snazy commented on code in PR #1661:
URL: https://github.com/apache/polaris/pull/1661#discussion_r2105772973
##########
service/common/src/main/java/org/apache/polaris/service/auth/LocalRSAKeyProvider.java:
##########
@@ -48,12 +76,7 @@ public LocalRSAKeyProvider(Path publicKeyFileLocation, Path
privateKeyFileLocati
*/
@Override
public PublicKey getPublicKey() {
- try {
- return PemUtils.readPublicKeyFromFile(publicKeyFileLocation, "RSA");
- } catch (IOException e) {
- LOGGER.error("Unable to read public key from file {}",
publicKeyFileLocation, e);
- throw new RuntimeException("Unable to read public key from file " +
publicKeyFileLocation, e);
- }
+ return publicKey;
Review Comment:
You'd have to keep the previous (public) key around and referenced by their
id, as the [auth0 RSAKeyProvider
interface](https://javadoc.io/doc/com.auth0/java-jwt/3.2.0/com/auth0/jwt/interfaces/RSAKeyProvider.html)
defines, which [Polaris'
KeyProvider](https://github.com/apache/polaris/blob/1631da00b5f1116f779a044b00bbff8132cb4f49/service/common/src/main/java/org/apache/polaris/service/auth/KeyProvider.java)
does not. If you change the keys in a running Polaris system, all current
tokens become immediately invalid.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@polaris.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
