Galsza opened a new pull request, #4231: URL: https://github.com/apache/ozone/pull/4231
## What changes were proposed in this pull request? Instead of using the sole certificate the whole cert bundle is used now. In this new version, certificates are stored along with their entire certificate path up to the root CA. When getting these certificates, the whole chain is read back instead. In protocol messages the chain is converted into a String, so in reality `SCMGetCertResponseProto.x509Certificate` is now a pem encoded full certification chain. Some minor refactors in CertificateCodec and removing some dead code is also included. ## What is the link to the Apache JIRA [HDDS-7379](https://issues.apache.org/jira/browse/HDDS-7379) ## How was this patch tested? Some local tests were added as well as a sanity check of running a local cluster with security enabled and inserting a key. ##Work in progress: - Adding more tests - Fixing an issue in CertificateCodec with the comment //Bug here, which might cause some services to not read the full CertificateChain - Double check that getting the certificate chain is properly done in every place where a proto message is being read/written. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
