Re: [Pki-devel] [PATCH] 241 - Changes to token state processing

Few questions: ACK if turns out all good. 1. In public ArrayList<TPSCertRecord> tdbGetCertRecordsByCert(String serial, String issuer) + throws TPSException { + if (serial == null) + throw new TPSException("TPSTokendb.tdbGetCertificatesBySerial: serial null"); + Do we care if issue is null? 2. In private boolean shouldRevoke(TPSCertRecord cert, String cuid, String tokenReason, + String ipAddress, String remoteUser) throws Exception { here: if (now.after(notAfter) || now.before(notBefore)) { + activityMsg = "revocation not enabled for expired cert: " + cert.getSerialNumber(); It looks like we are checking also to see if the cert has not yet arrived validity period. I can't remember the branch version, but did we care about that? Arw we refusing to revoke a cert that has not yet reached its validity period? ----- Original Message ----- From: "Ade Lee" <alee(a)redhat.com&gt; To: pki-devel(a)redhat.com Sent: Wednesday, February 25, 2015 12:18:13 PM Subject: [Pki-devel] [PATCH] 241 - Changes to token state processing This is a port of the changes taking place in CS 8.1.6 to master. At this point, I have tested all the scenarios except the shared cert one because I have not figured out yet how to get external reg working to get delegated certs. Will continue testing, but I think this good for review so far. Please review, Ade _______________________________________________ Pki-devel mailing list Pki-devel(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-devel