[Pki-devel] [PATCH] 191 - Add strength and algorithm to KeyData and KeyInfo
Ade Lee
alee at redhat.com
Mon Feb 10 16:25:19 UTC 2014
Fixed issues. Acked by Endi, Jack and Christina.
Pushed to master.
On Thu, 2014-02-06 at 21:59 -0600, Endi Sukma Dewata wrote:
> On 2/5/2014 12:27 PM, Ade Lee wrote:
> > Add strength and algorithm to KeyData and KeyInfo classes
> >
> > Make sure these are updated so that clients can get this information
> > when accessing a symmetric key. Also allow a default for generation
> > requests (but not for archival requests).
> >
> > Please review.
> >
> > Thanks,
> > Ade
>
> ACK. Feel free to push after addressing these minor issues:
>
> 1. Exception messages are meant to be read by human, so it would be
> better to use a user-friendly name (e.g. client ID) instead of variable
> name (e.g. clientId).
>
> throw new BadRequestException(
> "Invalid key generation request. Missing clientId");
>
> 2. The following alg/size validation should be done even for the default
> alg/size to make sure we're not hard-coding invalid values (or if it
> becomes invalid in the future).
>
> KeyGenAlgorithm alg =
> KeyRequestService.KEYGEN_ALGORITHMS.get(algName);
> if (alg == null) {
> throw new BadRequestException("Invalid Algorithm");
> }
>
> if (!alg.isValidStrength(size)) {
> throw new BadRequestException(
> "Invalid key size for this algorithm");
> }
>
> 3. If the keySize in SymKeyGenerationRequest is optional we should use
> Integer rather than int. This way we can detect and report missing
> keySize properly using null. Right now the above code seems to be
> generating "Invalid key size for this algorithm" on missing keySize
> since the value will be converted into 0.
>
> 4. It would be better to include the offending values in the error
> message: "Key size {keySize} is invalid for {algorithm} algorithm".
>
> 5. The terms "strength" and "size" aren't used consistently. Any preference?
>
More information about the Pki-devel
mailing list