ACK
The main thrust of this appears to be the recovery by key case.
If all this has been tested good to go, except one minor typo I found here:
+ if (1<3) {
+ erCert.setIsRetainable(true);
+ }
erAttrs.addCertToRecover(erCert);
Of course we must mean i < 3 . Also put a quick comment that this is
for the "cert retention" feature in the next phase.
----- Original Message -----
From: "Christina Fu" <cfu(a)redhat.com>
To: pki-devel(a)redhat.com
Sent: Friday, April 10, 2015 4:18:26 PM
Subject: [Pki-devel]
[PATCH] pki-cfu-0045-Ticket-1028-phase2-TPS-rewrite-provide-externalReg-f.patch
Please review.
This patch is the 2nd phase of the externalReg feature, it makes the
following improvements:
* added feature: recovery by keyid (v.s. by cert)
* fixed some auditing message errors
* added some missing ldapStringAttributes needed for delegation to work
properly
* added missing externalReg required config parameters
* made corrections to some externalReg related parameters to allow
delegation to work properly
* added handle of some error cases
* made sure externalReg enrollment does not go half-way (once fails,
bails out)
tested:
* enrollment of the three default TPS profiles (tokenTypes)
* format of the tokens enrolled with the three default tps profiles
* delegation enrollments
* cuid match check
next phase:
* cert/key retention (allow preserving existing certs/keys on the token)
note:
* some of the activity log and cert status related issues that are not
specifically relating to externalReg will be addressed in other more
relevant tickets.
thanks,
Christina
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel