diff options
author | Ade Lee <alee@redhat.com> | 2013-09-25 22:09:10 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2013-09-30 11:52:05 -0400 |
commit | 6eaf2c01c211cf06053c82b1e296909ce8d874b6 (patch) | |
tree | 878a2f962d49686706d78d353aac61d839deb2ec /base/server/python/pki/server/deployment/pkimessages.py | |
parent | 5874cad1abe832a4a74cb37a4c22f0e18cf9bd8e (diff) | |
download | pki-6eaf2c01c211cf06053c82b1e296909ce8d874b6.tar.gz pki-6eaf2c01c211cf06053c82b1e296909ce8d874b6.tar.xz pki-6eaf2c01c211cf06053c82b1e296909ce8d874b6.zip |
Add service to generate and retrieve a shared secret
A new REST service has been added to the TKS to manage shared secrets.
The shared secret is tied to the TKS-TPS connector, and is created at the
end of the TPS configuration. At this point, the TPS contacts the TKS and
requests that the shared secret be generated. The secret is returned to the
TPS, wrapped using the subsystem certificate of the TPS.
The TPS should then decrypt the shared secret and store it in its certificate
database. This operations requires JSS changes, though, and so will be deferred
to a later patch. For now, though, if the TPS and TKS share the same certdb, then
it is sufficient to generate the shared secret.
Clients and CLI are also provided. The CLI in particular is used to remove the
TPSConnector entries and the shared secret when the TPS is pkidestroyed.
Diffstat (limited to 'base/server/python/pki/server/deployment/pkimessages.py')
-rw-r--r-- | base/server/python/pki/server/deployment/pkimessages.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/base/server/python/pki/server/deployment/pkimessages.py b/base/server/python/pki/server/deployment/pkimessages.py index a3be42e97..339ee149e 100644 --- a/base/server/python/pki/server/deployment/pkimessages.py +++ b/base/server/python/pki/server/deployment/pkimessages.py @@ -272,6 +272,10 @@ PKIHELPER_TOMCAT_INSTANCE_SUBSYSTEMS_2 = "instance '%s' contains '%d' "\ PKIHELPER_TOMCAT_INSTANCES_2 = "PKI Tomcat registry '%s' contains '%d' "\ "Tomcat PKI instances" PKIHELPER_TOUCH_1 = "touch %s" +PKIHELPER_TPSCONNECTOR_UPDATE_CONTACT = \ + "contacting the TKS to update the TPS connector" +PKIHELPER_TPSCONNECTOR_UPDATE_FAILURE = "Failed to update TPS connector on TKS" +PKIHELPER_TPSCONNECTOR_UPDATE_FAILURE_2 = "Failed to update TPS connector for %s:%s" PKIHELPER_UID_2 = "UID of '%s' is %s" PKIHELPER_UNDEFINED_CA_HOST_PORT = "CA Host or Port is undefined" PKIHELPER_UNDEFINED_CLIENT_DATABASE_PASSWORD_2 = \ @@ -280,6 +284,7 @@ PKIHELPER_UNDEFINED_CLIENT_DATABASE_PASSWORD_2 = \ PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 = \ "A value for '%s' MUST be defined in '%s'" PKIHELPER_UNDEFINED_SUBSYSTEM_NICKNAME = "subsystem nickname not defined" +PKIHELPER_UNDEFINED_TKS_HOST_PORT = "TKS Host or Port is undefined" PKIHELPER_UNDEFINED_TOKEN_PASSWD_1 = "Password for token '%s' not defined" PKIHELPER_USER_1 = "retrieving UID for '%s' . . ." PKIHELPER_USER_ADD_2 = "adding UID '%s' for user '%s' . . ." |