[
https://issues.apache.org/jira/browse/HDDS-804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16699952#comment-16699952
]
Yiqun Lin commented on HDDS-804:
--------------------------------
In additional [~xyao]'s comments, Can we use a consistent way for token
expiration? As I see some places we use {{Time.now}}, others are
{{Time.monotonicNow}}.
{code:java}
/**
+ * Returns expiry time of a token given its identifier.
+ *
+ * @return Expiry time of the token
+ */
+ private long getTokenExpiryTime() {
+ return Time.monotonicNow() + getTokenRenewInterval();
+ }
+
+ /**
+ * Should be called before this object is used.
+ */
...
+ // TODO: handle roll private key/certificate
+ private synchronized void removeExpiredKeys() {
+ long now = Time.now();
+ for (Iterator<Map.Entry<Integer, OzoneSecretKey>> it = allKeys.entrySet()
+ .iterator(); it.hasNext();) {
+ Map.Entry<Integer, OzoneSecretKey> e = it.next();
+ OzoneSecretKey key = e.getValue();
+ if (key.getExpiryDate() < now) {
+ it.remove();
+ }
+ }
+ }
{code}
Looking into implementation in similar class
{{AbstractDelegationTokenSecretManager/BlockTokenSecretManager}}, it uses
{{Time.now();}} all the time. Also we will print an incorrect date by
{{Time.formatTime(Time.monotonicNow())}}.
> Block token: Add secret token manager
> -------------------------------------
>
> Key: HDDS-804
> URL: https://issues.apache.org/jira/browse/HDDS-804
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
> Components: Security
> Reporter: Ajay Kumar
> Assignee: Ajay Kumar
> Priority: Major
> Attachments: HDDS-804-HDDS-4.00.patch, HDDS-804-HDDS-4.01.patch,
> HDDS-804-HDDS-4.02.patch, HDDS-804-HDDS-4.03.patch
>
>
> Add secret manager to process block tokens in OzoneManager.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
