[Pki-devel] [PATCH] pki-cfu-0045-Ticket-1028-phase2-TPS-rewrite-provide-externalReg-f.patch

John Magne jmagne at redhat.com
Tue Apr 14 23:35:59 UTC 2015


The main thrust of this appears to be the recovery by key case.

If all this has been tested good to go, except one minor typo I found here:

+                if (1<3) {
+                    erCert.setIsRetainable(true);
+                }

Of course we must mean i < 3 . Also put a quick comment that this is
for the "cert retention" feature in the next phase.

----- Original Message -----
From: "Christina Fu" <cfu at redhat.com>
To: pki-devel at redhat.com
Sent: Friday, April 10, 2015 4:18:26 PM
Subject: [Pki-devel] [PATCH]	pki-cfu-0045-Ticket-1028-phase2-TPS-rewrite-provide-externalReg-f.patch

Please review.

This patch is the 2nd phase of the externalReg feature, it makes the 
following improvements:
* added feature: recovery by keyid (v.s. by cert)
* fixed some auditing message errors
* added some missing ldapStringAttributes needed for delegation to work 
* added missing externalReg required config parameters
* made corrections to some externalReg related parameters to allow 
delegation to work properly
* added handle of some error cases
* made sure externalReg enrollment does not go half-way (once fails, 
bails out)

* enrollment of the three default TPS profiles (tokenTypes)
* format of the tokens enrolled with the three default tps profiles
* delegation enrollments
* cuid match check

next phase:
* cert/key retention (allow preserving existing certs/keys on the token)

* some of the activity log and cert status related issues that are not 
specifically relating to externalReg will be addressed in other more 
relevant tickets.


Pki-devel mailing list
Pki-devel at redhat.com

More information about the Pki-devel mailing list