[Pki-devel] [PATCH] resteasy drm client patches

Ade Lee alee at redhat.com
Wed Feb 8 21:54:53 UTC 2012 

Pushed to master.

The parts indicated as "To be addressed now" will be addressed in a
separate patch to help ease integration and checkin of jmagne and alee
code.  Some parts - like the quote - have been addressed in jmagne's
patch.


On Thu, 2012-01-26 at 10:32 -0500, Ade Lee wrote:
> The following feedback came from discussions with Endi on #dogtag-pki.
> I will submit revised patches with the relevant changes (changes to be
> addressed now).
> 
> Endi, please let me know if I missed anything.
> 
> Ade
> ***********************************************************************
> ***** To be addressed now:
> * i think we can define it as int, then we use this @DefaultValue(""+DEFAULT_MAXRESULTS)
> * should we add a setTransWrappedSessionKey() that takes a byte[] and convert it internally to base64?
> * in DRMTest there's a variable called IV, i think it should be lower case
> * remove quote on clientID
> 
> ***** To be addressed in a separate discussion about changes to the interface/separate patch: 
> * <seems to be possible: http://blog.bdoughan.com/2011/05/schema-to-java-xmlmimetype.html (use byte[] for some values)
> * i think it would be better if the getTransportCert() returns a decoded cert in byte[]
> * naming of xml attributes
> 
> ***** To be addressed in osutil cleanup:
> * is OSUtil.BtoA() a base64 encoder? should we replace it with http://commons.apache.org/codec/apidocs/org/apache/commons/codec/binary/Base64.html ?
> 
> ***** To be addressed by jmagne in his patch:
> * question about DRMTest.wrapPassphrase()
>     line 486: String wrappedS = new String(wrappedPassphrase, "ISO-8859-1");
>     line 487: byte[] pPhrase = wrappedS.getBytes("ISO-8859-1");
>     are these lines redundant because pPhrase would be the same as wrappedPassphrase?
>     also isn't there a possible encoding error? the wrapped passphrase might not conform to ISO-8859-1
> 
> * in lines 275 and 365 we call unwrap(token, IV, wrappedRecoveredKey.getBytes("ISO-8859-1"), recoveryKey);
>           shouldn't the wrappedRecoveredKey be base-64 decoded instead of using getBytes()?
> 
> * Can the client be modified to allow salt generation?  Or should we make iv a constant?
> 
> ***** To be addressed in patch to junitize the test:
> * the next lines try to decrypt the passphrase. should this code be moved into main() as another test?
> * some of the tests require manual validation
> 
> ***** To be addressed in separate injection hardening patch:
> * the search filter is constructed by concatenating the param values. is this a security risk? injection attack?
> 
> On Tue, 2012-01-24 at 18:35 -0500, John Magne wrote:
> > Patch pki-vakwetu-0014-Fix-test-client-errors.patch
> > 
> > 
> > This code implements the simple changes that Ade and I discussed
> > when trying to get the proxy client working when running inside Eclipse.
> > 
> > Since the we've tested the client to work well based on these fixes.
> > 
> > Ack
> > 
> > 
> > 
> > ----- Original Message -----
> > From: "Ade Lee" <alee at redhat.com>
> > To: pki-devel at redhat.com
> > Sent: Monday, January 23, 2012 10:11:19 PM
> > Subject: [Pki-devel] [PATCH] resteasy drm client patches
> > 
> > These patches provide the DRM test client that is currently being used
> > to test DRM functionality.  The patches need to be updated sequentially.
> > 
> > The future plan (next week) is to convert these to junit format.  For
> > now, though, my focus is on the Python client code.
> > 
> > jmagne is already working with these tests, but he will submit his
> > corrections in separate patches.
> > 
> > Please review, 
> > Ade
> > 
> > 
> > _______________________________________________
> > Pki-devel mailing list
> > Pki-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-devel
> 
> 
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list