diff options
author | Endi S. Dewata <edewata@redhat.com> | 2016-02-02 04:15:02 +0100 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2016-02-03 01:57:21 +0100 |
commit | ce872456a09f5c5d146c6cb465b2466ad3ddc73d (patch) | |
tree | e0575b424ebc4cbd46577a1b02a0ef5a3ae7727c /base/tps-client/doc | |
parent | d42f39334ce4b4f5fa89707bfb6145039ff04579 (diff) | |
download | pki-ce872456a09f5c5d146c6cb465b2466ad3ddc73d.tar.gz pki-ce872456a09f5c5d146c6cb465b2466ad3ddc73d.tar.xz pki-ce872456a09f5c5d146c6cb465b2466ad3ddc73d.zip |
Fixed TPS token state transitions.
The TPS service has been modified to provide a list of allowed
state transitions based on the current token state. The TPS UI
was modified to display only the allowed state transitions when
changing the token status.
The allowed state transition list has been modified to remove
invalid token transitions including:
* UNINITIALIZED -> FOUND
* UNINITIALIZED -> TEMP_LOST_PERM_LOST
The token FOUND state has been renamed to ACTIVE for clarity.
The token TEMP_LOST_PERM_LOST state has been merged into
PERM_LOST since they are identical in the database.
https://fedorahosted.org/pki/ticket/1289
https://fedorahosted.org/pki/ticket/1291
https://fedorahosted.org/pki/ticket/1684
Diffstat (limited to 'base/tps-client/doc')
-rw-r--r-- | base/tps-client/doc/CS.cfg.in | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/base/tps-client/doc/CS.cfg.in b/base/tps-client/doc/CS.cfg.in index d5c0f312e..ddfab8824 100644 --- a/base/tps-client/doc/CS.cfg.in +++ b/base/tps-client/doc/CS.cfg.in @@ -1482,13 +1482,13 @@ tokendb._064=# is set to YES. Otherwise, re-enrollment is not tokendb._065=# allowed. tokendb._066=# tokendb.allowedTransitions: tokendb._067=# - has transitions between the following states -tokendb._068=# TOKEN_UNINITIALIZED = 0, -tokendb._069=# TOKEN_DAMAGED =1, -tokendb._070=# TOKEN_PERM_LOST=2, -tokendb._071=# TOKEN_TEMP_LOST=3, -tokendb._072=# TOKEN_FOUND =4, -tokendb._073=# TOKEN_TEMP_LOST_PERM_LOST =5, -tokendb._074=# TOKEN_TERMINATED = 6 +tokendb._068=# UNINITIALIZED = 0, +tokendb._069=# DAMAGED = 1, +tokendb._070=# PERM_LOST = 2, +tokendb._071=# TEMP_LOST = 3, +tokendb._072=# ACTIVE = 4, +tokendb._073=# TEMP_LOST_PERM_LOST = 5, +tokendb._074=# TERMINATED = 6 tokendb._075=######################################### tokendb.auditLog=[PKI_INSTANCE_PATH]/logs/tokendb-audit.log tokendb.hostport=[TOKENDB_HOST]:[TOKENDB_PORT] @@ -1545,7 +1545,7 @@ tokendb.confirmDeleteConfigTemplate=confirmDeleteConfig.template log.instance.SignedAudit.selected.events=ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL log.instance.SignedAudit.selectable.events=ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE,PRIVATE_KEY_ARCHIVE_PROCESSED,KEY_RECOVERY_REQUEST,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_PROCESSED,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL log.instance.SignedAudit.nonselectable.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_PROCESSED,SERVER_SIDE_KEYGEN_REQUEST -tokendb.allowedTransitions=0:1,0:2,0:3,0:4,0:5,0:6,3:4,3:5,3:6,4:1,4:2,4:3,4:6 +tokendb.allowedTransitions=0:1,0:2,0:3,0:6,3:2,3:4,3:6,4:1,4:2,4:3,4:6 target._000=######################################### target._001=# entries to enable configuration of parameter sets through the TPS UI agent and admin tabs target._002=# @@ -1592,14 +1592,14 @@ tps._005=# tps.cert.subsystem.nickname=xxx tps._007=# tps.cert.audit_signing.nickname=xxx tps._008=# operations.allowedTransitions: tps._009=# - token operations, like formatting and enrollment have transitions between the following states -tps._010=# TOKEN_UNINITIALIZED = 0, -tps._011=# TOKEN_DAMAGED =1, -tps._012=# TOKEN_PERM_LOST=2, -tps._013=# TOKEN_TEMP_LOST=3, -tps._014=# TOKEN_FOUND =4, -tps._015=# TOKEN_TEMP_LOST_PERM_LOST =5, -tps._016=# TOKEN_TERMINATED = 6 -tps._017=# Sample: tps.operations.allowedTransitions=0:0,0:4,4:6,6:0 +tps._010=# UNINITIALIZED = 0, +tps._011=# DAMAGED = 1, +tps._012=# PERM_LOST = 2, +tps._013=# TEMP_LOST =3 , +tps._014=# ACTIVE = 4, +tps._015=# TEMP_LOST_PERM_LOST = 5, +tps._016=# TERMINATED = 6 +tps._017=# Sample: tps.operations.allowedTransitions=0:0,0:4,4:4,4:6,6:0 tps._018=######################################## tps.operations.allowedTransitions=0:0,0:4,4:0 tps.cert.list=sslserver,subsystem,audit_signing |