[GitHub] [hadoop] xiaoyuyao commented on a change in pull request #574: HDDS-1119. DN get OM certificate from SCM CA for block token validation.

Sat, 09 Mar 2019 08:24:14 -0800 

xiaoyuyao commented on a change in pull request #574: HDDS-1119. DN get OM 
certificate from SCM CA for block token validation.
URL: https://github.com/apache/hadoop/pull/574#discussion_r264005139
 
 

 ##########
 File path: 
hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java
 ##########
 @@ -349,29 +441,49 @@ public X509Certificate queryCertificate(String query) {
   }
 
   /**
-   * Stores the Certificate  for this client. Don't use this api to add
-   * trusted certificates of other components.
+   * Stores the Certificate  for this client. Don't use this api to add trusted
+   * certificates of other s.
    *
-   * @param certificate - X509 Certificate
+   * @param pemEncodedCert - pem encoded X509 Certificate
+   * @param force - override any existing file
+   * @param isLocalIdentityCert - true if certificate belongs to the identity
+   * cert for this certificate client.
    * @throws CertificateException - on Error.
+   *
+   * Note: Certificate client can store certificates for other daemons as well.
+   * Local certificate refers to the certificate issued to this certificate
+   * client. This is stored along with public key and private key. Certificate
+   * of other daemons is stoed in sub dirs named after certificate serial id of
+   * certificate.
    */
   @Override
-  public void storeCertificate(X509Certificate certificate)
-      throws CertificateException {
+  public void storeCertificate(String pemEncodedCert, boolean force,
+      boolean isLocalIdentityCert) throws CertificateException {
     CertificateCodec certificateCodec = new CertificateCodec(securityConfig);
     try {
-      certificateCodec.writeCertificate(
-          new X509CertificateHolder(certificate.getEncoded()));
-    } catch (IOException | CertificateEncodingException e) {
+      Path basePath = securityConfig.getCertificateLocation();
+      String certName;
+      X509Certificate cert =
+          CertificateCodec.getX509Certificate(pemEncodedCert);
+      if (isLocalIdentityCert) {
+        certName = securityConfig.getCertificateFileName();
+      } else {
+        certName = String.format(CERT_FILE_NAME_FORMAT,
 
 Review comment:
   You should use Paths.get() the path format with hard coded path separator 
won't work across platforms.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to