The following feedback came from discussions with Endi on #dogtag-pki.
I will submit revised patches with the relevant changes (changes to be
addressed now).
Endi, please let me know if I missed anything.
Ade
***********************************************************************
***** To be addressed now:
* i think we can define it as int, then we use this
@DefaultValue(""+DEFAULT_MAXRESULTS)
* should we add a setTransWrappedSessionKey() that takes a byte[] and convert it
internally to base64?
* in DRMTest there's a variable called IV, i think it should be lower case
* remove quote on clientID
***** To be addressed in a separate discussion about changes to the interface/separate
patch:
* <seems to be possible:
http://blog.bdoughan.com/2011/05/schema-to-java-xmlmimetype.html (use byte[] for some
values)
* i think it would be better if the getTransportCert() returns a decoded cert in byte[]
* naming of xml attributes
***** To be addressed in osutil cleanup:
* is OSUtil.BtoA() a base64 encoder? should we replace it with
http://commons.apache.org/codec/apidocs/org/apache/commons/codec/binary/B... ?
***** To be addressed by jmagne in his patch:
* question about DRMTest.wrapPassphrase()
line 486: String wrappedS = new String(wrappedPassphrase, "ISO-8859-1");
line 487: byte[] pPhrase = wrappedS.getBytes("ISO-8859-1");
are these lines redundant because pPhrase would be the same as wrappedPassphrase?
also isn't there a possible encoding error? the wrapped passphrase might not
conform to ISO-8859-1
* in lines 275 and 365 we call unwrap(token, IV,
wrappedRecoveredKey.getBytes("ISO-8859-1"), recoveryKey);
shouldn't the wrappedRecoveredKey be base-64 decoded instead of using
getBytes()?
* Can the client be modified to allow salt generation? Or should we make iv a constant?
***** To be addressed in patch to junitize the test:
* the next lines try to decrypt the passphrase. should this code be moved into main() as
another test?
* some of the tests require manual validation
***** To be addressed in separate injection hardening patch:
* the search filter is constructed by concatenating the param values. is this a security
risk? injection attack?
On Tue, 2012-01-24 at 18:35 -0500, John Magne wrote:
Patch pki-vakwetu-0014-Fix-test-client-errors.patch
This code implements the simple changes that Ade and I discussed
when trying to get the proxy client working when running inside Eclipse.
Since the we've tested the client to work well based on these fixes.
Ack
----- Original Message -----
From: "Ade Lee" <alee(a)redhat.com>
To: pki-devel(a)redhat.com
Sent: Monday, January 23, 2012 10:11:19 PM
Subject: [Pki-devel] [PATCH] resteasy drm client patches
These patches provide the DRM test client that is currently being used
to test DRM functionality. The patches need to be updated sequentially.
The future plan (next week) is to convert these to junit format. For
now, though, my focus is on the Python client code.
jmagne is already working with these tests, but he will submit his
corrections in separate patches.
Please review,
Ade
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel