[jira] [Commented] (HDDS-1060) Token: Add api to get OM certificate from SCM

Ajay Kumar (JIRA) Mon, 11 Feb 2019 22:59:16 -0800


    [ 
https://issues.apache.org/jira/browse/HDDS-1060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16765740#comment-16765740
 ]


Ajay Kumar commented on HDDS-1060:
----------------------------------

[~xyao] thanks for review.
{quote}Line 61: Need to clarify if this return null if certificate is not found 
or throw at the interface level?
Based on the code I found later in SCMSecurityProtocolServer.java  Line 162, it 
seems throw IOE if certificate is not found. {quote}
You are right {{CertificateServer}} returns null if certificate with given 
serial id doesn't exist but API in {{SCMSecurityProtocolServer}} throws 
exception so that certificate clients don't ignore it silently. Updated javadoc 
for {{CertificateServer}}.

Line 64: the comments need to be updated. the certSerialId is not the 
certificate for this CA.
Done
{quote}StorageContainerManager.java
Line 227: can you add more comments on the usage of this flag and what to 
expect to work without a SCM login?{quote}
removed the flag, added test in {{TestSecureOzoneCluster}} instead. It 
validates rpc call with and without Kerberos.

{quote}TestStorageContainerManager.java
Line 460: can we put this in try{} final{}?{quote}
done.

> Token: Add api to get OM certificate from SCM
> ---------------------------------------------
>
>                 Key: HDDS-1060
>                 URL: https://issues.apache.org/jira/browse/HDDS-1060
>             Project: Hadoop Distributed Data Store
>          Issue Type: Sub-task
>            Reporter: Ajay Kumar
>            Assignee: Ajay Kumar
>            Priority: Major
>              Labels: Blocker, Security
>             Fix For: 0.4.0
>
>         Attachments: HDDS-1060.00.patch, HDDS-1060.01.patch
>
>
> Datanodes/OM need OM certificate to validate block tokens and delegation 
> tokens. 
> Add API for:
> 1. getCertificate(String certSerialId): To get certificate from SCM based on 
> certificate serial id.
> 2. getCACertificate(): To get CA certificate.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (HDDS-1060) Token: Add api to get OM certificate from SCM

Reply via email to