fapifta commented on code in PR #4382:
URL: https://github.com/apache/ozone/pull/4382#discussion_r1134583905
##########
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java:
##########
@@ -922,7 +922,7 @@ public Duration timeBeforeExpiryGracePeriod(X509Certificate
certificate) {
Duration gracePeriod = securityConfig.getRenewalGracePeriod();
Date expireDate = certificate.getNotAfter();
LocalDateTime gracePeriodStart = expireDate.toInstant()
- .atZone(ZoneId.systemDefault()).toLocalDateTime().minus(gracePeriod);
+ .minus(gracePeriod).atZone(ZoneId.systemDefault()).toLocalDateTime();
Review Comment:
Yes, thank you @adoroszlai for spotting this one.
In general this one did not caused a problem, as this implementation is used
with functionality that does not happen around certificate renewal, and where
it does, the grace period is a few seconds, so if it remains this way it does
not cause trouble just for very short periods of time, so probably we would not
recognize it, but nonetheless, I have pushed the change to the test class in a
follow up commit.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
