[
https://issues.apache.org/jira/browse/HDDS-7723?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
István Fajth updated HDDS-7723:
-------------------------------
Component/s: Security
> Refresh Keys and Certificate used in OzoneSecretManager after certificate
> renewed
> ---------------------------------------------------------------------------------
>
> Key: HDDS-7723
> URL: https://issues.apache.org/jira/browse/HDDS-7723
> Project: Apache Ozone
> Issue Type: Sub-task
> Components: Security
> Reporter: Sammi Chen
> Assignee: Sammi Chen
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.4.0
>
>
> There are three child class of OzoneSecretManager. The current behavior is,
> # OzoneDelegationTokenSecretManager , use OM's private key to calculate the
> delegation token signature, OM's certificate to verify the delegation token
> on token renew request on OM.
> # OzoneBlockTokenSecretManager, use OM's private key to calculate the block
> token signature, OM's certificate to verify the block token on DN.
> # ContainerTokenSecretManager, use SCM's private key to calculate the
> container token signature, SCM's certificate to verify the container token on
> DN.
> OzoneBlockTokenSecretManager and ContainerTokenSecretManager are also
> leveraged in EC Reconstruction coordinator on DN. This time, DN's private
> key and certificates are used to do the signature calculation and
> verification.
>
> This task aims to let the OzoneSecretManager to use the new key and
> certificate to generate the token once certificate is renewed, in the
> meanwhile, making sure tokens generated using the old key and certificate
> still work until they expired.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
