[Pki-devel] [PATCH] 202 Session-based nonces.
Endi Sukma Dewata
edewata at redhat.com
Mon Feb 4 16:24:58 UTC 2013
On 2/4/2013 9:49 AM, Ade Lee wrote:
> Looks pretty good to me.
>
> Question:
> 1. What is the purpose of the isMemberOfSubsystemGroup() method, and why
> do we need it?
The original code checks whether the user specified in the client
certificate belongs to the "Subsystem Group". If it does, the code will
skip nonce verification. I suppose this is used by internal PKI
operations which do not require 2-step processes using nonces.
The isMemberOfSubsystemGroup() is a method that encapsulates the above
logic, and it's created to separate the logic from nonce validation
which should not be dependent on client certificates.
--
Endi S. Dewata
More information about the Pki-devel
mailing list