Re: [Jsdsi-devel] My jsdsi changes

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Comments inline:

> 1. Made jsdsi.Obj implement java.io.Serializable for rmi. I think this
> should really implement the readObject() and writeObject() methods too
> in order to marshal using SEXPs.

Yes, it should definitely override those methods.

> 2. jsdsi.Validity had some code added to it by Michael Jaegar:
>
> He added some bounds checking to the constructor:
>
> public Validity(Date b, Date a, OnlineTest[] t) {
>   // By mic...@in...
>   if( t==null ) {
>     t = new OnlineTest[0];
>   }
>   notBefore = b;
>   notAfter = a;
>   tests = t;
> }

This is fine.

> and similar to the intersect method:
>
> public Validity intersect(Validity v) {
>   // combine lists of tests
>   OnlineTest[] ts =
>     new OnlineTest[(tests == null ? 0 : tests.length)
>     + (v.tests == null ? 0 : v.tests.length)];
>   int i = 0;
>   if (tests != null) {
>     System.arraycopy(tests, 0, ts, i, tests.length);
>     i += tests.length;
>   }
>   if (v.tests != null) {
>     System.arraycopy(v.tests, 0, ts, i, v.tests.length);
>   }

This change is unnecessary because the constructor now guarantees 'tests'
can never be null -- the original intersect code will work (and is
simpler).

> 3. Michael also added some similar bounds checking to
> jsdsi.NameCertSelector:
>
> public boolean match(jsdsi.Certificate cert) {
>   boolean toReturn = (cert.getCert() instanceof NameCert);
>   // By mic...@in...:
>   if( issuer != null ) {
>     toReturn &= cert.getCert().getIssuer().samePrincipalAs(issuer);
>   }
>   if( name!=null) {
>     toReturn &= ((NameCert) cert.getCert()).getName().equals(name);
>   }
>   return toReturn;
>   /*
>     return (cert.getCert() instanceof NameCert)
>       && cert.getCert().getIssuer().samePrincipalAs(issuer)
>       && ((NameCert) cert.getCert()).getName().equals(name);
>   */
> }

I think instead the NameCertSelector constructor should require that
issuer and name be non-null (and throw an exception otherwise).  If we
want to allow NameCert lookups by just the issuer, there should be a
different CertSelector class.  This way, CertStores can reject unsupported
selectors just by checking their type.

> 4. The rest of the changes/were to do with parsing/unparsing and I'd
> need to have a more indepth look to find out what. From memory there was
> one or two bugs and some stuff left to implement, e.g. handling of URLs.
> What I'll do is run your latest code against my unit tests that I
> created to test/implement my parsing/unparsing code.

Sounds good.  I'd really like to replace all the manual parsing/unparsing
with a generated parser, e.g., using JavaCC.  I can't pursue this right
now, but I think it would be a very nice change.

> And as additional questions:
>
> 1. Shouldn't the references to java.net.URLs actually be java.net.URIs?

Yes -- that class didn't exist when I implemented this :)

> 2. Should the <issuer-loc> (issuer-info) attribute be added to AuthCert?
> (http://theworld.com/~cme/spki.txt section 4.4)

Yes.

Thanks,
Sameer