I've changed the meaning of entry availability. It used to
be that an entry
is available if the store is available. Now, an entry is
available if its
private content is also available, and this value is
controlled by the
provider, via the new isAvailable() virtual function in
KeyStoreEntryContext
(default returns true). Otherwise, no new methods were
added.
KeyStoreEntry::isAvailable() and ensureAvailable() and
KeyStoreEntryWatcher
available/unavailable signals are all still there, but now
with just a
slightly different meaning.
It is therefore now possible to have entries that are
unavailable, even though
its store is available. For example, this can happen:
KeyStoreEntry e = keyStore.entryList().first();
if(!e.isAvailable())
printf("entry is in the store but not available for
private usen");
To indicate an availability change, the provider uses
storeUpdated, which
indicates if any entries were added, removed, or modified.
Availability is
considered a modification.
What I'm unsure about is how to handle prompting. If an
entry is unavailable
(but its store is available), what should the user be
prompted for? If you
prompt for the store that the entry is in, then that doesn't
really solve
anything since the store is already present.
For example, try this with qca-test and qcatool:
echo hello world > hello.txt
qcatool2 keystore exportref test:test > fake.ref
qcatool2 message sign smime fake.ref < hello.txt
Currently, the Test Store 1 will appear after 2 seconds,
containing an
unavailable Test Cert 1 entry. After 4 more seconds, Test
Cert 1 is made
available. What you see qcatool do is auto-accept the token
prompt after 2
seconds (because it sees the store appear), and then use
100% cpu for the
next 4 seconds as the provider keeps token prompting (entry
not available
yet) and qcatool keeps auto-accepting.
One possible solution is for the keyStoreEntry field of the
token event to
indicate that a particular entry is being prompted for, and
that the
application should not auto-accept until that exact entry is
available.
I tried this in my local copy of qcatool (patch attached).
I have it use the
KeyStore updated() signal to check for an availability
change on the prompted
entry before auto-accepting. If the keyStoreEntry field is
null, then it
will auto-accept if just the store is available. This works
great. Now
qcatool sleeps 6 seconds and then auto-accepts.
This may be plenty, but I have to figure out what prompt
language to use.
Right now it says "Please insert the 'Test Store 1'
token for Test Cert 1 and
press Enter...", but that's silly because the Test
Store 1 is already
present. Maybe it should say "Please make Test Cert 1
available (of Test
Store 1) and press Enter...".
Thoughts?
-Justin
_______________________________________________
delta mailing list
delta lists.affinix.com
http://lists.affinix.com/listinfo.cgi/delta-affinix.com
|
