This commit adds an OTS Token activation procedure to IPsec server
implementation. With this implementation, OTS Token is activated
when PKI Auth response message is sent from IPsec server to IPsec
client. The Token expiry time was increased to 7 seconds due to
Kubernetes API dependability that may delay IPsec Auth procedure
in a few seconds, affecting OTS Token validation criterea.
Test plan:
PASS: Full build, system install, bootstrap and unlock DX system w/
unlocked enabled available status.
PASS: In a DC system with available enabled active status with IPsec
server being executed from controller-0. Run "ipsec-client
pxecontroller --opcode 1" in worker-0. Observe that certificates,
keys and swanctl.conf files are created in worker-0 node. Observe
that a security association is established between the hosts via
"sudo swanctl --list-sas" command.
PASS: In a DC system with available enabled active status with IPsec
server being executed from controller-0. Run "ipsec-client
pxecontroller --opcode 2" in controller-1. Observe the previously
created CertificateRequest was deleted and generated a new one for
controller-1's node. The new certificate is sent to IPsec Client
and stored with the swanctl rekey command executed sucessfully.
Story: 2010940
Task: 49712
Change-Id: I1c65edf14fd7ae3f47309b35048a805e0306038d
Signed-off-by: Manoel Benedito Neto <Manoel.BeneditoNeto@windriver.com>
56e2d1e2cd