Candlepin - Generating Test Certificates

Candlepin

1 Candlepin Basics

1.1 Overview

1.1.1 Glossary

1.2 Subscriptions and Engineering Products

1.3 Entitlements

1.4 Virtualization Entitlements

1.4.1 Virt Guest Limit Design
1.4.2 Associating Hosts and Guests in Candlepin

1.5 Jobs

1.5.1 Active Entitlement Job
1.5.2 Certificate Cleanup Job
1.5.3 Import Record Cleaner Job
1.5.4 Inactive Consumer Cleanup Job
1.5.5 Job Cleaner Job
1.5.6 Manifest Cleaner Job
1.5.7 Orphan Cleanup Job
1.5.8 Unmapped Guest Entitlement Cleaner Job

2 User Guide

2.1 Basic How To

3 Administration Guide

3.1 Setting Up Candlepin

3.1.1 Candlepin Configuration
3.1.2 Quartz Configuration
3.1.3 Configuring Candlepin to Use MySQL
3.1.4 Configuring A Remote Artemis Server
3.1.5 Allow Remote Connections to embedded Artemis

3.6 Data Transfer
3.7 Migrating to the Artemis Job System

4 Developers

4.1 Architecture

4.1.9.1 OAuth Authentication

4.1.10 Fail Fast Mechanism

4.2 Development

4.2.1 Setting up IntelliJ IDEA
4.2.2 Developer Deployment
4.2.3 Auto Generating candlepin.conf
4.2.4 Coding Conventions
4.2.5 Checkstyle
4.2.6 Logging in Candlepin
4.2.7 Internationalization
4.2.8 Paginating Results
4.2.9 Database Schema Updates
4.2.10 JSON and JAXB
4.2.11 The Certificate Revocation List
4.2.12 Hibernate Gotchas
4.2.13 Ruby Bindings for Candlepin
4.2.14 Caching - JCache and Candlepin Second Level Cache
4.2.15 What to look for in a Code Review

4.3 Implementation details

4.3.1 Revoke Entitlements Implementation
4.3.2 Bind Time Locks
4.3.3 Bind Operation Dependencies

4.4 Debugging

4.5 Testing

4.5.1 Spec test migration
4.5.2 Candlepin Database Validation

4.6 Documentation

4.6.1 Diagramming with PlantUml

4.7 Useful Queries

4.7.1 Clean up database backup

5 Reference

6 Design Documents

6.1 API Version Design
6.2 Compliance Snapshots
6.3 Environments Design
6.4 Federated Certificate Management
6.5 Lazy Certificate Regeneration
6.6 Manifest Consumer Association
6.7 Multi-Owner Users Design
6.8 Multi-Version Product Design
6.9 Owner Hierarchy
6.10 Plugins
6.11 Policy Design
6.12 Service Layer Guidelines
6.13 Supporting Multiple Servlet Containers

Regenerating test certs with 1024 keys. Required due to changes in new Java security policies. Steps to generate new certificates:

$ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout ca.key -out ca.crt

$ openssl genrsa -out certchain.key 1024
$ openssl req -new -key certchain.key -out certchain.csr
$ openssl x509 -req -days 365 -in certchain.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out certchain.crt

$ openssl req -new -newkey rsa:1024 -nodes -out selfsigned.csr -keyout selfsigned.key
$ openssl x509 -trustout -signkey selfsigned.key -days 365 -req -in selfsigned.csr -out selfsigned.crt

When generating the ca.crt and certchain.crt be sure to use the same cert path as defined in the test. Use openssh to view the contents of the cert to see the different DNs.

Last modified on 19 April 2024