initrddir}/tids
 
 # Link shared config
-ln -s ../../trusts.cfg $RPM_BUILD_ROOT/%{_sysconfdir}/trust_router/conf.d/default/trusts.cfg
-ln -s ../../trusts.cfg $RPM_BUILD_ROOT/%{_sysconfdir}/trust_router/conf.d/tr-test/trusts.cfg
+ln -s ../../organizations.cfg $RPM_BUILD_ROOT/%{_sysconfdir}/trust_router/conf.d/default/organizations.cfg
+ln -s ../../organizations.cfg $RPM_BUILD_ROOT/%{_sysconfdir}/trust_router/conf.d/tr-test/organizations.cfg
 
 # Install wrapper scripts
 install -D -m 755 redhat/tidc-wrapper $RPM_BUILD_ROOT/%{_bindir}/tidc-wrapper
@@ -135,11 +135,11 @@ chmod 770 /var/log/trust_router
 %dir %attr(755,root,trustrouter) %{_sysconfdir}/trust_router/conf.d/default
 %dir %attr(755,root,trustrouter) %{_sysconfdir}/trust_router/conf.d/tr-test
 
-%attr(640,root,trustrouter) %config(noreplace) %{_sysconfdir}/trust_router/trusts.cfg
-%attr(640,root,trustrouter) %config(noreplace) %{_sysconfdir}/trust_router/conf.d/default/main.cfg
-%attr(640,root,trustrouter) %config(noreplace) %{_sysconfdir}/trust_router/conf.d/tr-test/main.cfg
-%attr(640,root,trustrouter) %config(noreplace) %{_sysconfdir}/trust_router/conf.d/default/trusts.cfg
-%attr(640,root,trustrouter) %config(noreplace) %{_sysconfdir}/trust_router/conf.d/tr-test/trusts.cfg
+%attr(640,root,trustrouter) %config(noreplace) %{_sysconfdir}/trust_router/organizations.cfg
+%attr(640,root,trustrouter) %config(noreplace) %{_sysconfdir}/trust_router/conf.d/default/internal.cfg
+%attr(640,root,trustrouter) %config(noreplace) %{_sysconfdir}/trust_router/conf.d/tr-test/internal.cfg
+%attr(640,root,trustrouter) %config(noreplace) %{_sysconfdir}/trust_router/conf.d/default/organizations.cfg
+%attr(640,root,trustrouter) %config(noreplace) %{_sysconfdir}/trust_router/conf.d/tr-test/organizations.cfg
 
 %files libs
 %defattr(-,root,root,-)
-- 
2.1.4