[Pki-devel] [PATCH] resteasy drm client patches
Ade Lee
alee at redhat.com
Wed Feb 8 21:54:53 UTC 2012
Pushed to master.
The parts indicated as "To be addressed now" will be addressed in a
separate patch to help ease integration and checkin of jmagne and alee
code. Some parts - like the quote - have been addressed in jmagne's
patch.
On Thu, 2012-01-26 at 10:32 -0500, Ade Lee wrote:
> The following feedback came from discussions with Endi on #dogtag-pki.
> I will submit revised patches with the relevant changes (changes to be
> addressed now).
>
> Endi, please let me know if I missed anything.
>
> Ade
> ***********************************************************************
> ***** To be addressed now:
> * i think we can define it as int, then we use this @DefaultValue(""+DEFAULT_MAXRESULTS)
> * should we add a setTransWrappedSessionKey() that takes a byte[] and convert it internally to base64?
> * in DRMTest there's a variable called IV, i think it should be lower case
> * remove quote on clientID
>
> ***** To be addressed in a separate discussion about changes to the interface/separate patch:
> * <seems to be possible: http://blog.bdoughan.com/2011/05/schema-to-java-xmlmimetype.html (use byte[] for some values)
> * i think it would be better if the getTransportCert() returns a decoded cert in byte[]
> * naming of xml attributes
>
> ***** To be addressed in osutil cleanup:
> * is OSUtil.BtoA() a base64 encoder? should we replace it with http://commons.apache.org/codec/apidocs/org/apache/commons/codec/binary/Base64.html ?
>
> ***** To be addressed by jmagne in his patch:
> * question about DRMTest.wrapPassphrase()
> line 486: String wrappedS = new String(wrappedPassphrase, "ISO-8859-1");
> line 487: byte[] pPhrase = wrappedS.getBytes("ISO-8859-1");
> are these lines redundant because pPhrase would be the same as wrappedPassphrase?
> also isn't there a possible encoding error? the wrapped passphrase might not conform to ISO-8859-1
>
> * in lines 275 and 365 we call unwrap(token, IV, wrappedRecoveredKey.getBytes("ISO-8859-1"), recoveryKey);
> shouldn't the wrappedRecoveredKey be base-64 decoded instead of using getBytes()?
>
> * Can the client be modified to allow salt generation? Or should we make iv a constant?
>
> ***** To be addressed in patch to junitize the test:
> * the next lines try to decrypt the passphrase. should this code be moved into main() as another test?
> * some of the tests require manual validation
>
> ***** To be addressed in separate injection hardening patch:
> * the search filter is constructed by concatenating the param values. is this a security risk? injection attack?
>
> On Tue, 2012-01-24 at 18:35 -0500, John Magne wrote:
> > Patch pki-vakwetu-0014-Fix-test-client-errors.patch
> >
> >
> > This code implements the simple changes that Ade and I discussed
> > when trying to get the proxy client working when running inside Eclipse.
> >
> > Since the we've tested the client to work well based on these fixes.
> >
> > Ack
> >
> >
> >
> > ----- Original Message -----
> > From: "Ade Lee" <alee at redhat.com>
> > To: pki-devel at redhat.com
> > Sent: Monday, January 23, 2012 10:11:19 PM
> > Subject: [Pki-devel] [PATCH] resteasy drm client patches
> >
> > These patches provide the DRM test client that is currently being used
> > to test DRM functionality. The patches need to be updated sequentially.
> >
> > The future plan (next week) is to convert these to junit format. For
> > now, though, my focus is on the Python client code.
> >
> > jmagne is already working with these tests, but he will submit his
> > corrections in separate patches.
> >
> > Please review,
> > Ade
> >
> >
> > _______________________________________________
> > Pki-devel mailing list
> > Pki-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-devel
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list