[Pki-devel] [pki-devel][Patch] 0014-Initial-enrollment-progress.patch

John Magne jmagne at redhat.com
Wed Jun 4 20:54:15 UTC 2014 

CFU:

Review comments addressed.

Plus a little bit more progress on enrollment,
up until the point we need to parse the public key blob returned
by the token. Also, rebased and merged to to the latest trunk as of an hour ago.





----- Original Message -----
> From: "Christina Fu" <cfu at redhat.com>
> To: pki-devel at redhat.com
> Sent: Tuesday, June 3, 2014 9:28:46 AM
> Subject: Re: [Pki-devel] [pki-devel][Patch]	0013-Initial-enrollment-progress.patch
> 
> Jack,
> 
> Overall, thanks for the refactoring. It does make things easier to read. I
> understand there are still code to be filled. Here are my comments.
> 
> 1. getConfiguredKeyType()
> - The original code goes to loser if the keytype is undefined. You assigned
> "signing" as default. I think the original code is probably better
> - The original code verifies if the keytype gotten from config is one of the
> TokenKeyType defined. You probably should add such check as well.
> 
> 2. I noticed that the format() method does not take the skipAuth boolean like
> before when enroll() has already done authentication. Wouldn't that mean
> format() could result authentication being done twice if format is forced
> (required) during enrollment?
> 
> 3. a few typos
> - "TPSProcessor.enroll:" in debug should be "TPSEnrollProcessor.enroll:"
> - "TPSEnrollProcessor>enroll:" in debug should be
> "TPSEnrollProcessor.enroll:"
> - "selelect" should be "select"
> 
> 4. generateCertificates()
> - I see that EnrolledCertsInfo serves both as input and output, so passing it
> in as a parameter is reasonable. But why do you need to return it? And you
> didn't' really return it. Or you can just do void instead. It already throws
> TPSException in case of errors.
> 
> 5. I think there are a few missed "TODO". If you happen to see them, you
> might want to add to comment so we don't miss them.
> 
> 6. I'm sorry I checked in my patch before you, so there will be conflicts to
> be resolved. Let's take one more look after your merge.
> 
> Christina
> 
> 
> On 05/28/2014 07:47 PM, John Magne wrote:
> 
> 
> 
> Initial enrollment operation progress.
>     
>     1. Changed the names of some message classes for convenience.
>     2. Did some minor refactoring of methods needed by both the enroll and
>     tps processor.
>     3. Created classes to handle the parsing and archival of PKCS#11 token
>     data.
>     4. Created prep code for enrollment that reads in a bunch of config
>     params and creates
>     convenience objects to carry the data instead of the lengthy parameter
>     lists we have had before.
> 
> 
> _______________________________________________
> Pki-devel mailing list Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
> 
> 
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0014-Initial-enrollment-progress.patch
Type: text/x-patch
Size: 206204 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140604/26dce923/attachment.bin>

More information about the Pki-devel mailing list