Overall, it looks good. Just some minor suggestions, mostly for clarification purposes.

* SecureChannel.java : clearAppletKeySlotData

- would appreciate comments describing the content and format expected in the input "data"

- maybe a positive debug message after the successful cleanup (as negative result is non-fatal regardless)

* PKCS11Obj.java : getKeyIndexList

- please add high level comment to tell what this does

- how about go with the convention and assign a String method for debug messages?

- I couldn't figure out why the code needs to traverse the cert objects while it has no interest in them; I don't think it hurts though; I'm okay with it if you decide to leave it in.

- One question: if TPSBuffer data ends up not having anything add to it, will this reference blow up? data.toHexString()

Conditional ACK.

thanks,

Christina

On 12/16/2016 04:28 PM, John Magne wrote:

Author: Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com>
Date:   Fri Dec 16 16:25:48 2016 -0800

    Ticket #2569: Token memory not wiped after key deletion
    
    This is the dogtag upstream side of the TPS portion of this ticket.
    This fix also involves an applet fix, handled in another bug.

_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel