2:18 p.m.
This is a port of the changes taking place in CS 8.1.6 to master.
At this point, I have tested all the scenarios except the shared cert
one because I have not figured out yet how to get external reg working
to get delegated certs. Will continue testing, but I think this good
for review so far.
Please review,
Ade
6:45 p.m.
Few questions: ACK if turns out all good.
1. In
public ArrayList<TPSCertRecord> tdbGetCertRecordsByCert(String serial, String
issuer)
+ throws TPSException {
+ if (serial == null)
+ throw new TPSException("TPSTokendb.tdbGetCertificatesBySerial: serial
null");
+
Do we care if issue is null?
2. In
private boolean shouldRevoke(TPSCertRecord cert, String cuid, String tokenReason,
+ String ipAddress, String remoteUser) throws Exception {
here:
if (now.after(notAfter) || now.before(notBefore)) {
+ activityMsg = "revocation not enabled for expired cert: " +
cert.getSerialNumber();
It looks like we are checking also to see if the cert has not yet arrived validity
period.
I can't remember the branch version, but did we care about that? Arw we refusing to
revoke
a cert that has not yet reached its validity period?
----- Original Message -----
From: "Ade Lee" <alee(a)redhat.com>
To: pki-devel(a)redhat.com
Sent: Wednesday, February 25, 2015 12:18:13 PM
Subject: [Pki-devel] [PATCH] 241 - Changes to token state processing
This is a port of the changes taking place in CS 8.1.6 to master.
At this point, I have tested all the scenarios except the shared cert
one because I have not figured out yet how to get external reg working
to get delegated certs. Will continue testing, but I think this good
for review so far.
Please review,
Ade
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
10:23 p.m.
Thanks. Fixed issues mentioned below. Pushed to master.
On Wed, 2015-02-25 at 19:45 -0500, John Magne wrote:
Few questions: ACK if turns out all good.
1. In
public ArrayList<TPSCertRecord> tdbGetCertRecordsByCert(String serial, String
issuer)
+ throws TPSException {
+ if (serial == null)
+ throw new TPSException("TPSTokendb.tdbGetCertificatesBySerial: serial
null");
+
Do we care if issue is null?
2. In
private boolean shouldRevoke(TPSCertRecord cert, String cuid, String tokenReason,
+ String ipAddress, String remoteUser) throws Exception {
here:
if (now.after(notAfter) || now.before(notBefore)) {
+ activityMsg = "revocation not enabled for expired cert: " +
cert.getSerialNumber();
It looks like we are checking also to see if the cert has not yet arrived validity
period.
I can't remember the branch version, but did we care about that? Arw we refusing to
revoke
a cert that has not yet reached its validity period?
----- Original Message -----
From: "Ade Lee" <alee(a)redhat.com>
To: pki-devel(a)redhat.com
Sent: Wednesday, February 25, 2015 12:18:13 PM
Subject: [Pki-devel] [PATCH] 241 - Changes to token state processing
This is a port of the changes taking place in CS 8.1.6 to master.
At this point, I have tested all the scenarios except the shared cert
one because I have not figured out yet how to get external reg working
to get delegated certs. Will continue testing, but I think this good
for review so far.
Please review,
Ade
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
3585
days inactive
3587
days old
2 comments
2 participants
participants (2)
-
Ade Lee -
John Magne