[Delta] API updates
Alon Bar-Lev
alon.barlev at gmail.com
Sun Apr 15 13:27:10 PDT 2007
On 4/15/07, Justin Karneges <justin-psi2 at affinix.com> wrote:
> Suppose the app creates some passive entries of a known store, and then calls
> entryList() to obtain non-passive entries from that same store. The passive
> entries will have been assigned DN string names, and the non-passive entries
> will have been assigned friendly names. There won't be any duplicate
> friendly names among all of these entries, simply because all non-passive
> entries have unique friendly names and the passive entries don't have
> friendly names.
Right.
> Next, suppose the application creates more passive entries from this same
> store. This time around, the entries would be assigned friendly names (at
> least if they are known to exist in the store, otherwise they would be
> assigned DN strings). It might be possible that a passive entry has the same
> name as a non-passive entry, but it would be for the same cert. There is no
> uniqueness problem yet.
I don't understand what you call store...
If I have two tokens:
Token A with CN=X
Token B with CN=X and CN=X (two certificates)
And I deserialize a third certificate with CN=X.
Now:
1. Insert token1.
2. Deserilize
3. Insert token2.
The passive entry will get the friendly name of the 2nd certificate of token2.
What did I miss?
> > What do you think about the following simple solution...
> > Modify KeyStoreEntryContext::serialize() to receive friendly name for
> > user choice...
> > So we can serialize and deserialize using the friendly name selected
> > by the user.
> > This solves most of the issues... And the friendly name will be
> > constant between instances.
>
> Can you give an example of how this would solve the problem?
In stead of guessing name for passive entries, the application will
provide them... So it will be much easier to label the passive
entries... It would be like you specify a "file name".
People may use:
s = e.serialize (e.name ());
But may specify a user label for the entry...
Then the user will be prompted using the selected label...
Thinking about it... It quite similar to Microsoft certificate store
friendly names... :)
No complex logic...
Best Regards,
Alon Bar-Lev.
More information about the delta
mailing list