diff options
author | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2016-06-13 11:27:59 -0700 |
---|---|---|
committer | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2016-07-01 17:09:34 -0700 |
commit | 0f056221d096a30307834265ecd1c527087bb0f7 (patch) | |
tree | d81d3a5616cc90136ae09705ebb1c10f543a0691 /base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java | |
parent | cfab57d057c7ada71ea9c360c278249d14e018d9 (diff) | |
download | pki-0f056221d096a30307834265ecd1c527087bb0f7.tar.gz pki-0f056221d096a30307834265ecd1c527087bb0f7.tar.xz pki-0f056221d096a30307834265ecd1c527087bb0f7.zip |
Separated TPS does not automatically receive shared secret from remote TKS.
Support to allow the TPS to do the following:
1. Request that the TKS creates a shared secret with the proper ID, pointing to the TPS.
2. Have the TKS securely return the shared secret back to the TPS during the end of configuration.
3. The TPS then imports the wrapped shared secret into it's own internal NSS db permanenty and.
4. Given a name that is mapped to the TPS's id string.
Additional fixes:
1. The TKS was modified to actually be able to use multiple shared secrets registered by
multiple TPS instances.
Caveat:
At this point if the same remote TPS instance is created over and over again, the TPS's user
in the TKS will accumulate "userCert" attributes, making the exportation of teh shared secret
not functional. At this point we need to assume that the TPS user has ONE "userCert" registered
at this time.
Diffstat (limited to 'base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java')
-rw-r--r-- | base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java b/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java index dab80e491..068293e60 100644 --- a/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java +++ b/base/tps/src/org/dogtagpki/server/tps/rest/TPSInstallerService.java @@ -142,11 +142,21 @@ public class TPSInstallerService extends SystemConfigService { ConfigurationUtils.exportTransportCert(secdomainURI, tksURI, transportCert); } + String doImportStr = request.getImportSharedSecret(); + CMS.debug("finalizeConfiguration: importSharedSecret:" + doImportStr); // generate shared secret from the tks + + boolean doImport = false; + + if("true".equalsIgnoreCase(doImportStr)) { + CMS.debug("finalizeConfiguration: importSharedSecret: importSharedSecret is true."); + doImport = true; + } + ConfigurationUtils.getSharedSecret( tksURI.getHost(), tksURI.getPort(), - Boolean.getBoolean(request.getImportSharedSecret())); + doImport); } catch (URISyntaxException e) { throw new BadRequestException("Invalid URI for CA, TKS or KRA"); |