Ade,

This is my first cut.  focus of this review is more on the server side sym key generation part.

SymKeyGenService.java:
* does IRequest.RESULT not need to be set in request for SymKeyGenService? and also mKRA.getRequestQueue().updateRequest(request); ?

* I am actually kind of surprised that the SymKeyGenService doesn't do both key gen and recovery in one shot.  That's what asym key server-side-key-generation does --- generating keys, archive, and then return the keys to the caller, all in one shot.
If not needed now, we can at least put down as "ToDo" as an option, if the client supplies the kra-transport-wrapped session key.

Christina

On 01/30/2014 07:48 AM, Ade Lee wrote:
Hi, 

The attached patches add Symmetric Key generation service to the DRM and
refactor the DRM REST interface.  Its worthwhile to look at each patch
individually, but there will be many cases where I changed my mind on
how to represent something - for instance, Request -> KeyRequest ->
ResourceMessage.  So, the patches should be viewed as a whole.

Summary of changes:
1) Added new REST service to generate symmetric keys.
2) Refactor API to use POST /keyrequests for all request types and using
a generic RequestMessage object.
3) Refactor PKIException to use RequestMessage object.
4) Rename some objects in Key and KeyRequest resources.

I tested all this using the DRMTest code.  I needed to comment out a
couple of tests because they were causing problems (including a core
dump on the client side), and I need to investigate why that happened.
Those tests will be restored once I figure out whats going on.

I'd like to get several eyes on this, please.

Thanks,
Ade

 



_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel