Separated TPS does not automatically receive shared secret from remote TKS.

Support to allow the TPS to do the following: 1. Request that the TKS creates a shared secret with the proper ID, pointing to the TPS. 2. Have the TKS securely return the shared secret back to the TPS during the end of configuration. 3. The TPS then imports the wrapped shared secret into it's own internal NSS db permanenty and. 4. Given a name that is mapped to the TPS's id string. Additional fixes: 1. The TKS was modified to actually be able to use multiple shared secrets registered by multiple TPS instances. Caveat: At this point if the same remote TPS instance is created over and over again, the TPS's user in the TKS will accumulate "userCert" attributes, making the exportation of teh shared secret not functional. At this point we need to assume that the TPS user has ONE "userCert" registered at this time.
author: Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> 2016-06-13 11:27:59 -0700
committer: Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> 2016-07-01 17:09:34 -0700
commit: 0f056221d096a30307834265ecd1c527087bb0f7 (patch)
tree: d81d3a5616cc90136ae09705ebb1c10f543a0691 /base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java
parent: cfab57d057c7ada71ea9c360c278249d14e018d9 (diff)
download: pki-0f056221d096a30307834265ecd1c527087bb0f7.tar.gz
pki-0f056221d096a30307834265ecd1c527087bb0f7.tar.xz
pki-0f056221d096a30307834265ecd1c527087bb0f7.zip
1 files changed, 11 insertions, 1 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java b/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java
index dab80e491..068293e60 100644
--- a/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java
+++ b/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java
@@ -142,11 +142,21 @@ public class TPSInstallerService extends SystemConfigService  {
                 ConfigurationUtils.exportTransportCert(secdomainURI, tksURI, transportCert);
             }
 
+            String doImportStr = request.getImportSharedSecret();
+            CMS.debug("finalizeConfiguration: importSharedSecret:" + doImportStr);
             // generate shared secret from the tks
+
+            boolean doImport = false;
+
+            if("true".equalsIgnoreCase(doImportStr)) {
+                CMS.debug("finalizeConfiguration: importSharedSecret: importSharedSecret is true.");
+                doImport = true;
+            }
+
             ConfigurationUtils.getSharedSecret(
                     tksURI.getHost(),
                     tksURI.getPort(),
-                    Boolean.getBoolean(request.getImportSharedSecret()));
+                    doImport);
 
         } catch (URISyntaxException e) {
             throw new BadRequestException("Invalid URI for CA, TKS or KRA");
author	Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com>	2016-06-13 11:27:59 -0700
committer	Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com>	2016-07-01 17:09:34 -0700
commit	0f056221d096a30307834265ecd1c527087bb0f7 (patch)
tree	d81d3a5616cc90136ae09705ebb1c10f543a0691 /base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java
parent	cfab57d057c7ada71ea9c360c278249d14e018d9 (diff)
download	pki-0f056221d096a30307834265ecd1c527087bb0f7.tar.gz pki-0f056221d096a30307834265ecd1c527087bb0f7.tar.xz pki-0f056221d096a30307834265ecd1c527087bb0f7.zip