Re: [Pki-devel] [PATCH] initial patch to get tps configured through pkispawn

Hi, This patch runs on top of Endi's patch for the initial skeleton. Its an initial patch and will probably be cleaned up a bit more - but its ready for a first review. And it will unblock Endi and Jack from doing other things with a real configured system. The config file I use has the following settings: [DEFAULT] pki_admin_password=redhat123 pki_client_pkcs12_password=redhat123 pki_ds_ldap_port=55389 pki_ds_ldaps_port=55636 pki_ds_password=redhat123 pki_security_domain_password=redhat123 pki_client_database_password=redhat123 [TPS] pki_authdb_basedn=dc=redhat,dc=com pki_authdb_port=56389 pki_enable_server_side_keygen=True What this patch adds: 1. Rebased TPS CS.cfg on the config file for the TKS. This means basically that I took the TKS config file and added the TPS bits, modifying as needed. This means that most of the Java specific things needed - like class definitions for authenticators are there. 2. Self tests for TPS now start to run. Only one test is configured (SystemCertVerification) and that test starts and then quickly bombs out as the test needs to modified to handle tps. I will add a patch to get self tests working for the new tps shortly. 3. Authentication source ldap1 (the external authentication source) is now configured using the authentication mechanisms in the Java subsystems. Not sure if it works yet, but thats up to Jack to figure out when he does the mod_tps conversion. 4. Signed audit logging config changed to use the version in the java subsystems. Added the tps related events. 5. All substitutions are made as needed in CS.cfg 6. Added all the new parameters needed for configuring a TPS, and the logic to do the configuration. This includes code to configure connections to CA, KRA, OCSP etc. 7. Added all needed logic to the database ldif files. Those files were previously not used in the TPS installation. I will remove the old files in a subsequent patch. Whats missing: 1. Self tests not working. Need to modify self tests and create TPS specific self tests in Java. 2. Admin currently has no profileId auxilliary object attached. Will add a patch to do that. 3. Will add a patch to automatically obtain the shared secret from the TKS (through a servlet) from TPS. 4. Will add a patch to automatically generate the shared secret in TKS installation, so that we wont have to do tkstool. Or at the very least, call that from pkispawn. 5. There is no option currently to configure the TPS though a wizard menu. Needs to be added in a separate patch. _______________________________________________ Pki-devel mailing list Pki-devel(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-devel