[ https://issues.apache.org/jira/browse/HDDS-804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16699952#comment-16699952 ]
Yiqun Lin commented on HDDS-804: -------------------------------- In additional [~xyao]'s comments, Can we use a consistent way for token expiration? As I see some places we use {{Time.now}}, others are {{Time.monotonicNow}}. {code:java} /** + * Returns expiry time of a token given its identifier. + * + * @return Expiry time of the token + */ + private long getTokenExpiryTime() { + return Time.monotonicNow() + getTokenRenewInterval(); + } + + /** + * Should be called before this object is used. + */ ... + // TODO: handle roll private key/certificate + private synchronized void removeExpiredKeys() { + long now = Time.now(); + for (Iterator<Map.Entry<Integer, OzoneSecretKey>> it = allKeys.entrySet() + .iterator(); it.hasNext();) { + Map.Entry<Integer, OzoneSecretKey> e = it.next(); + OzoneSecretKey key = e.getValue(); + if (key.getExpiryDate() < now) { + it.remove(); + } + } + } {code} Looking into implementation in similar class {{AbstractDelegationTokenSecretManager/BlockTokenSecretManager}}, it uses {{Time.now();}} all the time. Also we will print an incorrect date by {{Time.formatTime(Time.monotonicNow())}}. > Block token: Add secret token manager > ------------------------------------- > > Key: HDDS-804 > URL: https://issues.apache.org/jira/browse/HDDS-804 > Project: Hadoop Distributed Data Store > Issue Type: Sub-task > Components: Security > Reporter: Ajay Kumar > Assignee: Ajay Kumar > Priority: Major > Attachments: HDDS-804-HDDS-4.00.patch, HDDS-804-HDDS-4.01.patch, > HDDS-804-HDDS-4.02.patch, HDDS-804-HDDS-4.03.patch > > > Add secret manager to process block tokens in OzoneManager. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org