The tokendb.allowedTransitions currently contains the following token state transitions by default:
This allows an UNINITIALIZED token to become ACTIVE without going through enrollment process.
The TPS should only allow a temporarily lost token to go back to the previous state:
Option #1: Remove TEMP_LOST -> ACTIVE from tokendb.allowedTransitions. The TPS will dynamically allow TEMP_LOST -> UNINITIALIZED if the token has no certificates, or TEMP_LOST -> ACTIVE if the token has certificates.
Option #2: Remove UNINITIALIZED -> TEMP_LOST from tokendb.allowedTransitions so only an active token can be temporarily lost. If an uninitialized token is temporarily lost, it may be considered irrelevant to TPS since it doesn't contain certificates, so it can remain UNINITIALIZED. If the uninitialized token becomes permanently lost, it can be changed from UNINITIALIZED -> PERM_LOST directly.
Option #3: Create separate UNINITIALIZED_TEMP_LOST and ACTIVE_TEMP_LOST states.
From the CS/DS Meeting of 02/15/2016: No Bugzilla Bug should be filed against this ticket since it should be covered by the token state design doc (which is a part of the "TPS feature - PRD 1.1).
Fixed in master:
See also ticket #1290.
Metadata Update from @edewata: - Issue assigned to edewata - Issue set to the milestone: 10.3.0.b1
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2313
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.