[Pki-devel] [PATCH] 548 Updated CRMFPopClient parameter handling.
John Magne
jmagne at redhat.com
Wed Feb 25 00:32:30 UTC 2015
Looks fine: ACK
One quick minor question though...
Unless I have the order wrong we have something like this:
boolean sslECDH = Boolean.parseBoolean(cmd.getOptionValue("x", "false"));
Then further down it appears that we do the tests to make sure the switches
provided are algorithm appropriate..
if (algorithm.equals("rsa")) {
...
...
...
+
+ if (cmd.hasOption("x")) {
+ printError("Illegal parameter for RSA: -x");
+ System.exit(1);
+ }
Does this ordering matter or are we using the statement above as a convenient way
to initialize the variable "sslECDH".
----- Original Message -----
From: "Endi Sukma Dewata" <edewata at redhat.com>
To: "John Magne" <jmagne at redhat.com>
Cc: "pki-devel" <pki-devel at redhat.com>
Sent: Monday, February 16, 2015 7:18:04 AM
Subject: Re: [Pki-devel] [PATCH] 548 Updated CRMFPopClient parameter handling.
The patch has been updated. Please take a look, thanks.
On 2/9/2015 1:45 PM, John Magne wrote:
> System.out.println(" -q <POP option> POP option (default: POP_SUCCESS)");
> + System.out.println(" - POP_NONE");
> + System.out.println(" - POP_SUCCESS");
> + System.out.println(" - POP_FAIL");
>
> We originally added POP_NONE and POP_FAIL as a way to test Proof Of Possession.
> This was when this thing was mainly a test tool.
>
> I would imagine the major legit cases would be POP_SUCCESS and POP_NONE,
> with SUCCESS merely meaning that we include POP with the request.
>
> It might be nice to add a little more info to the string for POP_FAIL that this is to test a failure case,
> and POP_NONE is to not provide POP, while POP_SUCCESS means to provide POP information with the request.
Fixed. I added short descriptions on each option.
> Here:
>
>
> if (sensitive != 0 && sensitive != 1 && sensitive != -1) {
> + printError("Illegal input parameters for -s: " + sensitive);
> + System.exit(1);
> + }
> +
> + if (extractable != 0 && extractable != 1 && extractable != -1) {
> + printError("Illegal input parameters for -e: " + extractable);
> + System.exit(1);
> + }
>
> There is checking for the validity of the sensitive and extractable params here.
> From the usage string it looks like we only want this for the EC case, would it make
> sense to make sure ec is in effect here?
Fixed. I moved/added parameter checking for each algorithm.
> Also, when an error is detected in the params, should be re-print out the usage, or does the system handle this for us somehow?
It will print the following message
ERROR: ... <error message> ...
Try 'CRMFPopClient --help' for more information.
I'd rather not display the full usage because it's quite long so people
might get confused trying to find the error message. Later on we can try
to improve it.
--
Endi S. Dewata
>
> ----- Original Message -----
> From: "Endi Sukma Dewata" <edewata at redhat.com>
> To: "pki-devel" <pki-devel at redhat.com>
> Sent: Wednesday, February 4, 2015 10:03:55 AM
> Subject: Re: [Pki-devel] [PATCH] 548 Updated CRMFPopClient parameter handling.
>
> On 1/29/2015 12:18 PM, Endi Sukma Dewata wrote:
>> The CRMFPopClient has been modified to use Apache Commons CLI
>> library to handle the parameters. The help message has been
>> rewritten to make it more readable. The submitRequest() will
>> now display the error reason.
>>
>> The options in ClientCertRequestCLI have been simplified. A new
>> option was added to generate CRMF request without POP.
>>
>> https://fedorahosted.org/pki/ticket/1074
>
> New patch attached for additional cleanup.
>
More information about the Pki-devel
mailing list