[
https://issues.apache.org/jira/browse/HDDS-778?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16670595#comment-16670595
]
Xiaoyu Yao commented on HDDS-778:
---------------------------------
Thanks [~anu] for the patch. It looks good to me overall. Just two minor
comments:
CertificateServer.java
Line 96: SELF_SIGNED_CA should we rename this to ROOT_CA?
CertificateClient.java
Line 90: need some clarification of the usage of signDataStream() and
verifySignature.
My understanding below
○ signDataStream generate a encryptedHash based on the private key.
○ verifySignature uses the public key from signer certificate to decrypt the
hash from the signer and compare the hash with the one it calculates locally.
Do we miss the original stream here for verifySignature?
> Add an interface for CA and Clients for Certificate operations
> --------------------------------------------------------------
>
> Key: HDDS-778
> URL: https://issues.apache.org/jira/browse/HDDS-778
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
> Components: SCM, SCM Client
> Reporter: Anu Engineer
> Assignee: Anu Engineer
> Priority: Major
> Attachments: HDDS-778-HDDS-4.001.patch
>
>
> This JIRA proposes to add an interface specification that can be programmed
> against by Datanodes and Ozone Manager and other clients that want to use the
> certificate-based security features of HDDS.
> We will also add a Certificate Server interface, this interface can be used
> to use non-SCM based CA or if we need to use HSM based secret storage
> services.
> At this point, it is simply an interface and nothing more. Thanks to [~xyao]
> for suggesting this idea.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
