bharatviswa504 commented on a change in pull request #2000:
URL: https://github.com/apache/ozone/pull/2000#discussion_r600383272
##########
File path:
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java
##########
@@ -818,29 +830,64 @@ public Logger getLogger() {
return logger;
}
- /**
- * Create a scm security client, used to get SCM signed certificate.
- *
- * @return {@link SCMSecurityProtocol}
- */
- private static SCMSecurityProtocol getScmSecurityClient(
- OzoneConfiguration conf) throws IOException {
- RPC.setProtocolEngine(conf, SCMSecurityProtocolPB.class,
- ProtobufRpcEngine.class);
- long scmVersion =
- RPC.getProtocolVersion(ScmBlockLocationProtocolPB.class);
- InetSocketAddress scmSecurityProtoAdd =
- HddsServerUtil.getScmAddressForSecurityProtocol(conf);
- SCMSecurityProtocolClientSideTranslatorPB scmSecurityClient =
- new SCMSecurityProtocolClientSideTranslatorPB(
- RPC.getProxy(SCMSecurityProtocolPB.class, scmVersion,
- scmSecurityProtoAdd, UserGroupInformation.getCurrentUser(),
- conf, NetUtils.getDefaultSocketFactory(conf),
- Client.getRpcTimeout(conf)));
- return scmSecurityClient;
+ public String getComponentName() {
+ return null;
}
- public String getComponentName() {
+ @Override
+ public X509Certificate getRootCACertificate() {
+ if (rootCaCertId != null) {
+ return certificateMap.get(rootCaCertId);
+ }
return null;
}
+
+ @Override
+ public void storeRootCACertificate(String pemEncodedCert, boolean force)
+ throws CertificateException {
+ CertificateCodec certificateCodec = new CertificateCodec(securityConfig,
+ component);
+ try {
+ Path basePath = securityConfig.getCertificateLocation(component);
+
+ X509Certificate cert =
+ CertificateCodec.getX509Certificate(pemEncodedCert);
+ String certName = String.format(CERT_FILE_NAME_FORMAT,
+ cert.getSerialNumber().toString());
+
+ certName = ROOT_CA_CERT_PREFIX + certName;
+ rootCaCertId = cert.getSerialNumber().toString();
+
+ certificateCodec.writeCertificate(basePath, certName,
+ pemEncodedCert, force);
+ certificateMap.putIfAbsent(cert.getSerialNumber().toString(), cert);
+ } catch (IOException | java.security.cert.CertificateException e) {
+ throw new CertificateException("Error while storing Root CA " +
+ "certificate.", e, CERTIFICATE_ERROR);
+ }
+ }
+
+ @Override
+ public List<String> listCA() throws IOException {
+ if (pemEncodedCACerts == null) {
+ updateCAList();
Review comment:
And on a side note listCA() is not used, added that for future purpose.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
