[Pki-devel] [PATCH] 888 part2 CA/KRA functions - TPS rewrite : provide remote authority functions
Christina Fu
cfu at redhat.com
Tue Apr 8 04:19:10 UTC 2014
Attached please find patch to #888 TPS rewrite: provide remote authority
functions
- part 2: CA and KRA functions
In this patch, most all of the remaining remote (CA and KRA
specifically) functions are converted from the old tps c++ code to Java.
Including:
CA: Enrollment, Renewal, Revocation, Unrevocation
For revocation/unrevocation specifically, CA discovery for
revocation routing support
KRA: Server-Side Key Generation/key archival, Key Recovery
One caveat is that since the Secure Channel is not yet ready, many of
the functionalities (pretty much anything other than
revocation/unrevocation) can only be tested minimally The major "TODO"
item is mainly figuring out the proper data/structure conversion. For
example, the ECC curve to oid mappings in the original TPS C++ code is
most likely not necessary as JSS code and existing CS java code most
likely provide that, so I am not going to write that until we can
actually test out those affected remote functions and find out what
exactly we need (or not).
A separate ticket was filed to capture the remaining processor functions -
https://fedorahosted.org/pki/ticket/941-
Rewrite: Enrollment, Recovery, KeyRecovery,
revoke/unrevoke processor
The final data/structure conversion will be finalized at that time when
end-to-end testing is available
You will also find some changes in the tks (submitted in part 1) area.
They are just some improvements to conform with the new CA and KRA code.
thanks,
Christina
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-trac-ticket-888-part2-CA-KRA-functions-TPS-rewrite-p.patch
Type: text/x-patch
Size: 93423 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140407/d959aa83/attachment.bin>
More information about the Pki-devel
mailing list