[Pki-devel] [PATCH] initial patch to get tps configured through pkispawn

Thu Aug 8 15:17:49 UTC 2013

Hi, 

This patch runs on top of Endi's patch for the initial skeleton.  Its an
initial patch and will probably be cleaned up a bit more - but its ready
for a first review.  And it will unblock Endi and Jack from doing other
things with a real configured system.

The config file I use has the following settings:

[DEFAULT]
pki_admin_password=redhat123
pki_client_pkcs12_password=redhat123
pki_ds_ldap_port=55389
pki_ds_ldaps_port=55636
pki_ds_password=redhat123
pki_security_domain_password=redhat123
pki_client_database_password=redhat123

[TPS]
pki_authdb_basedn=dc=redhat,dc=com
pki_authdb_port=56389
pki_enable_server_side_keygen=True

What this patch adds:
1. Rebased TPS CS.cfg on the config file for the TKS.  This means
basically that I took the TKS config file and added the TPS bits,
modifying as needed.  This means that most of the Java specific things
needed - like class definitions for authenticators are there.

2.  Self tests for TPS now start to run.  Only one test is configured
(SystemCertVerification) and that test starts and then quickly bombs out
as the test needs to modified to handle tps.  I will add a patch to get
self tests working for the new tps shortly.

3.  Authentication source ldap1 (the external authentication source) is
now configured using the authentication mechanisms in the Java
subsystems.  Not sure if it works yet, but thats up to Jack to figure
out when he does the mod_tps conversion.

4. Signed audit logging config changed to use the version in the java
subsystems.  Added the tps related events.

5.  All substitutions are made as needed in CS.cfg

6. Added all the new parameters needed for configuring a TPS, and the
logic to do the configuration.  This includes code to configure
connections to CA, KRA, OCSP etc.

7.  Added all needed logic to the database ldif files.  Those files were
previously not used in the TPS installation.  I will remove the old
files in a subsequent patch.

Whats missing:
1. Self tests not working.  Need to modify self tests and create TPS
specific self tests in Java.

2. Admin currently has no profileId auxilliary object attached.  Will
add a patch to do that.

3. Will add a patch to automatically obtain the shared secret from the
TKS (through a servlet) from TPS.

4. Will add a patch to automatically generate the shared secret in TKS
installation, so that we wont have to do tkstool.  Or at the very least,
call that from pkispawn.

5.  There is no option currently to configure the TPS though a wizard
menu.  Needs to be added in a separate patch.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0140-initial-changes-to-configure-tps-through-pkispawn.patch
Type: text/x-patch
Size: 268246 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20130808/6c326a1c/attachment.bin>