The following feedback came from discussions with Endi on #dogtag-pki. I will submit revised patches with the relevant changes (changes to be addressed now). Endi, please let me know if I missed anything. Ade *********************************************************************** ***** To be addressed now: * i think we can define it as int, then we use this @DefaultValue(""+DEFAULT_MAXRESULTS) * should we add a setTransWrappedSessionKey() that takes a byte[] and convert it internally to base64? * in DRMTest there's a variable called IV, i think it should be lower case * remove quote on clientID ***** To be addressed in a separate discussion about changes to the interface/separate patch: * <seems to be possible: http://blog.bdoughan.com/2011/05/schema-to-java-xmlmimetype.html (use byte[] for some values) * i think it would be better if the getTransportCert() returns a decoded cert in byte[] * naming of xml attributes ***** To be addressed in osutil cleanup: * is OSUtil.BtoA() a base64 encoder? should we replace it with http://commons.apache.org/codec/apidocs/org/apache/commons/codec/binary/B... ? ***** To be addressed by jmagne in his patch: * question about DRMTest.wrapPassphrase() line 486: String wrappedS = new String(wrappedPassphrase, "ISO-8859-1"); line 487: byte[] pPhrase = wrappedS.getBytes("ISO-8859-1"); are these lines redundant because pPhrase would be the same as wrappedPassphrase? also isn't there a possible encoding error? the wrapped passphrase might not conform to ISO-8859-1 * in lines 275 and 365 we call unwrap(token, IV, wrappedRecoveredKey.getBytes("ISO-8859-1"), recoveryKey); shouldn't the wrappedRecoveredKey be base-64 decoded instead of using getBytes()? * Can the client be modified to allow salt generation? Or should we make iv a constant? ***** To be addressed in patch to junitize the test: * the next lines try to decrypt the passphrase. should this code be moved into main() as another test? * some of the tests require manual validation ***** To be addressed in separate injection hardening patch: * the search filter is constructed by concatenating the param values. is this a security risk? injection attack? On Tue, 2012-01-24 at 18:35 -0500, John Magne wrote: > Patch pki-vakwetu-0014-Fix-test-client-errors.patch > > > This code implements the simple changes that Ade and I discussed > when trying to get the proxy client working when running inside Eclipse. > > Since the we've tested the client to work well based on these fixes. > > Ack > > > > ----- Original Message ----- > From: "Ade Lee" <alee(a)redhat.com&gt; > To: pki-devel(a)redhat.com > Sent: Monday, January 23, 2012 10:11:19 PM > Subject: [Pki-devel] [PATCH] resteasy drm client patches > > These patches provide the DRM test client that is currently being used > to test DRM functionality. The patches need to be updated sequentially. > > The future plan (next week) is to convert these to junit format. For > now, though, my focus is on the Python client code. > > jmagne is already working with these tests, but he will submit his > corrections in separate patches. > > Please review, > Ade > > > _______________________________________________ > Pki-devel mailing list > Pki-devel(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel _______________________________________________ Pki-devel mailing list Pki-devel(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-devel