This is an automated email from the ASF dual-hosted git repository.
adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new 09053fb031 HDDS-8667. Support CodecBuffer for CertInfo and CRLInfo and
code cleanup. (#4754)
09053fb031 is described below
commit 09053fb031ade5433c4a0b6baa42e682f6143d58
Author: Tsz-Wo Nicholas Sze <[email protected]>
AuthorDate: Thu May 25 00:39:45 2023 +0800
HDDS-8667. Support CodecBuffer for CertInfo and CRLInfo and code cleanup.
(#4754)
---
.../x509/certificate/utils/CertificateCodec.java | 34 ++++++---
.../org/apache/hadoop/ozone/OzoneSecurityUtil.java | 9 +--
.../hdds/datanode/metadata/CRLDBDefinition.java | 3 +-
.../SCMSecurityProtocolClientSideTranslatorPB.java | 25 +++----
.../hdds/security/x509/certificate/CertInfo.java | 86 ++++++++++------------
.../certificate/client/DNCertificateClient.java | 7 +-
.../hadoop/hdds/security/x509/crl/CRLCodec.java | 23 +++++-
.../hadoop/hdds/security/x509/crl/CRLInfo.java | 62 ++++++++--------
.../hdds/security/x509/crl/CRLInfoCodec.java | 57 --------------
.../hadoop/hdds/scm/metadata/CertInfoCodec.java | 58 ---------------
.../hadoop/hdds/scm/metadata/SCMDBDefinition.java | 5 +-
.../hdds/scm/server/StorageContainerManager.java | 23 +++---
.../scm/update/server/SCMCRLUpdateHandler.java | 19 ++---
13 files changed, 144 insertions(+), 267 deletions(-)
diff --git
a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/utils/CertificateCodec.java
b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/utils/CertificateCodec.java
index 517aca2adb..75e69fcfe0 100644
---
a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/utils/CertificateCodec.java
+++
b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/utils/CertificateCodec.java
@@ -19,7 +19,6 @@
package org.apache.hadoop.hdds.security.x509.certificate.utils;
-import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.hdds.security.exception.SCMSecurityException;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
@@ -51,10 +50,10 @@ import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
+import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
-import static java.nio.charset.StandardCharsets.UTF_8;
import static java.nio.file.attribute.PosixFilePermission.OWNER_EXECUTE;
import static java.nio.file.attribute.PosixFilePermission.OWNER_READ;
import static java.nio.file.attribute.PosixFilePermission.OWNER_WRITE;
@@ -165,16 +164,30 @@ public class CertificateCodec {
* @param pemEncodedString - PEM encoded String.
* @return X509Certificate - Certificate.
* @throws CertificateException - Thrown on Failure.
- * @throws IOException - Thrown on Failure.
*/
public static X509Certificate getX509Certificate(String pemEncodedString)
- throws CertificateException, IOException {
+ throws CertificateException {
+ return getX509Certificate(pemEncodedString, Function.identity());
+ }
+
+ public static <E extends Exception> X509Certificate getX509Certificate(
+ String pemEncoded, Function<CertificateException, E> convertor)
+ throws E {
CertificateFactory fact = getCertFactory();
- try (InputStream input = IOUtils.toInputStream(pemEncodedString, UTF_8)) {
+ // ByteArrayInputStream.close(), which is a noop, can be safely ignored.
+ final ByteArrayInputStream input = new ByteArrayInputStream(
+ pemEncoded.getBytes(DEFAULT_CHARSET));
+ try {
return (X509Certificate) fact.engineGenerateCertificate(input);
+ } catch (CertificateException e) {
+ throw convertor.apply(e);
}
}
+ public static IOException toIOException(CertificateException e) {
+ return new IOException("Failed to engineGenerateCertificate", e);
+ }
+
public static X509Certificate firstCertificateFrom(CertPath certificatePath)
{
return (X509Certificate) certificatePath.getCertificates().get(0);
}
@@ -245,7 +258,7 @@ public class CertificateCodec {
Paths.get(basePath.toString(), fileName).toFile();
try (FileOutputStream file = new FileOutputStream(certificateFile)) {
- IOUtils.write(pemEncodedCertificate, file, UTF_8);
+ file.write(pemEncodedCertificate.getBytes(DEFAULT_CHARSET));
}
Files.setPosixFilePermissions(certificateFile.toPath(), permissionSet);
@@ -255,11 +268,10 @@ public class CertificateCodec {
* Gets a certificate path from the specified pem encoded String.
*/
public static CertPath getCertPathFromPemEncodedString(
- String pemString) throws CertificateException, IOException {
- try (InputStream is =
- new ByteArrayInputStream(pemString.getBytes(DEFAULT_CHARSET))) {
- return generateCertPathFromInputStream(is);
- }
+ String pemString) throws CertificateException {
+ // ByteArrayInputStream.close(), which is a noop, can be safely ignored.
+ return generateCertPathFromInputStream(
+ new ByteArrayInputStream(pemString.getBytes(DEFAULT_CHARSET)));
}
private CertPath getCertPath(Path path, String fileName) throws IOException,
diff --git
a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneSecurityUtil.java
b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneSecurityUtil.java
index 21e6ffbb41..9a5a1fd563 100644
---
a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneSecurityUtil.java
+++
b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/OzoneSecurityUtil.java
@@ -23,7 +23,6 @@ import java.io.IOException;
import java.net.InetAddress;
import java.net.NetworkInterface;
import java.nio.file.Path;
-import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
@@ -136,12 +135,8 @@ public final class OzoneSecurityUtil {
List<X509Certificate> x509Certificates =
new ArrayList<>(pemEncodedCerts.size());
for (String cert : pemEncodedCerts) {
- try {
- x509Certificates.add(CertificateCodec.getX509Certificate(cert));
- } catch (CertificateException ex) {
- LOG.error("Error while converting to X509 format", ex);
- throw new IOException(ex);
- }
+ x509Certificates.add(CertificateCodec.getX509Certificate(
+ cert, CertificateCodec::toIOException));
}
return x509Certificates;
}
diff --git
a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/hdds/datanode/metadata/CRLDBDefinition.java
b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/hdds/datanode/metadata/CRLDBDefinition.java
index 149c11aaad..213e0e072c 100644
---
a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/hdds/datanode/metadata/CRLDBDefinition.java
+++
b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/hdds/datanode/metadata/CRLDBDefinition.java
@@ -23,7 +23,6 @@ import org.apache.hadoop.hdds.HddsUtils;
import org.apache.hadoop.hdds.conf.ConfigurationSource;
import
org.apache.hadoop.hdds.security.x509.certificate.client.DNCertificateClient;
import org.apache.hadoop.hdds.security.x509.crl.CRLInfo;
-import org.apache.hadoop.hdds.security.x509.crl.CRLInfoCodec;
import org.apache.hadoop.hdds.utils.db.DBColumnFamilyDefinition;
import org.apache.hadoop.hdds.utils.db.DBDefinition;
import org.apache.hadoop.hdds.utils.db.LongCodec;
@@ -46,7 +45,7 @@ public class CRLDBDefinition implements DBDefinition {
Long.class,
LongCodec.get(),
CRLInfo.class,
- new CRLInfoCodec());
+ CRLInfo.getCodec());
public static final DBColumnFamilyDefinition<String, Long>
CRL_SEQUENCE_ID =
diff --git
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/protocolPB/SCMSecurityProtocolClientSideTranslatorPB.java
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/protocolPB/SCMSecurityProtocolClientSideTranslatorPB.java
index 19bae372b4..e3803c492a 100644
---
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/protocolPB/SCMSecurityProtocolClientSideTranslatorPB.java
+++
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/protocolPB/SCMSecurityProtocolClientSideTranslatorPB.java
@@ -1,13 +1,13 @@
-/**
+/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with this
* work for additional information regarding copyright ownership. The ASF
* licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- * <p>
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- * <p>
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
@@ -19,12 +19,11 @@ package org.apache.hadoop.hdds.protocolPB;
import java.io.Closeable;
import java.io.IOException;
import java.security.cert.CRLException;
-import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.List;
+import java.util.Objects;
import java.util.function.Consumer;
-import com.google.common.base.Preconditions;
import org.apache.hadoop.hdds.protocol.SCMSecurityProtocol;
import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
import org.apache.hadoop.hdds.protocol.proto.HddsProtos.CRLInfoProto;
@@ -40,6 +39,7 @@ import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetCer
import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetCrlsRequestProto;
import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetDataNodeCertRequestProto;
import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetCertRequestProto;
+import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetOMCertRequestProto;
import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMListCACertificateRequestProto;
import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetLatestCrlIdRequestProto;
import
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMListCertificateRequestProto;
@@ -60,7 +60,6 @@ import org.apache.hadoop.ipc.RPC;
import com.google.protobuf.RpcController;
import com.google.protobuf.ServiceException;
-import static
org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetOMCertRequestProto;
/**
* This class is the client-side translator that forwards requests for
@@ -74,17 +73,11 @@ public class SCMSecurityProtocolClientSideTranslatorPB
implements
*/
private static final RpcController NULL_RPC_CONTROLLER = null;
private final SCMSecurityProtocolPB rpcProxy;
- private SCMSecurityProtocolFailoverProxyProvider failoverProxyProvider;
-
- public SCMSecurityProtocolClientSideTranslatorPB(
- SCMSecurityProtocolPB rpcProxy) {
- this.rpcProxy = rpcProxy;
- }
public SCMSecurityProtocolClientSideTranslatorPB(
- SCMSecurityProtocolFailoverProxyProvider proxyProvider) {
- Preconditions.checkState(proxyProvider != null);
- this.failoverProxyProvider = proxyProvider;
+ SCMSecurityProtocolFailoverProxyProvider failoverProxyProvider) {
+ Objects.requireNonNull(failoverProxyProvider,
+ "failoverProxyProvider == null");
this.rpcProxy = (SCMSecurityProtocolPB) RetryProxy.create(
SCMSecurityProtocolPB.class, failoverProxyProvider,
failoverProxyProvider.getRetryPolicy());
@@ -379,7 +372,7 @@ public class SCMSecurityProtocolClientSideTranslatorPB
implements
try {
CRLInfo crlInfo = CRLInfo.fromProtobuf(crlProto);
result.add(crlInfo);
- } catch (CRLException | CertificateException e) {
+ } catch (CRLException e) {
throw new SCMSecurityException("Fail to parse CRL info", e);
}
}
diff --git
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/CertInfo.java
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/CertInfo.java
index 9d8f6cce40..88854f3302 100644
---
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/CertInfo.java
+++
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/CertInfo.java
@@ -18,14 +18,16 @@
package org.apache.hadoop.hdds.security.x509.certificate;
-import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
+import org.apache.hadoop.hdds.protocol.proto.HddsProtos.CertInfoProto;
import org.apache.hadoop.hdds.security.exception.SCMSecurityException;
import org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec;
-import org.jetbrains.annotations.NotNull;
+import org.apache.hadoop.hdds.utils.db.Codec;
+import org.apache.hadoop.hdds.utils.db.DelegatedCodec;
+import org.apache.hadoop.hdds.utils.db.Proto2Codec;
+import javax.annotation.Nonnull;
import java.io.IOException;
import java.io.Serializable;
-import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Comparator;
import java.util.Objects;
@@ -33,40 +35,38 @@ import java.util.Objects;
/**
* Class that wraps Certificate Info.
*/
-public class CertInfo implements Comparator<CertInfo>,
- Comparable<CertInfo>, Serializable {
+public final class CertInfo implements Comparable<CertInfo>, Serializable {
+ private static final Codec<CertInfo> CODEC = new DelegatedCodec<>(
+ Proto2Codec.get(CertInfoProto.class),
+ CertInfo::fromProtobuf,
+ CertInfo::getProtobuf);
+
+ public static Codec<CertInfo> getCodec() {
+ return CODEC;
+ }
+
+ static final Comparator<CertInfo> COMPARATOR
+ = Comparator.comparingLong(CertInfo::getTimestamp);
- private X509Certificate x509Certificate;
+ private final X509Certificate x509Certificate;
// Timestamp when the certificate got persisted in the DB.
- private long timestamp;
+ private final long timestamp;
private CertInfo(X509Certificate x509Certificate, long timestamp) {
this.x509Certificate = x509Certificate;
this.timestamp = timestamp;
}
- /**
- * Constructor for CertInfo. Needed for serialization findbugs.
- */
- public CertInfo() {
- }
-
- public static CertInfo fromProtobuf(HddsProtos.CertInfoProto info)
- throws IOException, CertificateException {
- CertInfo.Builder builder = new CertInfo.Builder();
- return builder
- .setX509Certificate(
- CertificateCodec.getX509Certificate(info.getX509Certificate()))
+ public static CertInfo fromProtobuf(CertInfoProto info) throws IOException {
+ return new CertInfo.Builder()
+ .setX509Certificate(info.getX509Certificate())
.setTimestamp(info.getTimestamp())
.build();
}
- public HddsProtos.CertInfoProto getProtobuf() throws SCMSecurityException {
- HddsProtos.CertInfoProto.Builder builder =
- HddsProtos.CertInfoProto.newBuilder();
-
- return builder.setX509Certificate(
- CertificateCodec.getPEMEncodedString(getX509Certificate()))
+ public CertInfoProto getProtobuf() throws SCMSecurityException {
+ return CertInfoProto.newBuilder()
+ .setX509Certificate(getX509CertificatePEMEncodedString())
.setTimestamp(getTimestamp())
.build();
}
@@ -75,6 +75,11 @@ public class CertInfo implements Comparator<CertInfo>,
return x509Certificate;
}
+ public String getX509CertificatePEMEncodedString()
+ throws SCMSecurityException {
+ return CertificateCodec.getPEMEncodedString(getX509Certificate());
+ }
+
public long getTimestamp() {
return timestamp;
}
@@ -92,29 +97,8 @@ public class CertInfo implements Comparator<CertInfo>,
* from being compared to this object.
*/
@Override
- public int compareTo(@NotNull CertInfo o) {
- return this.compare(this, o);
- }
-
- /**
- * Compares its two arguments for order. Returns a negative integer,
- * zero, or a positive integer as the first argument is less than, equal
- * to, or greater than the second.<p>
- * <p>
- *
- * @param o1 the first object to be compared.
- * @param o2 the second object to be compared.
- * @return a negative integer, zero, or a positive integer as the
- * first argument is less than, equal to, or greater than the
- * second.
- * @throws NullPointerException if an argument is null and this
- * comparator does not permit null arguments
- * @throws ClassCastException if the arguments' types prevent them from
- * being compared by this comparator.
- */
- @Override
- public int compare(CertInfo o1, CertInfo o2) {
- return Long.compare(o1.getTimestamp(), o2.getTimestamp());
+ public int compareTo(@Nonnull CertInfo o) {
+ return COMPARATOR.compare(this, o);
}
@Override
@@ -159,6 +143,12 @@ public class CertInfo implements Comparator<CertInfo>,
return this;
}
+ public Builder setX509Certificate(String x509Certificate)
+ throws IOException {
+ return setX509Certificate(CertificateCodec.getX509Certificate(
+ x509Certificate, CertificateCodec::toIOException));
+ }
+
public Builder setTimestamp(long timestamp) {
this.timestamp = timestamp;
return this;
diff --git
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DNCertificateClient.java
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DNCertificateClient.java
index d05de0b05c..63b6a37c3e 100644
---
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DNCertificateClient.java
+++
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DNCertificateClient.java
@@ -37,7 +37,6 @@ import java.nio.file.Path;
import java.security.KeyPair;
import java.util.function.Consumer;
-import static
org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec.getX509Certificate;
import static
org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateSignRequest.getEncodedString;
import static
org.apache.hadoop.hdds.security.x509.exception.CertificateException.ErrorCode.CSR_ERROR;
@@ -120,9 +119,9 @@ public class DNCertificateClient extends
DefaultCertificateClient {
CAType.ROOT, certCodec, false);
}
// Return the default certificate ID
- String dnCertSerialId = getX509Certificate(pemEncodedCert).
- getSerialNumber().toString();
- return dnCertSerialId;
+ return CertificateCodec.getX509Certificate(pemEncodedCert)
+ .getSerialNumber()
+ .toString();
} else {
throw new CertificateException("Unable to retrieve datanode " +
"certificate chain.");
diff --git
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/crl/CRLCodec.java
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/crl/CRLCodec.java
index bde2d49eb2..354e2675c5 100644
---
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/crl/CRLCodec.java
+++
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/crl/CRLCodec.java
@@ -29,10 +29,10 @@ import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
-import java.io.InputStream;
import java.io.StringWriter;
import java.nio.file.Files;
import java.nio.file.Path;
@@ -41,6 +41,7 @@ import java.nio.file.attribute.PosixFilePermission;
import java.security.cert.CRLException;
import java.security.cert.X509CRL;
import java.util.Set;
+import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
@@ -123,16 +124,30 @@ public class CRLCodec {
* @param pemEncodedString - PEM encoded String.
* @return X509CRL - Crl.
* @throws CRLException - Thrown on Failure.
- * @throws IOException - Thrown on Failure.
*/
public static X509CRL getX509CRL(String pemEncodedString)
- throws CRLException, IOException {
+ throws CRLException {
+ return getX509CRL(pemEncodedString, Function.identity());
+ }
+
+ public static <E extends Exception> X509CRL getX509CRL(String pemEncoded,
+ Function<CRLException, E> convertor)
+ throws E {
CertificateFactory fact = CertificateCodec.getCertFactory();
- try (InputStream input = IOUtils.toInputStream(pemEncodedString, UTF_8)) {
+ // ByteArrayInputStream.close(), which is a noop, can be safely ignored.
+ final ByteArrayInputStream input = new ByteArrayInputStream(
+ pemEncoded.getBytes(UTF_8));
+ try {
return (X509CRL) fact.engineGenerateCRL(input);
+ } catch (CRLException e) {
+ throw convertor.apply(e);
}
}
+ public static IOException toIOException(CRLException e) {
+ return new IOException("Failed to engineGenerateCRL", e);
+ }
+
/**
* Get CRL location.
*
diff --git
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/crl/CRLInfo.java
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/crl/CRLInfo.java
index 8aa512f691..52545983c5 100644
---
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/crl/CRLInfo.java
+++
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/crl/CRLInfo.java
@@ -18,30 +18,41 @@
package org.apache.hadoop.hdds.security.x509.crl;
-import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
+import org.apache.hadoop.hdds.protocol.proto.HddsProtos.CRLInfoProto;
import org.apache.hadoop.hdds.protocol.scm.proto.SCMUpdateServiceProtos;
import org.apache.hadoop.hdds.security.exception.SCMSecurityException;
+import org.apache.hadoop.hdds.utils.db.Codec;
+import org.apache.hadoop.hdds.utils.db.DelegatedCodec;
+import org.apache.hadoop.hdds.utils.db.Proto2Codec;
import org.jetbrains.annotations.NotNull;
-import java.io.IOException;
import java.security.cert.CRLException;
-import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.time.Instant;
import java.util.Comparator;
import java.util.Objects;
+import java.util.function.Function;
/**
* Class that wraps Certificate Revocation List Info.
*/
-public class CRLInfo implements Comparator<CRLInfo>,
+public final class CRLInfo implements Comparator<CRLInfo>,
Comparable<CRLInfo> {
- private X509CRL x509CRL;
- private long creationTimestamp;
- private long crlSequenceID;
- private Instant revocationTime;
+ private static final Codec<CRLInfo> CODEC = new DelegatedCodec<>(
+ Proto2Codec.get(CRLInfoProto.class),
+ proto -> fromProtobuf(proto, CRLCodec::toIOException),
+ CRLInfo::getProtobuf);
+
+ public static Codec<CRLInfo> getCodec() {
+ return CODEC;
+ }
+
+ private final X509CRL x509CRL;
+ private final long creationTimestamp;
+ private final long crlSequenceID;
+ private final Instant revocationTime;
private CRLInfo(X509CRL x509CRL, long creationTimestamp, long crlSequenceID)
{
assert ((x509CRL != null) &&
@@ -54,27 +65,23 @@ public class CRLInfo implements Comparator<CRLInfo>,
entry.getRevocationDate().getTime());
}
- /**
- * Constructor for CRLInfo. Needed for serialization findbugs.
- */
- public CRLInfo() {
+ public static CRLInfo fromProtobuf(CRLInfoProto info)
+ throws CRLException {
+ return fromProtobuf(info, Function.identity());
}
- public static CRLInfo fromProtobuf(HddsProtos.CRLInfoProto info)
- throws IOException, CRLException, CertificateException {
- CRLInfo.Builder builder = new CRLInfo.Builder();
- return builder
- .setX509CRL(CRLCodec.getX509CRL(info.getX509CRL()))
+ private static <E extends Exception> CRLInfo fromProtobuf(
+ CRLInfoProto info, Function<CRLException, E> convertor) throws E {
+ return new CRLInfo.Builder()
+ .setX509CRL(CRLCodec.getX509CRL(info.getX509CRL(), convertor))
.setCreationTimestamp(info.getCreationTimestamp())
.setCrlSequenceID(info.getCrlSequenceID())
.build();
}
- public HddsProtos.CRLInfoProto getProtobuf() throws SCMSecurityException {
- HddsProtos.CRLInfoProto.Builder builder =
- HddsProtos.CRLInfoProto.newBuilder();
-
- return builder.setX509CRL(CRLCodec.getPEMEncodedString(getX509CRL()))
+ public CRLInfoProto getProtobuf() throws SCMSecurityException {
+ return CRLInfoProto.newBuilder()
+ .setX509CRL(CRLCodec.getPEMEncodedString(getX509CRL()))
.setCreationTimestamp(getCreationTimestamp())
.setCrlSequenceID(getCrlSequenceID())
.build();
@@ -82,9 +89,8 @@ public class CRLInfo implements Comparator<CRLInfo>,
public static CRLInfo fromCRLProto3(
SCMUpdateServiceProtos.CRLInfoProto info)
- throws IOException, CRLException, CertificateException {
- CRLInfo.Builder builder = new CRLInfo.Builder();
- return builder
+ throws CRLException {
+ return new CRLInfo.Builder()
.setX509CRL(CRLCodec.getX509CRL(info.getX509CRL()))
.setCreationTimestamp(info.getCreationTimestamp())
.setCrlSequenceID(info.getCrlSequenceID())
@@ -93,10 +99,8 @@ public class CRLInfo implements Comparator<CRLInfo>,
public SCMUpdateServiceProtos.CRLInfoProto getCRLProto3()
throws SCMSecurityException {
- SCMUpdateServiceProtos.CRLInfoProto.Builder builder =
- SCMUpdateServiceProtos.CRLInfoProto.newBuilder();
-
- return builder.setX509CRL(CRLCodec.getPEMEncodedString(getX509CRL()))
+ return SCMUpdateServiceProtos.CRLInfoProto.newBuilder()
+ .setX509CRL(CRLCodec.getPEMEncodedString(getX509CRL()))
.setCreationTimestamp(getCreationTimestamp())
.setCrlSequenceID(getCrlSequenceID())
.build();
diff --git
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/crl/CRLInfoCodec.java
b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/crl/CRLInfoCodec.java
deleted file mode 100644
index 2d53b8fb6f..0000000000
---
a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/crl/CRLInfoCodec.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-package org.apache.hadoop.hdds.security.x509.crl;
-
-import com.google.common.base.Preconditions;
-import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
-import org.apache.hadoop.hdds.utils.db.Codec;
-
-import java.io.IOException;
-import java.security.cert.CRLException;
-import java.security.cert.CertificateException;
-
-/**
- * Codec to serialize / deserialize CRLInfo.
- */
-public class CRLInfoCodec implements Codec<CRLInfo> {
-
- @Override
- public byte[] toPersistedFormat(CRLInfo crlInfo) throws IOException {
- return crlInfo.getProtobuf().toByteArray();
- }
-
- @Override
- public CRLInfo fromPersistedFormat(byte[] rawData) throws IOException {
-
- Preconditions.checkNotNull(rawData,
- "Null byte array can't be converted to real object.");
- try {
- return CRLInfo.fromProtobuf(
- HddsProtos.CRLInfoProto.PARSER.parseFrom(rawData));
- } catch (CertificateException | CRLException e) {
- throw new IllegalArgumentException(
- "Can't encode the the raw data from the byte array", e);
- }
- }
-
- @Override
- public CRLInfo copyObject(CRLInfo object) {
- throw new UnsupportedOperationException();
- }
-}
diff --git
a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/metadata/CertInfoCodec.java
b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/metadata/CertInfoCodec.java
deleted file mode 100644
index 01a0e22bc3..0000000000
---
a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/metadata/CertInfoCodec.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-package org.apache.hadoop.hdds.scm.metadata;
-
-import com.google.common.base.Preconditions;
-import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
-import org.apache.hadoop.hdds.security.x509.certificate.CertInfo;
-import org.apache.hadoop.hdds.utils.db.Codec;
-
-import java.io.IOException;
-import java.security.cert.CertificateException;
-
-/**
- * Codec to serialize / deserialize CertInfo.
- */
-public class CertInfoCodec implements Codec<CertInfo> {
-
-
- @Override
- public byte[] toPersistedFormat(CertInfo certInfo) throws IOException {
- return certInfo.getProtobuf().toByteArray();
- }
-
- @Override
- public CertInfo fromPersistedFormat(byte[] rawData) throws IOException {
-
- Preconditions.checkNotNull(rawData,
- "Null byte array can't be converted to real object.");
- try {
- return CertInfo.fromProtobuf(
- HddsProtos.CertInfoProto.PARSER.parseFrom(rawData));
- } catch (CertificateException e) {
- throw new IllegalArgumentException(
- "Can't encode the the raw data from the byte array", e);
- }
- }
-
- @Override
- public CertInfo copyObject(CertInfo object) {
- throw new UnsupportedOperationException();
- }
-}
diff --git
a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/metadata/SCMDBDefinition.java
b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/metadata/SCMDBDefinition.java
index 626e3f1177..3a067a4cb7 100644
---
a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/metadata/SCMDBDefinition.java
+++
b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/metadata/SCMDBDefinition.java
@@ -27,7 +27,6 @@ import org.apache.hadoop.hdds.scm.container.ContainerID;
import org.apache.hadoop.hdds.scm.container.ContainerInfo;
import org.apache.hadoop.hdds.scm.container.common.helpers.MoveDataNodePair;
import org.apache.hadoop.hdds.security.x509.certificate.CertInfo;
-import org.apache.hadoop.hdds.security.x509.crl.CRLInfoCodec;
import org.apache.hadoop.hdds.utils.TransactionInfo;
import org.apache.hadoop.hdds.security.x509.crl.CRLInfo;
import org.apache.hadoop.hdds.scm.pipeline.Pipeline;
@@ -90,7 +89,7 @@ public class SCMDBDefinition implements DBDefinition {
BigInteger.class,
new BigIntegerCodec(),
CertInfo.class,
- new CertInfoCodec());
+ CertInfo.getCodec());
public static final DBColumnFamilyDefinition<PipelineID, Pipeline>
PIPELINES =
@@ -125,7 +124,7 @@ public class SCMDBDefinition implements DBDefinition {
Long.class,
LongCodec.get(),
CRLInfo.class,
- new CRLInfoCodec());
+ CRLInfo.getCodec());
public static final DBColumnFamilyDefinition<String, Long>
CRL_SEQUENCE_ID =
diff --git
a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java
b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java
index fb5fb74982..e6880add77 100644
---
a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java
+++
b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/StorageContainerManager.java
@@ -1539,20 +1539,15 @@ public final class StorageContainerManager extends
ServiceRuntimeInfoImpl
// Write the primary SCM CA and Root CA during startup.
for (String cert : pemEncodedCerts) {
- try {
- X509Certificate x509Certificate =
- CertificateCodec.getX509Certificate(cert);
- if (certificateStore.getCertificateByID(
- x509Certificate.getSerialNumber(), VALID_CERTS) == null) {
- LOG.info("Persist certificate serialId {} on Scm Bootstrap Node " +
- "{}", x509Certificate.getSerialNumber(),
- scmStorageConfig.getScmId());
- certificateStore.storeValidScmCertificate(
- x509Certificate.getSerialNumber(), x509Certificate);
- }
- } catch (CertificateException ex) {
- LOG.error("Error while decoding CA Certificate", ex);
- throw new IOException(ex);
+ X509Certificate x509Certificate = CertificateCodec.getX509Certificate(
+ cert, CertificateCodec::toIOException);
+ if (certificateStore.getCertificateByID(
+ x509Certificate.getSerialNumber(), VALID_CERTS) == null) {
+ LOG.info("Persist certificate serialId {} on Scm Bootstrap Node " +
+ "{}", x509Certificate.getSerialNumber(),
+ scmStorageConfig.getScmId());
+ certificateStore.storeValidScmCertificate(
+ x509Certificate.getSerialNumber(), x509Certificate);
}
}
}
diff --git
a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/update/server/SCMCRLUpdateHandler.java
b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/update/server/SCMCRLUpdateHandler.java
index bc92f822a2..f4eefab26e 100644
---
a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/update/server/SCMCRLUpdateHandler.java
+++
b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/update/server/SCMCRLUpdateHandler.java
@@ -23,10 +23,8 @@ import
org.apache.hadoop.hdds.protocol.scm.proto.SCMUpdateServiceProtos.CRLUpdat
import
org.apache.hadoop.hdds.protocol.scm.proto.SCMUpdateServiceProtos.UpdateResponse;
import org.apache.hadoop.hdds.scm.update.client.CRLStore;
import org.apache.hadoop.hdds.security.exception.SCMSecurityException;
-import org.apache.hadoop.hdds.security.x509.crl.CRLCodec;
import org.apache.hadoop.hdds.security.x509.crl.CRLInfo;
import org.apache.ratis.thirdparty.io.grpc.Status;
-import org.apache.ratis.thirdparty.io.grpc.stub.StreamObserver;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -135,17 +133,10 @@ public class SCMCRLUpdateHandler implements
SCMUpdateHandler {
throws SCMSecurityException {
LOG.debug("Sending client# {} with crl: {} ",
clientInfo.getClientId(), crl.getCrlSequenceID());
- StreamObserver<UpdateResponse> responseObserver =
- clientInfo.getResponseObserver();
- SCMUpdateServiceProtos.CRLInfoProto crlInfoProto =
- SCMUpdateServiceProtos.CRLInfoProto.newBuilder()
- .setCrlSequenceID(crl.getCrlSequenceID())
- .setX509CRL(CRLCodec.getPEMEncodedString(crl.getX509CRL()))
- .setCreationTimestamp(crl.getCreationTimestamp()).build();
- responseObserver.onNext(
- UpdateResponse.newBuilder()
- .setUpdateType(SCMUpdateServiceProtos.Type.CRLUpdate)
- .setCrlUpdateResponse(CRLUpdateResponse.newBuilder()
- .setCrlInfo(crlInfoProto).build()).build());
+ clientInfo.getResponseObserver().onNext(UpdateResponse.newBuilder()
+ .setUpdateType(SCMUpdateServiceProtos.Type.CRLUpdate)
+ .setCrlUpdateResponse(
+ CRLUpdateResponse.newBuilder().setCrlInfo(crl.getCRLProto3()))
+ .build());
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
