[Pki-devel] [PATCH] 202 Session-based nonces.

Endi Sukma Dewata edewata at redhat.com
Mon Feb 4 16:24:58 UTC 2013


On 2/4/2013 9:49 AM, Ade Lee wrote:
> Looks pretty good to me.
>
> Question:
> 1. What is the purpose of the isMemberOfSubsystemGroup() method, and why
> do we need it?

The original code checks whether the user specified in the client 
certificate belongs to the "Subsystem Group". If it does, the code will 
skip nonce verification. I suppose this is used by internal PKI 
operations which do not require 2-step processes using nonces.

The isMemberOfSubsystemGroup() is a method that encapsulates the above 
logic, and it's created to separate the logic from nonce validation 
which should not be dependent on client certificates.

--
Endi S. Dewata




More information about the Pki-devel mailing list