Galsza commented on code in PR #5009:
URL: https://github.com/apache/ozone/pull/5009#discussion_r1252928331
##########
hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/CertificateClient.java:
##########
@@ -126,6 +130,30 @@ X509Certificate getCertificate(String certSerialId)
*/
Set<X509Certificate> getAllCaCerts();
+ /**
+ * This method serves as a convenience to solve the common problem in the
+ * code related to clients, and handle single SCM case and the data with
+ * which we provide one single cert to old clients.
+ * @return either the rootCA certificate, or the sub-CA certificate
+ * of the node that served as the rootCA during bootstrap.
+ */
+ default String getSingleCACertificatePEM() throws SCMSecurityException {
+ return CertificateCodec.getPEMEncodedString(getSingleCACertificate());
+ }
+
+ /**
+ * This method serves as a convenience to solve the common problem in the
+ * code related to clients, and handle single SCM case and the data with
+ * which we provide one single cert to old clients.
+ * @return either the rootCA certificate, or the sub-CA certificate
+ * of the node that served as the rootCA during bootstrap.
+ */
+ default X509Certificate getSingleCACertificate() {
Review Comment:
This method could possibly used in other places, (ReloadingTrustManager is
what I know by heart, but it's going to change with Sammi's change), could you
check once we get there, if there are other places we could use this?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
