Looked over all these and it looks good. Post checkin ACK :)
Just a couple of questions: 1. Code like this: if (!synchronous) { + // Has to be in this state or it won't go anywhere. + request.setRequestStatus(RequestStatus.BEGIN); + queue.processRequest(request); + } else { + kra.processSynchronousRequest(request); + } I know we are handling the synchronous request with a processor and such, but the standard async request is being handled with the same queue method. Would it look nicer to have a layer for the standard case, like processAsynchRequest? No big deal. 2. Did we do a sanity sweep of the various scenarios to make sure that they refactor is good with respect to legacy code paths? I"m sure we have but was just asking. 3. Also I realize that the "realm" param is not yet supported but is a hook for future code, if we have to touch anything again, might help to give a comment in the key methods as to why it is not yet being used. thanks, jack ----- Original Message ----- > From: "Ade Lee" <a...@redhat.com> > To: pki-devel@redhat.com > Sent: Friday, November 4, 2016 1:11:03 PM > Subject: [Pki-devel] [PATCH] 331-333 add support for synchronous key archival > and recovery requests. > > Hi all, > > This is in support of Ticket https://fedorahosted.org/pki/ticket/2532 > > This is preliminary set of patches - just so you can see what I'm doing > in case I need to change anything. > > Note: With the changes, you can archive a secret like this: > > pki -d . -n "PKI Administrator for laptop" -P https -c redhat123 -h > `hostname` -p 8443 key-archive --passphrase "ooga booga" --clientKeyID > "test_1" > > pki -d . -n "PKI Administrator for laptop" -P https -c redhat123 -h > `hostname` -p 8443 key-archive --passphrase "ooga booga" --clientKeyID > "test_2" --express > > The first invocation will archive a secret and create an archival > request in LDAP. The second will create one only in memory - and will > not store it in LDAP. > > You can of course, see the requests created using - > > pki -d . -n "PKI Administrator for laptop" -P https -c redhat123 -h > `hostname` -p 8443 key-request-find > > For retrieving the secret, you can do either: > > pki -d . -n "PKI Administrator for laptop" -P https -c redhat123 -h > aleeredhat.laptop -p 8443 key-retrieve --keyID 0x5 > > pki -d . -n "PKI Administrator for laptop" -P https -c redhat123 -h > aleeredhat.laptop -p 8443 key-retrieve --keyID 0x5 --express > > The first will retrieve the secret while creating a retrieval request. > The second will create a retrieval request only in memory, and will not > write it to LDAP. > > In both cases, there should be audit logs both for retrieval and > archival. > > Thanks, > Ade > _______________________________________________ > Pki-devel mailing list > Pki-devel@redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel _______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel