[jira] [Commented] (HDDS-696) Bootstrap genesis SCM(CA) with self-signed certificate.

Mon, 26 Nov 2018 12:31:53 -0800 


    [ 
https://issues.apache.org/jira/browse/HDDS-696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16699544#comment-16699544
 ] 

Anu Engineer commented on HDDS-696:
-----------------------------------

Thanks for the comments.
bq. Shall we move generateKeys, checkIfKeysExist and checkIfCertificatesExist 
to a util class. They can be used in Tests and few other places?
It is a good idea to have a version of these in the client eventually. But I 
would prefer those functions to actually decode these files. In the CA, we only 
check if the file exists, since the next function call will decode them. So I 
when I get to the client functions I will add them in a proper way, that does 
not only check for file existence, but also decode the objects in question.
bq. Are you planning to implement requestCertificate and revokeCertificate 
separately?
Yes, in the next patch. This patch is already too big.
bq. getCertificateLocation should include component part as well as same node 
may have multiple components and hence multiple certs?
I agree we do have an overloaded function with component, in this patch. Line 
204 after this patch is applied.

I will fix the rest of the issues and upload a new patch.








> Bootstrap genesis SCM(CA) with self-signed certificate.
> -------------------------------------------------------
>
>                 Key: HDDS-696
>                 URL: https://issues.apache.org/jira/browse/HDDS-696
>             Project: Hadoop Distributed Data Store
>          Issue Type: Sub-task
>            Reporter: Xiaoyu Yao
>            Assignee: Anu Engineer
>            Priority: Major
>         Attachments: HDDS-696-HDDS-4.001.patch, HDDS-696-HDDS-4.002.patch
>
>
> If security is enabled, SCM will generate the CA certs and bootstrap a CA. If 
> it is already  bootstrapped it the keys and root certificates are read from 
> the secure store, if not, they are generated.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to