subject:"\[Pki\-devel\] \[PATCH\] pki\-cfu\-0144\-Ticket\-1306\-config\-params\-Add\-granularity\-to\-token\-t.patch"

Re: [Pki-devel] [PATCH] pki-cfu-0144-Ticket-1306-config-params-Add-granularity-to-token-t.patch

2016-06-30 Thread Christina Fu


got verbal ack from Jack.
Pushed to master:
commit 63a58cf51ef2982e8a35eff1f98dd42453e5681e

thanks,
Christina

On 06/30/2016 02:11 PM, Christina Fu wrote:
This patch is for https://fedorahosted.org/pki/ticket/1306 [RFE] Add 
granularity to token termination in TPS

It
1. adds the missing parameters
2. adds a table for revocation code

thanks,
Christina



___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel


___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] pki-cfu-0144-Ticket-1306-config-params-Add-granularity-to-token-t.patch

2016-06-30 Thread Christina Fu

This patch is for https://fedorahosted.org/pki/ticket/1306 [RFE] Add 
granularity to token termination in TPS

It
1. adds the missing parameters
2. adds a table for revocation code

thanks,
Christina

>From 63a58cf51ef2982e8a35eff1f98dd42453e5681e Mon Sep 17 00:00:00 2001
From: Christina Fu 
Date: Thu, 30 Jun 2016 14:03:24 -0700
Subject: [PATCH] Ticket #1306 config params: Add granularity to token
 termination in TPS

This patch adds the missing configuration parameters that go with the
original bug.  The code would take on defaults when these parameters are
missing, but putting them in the CS.cfg would make it easier for the
administrators.
---
 base/tps/shared/conf/CS.cfg | 123 ++--
 1 file changed, 119 insertions(+), 4 deletions(-)

diff --git a/base/tps/shared/conf/CS.cfg b/base/tps/shared/conf/CS.cfg
index 258d5a76c5ec8e392634f6075f32ae9baa68b290..4f2b3919cf73610ad1a8c8e8c1baf977fb117f6c 100644
--- a/base/tps/shared/conf/CS.cfg
+++ b/base/tps/shared/conf/CS.cfg
@@ -265,7 +265,20 @@ op.enroll._000=#
 op.enroll._001=# TPS Profiles
 op.enroll._002=#  - Operations
 op.enroll._003=#- operation; enroll,pinReset,format
-op.enroll._004=#
+op.enroll._004=#
+op.enroll._005=# Revocation Reasons (revokeCert.reason) according to RFC 5280
+op.enroll._006=# unspecified (0)
+op.enroll._007=# keyCompromise (1)
+op.enroll._008=# CACompromise (2)
+op.enroll._009=# affiliationChanged (3)
+op.enroll._010=# superseded (4)
+op.enroll._011=# cessationOfOperation (5)
+op.enroll._012=# certificateHold (6)
+op.enroll._013=# removeFromCRL (8)
+op.enroll._014=# privilegeWithdrawn (9)
+op.enroll._015=# AACompromise (10)
+op.enroll._016=#
+op.enroll._017=#
 op.enroll.delegateIEtoken._000=#
 op.enroll.delegateIEtoken._001=# Enrollment for externalReg 
 op.enroll.delegateIEtoken._002=# ID, Encryption
@@ -326,12 +339,23 @@ op.enroll.delegateIEtoken.keyGen.authentication.publicKeyNumber=7
 op.enroll.delegateIEtoken.keyGen.authentication.recovery.destroyed.revokeCert=false
 op.enroll.delegateIEtoken.keyGen.authentication.recovery.destroyed.revokeCert.reason=0
 op.enroll.delegateIEtoken.keyGen.authentication.recovery.destroyed.scheme=GenerateNewKey
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.destroyed.holdRevocationUntilLastCredential=false
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.destroyed.revokeExpiredCerts=false
 op.enroll.delegateIEtoken.keyGen.authentication.recovery.keyCompromise.revokeCert=false
 op.enroll.delegateIEtoken.keyGen.authentication.recovery.keyCompromise.revokeCert.reason=1
 op.enroll.delegateIEtoken.keyGen.authentication.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.keyCompromise.holdRevocationUntilLastCredential=false
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.keyCompromise.revokeExpiredCerts=false
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.terminated.revokeCert=true
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.terminated.revokeCert.reason=1
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.terminated.scheme=GenerateNewKey
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.terminated.holdRevocationUntilLastCredential=false
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.terminated.revokeExpiredCerts=false
 op.enroll.delegateIEtoken.keyGen.authentication.recovery.onHold.revokeCert=false
 op.enroll.delegateIEtoken.keyGen.authentication.recovery.onHold.revokeCert.reason=6
 op.enroll.delegateIEtoken.keyGen.authentication.recovery.onHold.scheme=GenerateNewKey
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.onHold.holdRevocationUntilLastCredential=false
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.onHold.revokeExpiredCerts=false
 op.enroll.delegateIEtoken.keyGen.authentication.serverKeygen.archive=false
 op.enroll.delegateIEtoken.keyGen.authentication.serverKeygen.drm.conn=kra1
 op.enroll.delegateIEtoken.keyGen.authentication.serverKeygen.enable=false
@@ -498,12 +522,23 @@ op.enroll.delegateISEtoken.keyGen.authentication.publicKeyNumber=7
 op.enroll.delegateISEtoken.keyGen.authentication.recovery.destroyed.revokeCert=false
 op.enroll.delegateISEtoken.keyGen.authentication.recovery.destroyed.revokeCert.reason=0
 op.enroll.delegateISEtoken.keyGen.authentication.recovery.destroyed.scheme=GenerateNewKey
+op.enroll.delegateISEtoken.keyGen.authentication.recovery.destroyed.holdRevocationUntilLastCredential=false
+op.enroll.delegateISEtoken.keyGen.authentication.recovery.destroyed.revokeExpiredCerts=false
 op.enroll.delegateISEtoken.keyGen.authentication.recovery.keyCompromise.revokeCert=false
 op.enroll.delegateISEtoken.keyGen.authentication.recovery.keyCompromise.revokeCert.reason=1

Re: [Pki-devel] [PATCH] pki-cfu-0144-Ticket-1306-config-params-Add-granularity-to-token-t.patch

[Pki-devel] [PATCH] pki-cfu-0144-Ticket-1306-config-params-Add-granularity-to-token-t.patch

2 matches

Site Navigation

Mail list logo

Footer information