[GitHub] [ozone] vivekratnavel commented on a change in pull request #1874: HDDS-4482. SCM should be able to persist CRL

Mon, 08 Feb 2021 15:32:47 -0800 


vivekratnavel commented on a change in pull request #1874:
URL: https://github.com/apache/ozone/pull/1874#discussion_r572451916



##########
File path: 
hadoop-hdds/framework/src/test/java/org/apache/hadoop/hdds/security/x509/certificate/authority/TestDefaultCAServer.java
##########
@@ -213,6 +224,55 @@ public void testRequestCertificateWithInvalidSubject() 
throws IOException,
     assertNotNull(holder.get());
   }
 
+  @Test
+  public void testRevokeCertificates() throws Exception {
+    String scmId =  RandomStringUtils.randomAlphabetic(4);
+    String clusterId =  RandomStringUtils.randomAlphabetic(4);
+
+    CertificateServer testCA = new DefaultCAServer("testCA",
+        clusterId, scmId, caStore);
+    testCA.init(new SecurityConfig(conf),
+        CertificateServer.CAType.SELF_SIGNED_CA);
+
+    KeyPair keyPair =
+        new HDDSKeyGenerator(conf).generateKey();
+    PKCS10CertificationRequest csr = new CertificateSignRequest.Builder()
+        .addDnsName("hadoop.apache.org")
+        .addIpAddress("8.8.8.8")
+        .setCA(false)
+        .setSubject("testCA")
+        .setConfiguration(conf)
+        .setKey(keyPair)
+        .build();
+
+    // Let us convert this to a string to mimic the common use case.
+    String csrString = CertificateSignRequest.getEncodedString(csr);
+
+    Future<X509CertificateHolder> holder = testCA.requestCertificate(csrString,
+        CertificateApprover.ApprovalType.TESTING_AUTOMATIC);
+
+    X509Certificate certificate =
+        new JcaX509CertificateConverter().getCertificate(holder.get());
+    List<X509Certificate> certs = new ArrayList<>();
+    certs.add(certificate);
+    Future<Boolean> revoked = testCA.revokeCertificates(certs,
+        CRLReason.keyCompromise, new SecurityConfig(conf));
+
+    // Revoking a valid certificate should return true.
+    assertTrue(revoked.get());
+

Review comment:
       I have added unit tests to test all those scenarios in 
TestSCMCertStore.java. Those kinds of tests are not possible for 
TestDefaultCAServer because we use a MockCAServer instance to unit test the CA 
server. 




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to