Skip to content

Provisioning

Jump to bottom Edit New page
dpocock edited this page Apr 25, 2013 · 2 revisions

ProvisioningService runs as a Service in the app

On service startup, it checks for a preference PROV_URL (using Settings.java), if the preference is not set, the provisioning service does not run.

If the URL is set, the service periodically polls the URL. Actual workflow:

  • get the instance ID (the UUID in Lumicall)
  • if the URL is https (not http), check if we have any client certificate with CN=
  • if we have a certificate with CN=UUID, then it is used when forming the HTTP connection
  • form a complete URL, using the PROV_URL value with /phone/ appended, e.g. if PROV_URL=https://prov.example.org/lumicall-users then the request is for https://prov.example.org/lumicall-users/phone/
  • make the HTTP(S) connection to the server
  • if we did not send a certificate (e.g. first connection to this server), the server may reject the connection with HTTP status code 496. In this case, the client:
  • creates a keystore for Lumicall in the phone (if one doesn't already exist)
  • generates a key pair (RSA 4096 bit) and stores it in the keystore
  • generates a CSR
  • construct a new URL, using PROV_URL/csr-submission
  • POST the CSR to the URL (it returns HTTP status code 202)
  • construct a new URL, using PROV_URL/cert-download
  • poll the new URL every minute until a certificate is available (the URL returns status code 404 if the cert is not ready)
  • when the cert is available, receive it and store it in the keystore with the keypair
  • now try the original request to the phone/ URL again
Add a custom footer
Add a custom sidebar
Clone this wiki locally