[Pki-devel] [PATCH] resteasy drm client patches
Ade Lee
alee at redhat.com
Thu Jan 26 15:32:05 UTC 2012
The following feedback came from discussions with Endi on #dogtag-pki.
I will submit revised patches with the relevant changes (changes to be
addressed now).
Endi, please let me know if I missed anything.
Ade
***********************************************************************
***** To be addressed now:
* i think we can define it as int, then we use this @DefaultValue(""+DEFAULT_MAXRESULTS)
* should we add a setTransWrappedSessionKey() that takes a byte[] and convert it internally to base64?
* in DRMTest there's a variable called IV, i think it should be lower case
* remove quote on clientID
***** To be addressed in a separate discussion about changes to the interface/separate patch:
* <seems to be possible: http://blog.bdoughan.com/2011/05/schema-to-java-xmlmimetype.html (use byte[] for some values)
* i think it would be better if the getTransportCert() returns a decoded cert in byte[]
* naming of xml attributes
***** To be addressed in osutil cleanup:
* is OSUtil.BtoA() a base64 encoder? should we replace it with http://commons.apache.org/codec/apidocs/org/apache/commons/codec/binary/Base64.html ?
***** To be addressed by jmagne in his patch:
* question about DRMTest.wrapPassphrase()
line 486: String wrappedS = new String(wrappedPassphrase, "ISO-8859-1");
line 487: byte[] pPhrase = wrappedS.getBytes("ISO-8859-1");
are these lines redundant because pPhrase would be the same as wrappedPassphrase?
also isn't there a possible encoding error? the wrapped passphrase might not conform to ISO-8859-1
* in lines 275 and 365 we call unwrap(token, IV, wrappedRecoveredKey.getBytes("ISO-8859-1"), recoveryKey);
shouldn't the wrappedRecoveredKey be base-64 decoded instead of using getBytes()?
* Can the client be modified to allow salt generation? Or should we make iv a constant?
***** To be addressed in patch to junitize the test:
* the next lines try to decrypt the passphrase. should this code be moved into main() as another test?
* some of the tests require manual validation
***** To be addressed in separate injection hardening patch:
* the search filter is constructed by concatenating the param values. is this a security risk? injection attack?
On Tue, 2012-01-24 at 18:35 -0500, John Magne wrote:
> Patch pki-vakwetu-0014-Fix-test-client-errors.patch
>
>
> This code implements the simple changes that Ade and I discussed
> when trying to get the proxy client working when running inside Eclipse.
>
> Since the we've tested the client to work well based on these fixes.
>
> Ack
>
>
>
> ----- Original Message -----
> From: "Ade Lee" <alee at redhat.com>
> To: pki-devel at redhat.com
> Sent: Monday, January 23, 2012 10:11:19 PM
> Subject: [Pki-devel] [PATCH] resteasy drm client patches
>
> These patches provide the DRM test client that is currently being used
> to test DRM functionality. The patches need to be updated sequentially.
>
> The future plan (next week) is to convert these to junit format. For
> now, though, my focus is on the Python client code.
>
> jmagne is already working with these tests, but he will submit his
> corrections in separate patches.
>
> Please review,
> Ade
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list