[Pki-devel] [PATCH] 198-203 patches to address multiple issues in KeyResource server and client code.
Ade Lee
alee at redhat.com
Sat Feb 22 05:52:18 UTC 2014
Endi, Jack and I met to discuss various improvements to the
Key/KeyResource client/server parts. Some of these are addressed in the
attached patches. Some will be handled in separate tickets.
Separate Tickets to be filed:
1. Add nonce mechanism for approvals.
2. Add openssl subclass for CryptoUtil
3. Extend generate_session_key() to return key in same call
4. Allow CLI to call python? (to be filed as separate ticket)
Done in attached patches:
5. Change kraclient.generate_sym_key -> kraclient.generate_symmetric_key
and extend to allow addition of trans_wrapped_session_key.
6. Add getActiveKey() to python client.
7. client_id -> client_key_id
8. constants in python API for key status
9. Add sanity checks to python client code
10. Move functions out of KRAClient.py and into key.py
11. from_dict() -> from)json()
12. Add methods to create nss certdb and import transport cert
13. All inputs/outputs from CryptoUtil are unencoded.
14. Fix usages in main function of SymKeyGenerationRequest
15. Fix bugs when retrieving invalid keyId.
16. Fix bugs when generating key with only clientID provided.
To be done in next patch:
17. Rewrite cryptoutil.generate_symmetric_key() to be more generic and
provide a more restricted convenience function generate_session_key()
To be considered further:
1. rename session_key -> encryption_key/ wrapping_key?
2. revamp archival to not require client to generate PkiArchiveOptions
object.
3. should retrieve functions return unwrapped key?
Please review attached patches.
Ade
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0198-Fix-minor-issues-from-review.patch
Type: text/x-patch
Size: 10460 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140222/beec2e0c/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0199-Add-methods-to-create-nss-certdb-and-import-cert.patch
Type: text/x-patch
Size: 9977 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140222/beec2e0c/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0203-Added-error-checking-in-python-client-calls.patch
Type: text/x-patch
Size: 26479 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140222/beec2e0c/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0202-Moved-key-functions-out-of-kraclient.py.patch
Type: text/x-patch
Size: 40611 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140222/beec2e0c/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0201-reame-client_id-to-client_key_id.patch
Type: text/x-patch
Size: 65514 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140222/beec2e0c/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0200-Add-getActiveKey-to-the-python-client.patch
Type: text/x-patch
Size: 2844 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140222/beec2e0c/attachment-0005.bin>
More information about the Pki-devel
mailing list