[Pki-devel] [PATCH] 241 - Changes to token state processing
Ade Lee
alee at redhat.com
Fri Feb 27 04:23:30 UTC 2015
Thanks. Fixed issues mentioned below. Pushed to master.
On Wed, 2015-02-25 at 19:45 -0500, John Magne wrote:
> Few questions: ACK if turns out all good.
>
> 1. In
>
> public ArrayList<TPSCertRecord> tdbGetCertRecordsByCert(String serial, String issuer)
> + throws TPSException {
> + if (serial == null)
> + throw new TPSException("TPSTokendb.tdbGetCertificatesBySerial: serial null");
> +
>
> Do we care if issue is null?
>
>
> 2. In
>
> private boolean shouldRevoke(TPSCertRecord cert, String cuid, String tokenReason,
> + String ipAddress, String remoteUser) throws Exception {
>
> here:
>
> if (now.after(notAfter) || now.before(notBefore)) {
> + activityMsg = "revocation not enabled for expired cert: " + cert.getSerialNumber();
>
> It looks like we are checking also to see if the cert has not yet arrived validity period.
> I can't remember the branch version, but did we care about that? Arw we refusing to revoke
> a cert that has not yet reached its validity period?
>
>
>
> ----- Original Message -----
> From: "Ade Lee" <alee at redhat.com>
> To: pki-devel at redhat.com
> Sent: Wednesday, February 25, 2015 12:18:13 PM
> Subject: [Pki-devel] [PATCH] 241 - Changes to token state processing
>
> This is a port of the changes taking place in CS 8.1.6 to master.
>
> At this point, I have tested all the scenarios except the shared cert
> one because I have not figured out yet how to get external reg working
> to get delegated certs. Will continue testing, but I think this good
> for review so far.
>
> Please review,
> Ade
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list