fapifta commented on code in PR #6725:
URL: https://github.com/apache/ozone/pull/6725#discussion_r1633515660
##########
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/CertificateStore.java:
##########
@@ -74,40 +66,8 @@ void storeValidScmCertificate(BigInteger serialID,
*/
void checkValidCertID(BigInteger serialID) throws IOException;
-
- /**
- * Adds the certificates to be revoked to a new CRL and moves all the
- * certificates in a transactional manner from valid certificate to
- * revoked certificate state. Returns an empty {@code Optional} instance if
- * the certificates were invalid / not found / already revoked and no CRL
- * was generated. Otherwise, returns the newly generated CRL sequence ID.
- * @param serialIDs - List of Serial IDs of Certificates to be revoked.
- * @param caCertificateHolder - X509 Certificate Holder of the CA.
- * @param reason - CRLReason for revocation.
- * @param revocationTime - Revocation Time for the certificates.
- * @param approver - CRL approver to sign the CRL.
- * @return An empty {@code Optional} instance if no CRL was generated.
- * Otherwise, returns the newly generated CRL sequence ID.
- * @throws IOException - on failure.
- */
- @Replicate
- Optional<Long> revokeCertificates(List<BigInteger> serialIDs,
- X509CertificateHolder caCertificateHolder,
- CRLReason reason,
- Date revocationTime,
- CRLApprover approver)
- throws IOException;
-
- /**
- * Deletes an expired certificate from the store. Please note: We don't
- * remove revoked certificates, we need that information to generate the
- * CRLs.
- * @param serialID - Certificate ID.
- */
- void removeExpiredCertificate(BigInteger serialID) throws IOException;
Review Comment:
This method is defined, and it has two implementation, one in MockCAStore,
and SCMCertStore, neither of them did anything meaningful, and actually
removing an expired certificate by ID does not seem to be useful even in the
future. It is not closely related to CRL, but I ran into this while I was
wondering around the code looking at what to remove for CRL.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
