Add support for Lightweight CA replication. This includes:
A thread to monitor database for changes and update local view of lightweight CAs when things change.
Configurable communication with an external Custodia service which will perform signing key replication
Updating REST API to indicate whether an authority is "ready" (i.e. has signing keys) and update resources to respond appropriately when not the case (503 Service Unavailable, presumably)
Per CS/DS Meeting of 10/12/2015 - 10.3
Lightweight CA should be covered as a new feature on Idm side
Patches for monitor thread and reasonable API behaviour when signing keys not present were posted to pki-devel:
https://www.redhat.com/archives/pki-devel/2016-March/msg00057.html
Key replication is the final TODO.
Per IRC discussions with alee and nkinder on 04/18/2016: 10.3.0
Pushed to master:
24992c089b9b5088f4481fda3d01a907565b5121 Lightweight CAs: authority schema changes dc8c21cc9a68968a2b1db87f9b21cf3afbdb966a Add method CryptoUtil.importPKIArchiveOptions e21aadd5e14dbcda73c20f20e67b1bcc8d5b5bfc Add ca-authority-key-export command 94ee373d053b34e534fbb61826e586693a38c934 Lightweight CAs: add key retrieval framework a2a4117dbc7e489cbb1964d6ce5f95b786a03fde Lightweight CAs: add IPACustodiaKeyRetriever
Metadata Update from @ftweedal: - Issue assigned to ftweedal - Issue set to the milestone: 10.3.1
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2184
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.