Require the ability to recover non-revoked/expired certificates to an active token.
This ticket can be treated as one aspect of the general effort to allow the user to override our fairly rigid recovery policy. The external db record driven procedure to be implemented will only adhere to what the db record tells us to do. CFU and I will make sure this specific requirement will be taken care of as well. Will work more closely on this when cfu has the high level support for the procedure discussed in the other ticket.
This ticket is specific to the "Framework" and "Prototype" part of the TPS Revocation Enhancement work.
https://bugzilla.redhat.com/show_bug.cgi?id=927312#c10 The above checkin provides the following Framework and prototype:
Framework - per Base External Registration Design: http://pki.fedoraproject.org/wiki/TPS_-_New_Recovery_Option:_External_Registration_DS#Base_External_Registration_Design
Prototype -
What the prototype will NOT do: the actual key injection or deletion from the token. Because of this, the prototype currently only works for tpsclient. The new key recovery and revocation processing functions always returns true after successful recovery of keys/certs and revocation.
In Phase 2 of this task, the following main feature/issues will be addressed:
And some "loose ends" will be addressed, such as (not limited to):
https://bugzilla.redhat.com/show_bug.cgi?id=927312#c17 The above checkin provides the following feature and its prototype:
Feature - Delegation Feature per design on http://pki.fedoraproject.org/wiki/TPS_-_New_Recovery_Option:_External_Registration_DS#Delegation_Design
CA new profiles:
TPS new profiles:
Provides:
What is not (yet) covered:
WE have provided this fix to QA and the customer as a beta. Closing
Metadata Update from @nkinder: - Issue assigned to cfu - Issue set to the milestone: 10.1 - 08/13 (August)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1145
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.