[Pki-devel] [pki-devel][PATCH] 0020-Recovery-and-Renewal-feature.patch
John Magne
jmagne at redhat.com
Tue Sep 2 19:16:38 UTC 2014
Based on cfu's live review/ACK, after making minor fixes:
pushed to master.
----- Original Message -----
> From: "Christina Fu" <cfu at redhat.com>
> To: pki-devel at redhat.com
> Sent: Tuesday, September 2, 2014 12:01:32 PM
> Subject: Re: [Pki-devel] [pki-devel][PATCH] 0020-Recovery-and-Renewal-feature.patch
>
> I did a cursory review. As discussed in person, we could consider some
> overall improvement in next round.
> Conditional ACK on some typo.
>
> Christina
>
> On 09/02/2014 11:17 AM, John Magne wrote:
>
>
>
> Recovery and Renewal feature:
>
> 1. Basic token key recovery functionality is there.
> 2. Tested with mostly the "damaged" scenerio. The low level
> code that writes the recovered certs to the token works and has been
> tested with a real token. Some of the other more obscure cases need
> some more testing, for instance, the temporary on hold scenario.
> 3. Renewal has been tested with a real token to work.
> 4. Much of the complex code to write cert objects and key objects,
> as well as importing recovered keys, has been centralized to a method.
> This leaves the calling code simpler and easier to trouble shoot.
> 5. Added a method to check token operation transition states.
> 6. Fixed an issue with formatting a blank token I introduced.
> 7. Fixed a few issues with updating certificate records for a token that
> were discovered.
> 8. Added tps code to retrieve a certificate for the recovery case.
>
> ToDos.
>
> More testing for the other recover scenarios at a higher level.
> When recovering a cert we need to unrevoke it. This is not done
> now because the TPS UI does not revoke certs yet when tokens are markes
> as lost or what not.
>
>
> _______________________________________________
> Pki-devel mailing list Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list