xiaoyuyao commented on a change in pull request #1874:
URL: https://github.com/apache/ozone/pull/1874#discussion_r568802055
##########
File path:
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/CertificateStore.java
##########
@@ -47,12 +50,21 @@ void storeValidCertificate(BigInteger serialID,
X509Certificate certificate) throws IOException;
/**
- * Moves a certificate in a transactional manner from valid certificate to
+ * Adds the certificates to be revoked to a new CRL and moves all the
+ * certificates in a transactional manner from valid certificate to
* revoked certificate state.
- * @param serialID - Serial ID of the certificate.
+ * @param certificates - List of X509 Certificates to be revoked.
+ * @param caCertificateHolder - X509 Certificate Holder of the CA.
+ * @param reason - CRLReason for revocation.
+ * @param securityConfig - Security Configuration.
+ * @param keyPair - Public and Private key of the CA.
* @throws IOException
*/
- void revokeCertificate(BigInteger serialID) throws IOException;
+ void revokeCertificates(List<X509Certificate> certificates,
+ X509CertificateHolder caCertificateHolder,
+ int reason, SecurityConfig securityConfig,
+ KeyPair keyPair)
Review comment:
can we abstract the CRL handling into a separate class (like Approver
for CSR) without bringing CA keypair into the certificate store interface and
class?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
