String connectionString = getConnectionString(host);
String tlsPolicyName = host.getTlsPolicyName() == null ? "TRUST_FIRST_CERTIFICATE" : host.getTlsPolicyName(); // txtHost.getTlsPolicy(); // XXX TODO TxtHost doesn't have this field yet
// ByteArrayResource resource = new ByteArrayResource(host.getTlsKeystore() == null ? new byte[0] : host.getTlsKeystore()); // XXX TODO it's the responsibility of the caller to save the TblHosts record after calling this method if the policy is trust first certificate ; we need to get tie the keystore to the database, especially for TRUST_FIRST_CERTIFICATE, so if it's the first connection we can save the certificate back to the database after connecting
String password = "password"; // XXX TODO uh oh... opening a keystore requires a password, so we can verify its signed contents, which is important. putting the password in the txthost record won't be secure. password needs to come from attestation service configuration - or from the user. this isn't an issue for the factory because the factory is supposed to get the keystore AFTER it has been opened with the password. but when this code moves to the JPA/DAO/Repository layer, we'll need to have a password from somewhere.
SimpleKeystore tlsKeystore = new SimpleKeystore(host.getTlsKeystoreResource(), password); // XXX TODO see above commment about password; the per-host trusted certificates keystore has to either be protected by a password known to all mt wilson instances (stored in database or sync'd across each server's configuration files) or it has to be protected by a group secret known to all authorized clients (and then we need a mechanism for the api client to send us the secret in the request, and a way get secrets in and out of api client's keystore so it can be sync'd across the authorized group of clients) or we can just not store it encrypted and use a pem-format keystore instead of a java KeyStore
TlsPolicy tlsPolicy = getTlsPolicy(tlsPolicyName, tlsKeystore); // XXX TODO not sure that this belongs in the http-authorization package, because policy names are an application-level thing (allowed configurations), and creating the right repository is an application-level thing too (mutable vs immutable, and underlying implementation - keystore, array, cms of pem-list.
HostAgent hostAgent = getHostAgent(hostAddress, connectionString, tlsPolicy);
HashMap<String, ? extends IManifest> manifest = hostAgent.getManifest();
// host.setTlsKeystore(resource.toByteArray()); // if the tls policy is TRUST_FIRST_CERTIFICATE then it's possible a new cert has been saved in it and we have to make sure it gets saved to the host record; for all other tls policies there would be no change so this is a no-op - the byte array will be the same as the one we started with
return manifest;
}