[Pki-devel] [PATCH] 241 - Changes to token state processing
John Magne
jmagne at redhat.com
Thu Feb 26 00:45:17 UTC 2015
Few questions: ACK if turns out all good.
1. In
public ArrayList<TPSCertRecord> tdbGetCertRecordsByCert(String serial, String issuer)
+ throws TPSException {
+ if (serial == null)
+ throw new TPSException("TPSTokendb.tdbGetCertificatesBySerial: serial null");
+
Do we care if issue is null?
2. In
private boolean shouldRevoke(TPSCertRecord cert, String cuid, String tokenReason,
+ String ipAddress, String remoteUser) throws Exception {
here:
if (now.after(notAfter) || now.before(notBefore)) {
+ activityMsg = "revocation not enabled for expired cert: " + cert.getSerialNumber();
It looks like we are checking also to see if the cert has not yet arrived validity period.
I can't remember the branch version, but did we care about that? Arw we refusing to revoke
a cert that has not yet reached its validity period?
----- Original Message -----
From: "Ade Lee" <alee at redhat.com>
To: pki-devel at redhat.com
Sent: Wednesday, February 25, 2015 12:18:13 PM
Subject: [Pki-devel] [PATCH] 241 - Changes to token state processing
This is a port of the changes taking place in CS 8.1.6 to master.
At this point, I have tested all the scenarios except the shared cert
one because I have not figured out yet how to get external reg working
to get delegated certs. Will continue testing, but I think this good
for review so far.
Please review,
Ade
_______________________________________________
Pki-devel mailing list
Pki-devel at redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list