bharatviswa504 commented on a change in pull request #2000:
URL: https://github.com/apache/ozone/pull/2000#discussion_r603012814
##########
File path:
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/utils/HAUtils.java
##########
@@ -326,4 +350,123 @@ public static void
checkSecurityAndSCMHAEnabled(OzoneConfiguration conf) {
}
}
}
+
+ /**
+ * Build CA list which need to be passed to client.
+ *
+ * If certificate client is null, obtain the list of CA using SCM security
+ * client, else it uses certificate client.
+ * @param certClient
+ * @param configuration
+ * @return list of CA
+ * @throws IOException
+ */
+ public static List<String> buildCAList(CertificateClient certClient,
+ ConfigurationSource configuration) throws IOException {
+ //TODO: make it configurable.
+ long waitTime = 5 * 60 * 1000L;
+ long retryTime = 10 * 1000L;
+ long currentTime = Time.monotonicNow();
+ List<String> caCertPemList = null;
+ if (certClient != null) {
+ caCertPemList = new ArrayList<>();
+ if (!SCMHAUtils.isSCMHAEnabled(configuration)) {
+ if (certClient.getRootCACertificate() != null) {
+ caCertPemList.add(CertificateCodec.getPEMEncodedString(
Review comment:
Refactored this to make it work for both OM/DN/client.
As OM needs list of pemEncodedcerts where as
OzoneContainer/ContainerOperationClientt needs X509Certificates.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
