[Pki-devel] [PATCH] 89 Added CLI commands for Key and Key request resources.

Ade Lee alee at redhat.com
Fri Apr 4 17:29:58 UTC 2014 

KeyModifyCLI.java:
1) super("mod", "Get key request", keyCLI);  "Get key request" is not
right ..  This appears to be a problem in multiple CLIs.
2) help does not look right -- do options follow the <keyId> ?
3) What happens if you choose a non-existent id?  This is for all the
CLIs.
4. No validation of status input.

Template.java
1) Add line after field declarations and before constructor.

KeyArchiveCLI 
1) Archive a secret at the DRM --> in the DRM.
2) There appears to be no option to archive a symmetric key?  
   Given that its one of our primary use cases, we should have an option for it.

KeyGenerate.java
1) In help, do [OPTIONS] follow the args?
2. There is no validation of usages() - and the list really ought to be generated
   from the SymKeyGenerationRequest definition.
3. "Required for all algorithms AES and RC2." doesn't sound right.
"Required for AES and RC2 algorithms".  RC4 I think requires a key size and uses a
default in case one is not provided.

4. If I recall correctly, there is a JSS function that checks whether an key_size is
   valid.  We should probably do some validation here.

KeyRecoverCLI
1.  This should probably be "Create a key recovery request" --> rather than "Recover key" 
    and at the end, this would be "Key Recovery Request Info".
    and so maybe this should be "key-request-recovery" ?

KeyRequestTemplateFind:
"Template file for submitting a key archival request");
"Template for submitting a key recovery request.");
"Template for submitting a symmetric key generation request.");

TemplateShowCLI - 
1. No need to put list of templates in help -- thats what template-find is for.

KeyRetrievalCLI
1.  There should be an option to store the raw output to a file.  Binary data doesn't print well.
2. If a wrapping key was not initially provided, then the encrypted data makes no sense.
   Similarly if a wrapping key was not provided, then the enencrypted data makes no sense.

Ade


On Wed, 2014-04-02 at 14:36 -0400, Abhishek Koneru wrote:
> Please review the patch which adds new CLI commands for performing
> operations on Key and Key request resources.
> 
>     key-archive, key-retrieve, key-recover, key-generate,
>     key-request-review, key-template-show, key-template-find
> 
> Also attaching patch 87, which has to be applied before applying 89.
> Please review both the patches.
> 
> --Abhishek
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list