[Pki-devel] [pki-devel][PATCH] 0020-Recovery-and-Renewal-feature.patch
Christina Fu
cfu at redhat.com
Tue Sep 2 19:01:32 UTC 2014
I did a cursory review. As discussed in person, we could consider some
overall improvement in next round.
Conditional ACK on some typo.
Christina
On 09/02/2014 11:17 AM, John Magne wrote:
> Recovery and Renewal feature:
>
> 1. Basic token key recovery functionality is there.
> 2. Tested with mostly the "damaged" scenerio. The low level
> code that writes the recovered certs to the token works and has been
> tested with a real token. Some of the other more obscure cases need
> some more testing, for instance, the temporary on hold scenario.
> 3. Renewal has been tested with a real token to work.
> 4. Much of the complex code to write cert objects and key objects,
> as well as importing recovered keys, has been centralized to a method.
> This leaves the calling code simpler and easier to trouble shoot.
> 5. Added a method to check token operation transition states.
> 6. Fixed an issue with formatting a blank token I introduced.
> 7. Fixed a few issues with updating certificate records for a token that were discovered.
> 8. Added tps code to retrieve a certificate for the recovery case.
>
> ToDos.
>
> More testing for the other recover scenarios at a higher level.
> When recovering a cert we need to unrevoke it. This is not done
> now because the TPS UI does not revoke certs yet when tokens are markes
> as lost or what not.
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140902/a4597311/attachment.htm>
More information about the Pki-devel
mailing list