tolbertam commented on code in PR #3109:
URL: https://github.com/apache/cassandra/pull/3109#discussion_r1529345185
##########
src/java/org/apache/cassandra/auth/MutualTlsAuthenticator.java:
##########
@@ -208,9 +224,29 @@ public AuthenticatedUser getAuthenticatedUser() throws
AuthenticationException
nospamLogger.error(msg, identity);
throw new AuthenticationException(MessageFormatter.format(msg,
identity).getMessage());
}
+
+ // Validates that the certificate validity period does not exceed
the maximum certificate configured validity period
+ int minutesToCertificateExpiration =
certificateValidityPeriodValidator.validate(clientCertificateChain);
+ int daysToCertificateExpiration =
toDays(minutesToCertificateExpiration);
+
+ if (certificateValidityWarnThreshold != null
+ && minutesToCertificateExpiration <
certificateValidityWarnThreshold.toMinutes())
+ {
+ nospamLogger.warn("Certificate with identity '{}' will expire
in {} minutes",
Review Comment:
Since we are logging this, it may be nice to convert it into a duration and
then log that so you get something precisely more human readable (e.g. if a
certificate expires in 5 hours 4 hours and 37 minutes, this will log '7477'
which is not as human readable.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
