[
https://issues.apache.org/jira/browse/HDDS-1119?focusedWorklogId=213542&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-213542
]
ASF GitHub Bot logged work on HDDS-1119:
----------------------------------------
Author: ASF GitHub Bot
Created on: 15/Mar/19 03:33
Start Date: 15/Mar/19 03:33
Worklog Time Spent: 10m
Work Description: xiaoyuyao commented on pull request #601: HDDS-1119. DN
get OM certificate from SCM CA for block token validatā¦
URL: https://github.com/apache/hadoop/pull/601#discussion_r265840287
##########
File path:
hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java
##########
@@ -131,34 +187,72 @@ public PublicKey getPublicKey() {
}
/**
- * Returns the certificate of the specified component if it exists on the
- * local system.
+ * Returns the default certificate of given client if it exists.
*
* @return certificate or Null if there is no data.
*/
@Override
public X509Certificate getCertificate() {
- if(x509Certificate != null){
+ if (x509Certificate != null) {
return x509Certificate;
}
- Path certPath = securityConfig.getCertificateLocation();
- if (OzoneSecurityUtil.checkIfFileExist(certPath,
- securityConfig.getCertificateFileName())) {
- CertificateCodec certificateCodec =
- new CertificateCodec(securityConfig);
- try {
- X509CertificateHolder x509CertificateHolder =
- certificateCodec.readCertificate();
- x509Certificate =
- CertificateCodec.getX509Certificate(x509CertificateHolder);
- } catch (java.security.cert.CertificateException | IOException e) {
- getLogger().error("Error reading certificate.", e);
- }
+ if (certSerialId == null) {
+ getLogger().error("Default certificate serial id is not set. Can't " +
+ "locate the default certificate for this client.");
+ return null;
+ }
+ // Refresh the cache from file system.
+ loadAllCertificates();
Review comment:
Should we loadAllCertificates() again only if the map does not contain it?
Also, in the contsructor when we call loadAllCertificates(), should we asset
the passing in certSerialId is loaded into the map from file system?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 213542)
Time Spent: 7h 50m (was: 7h 40m)
> DN get OM certificate from SCM CA for block token validation
> ------------------------------------------------------------
>
> Key: HDDS-1119
> URL: https://issues.apache.org/jira/browse/HDDS-1119
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
> Reporter: Xiaoyu Yao
> Assignee: Ajay Kumar
> Priority: Major
> Labels: pull-request-available
> Time Spent: 7h 50m
> Remaining Estimate: 0h
>
> This is needed when the DN received blockĀ token signed by OM and it does not
> have the certificate that OM.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
