...
First thing that you need is generate the key used in challenge response authentication as follow:
| Code Block | ||||
|---|---|---|---|---|
| ||||
# keytool -genkey -alias AliasChallengeResponse -keystore myKey.jceks -keypass "YourPassWord" -storepass "YourPassWord" -storetype JCEKS |
...
Currently the alias option from keytool is hard coded and it is used in CryptoUtil class located at: floodlight/src/main/java/org/sdnplatform/sync/internal/util/CryptoUtil.java
| Code Block |
|---|
...
| ||
public static final String CHALLENGE_RESPONSE_SECRET = "AliasChallengeResponse"; |
Which means that it is necessary to use alias option value as defined by above.
...
After key generation you can test it:
| Code Block | ||
|---|---|---|
| ||
# keytool -list -alias AliasChallengeResponse -keystore myKey.jceks -storetype JCEKS |
...
Enter keystore password: |
...
AliasChallengeResponse, 24/Mar/2016, PrivateKeyEntry, |
...
Certificate fingerprint (SHA1): A2:1B:49:1B:18:D8:DC:95:CC:9F:C3:33:94:04:39:EE:44:DD:CF:BE |
| Code Block | ||||
|---|---|---|---|---|
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
org.sdnplatform.sync.internal.SyncManager.authScheme=CHALLENGE_RESPONSE
org.sdnplatform.sync.internal.SyncManager.keyStorePath=/etc/floodlight/myKey.jceks
org.sdnplatform.sync.internal.SyncManager.dbPath=/var/lib/floodlight/
org.sdnplatform.sync.internal.SyncManager.keyStorePassword=YourPassWord
org.sdnplatform.sync.internal.SyncManager.port=6642
org.sdnplatform.sync.internal.SyncManager.thisNodeId=1
org.sdnplatform.sync.internal.SyncManager.persistenceEnabled=FALSE
org.sdnplatform.sync.internal.SyncManager.nodes=[\
{"nodeId": 1, "domainId": 1, "hostname": "192.168.1.100", "port": 6642},\
{"nodeId": 2, "domainId": 1, "hostname": "192.168.1.100", "port": 6643}\
] |
...
To use the sync service, you need create two vars ISyncService and IStoreClient:
private ISyncService syncService;
private IStoreClient<String, String> storeFT;
...