[jira] [Updated] (HDDS-5557) Fix OzoneBlockTokenSecretManager#ValidateToken

Wed, 06 Oct 2021 03:38:04 -0700 


     [ 
https://issues.apache.org/jira/browse/HDDS-5557?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Attila Doroszlai updated HDDS-5557:
-----------------------------------
    Priority: Minor  (was: Major)

> Fix OzoneBlockTokenSecretManager#ValidateToken
> ----------------------------------------------
>
>                 Key: HDDS-5557
>                 URL: https://issues.apache.org/jira/browse/HDDS-5557
>             Project: Apache Ozone
>          Issue Type: Improvement
>            Reporter: Bharat Viswanadham
>            Assignee: Bharat Viswanadham
>            Priority: Minor
>              Labels: pull-request-available
>
> validateToken is called from retrievePassword
>   /**
>    * Retrieve the password for the given token identifier. Should check the 
> date
>    * or registry to make sure the token hasn't expired or been revoked. 
> Returns 
>    * the relevant password.
>    * @param identifier the identifier to validate
>    * @return the password to use
>    * @throws InvalidToken the token was invalid
>    */
>   public abstract byte[] retrievePassword(T identifier)
> validateToken should validate expiry, and no need to call verifySignature. 
> Similar to ShortLivedTokenSecretManager 
> {code:java}
> public boolean validateToken(OzoneBlockTokenIdentifier identifier)
>       throws InvalidToken {
>     long now = Time.now();
>     if (identifier.getExpiryDate() < now) {
>       throw new InvalidToken("token " + formatTokenId(identifier) + " is " +
>           "expired, current time: " + Time.formatTime(now) +
>           " expiry time: " + identifier.getExpiryDate());
>     }
>     // FIXME since verifySignature always throws, don't see how this could 
> work
>     if (!verifySignature(identifier, createPassword(identifier))) {
>       throw new InvalidToken("Tampered/Invalid token.");
>     }
>     return true;
>   }
>   public boolean verifySignature(OzoneBlockTokenIdentifier identifier,
>       byte[] password) {
>     throw new UnsupportedOperationException("This operation is not " +
>         "supported for block tokens.");
>   }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to