ChenSammi commented on code in PR #5163:
URL: https://github.com/apache/ozone/pull/5163#discussion_r1310377034
##########
hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/ha/SequenceIdGenerator.java:
##########
@@ -416,17 +436,13 @@ public static void upgradeToSequenceId(SCMMetadataStore
scmMetadataStore)
while (iterator.hasNext()) {
X509Certificate cert =
iterator.next().getValue().getX509Certificate();
- if (HASecurityUtils.isSelfSignedCertificate(cert) &&
- HASecurityUtils.isCACertificate(cert)) {
- largestRootCertId =
- Long.max(cert.getSerialNumber().longValueExact(),
- largestRootCertId);
- }
+ largestCertId = Long.max(
Review Comment:
Long.MAX_VALUE is a very big data. If every 1s it generate 1000
certificates, then Long.MAX_VALUE will be exhausted by 292 million years. For
a fresh new Ozone cluster, which certificate serial ID starts from 1,
Long.MAX_VALUE is enough for this cluster's whole lifetime. For a already
existing Ozone cluster, it's existing max certificate serial ID could be a
bigger number. But given the certificate rotation is yearly scheduled, it's
very unlikely it will exhaust the numbers.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
