Bug 480111
Summary: | Applet changes needed for Safenet 330J | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] Dogtag Certificate System | Reporter: | Jack Magne <jmagne> | ||||||
Component: | TPS | Assignee: | Jack Magne <jmagne> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | high | ||||||||
Version: | 1.0 | CC: | aakkiang, alee, benl, jmagne, rrelyea | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | All | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2009-07-22 23:31:08 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 443788 | ||||||||
Attachments: |
|
Description
Jack Magne
2009-01-15 04:42:39 UTC
To clarify, the resource problem takes place in the applet component of TPS. Created attachment 329063 [details]
Patch to allow the safenet token to enroll.
Created attachment 329066 [details]
Actual patch to work around this problem
rrelyea can you review 329066? Comment on attachment 329066 [details]
Actual patch to work around this problem
r+ with the following caveat.
This patch should only be used for the Safenet 330J, and here's why:
This moves the iobuf from volatile to non-volatile memory. This has the following downsides:
1) access to non-volatile memory is expensive. We use iobuf as a temp in many places, including signing, so this can affect the performance of the card (you may notice enrollment is a bit slower, as well as signing).
2) bigger issue: non-volatile memory only has a limitted number of write cycles. Each write reduces the overall lifetime of the card. IOBUF is a scratch area that is written to every time you do a signature.
This patch should be checked in as a branch and applets produced for it should only apply to this card. In addition we should recommend that the vendor create cards with more Transient memory for any deployment if possible.
bob
Checking in CardEdge.java; /cvs/dirsec/coolkey/applet/src/com/redhat/ckey/applet/CardEdge.java,v <-- CardEdge.java new revision: 1.4.2.1; previous revision: 1.4 Verified. Tested enrollment with applet upgrade from version 1.3.44724DDE to 1.4.499dc06c on Safenet 330J, works fine. We have a separate bug for the applet downgrade issue (https://bugzilla.redhat.com/show_bug.cgi?id=493211). |