Red Hat Certificate Server migration, SDK doc and compatibity, versions 7.1 to 8.0, AuthToken API
Environment
- Red Hat Enterprise Linux 5
- Red Hat Directory Server 8
redhat-ds-8.1.0-1.el5dsrv redhat-ds-base-8.2.0-13.el5dsrv - Red Hat Certificate System 8
pki-ca-8.0.6-1.el5pki /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java
Issue
The initial problem reported was about some potential problems and differences between the software versions 7.1 and 8.0, to migrate custom plug-ins:
We notice a difference between the API of RHCS v7.1 et v8.0 regarding autentication.
The fonction AuthToken.set() no more exist.
protected String authenticate(LDAPConnection conn, IAuthCredentials authCreds, AuthToken token)
…
// set uid in the token.
token.set(CRED_UID, uid); //<- bug
There is no Certificate System SDK published with RHCS v8.0.
How can we solve this problem?
Resolution
May have to edit the custom plug-in.
Must rebuild the custom plug-in in a newer software environment.
Root Cause
Different operating system, different JRE, different Certificate System major version number, custom plug-in.
Diagnostic Steps
7.1 SDK documents for the classAuthToken:
http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/7.1/html/Certificate_System_SDK/javadocs/framework/public/index.html
http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/7.1/html/Certificate_System_SDK/javadocs/framework/public/com/netscape/certsrv/authentication/AuthToken.html#set(java.lang.String,%20java.lang.Object)
constructor
AuthToken(IAuthManager authMgr)
Constructs an instance of a authentication token.
method
void set(java.lang.String attrName, java.lang.Object value)
Used by an Authentication manager to set an attribute and value in the AuthToken.
As an example of the changes in 8.0, AuthToken now has more methods, but is till compatible in this example:
http://pki.fedoraproject.org/pki/javadocs/pki-common/com/netscape/certsrv/authentication/AuthToken.html
pki/base/common/src/com/netscape/certsrv/authentication/AuthToken.java
...
public class AuthToken implements IAuthToken {
...
public boolean set(String attrName, String value) {
if (value == null) {
return false;
}
mAttrs.put(attrName, value);
return true;
}
Comments
The last published SDK is for RHCS version 7.1, at:
http://www.redhat.com/docs/manuals/cert-system/sdk/7.1/
http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/7.1/html/Certificate_System_SDK/index.html
http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/7.1/html/Certificate_System_SDK/cs_sdk.html
There is no updated SDK published for 8.x, and since the Red Hat Certificate System has been open sourced, all the relevant pieces of the SDK into the upstream project, Dogtag Wiki at:
http://pki.fedoraproject.org/
Some documents had been updated to reflect the move from the the NES web engine to the Tomcat web engine:
http://pki.fedoraproject.org/wiki/PKI_Authentication_Plug-ins
http://pki.fedoraproject.org/wiki/PKI_Authentication_Plug-in_Anatomy
http://pki.fedoraproject.org/wiki/PKI_Authentication_SSNAuth.java
The HTTP Interfaces have not been re-published at this time.
Red Hat Certificate System 8.0 includes javadoc RPMS, also online at:
http://pki-svn.fedora.redhat.com/pki/javadocs/jss/
http://pki-svn.fedora.redhat.com/pki/javadocs/pki-common/
http://pki-svn.fedora.redhat.com/pki/javadocs/pki-java-tools/
http://pki-svn.fedora.redhat.com/pki/javadocs/pki-util/
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments