diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2017-05-02 21:44:36 +1000 |
|---|---|---|
| committer | Fraser Tweedale <ftweedal@redhat.com> | 2017-05-05 13:59:08 +1000 |
| commit | 220e35d2b5610cb051831b990451b3b3ff53604e (patch) | |
| tree | 992fb31c9eacadcf2263f9508ad70cd8e7bddc13 /base/common/python | |
| parent | c95cff5899e2975b16db61b811b626742e5e7114 (diff) | |
| download | pki-220e35d2b5610cb051831b990451b3b3ff53604e.tar.gz pki-220e35d2b5610cb051831b990451b3b3ff53604e.tar.xz pki-220e35d2b5610cb051831b990451b3b3ff53604e.zip | |
CAInfoService: retrieve info from KRA
The CAInfoService returns CA configuration info, including
KRA-related values the CA clients may need to know (e.g. for
generating a CRMF cert request that will cause keys to be archived
in KRA). Currently that information is statically configured and
does not respect the actual configuration of the KRA.
Update the service to retrieve info from the KRA, which is queried
according to the KRA Connector configuration. After the KRA has
been successfully contacted, the recorded KRA-related settings are
regarded as authoritative.
The KRA is contacted ONLY if the current info is NOT authoritative,
otherwise the currently recorded values are used. This means that
any change to relevant KRA configuration (which should occur seldom
if ever) necessitates restart of the CA subsystem.
If this is unsuccessful (e.g. if the KRA is down or the connector is
misconfigured) we use the default values, which may be incorrect.
Fixes: https://pagure.io/dogtagpki/issue/2665
Change-Id: I30a37c42ef9327471e8cce8a171f79f388fec746
Diffstat (limited to 'base/common/python')
0 files changed, 0 insertions, 0 deletions