[Engine-patches] Change in ovirt-engine[master]: pki: remove usage of /ca.crt uri

Fri, 01 Nov 2013 05:40:15 -0700 

Alexander Wels has posted comments on this change.

Change subject: pki: remove usage of /ca.crt uri
......................................................................


Patch Set 1:

(2 comments)

....................................................
File 
backend/manager/modules/services/src/main/java/org/ovirt/engine/core/services/PKIResourceServlet.java
Line 46:     static {
Line 47:         EngineLocalConfig config = EngineLocalConfig.getInstance();
Line 48:         pkiResources = new HashMap<String, Details>();
Line 49:         pkiResources.put("ca-certificate", new 
Details(config.getPKICACert(), "X509-PEM-CA"));
Line 50:         pkiResources.put("engine-certificate", new 
Details(config.getPKIEngineCert(), "X509-PEM", "ovirt-engine"));
I would leave this in the init of the servlet. Having it static like that makes 
it nearly impossible to properly unit test (not that we have a unit test for 
this, but in case we ever get one, it will be easier to mock out the 
EngineLocalConfig)
Line 51:     }
Line 52: 
Line 53:     private String getMyParameter(String name, HttpServletRequest 
request) {
Line 54:         String value;


Line 85:             }
Line 86: 
Line 87:             if (alias == null) {
Line 88:                 alias = details.alias;
Line 89:             }
Shouldn't we at least check that alias is something in the range we are 
expecting? Right now it can be anything. I know it ends up as the alias if the 
format is RFC4716, which seems to have no restrictions, and doesn't seem to be 
part of the RFC at all. I think we should put some sort of limiting check here, 
just not sure what that check it.
Line 90: 
Line 91:             try (InputStream in = new FileInputStream(details.file)) {
Line 92: 
Line 93:                 final Certificate certificate =  
CertificateFactory.getInstance("X.509").generateCertificate(in);


-- 
To view, visit http://gerrit.ovirt.org/20787
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: Iac544335e1a0c01388eae23405d83bdac4704d34
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Alexander Wels <[email protected]>
Gerrit-Reviewer: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Eli Mesika <[email protected]>
Gerrit-Reviewer: Itamar Heim <[email protected]>
Gerrit-Reviewer: Sandro Bonazzola <[email protected]>
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to