[Pki-devel] [PATCH] 0134-Make-sure-only-the-master-keys-and-certs-are-imported
John Magne
jmagne at redhat.com
Wed Jun 26 23:03:52 UTC 2013
Ade:
This looks good but I have a question.
Looking at the function you added:
private static boolean importRequired(ArrayList<String> masterList, String nickname) {
+ if (masterList.contains(nickname))
+ return true;
+ try {
+ X500Name xname = new X500Name(nickname);
+ for (String key: masterList) {
+ try {
+ X500Name xkey = new X500Name(key);
+ if (xkey.equals(xname)) return true;
+ } catch (IOException e) {
+ // xkey not an X500Name
+ }
+ }
+
+ } catch (IOException e) {
+ // nickname is not a x500Name
+ return false;
+ }
+ return false;
+ }
It looks like the top of this function does a String comparison just like the code you had in there but commented out already:
if (masterList.contains(nickname))
+ return true;
As I understand the List contains method calls the equals method of the objects involved.
Subsequently it looks like you rifle through the whole list and do a comparison between X500Name objects, which represent distinguished names.
Why is this done? There are cases where the DN's are equivalent but their raw Strings may differ?
thanks,
jack
----- Original Message -----
> From: "Ade Lee" <alee at redhat.com>
> To: pki-devel at redhat.com
> Sent: Wednesday, June 26, 2013 11:28:42 AM
> Subject: [Pki-devel] [PATCH] 0134-Make-sure-only-the-master-keys-and-certs-are-imported
>
> Make sure only the master keys and certs are imported.
>
> The key import code was written for when there was only one
> subsystem per tomcat instance, and only one subsystems certs
> and keys per p12 file. We need to ensure that only the master's
> subsystem keys and certs are imported. Otherwise, unpredictable
> behavior happens, like in Ticket 665.
>
> Please review,
>
> Thanks,
> Ade
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list