fapifta commented on code in PR #3982:
URL: https://github.com/apache/ozone/pull/3982#discussion_r1046107440
##########
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/CertificateClient.java:
##########
@@ -99,6 +103,39 @@ default boolean isCertificateRenewed() {
*/
boolean verifyCertificate(X509Certificate certificate);
+ /**
+ * How much time is left for a certificate to enter the expiry grace period.
+ * @param certSerialId
+ *
+ * @return Duration, time before certificate enters the grace period defined
+ * by "hdds.x509.renew.grace.duration"
+ */
+ Duration timeBeforeExpiryGracePeriod(String certSerialId)
+ throws CertificateException;
+
+ /**
+ * Load all certificates from configured location.
+ * */
+ void loadAllCertificates();
+
+ /**
+ * Set the serial ID of default certificate for the specified component.
+ * @param certSerialId - certificate ID.
+ * */
+ void setCertificateId(String certSerialId);
+
+ /**
+ * Renew keys and certificate. Save the keys are certificate to disk in new
+ * directories, swap the current key directory and certs directory with the
+ * new directories.
+ * @param force, check certificate expiry time again if force is false.
+ * @return String, new certificate ID
+ * */
+ default String renewAndStoreKeyAndCertificate(boolean force)
Review Comment:
As we already have an implementation in the abstract
DefaultCertificateClient implementation, do we need to have a default
implementation added here?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
