frankgh commented on code in PR #3109:
URL: https://github.com/apache/cassandra/pull/3109#discussion_r1534645331
##########
src/java/org/apache/cassandra/auth/MutualTlsAuthenticator.java:
##########
@@ -208,9 +224,29 @@ public AuthenticatedUser getAuthenticatedUser() throws
AuthenticationException
nospamLogger.error(msg, identity);
throw new AuthenticationException(MessageFormatter.format(msg,
identity).getMessage());
}
+
+ // Validates that the certificate validity period does not exceed
the maximum certificate configured validity period
+ int minutesToCertificateExpiration =
certificateValidityPeriodValidator.validate(clientCertificateChain);
+ int daysToCertificateExpiration =
toDays(minutesToCertificateExpiration);
+
+ if (certificateValidityWarnThreshold != null
+ && minutesToCertificateExpiration <
certificateValidityWarnThreshold.toMinutes())
+ {
+ nospamLogger.warn("Certificate with identity '{}' will expire
in {} minutes",
+ identity, minutesToCertificateExpiration);
+ }
+
+ // Report metrics on client certificate expiration
+
MutualTlsMetrics.instance.clientCertificateExpirationDays.update(daysToCertificateExpiration);
+
return new AuthenticatedUser(role, MTLS,
Collections.singletonMap(METADATA_IDENTITY_KEY, identity));
}
+ private int toDays(int minutes)
+ {
+ return (int) TimeUnit.MINUTES.toDays(minutes);
Review Comment:
done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
