Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-5817

RaMasterApi with outgoing upstream connection from RA

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.8.0
    • Component/s: None
    • Labels:
      None

      Description

      Things to consider:

      • Use of client certificate via AKB at consumer of service
      • Extraction of client cert at producer of service
      • Only one upstream CA cluster is allowed, but this can have multiple end points
      • Load-balancing / availability algorithm (something like background validation + RR + try-next-on-fail + mark-failed-as-unavailable-until-validated)
      • Efficiently getting the API version during "background validation"
      • ...

      Existing Peer Connection API would satisfy most of these and would (most likey) only require extension with:

      • Possible to re-use PeerRaMasterMessage and PeerRaSlaveMessage
      • New abstraction for RaMasterApiPeerImpl to use either outgoing or incoming long-hanging peer connections
      • New RA_MASTER_API_STATUS_REQUEST_MESSAGE and RA_MASTER_API_STATUS_RESPONSE_MESSAGE for (background) validation and status polling of upstream server
      • New helper used by RaMasterApiPeerUpstreamImpl to do the background validation, checking of authorization tree updates, checking API version level etc

      Doing it the JEE way with JAX-RS and JSON would on JEE6 require non-standard JSON serialization (ECA-4769) and would prevent re-use of much of the code and is hence hard to motivate due to the given time constraints. (Also, the RaMasterApi is not very SOA RESTful so slabbing JSON on top of it would not really be a true REST API → better to do a proper implementation later on.)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              johan Johan Eklund
              Reporter:
              johan Johan Eklund
              Verified by:
              Mike Agrenius Kushner
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Draw.io Diagrams

                  – PeerRAOverview.xml
                  – upstream_server_pool.xml