The patch has been updated. Please take a look, thanks.
On 2/9/2015 1:45 PM, John Magne wrote:
System.out.println(" -q <POP option> POP
option (default: POP_SUCCESS)");
+ System.out.println(" - POP_NONE");
+ System.out.println(" - POP_SUCCESS");
+ System.out.println(" - POP_FAIL");
We originally added POP_NONE and POP_FAIL as a way to test Proof Of Possession.
This was when this thing was mainly a test tool.
I would imagine the major legit cases would be POP_SUCCESS and POP_NONE,
with SUCCESS merely meaning that we include POP with the request.
It might be nice to add a little more info to the string for POP_FAIL that this is to
test a failure case,
and POP_NONE is to not provide POP, while POP_SUCCESS means to provide POP information
with the request.
Fixed. I added short descriptions on each option.
Here:
if (sensitive != 0 && sensitive != 1 && sensitive != -1) {
+ printError("Illegal input parameters for -s: " + sensitive);
+ System.exit(1);
+ }
+
+ if (extractable != 0 && extractable != 1 && extractable != -1)
{
+ printError("Illegal input parameters for -e: " + extractable);
+ System.exit(1);
+ }
There is checking for the validity of the sensitive and extractable params here.
From the usage string it looks like we only want this for the EC case, would it make
sense to make sure ec is in effect here?
Fixed. I moved/added parameter checking for each algorithm.
Also, when an error is detected in the params, should be re-print out
the usage, or does the system handle this for us somehow?
It will print the following message
ERROR: ... <error message> ...
Try 'CRMFPopClient --help' for more information.
I'd rather not display the full usage because it's quite long so people
might get confused trying to find the error message. Later on we can try
to improve it.
--
Endi S. Dewata
----- Original Message -----
From: "Endi Sukma Dewata" <edewata(a)redhat.com>
To: "pki-devel" <pki-devel(a)redhat.com>
Sent: Wednesday, February 4, 2015 10:03:55 AM
Subject: Re: [Pki-devel] [PATCH] 548 Updated CRMFPopClient parameter handling.
On 1/29/2015 12:18 PM, Endi Sukma Dewata wrote:
> The CRMFPopClient has been modified to use Apache Commons CLI
> library to handle the parameters. The help message has been
> rewritten to make it more readable. The submitRequest() will
> now display the error reason.
>
> The options in ClientCertRequestCLI have been simplified. A new
> option was added to generate CRMF request without POP.
>
>
https://fedorahosted.org/pki/ticket/1074
New patch attached for additional cleanup.