On 5/2/2012 7:05 PM, John Magne wrote:
 Revised patch as per the suggestions below:
 All the suggestions made sense and I implemented them as suggested.
 Tests ran fine. 
Thanks for the changes.
 Questions from below:
 5. Also in CertDAO.getCertChainData() after the initialization loop it
 looks like the certsInChain may contain a null value if x509cert exists
 in mCACerts but not the last element. Is that case possible?
 I could not see this scenario. What the code is doing is checking to see if
 you are trying to get the cert chain of a cert that is already a member of the CA's
 cert chain. In that case, the size of the array will be the size of the CA's cert
chain.
 If this is not the case, the size of the array will be that value plus one. 
The code also moves the cert into the beginning of the array. Here's the 
scenario I was asking, suppose the cert chain is:
   c0 c1 c2 c3 c4
Suppose c4 is the cert being requested. The code will generate this 
result without any problem:
   c4 c0 c1 c2 c3
However, suppose the requested cert is c2. The code will move c2 to 
first and shift the rest back by one position:
   c2 c0 c1 null c3
c4 can't be moved into the result since there isn't enough space.
If the scenario is possible, the code would include a null in the result 
and possibly generate an index-out-of-bound error when moving c4.
If the scenario is not possible, the code could be optimized to check 
the requested cert only against the last cert in the CA chain.
-- 
Endi S. Dewata