Updated documentation

docs/example_java_decentralized_access.md

@@ -493,7 +493,7 @@ Name: Middle; Channel: ABC
 TvShow service does not have access to /rec/v1/movie endpoint:
 
 ```shell
-$ java -Djavax.net.ssl.trustStore=./zts_truststore.jks -cp ./example-java-client-ztoken-1.0.jar com.yahoo.athenz.example.ztoken.HttpExampleClient -d editors -s tvshow -p ./tvshow_private.pem -k v0 -pd recommend -pr tvshow_editors -z https://<zts-server>:8443/zts/v1 -u http://localhost:8080/athenz-data/rec/v1/tvshow
+$ java -Djavax.net.ssl.trustStore=./zts_truststore.jks -cp ./example-java-client-ztoken-1.0.jar com.yahoo.athenz.example.ztoken.HttpExampleClient -d editors -s tvshow -p ./tvshow_private.pem -k v0 -pd recommend -pr tvshow_editors -z https://<zts-server>:8443/zts/v1 -u http://localhost:8080/athenz-data/rec/v1/movie
 
 Request was forbidden - not authorized
 ```

docs/setup_zts.md

@@ -5,11 +5,6 @@
     * [JDK 8](#jdk-8)
 * [Getting Software](#getting-software)
 * [Configuration](#configuration)
-    * [Private/Public Key Pair](#privatepublic-key-pair)
-    * [Self Signed X509 Certificate](#self-signed-x509-certificate)
-    * [ZMS Certificate TrustStore](#zms-certificate-truststore)
-    * [Register ZTS Service](#register-zts-service)
-    * [Generate Athenz Configuration File](#generate-athenz-configuration-file)
 * [Start/Stop ZTS Server](#startstop-zts-server)
 
 ## Requirements
@@ -45,85 +40,29 @@ $ cd athenz-zts-X.Y
 ## Configuration
 ----------------
 
-To run ZTS Server, the system administrator must generate the keys
-and make necessary changes to the configuration settings.
-
-### Private/Public Key Pair
----------------------------
-
-Generate a unique private/public key pair that ZTS Server will use
-to sign any ZTokens it issues. From the `athenz-zts-X.Y` directory
-execute the following commands:
-
-```shell
-$ cd var/zts_server/keys
-$ openssl genrsa -out zts_private.pem 2048
-$ openssl rsa -in zts_private.pem -pubout > zts_public.pem
-```
-
-### Self Signed X509 Certificate
---------------------------------
-
-Generate a self-signed X509 certificate for ZTS Server HTTPS
-support. After we generate the X509 certificate, we need to add
-that certificate along with its private key to a keystore for Jetty 
-use. For the local environment steps, we're using default password
-of "athenz". From the `athenz-zts-X.Y` directory execute the following
-commands:
+To run ZTS Server, the system administrator must generate the keys,
+certificates and make necessary changes to the configuration settings.
+Since ZMS Server is running with a self-signed certificate, we need to
+generate a truststore for the java http client to use when communicating
+with the ZMS Server. For our configuration script we need the ZMS server
+hostname and a copy of the server certificate file. From your ZMS Server
+installation, copy the `zms_cert.pem` file from the
+`athenz-zms-X.Y/var/zms_server/certs` directory to a local directory on the
+host that will be running the ZTS Server. For the `zms-public-cert-path`
+argument below pass the full path of the zms_cert.pem.
 
 ```shell
-$ cd var/zts_server/certs
-$ openssl req -x509 -newkey rsa:2048 -keyout zts_key.pem -out zts_cert.pem -days 365
+$ cd athenz-zms-X.Y
+$ bin/setup_dev_zts.sh <zms-hostname> <zms-public-cert-path>
 ```
 
-Generate a keystore in PKCS#12 format:
+Running this setup script completes the following tasks:
 
-```shell
-$ openssl pkcs12 -export -out zts_keystore.pkcs12 -in zts_cert.pem -inkey zts_key.pem
-```
-
-### ZMS Certificate TrustStore
-------------------------------
-
-ZTS Server needs to access ZMS Server to download all domain details
-in order to issue RoleTokens. Since ZMS Server is running with a
-self-signed certificate, we need to generate a truststore for the
-java http client to use when communicating with the ZMS Server.
-From your ZMS Server installation, copy the `zms_cert.pem` file
-from the `athenz-zms-X.Y/var/zms_server/certs` directory to the
-`athenz-zts-X.Y/var/zts_server/certs` directory and execute the following
-command:
-
-```shell
-$ keytool -importcert -noprompt -alias zms -keystore zts_truststore.jks -file zms_cert.pem -storepass athenz
-```
-
-### Register ZTS Service
-------------------------
-
-In order for ZTS to access ZMS domain data, it must identify itself
-as a registered service in ZMS. Using the `zms-cli` utility, we will
-register a new service in `sys.auth` domain. For this step, we also
-need to reference the zms_cert.pem certificate file in order to
-successfully validate ZMS Server's certificate.
-
-```shell
-$ cd athenz-zts-X.Y
-$ bin/<platform>/zms-cli -c var/zts_server/certs/zms_cert.pem -z https://<zms-server>:4443/zms/v1 -d sys.auth add-service zts 0 var/zts_server/keys/zts_public.pem
-```
-
-### Generate Athenz Configuration File
---------------------------------------
-
-Generate an Athenz configuration file `athenz.conf` in `athenz-zts-X.Y/conf/zts_server`
-directory to include the ZMS Server URL and the registered public keys that the
-athenz client libraries and utilities will use to establish connection and validate any
-data signed by the ZMS Server:
-
-```shell
-$ cd athenz-zts-X.Y
-$ bin/<platform>/athenz-conf -o conf/zts_server/athenz.conf -c var/zts_server/certs/zms_cert.pem -z https://<zms-server>:4443/ -t https://<zts-server>:8443/
-```
+* Generate a unique private key that ZTS Server will use to sign any ZTokens it issues
+* Generate a self-signed X509 certificate for ZTS Server HTTPS support
+* Generate a truststore for secure communication with the ZMS Server
+* Registers the zts service in Athenz sys.auth domain
+* Generates an Athenz configuration file
 
 ## Start/Stop ZTS Server
 ------------------------