1:17 p.m.
Recovery and Renewal feature:
1. Basic token key recovery functionality is there.
2. Tested with mostly the "damaged" scenerio. The low level
code that writes the recovered certs to the token works and has been
tested with a real token. Some of the other more obscure cases need
some more testing, for instance, the temporary on hold scenario.
3. Renewal has been tested with a real token to work.
4. Much of the complex code to write cert objects and key objects,
as well as importing recovered keys, has been centralized to a method.
This leaves the calling code simpler and easier to trouble shoot.
5. Added a method to check token operation transition states.
6. Fixed an issue with formatting a blank token I introduced.
7. Fixed a few issues with updating certificate records for a token that were
discovered.
8. Added tps code to retrieve a certificate for the recovery case.
ToDos.
More testing for the other recover scenarios at a higher level.
When recovering a cert we need to unrevoke it. This is not done
now because the TPS UI does not revoke certs yet when tokens are markes
as lost or what not.
2:01 p.m.
I did a cursory review. As discussed in person, we could consider some
overall improvement in next round.
Conditional ACK on some typo.
Christina
On 09/02/2014 11:17 AM, John Magne wrote:
Recovery and Renewal feature:
1. Basic token key recovery functionality is there.
2. Tested with mostly the "damaged" scenerio. The low level
code that writes the recovered certs to the token works and has been
tested with a real token. Some of the other more obscure cases need
some more testing, for instance, the temporary on hold scenario.
3. Renewal has been tested with a real token to work.
4. Much of the complex code to write cert objects and key objects,
as well as importing recovered keys, has been centralized to a method.
This leaves the calling code simpler and easier to trouble shoot.
5. Added a method to check token operation transition states.
6. Fixed an issue with formatting a blank token I introduced.
7. Fixed a few issues with updating certificate records for a token that were
discovered.
8. Added tps code to retrieve a certificate for the recovery case.
ToDos.
More testing for the other recover scenarios at a higher level.
When recovering a cert we need to unrevoke it. This is not done
now because the TPS UI does not revoke certs yet when tokens are markes
as lost or what not.
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
2:16 p.m.
New subject: [pki-devel][PATCH] 0020-Recovery-and-Renewal-feature.patch
Based on cfu's live review/ACK, after making minor fixes:
pushed to master.
----- Original Message -----
From: "Christina Fu" <cfu(a)redhat.com>
To: pki-devel(a)redhat.com
Sent: Tuesday, September 2, 2014 12:01:32 PM
Subject: Re: [Pki-devel] [pki-devel][PATCH] 0020-Recovery-and-Renewal-feature.patch
I did a cursory review. As discussed in person, we could consider some
overall improvement in next round.
Conditional ACK on some typo.
Christina
On 09/02/2014 11:17 AM, John Magne wrote:
Recovery and Renewal feature:
1. Basic token key recovery functionality is there.
2. Tested with mostly the "damaged" scenerio. The low level
code that writes the recovered certs to the token works and has been
tested with a real token. Some of the other more obscure cases need
some more testing, for instance, the temporary on hold scenario.
3. Renewal has been tested with a real token to work.
4. Much of the complex code to write cert objects and key objects,
as well as importing recovered keys, has been centralized to a method.
This leaves the calling code simpler and easier to trouble shoot.
5. Added a method to check token operation transition states.
6. Fixed an issue with formatting a blank token I introduced.
7. Fixed a few issues with updating certificate records for a token that
were discovered.
8. Added tps code to retrieve a certificate for the recovery case.
ToDos.
More testing for the other recover scenarios at a higher level.
When recovering a cert we need to unrevoke it. This is not done
now because the TPS UI does not revoke certs yet when tokens are markes
as lost or what not.
_______________________________________________
Pki-devel mailing list Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
3775
days inactive
3775
days old
2 comments
2 participants
participants (2)
-
Christina Fu -
John Magne