Re: [Pki-devel] [PATCH] 0120..0121 Remove pki-ipa-retrieve-key script

2016-06-02 Thread Fraser Tweedale
On Thu, Jun 02, 2016 at 11:45:43PM -0500, Endi Sukma Dewata wrote: > On 5/31/2016 11:45 PM, Fraser Tweedale wrote: > > G'day comrades, > > > > Please review the attached two patches, which... > > > > (Patch 0120) > > > > - provide for passing of configuration (from CS.cfg) to KeyRetriever > >

Re: [Pki-devel] [PATCH] Certificate Nickname Improvement

2016-06-02 Thread Fraser Tweedale
On Thu, Jun 02, 2016 at 11:35:12PM -0600, Matthew Harmsen wrote: > Please review the attached patch which addresses the following ticket: > > * PKI TRAC Ticket #1432 - Certificate nickname improvement > > > This was tested by successfully: > > * cre

Re: [Pki-devel] [PATCH] 0117..0119 Retry key retrieval on failure

2016-06-02 Thread Fraser Tweedale
On Thu, Jun 02, 2016 at 11:45:38PM -0500, Endi Sukma Dewata wrote: > On 5/31/2016 11:31 PM, Fraser Tweedale wrote: > > Hi team, > > > > The attached patches implement key retrieval retry with backoff > > (ticket: https://fedorahosted.org/pki/ticket/2293). > > > > Thanks, > > Fraser > > ACK. > T

Re: [Pki-devel] [PATCH] 0115 Include serial of revoked cert in CertRequestInfo

2016-06-02 Thread Fraser Tweedale
On Thu, Jun 02, 2016 at 10:28:15PM -0500, Endi Sukma Dewata wrote: > On 5/29/2016 8:31 PM, Fraser Tweedale wrote: > > Please review the attached patch, which addresses > > https://fedorahosted.org/pki/ticket/1073 > > > > Cheers, > > Fraser > > ACK. > Thanks; pushed to master (9bcc0bba57003a26ee0

Re: [Pki-devel] [PATCH] 0112 Return 410 Gone if target CA of request has been deleted

2016-06-02 Thread Fraser Tweedale
On Thu, Jun 02, 2016 at 08:02:35PM -0500, Endi Sukma Dewata wrote: > On 5/17/2016 12:20 AM, Fraser Tweedale wrote: > > Hi all, > > attached patch fixes https://fedorahosted.org/pki/ticket/2332 > > > > Cheers, > > Fraser > > Assuming an identical CA cannot be created to replace the old one, HTTP 4

Re: [Pki-devel] [PATCH] 0110 Lightweight CAs: remove redundant deletePrivateKey invocation

2016-06-02 Thread Fraser Tweedale
On Thu, Jun 02, 2016 at 07:10:49PM -0500, Endi Sukma Dewata wrote: > On 5/15/2016 10:26 PM, Fraser Tweedale wrote: > > Hi team, > > > > The attached patch fixes https://fedorahosted.org/pki/ticket/1640. > > > > Cheers, > > Fraser > > ACK. > Thanks; pushed to master (c685a4195cdde16e875478b0f455

Re: [Pki-devel] [PATCH] 0111 Lightweight CAs: remove NSSDB material when processing deletion

2016-06-02 Thread Fraser Tweedale
On Thu, Jun 02, 2016 at 07:31:55PM -0500, Endi Sukma Dewata wrote: > On 5/15/2016 11:07 PM, Fraser Tweedale wrote: > > The attached patch makes clones delete lightweight CA keys/certs > > from local NSSDB when processing LWCA deletion. > > > > Ticket: https://fedorahosted.org/pki/ticket/2328 > >

[Pki-devel] [PATCH] Certificate Nickname Improvement

2016-06-02 Thread Matthew Harmsen
Please review the attached patch which addresses the following ticket: * PKI TRAC Ticket #1432 - Certificate nickname improvement This was tested by successfully: * creating a shared PKI instance containing a CA, KRA, OCSP, TKS, and TPS, * creatin

Re: [Pki-devel] [PATCH] 0120..0121 Remove pki-ipa-retrieve-key script

2016-06-02 Thread Endi Sukma Dewata
On 5/31/2016 11:45 PM, Fraser Tweedale wrote: G'day comrades, Please review the attached two patches, which... (Patch 0120) - provide for passing of configuration (from CS.cfg) to KeyRetriever implementations - generalise IPACustodiaKeyRetriever to ExternalProcessKeyRetriever, which execu

Re: [Pki-devel] [PATCH] 0117..0119 Retry key retrieval on failure

2016-06-02 Thread Endi Sukma Dewata
On 5/31/2016 11:31 PM, Fraser Tweedale wrote: Hi team, The attached patches implement key retrieval retry with backoff (ticket: https://fedorahosted.org/pki/ticket/2293). Thanks, Fraser ACK. -- Endi S. Dewata ___ Pki-devel mailing list Pki-devel@r

Re: [Pki-devel] [PATCH] 0115 Include serial of revoked cert in CertRequestInfo

2016-06-02 Thread Endi Sukma Dewata
On 5/29/2016 8:31 PM, Fraser Tweedale wrote: Please review the attached patch, which addresses https://fedorahosted.org/pki/ticket/1073 Cheers, Fraser ACK. -- Endi S. Dewata ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mai

Re: [Pki-devel] [PATCH] 0113..0114 Lightweight CAs: renewal support

2016-06-02 Thread Endi Sukma Dewata
On 5/17/2016 12:26 AM, Fraser Tweedale wrote: Attached patches implement LWCA renewal support (https://fedorahosted.org/pki/ticket/2327). It includes REST API POST /ca/rest/authorities//renew But not implemented in CLI tool yet. If we decide to make it a first-class CLI feature (cf certmo

Re: [Pki-devel] [PATCH] pki-cfu-0127-Ticket-2271-Part2-TMS-removing-reducing-debug-log-pr.patch

2016-06-02 Thread Christina Fu
commit 897fd14bfdfa4cd722f95ba60c8dd7a9eaa37219 thanks! Christina On 06/02/2016 05:54 PM, John Magne wrote: Thanks to some tough work here ACK : Took a look at the code and then scanned carefully some test logs and the logs for TPS and TKS are completely streamlined. - Original Message

Re: [Pki-devel] [PATCH] 0112 Return 410 Gone if target CA of request has been deleted

2016-06-02 Thread Endi Sukma Dewata
On 5/17/2016 12:20 AM, Fraser Tweedale wrote: Hi all, attached patch fixes https://fedorahosted.org/pki/ticket/2332 Cheers, Fraser Assuming an identical CA cannot be created to replace the old one, HTTP 410 Gone is fine. If it's possible, it should be HTTP 404 Not Found. ACK. -- Endi S. Dew

Re: [Pki-devel] [PATCH] pki-cfu-0127-Ticket-2271-Part2-TMS-removing-reducing-debug-log-pr.patch

2016-06-02 Thread John Magne
Thanks to some tough work here ACK : Took a look at the code and then scanned carefully some test logs and the logs for TPS and TKS are completely streamlined. - Original Message - > From: "Christina Fu" > To: "pki-devel" > Sent: Thursday, 2 June, 2016 4:52:59 PM > Subject: [Pki-dev

Re: [Pki-devel] [PATCH] 0111 Lightweight CAs: remove NSSDB material when processing deletion

2016-06-02 Thread Endi Sukma Dewata
On 5/15/2016 11:07 PM, Fraser Tweedale wrote: The attached patch makes clones delete lightweight CA keys/certs from local NSSDB when processing LWCA deletion. Ticket: https://fedorahosted.org/pki/ticket/2328 Thanks, Fraser ACK. -- Endi S. Dewata _

Re: [Pki-devel] [PATCH] 0110 Lightweight CAs: remove redundant deletePrivateKey invocation

2016-06-02 Thread Endi Sukma Dewata
On 5/15/2016 10:26 PM, Fraser Tweedale wrote: Hi team, The attached patch fixes https://fedorahosted.org/pki/ticket/1640. Cheers, Fraser ACK. -- Endi S. Dewata ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo

Re: [Pki-devel] [PATCH] 757 Added TPS token state transition validation.

2016-06-02 Thread Endi Sukma Dewata
On 5/27/2016 5:52 PM, Endi Sukma Dewata wrote: On 5/25/2016 10:34 PM, Endi Sukma Dewata wrote: The TPSSubsystem has been modified to load and validate the token state transition lists during initialization. If any of the lists is empty or any of the transitions is invalid, the initialization wil

[Pki-devel] [PATCH] pki-cfu-0127-Ticket-2271-Part2-TMS-removing-reducing-debug-log-pr.patch

2016-06-02 Thread Christina Fu
Ticket #2271 Part2:TMS:removing/reducing debug log printout of data This patch comments out unneeded data in TMS debug logs (TPS&TKS); It reduces the size of the debug logs by a lot. Note that for ease of later development debugging, the debug lines are commented out instead of

Re: [Pki-devel] [PATCH] Fix unknown TKS host and port error during TPS removal

2016-06-02 Thread John Magne
ACK - Original Message - From: "Matthew Harmsen" To: "pki-devel" Sent: Wednesday, June 1, 2016 10:19:51 AM Subject: [Pki-devel] [PATCH] Fix unknown TKS host and port error during TPS removal Please review the attached patch which addresses the following ticket: * PKI TRAC #1

Re: [Pki-devel] [PATCH] 315-319 KRA realm related patches

2016-06-02 Thread Endi Sukma Dewata
On 6/2/2016 8:51 AM, Ade Lee wrote: And now with the patches .. On Thu, 2016-06-02 at 09:50 -0400, Ade Lee wrote: Patch descriptions (in reverse order). The final patch will need some discussion. Please review, Ade Some comments: 1. In SrchKey and SrchKeyForRecovery the check probably sho

Re: [Pki-devel] [PATCH] 760 Fixed invalid TPS VLV indexes.

2016-06-02 Thread Endi Sukma Dewata
On 6/2/2016 9:17 AM, Ade Lee wrote: ACK Thanks! Also ACKed by jmagne. Pushed to master. -- Endi S. Dewata ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] [PATCH] 754-755 Fixed problem submitting renewal request.

2016-06-02 Thread Endi Sukma Dewata
On 5/24/2016 11:55 AM, Endi Sukma Dewata wrote: Attached are patches to fix a problem with submitting renewal request. https://fedorahosted.org/pki/ticket/999 This was conditionally ACKed by jmagne (thanks!). It's been tested to work with the UI and CLI with a minor revision. Pushed to master

Re: [Pki-devel] [PATCH] 760 Fixed invalid TPS VLV indexes.

2016-06-02 Thread Ade Lee
ACK On Fri, 2016-05-27 at 17:53 -0500, Endi Sukma Dewata wrote: > The TPS VLV indexes have been fixed to use the correct vlvScope > (i.e. one level). The unsupported minus sign in vlvSort and the > redundant vlvEnabled have been removed. > > https://fedorahosted.org/pki/ticket/2342 > > _

[Pki-devel] [PATCH] 315-319 KRA realm related patches

2016-06-02 Thread Ade Lee
Patch descriptions (in reverse order). The final patch will need some discussion. Please review, Ade *** commit 4a1fb1e678d0024d9ee51fcda0d83f74f1715f4b Author: Ade Lee Date: Thu Jun 2 09:41:35 2016 -0400 Modify pki-server db-upgrade to do rea

Re: [Pki-devel] [PATCH] 315-319 KRA realm related patches

2016-06-02 Thread Ade Lee
And now with the patches .. On Thu, 2016-06-02 at 09:50 -0400, Ade Lee wrote: > Patch descriptions (in reverse order). > > The final patch will need some discussion. Please review, > > Ade > > *** > commit 4a1fb1e678d0024d9ee51fcda0d83f74f1715f4b > A