Hi Folks,I am currently working on the (old) batch system and encounter a design problem...
I am in the "complete_csr" phase, where additional data is added prior cert issuance. I will add a certification expiry date here, means creating an attributed stored in the request header.
During on of the next step's in batch processing several checks are done on this attribute (correct format, ca-lifetime, before < after)
Question: Should the same checks also be done at the import stage ?Pro: process will terminate as early as possible when the passed attribute is not correct
Con: we do this check's more than once and have more than one pieces of code, so changing or extending the accepted format causes multiple code changes ??
Suggestion: Whats about creating a seperate "import" checker where we throughput every value that enters the system ? So, we have a central place where the format of a expiry-timestamp is defined, perhaps we can also implement some conversion functions to accept multiple formats and map them into one that suits our backend...
Micha: Is there any approach in the new code already ? Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
