[
https://issues.apache.org/jira/browse/HDDS-1119?focusedWorklogId=211318&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-211318
]
ASF GitHub Bot logged work on HDDS-1119:
----------------------------------------
Author: ASF GitHub Bot
Created on: 11/Mar/19 21:36
Start Date: 11/Mar/19 21:36
Worklog Time Spent: 10m
Work Description: xiaoyuyao commented on pull request #574: HDDS-1119. DN
get OM certificate from SCM CA for block token validation.
URL: https://github.com/apache/hadoop/pull/574#discussion_r264441255
##########
File path:
hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java
##########
@@ -159,6 +210,51 @@ public X509Certificate getCertificate() {
return x509Certificate;
}
+ /**
+ * Returns the certificate with the specified certificate serial id if it
+ * exists else throws CertificateException.
+ * @param certSerialId
+ *
+ * @return certificate or Null if there is no data.
+ */
+ @Override
+ public X509Certificate getCertificateFromLocal(String certSerialId)
+ throws CertificateException {
+ // Check if it is in cache.
+ if (certificateMap.containsKey(certSerialId)) {
+ return certificateMap.get(certSerialId);
+ }
+
+ throw new CertificateException("Certificate with certSerialId:"
+ + certSerialId + " not found.", CERTIFICATE_NOT_FOUND_ERROR);
+ }
+
+ /**
+ * Get certificate from SCM and store it in local file system.
+ * @param certSerialId
+ * @return certificate
+ */
+ @Override
+ public X509Certificate getCertificateFromScm(String certSerialId)
+ throws CertificateException {
+
+ getLogger().info("Getting certificate with certSerialId:{}.",
+ certSerialId);
+ try {
+ SCMSecurityProtocol scmSecurityProtocolClient = getScmSecurityClient(
+ (OzoneConfiguration) securityConfig.getConfiguration());
+ String pemEncodedCert =
+ scmSecurityProtocolClient.getCertificate(certSerialId);
+ this.storeCertificate(pemEncodedCert, true, false);
+ return CertificateCodec.getX509Certificate(pemEncodedCert);
Review comment:
should we update the certificateMap here after store it?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 211318)
Time Spent: 3h 40m (was: 3.5h)
> DN get OM certificate from SCM CA for block token validation
> ------------------------------------------------------------
>
> Key: HDDS-1119
> URL: https://issues.apache.org/jira/browse/HDDS-1119
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
> Reporter: Xiaoyu Yao
> Assignee: Ajay Kumar
> Priority: Major
> Labels: pull-request-available
> Time Spent: 3h 40m
> Remaining Estimate: 0h
>
> This is needed when the DN received block token signed by OM and it does not
> have the certificate that OM.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
