[Pki-devel] [pki-devel][PATCH] 0020-Recovery-and-Renewal-feature.patch

John Magne jmagne at redhat.com
Tue Sep 2 19:16:38 UTC 2014 

Based on cfu's live review/ACK, after making minor fixes:

pushed to master.



----- Original Message -----
> From: "Christina Fu" <cfu at redhat.com>
> To: pki-devel at redhat.com
> Sent: Tuesday, September 2, 2014 12:01:32 PM
> Subject: Re: [Pki-devel] [pki-devel][PATCH]	0020-Recovery-and-Renewal-feature.patch
> 
> I did a cursory review. As discussed in person, we could consider some
> overall improvement in next round.
> Conditional ACK on some typo.
> 
> Christina
> 
> On 09/02/2014 11:17 AM, John Magne wrote:
> 
> 
> 
> Recovery and Renewal feature:
>     
>     1. Basic token key recovery functionality is there.
>     2. Tested with mostly the "damaged" scenerio. The low level
>     code that writes the recovered certs to the token works and has been
>     tested with a real token. Some of the other more obscure cases need
>     some more testing, for instance, the temporary on hold scenario.
>     3. Renewal has been tested with a real token to work.
>     4. Much of the complex code to write cert objects and key objects,
>     as well as importing recovered keys, has been centralized to a method.
>     This leaves the calling code simpler and easier to trouble shoot.
>     5. Added a method to check token operation transition states.
>     6. Fixed an issue with formatting a blank token I introduced.
>     7. Fixed a few issues with updating certificate records for a token that
>     were discovered.
>     8. Added tps code to retrieve a certificate for the recovery case.
> 
> ToDos.
> 
> More testing for the other recover scenarios at a higher level.
> When recovering a cert we need to unrevoke it. This is not done
> now because the TPS UI does not revoke certs yet when tokens are markes
> as lost or what not.
> 
> 
> _______________________________________________
> Pki-devel mailing list Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
> 
> 
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list