[GitHub] [hadoop] xiaoyuyao commented on a change in pull request #574: HDDS-1119. DN get OM certificate from SCM CA for block token validation.

Sat, 09 Mar 2019 08:21:29 -0800 

xiaoyuyao commented on a change in pull request #574: HDDS-1119. DN get OM 
certificate from SCM CA for block token validation.
URL: https://github.com/apache/hadoop/pull/574#discussion_r264005035
 
 

 ##########
 File path: 
hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java
 ##########
 @@ -65,24 +79,61 @@
  */
 public abstract class DefaultCertificateClient implements CertificateClient {
 
+  private static final String CERT_FILE_NAME_FORMAT = "%s.crt";
   private final Logger logger;
   private final SecurityConfig securityConfig;
   private final KeyCodec keyCodec;
   private PrivateKey privateKey;
   private PublicKey publicKey;
   private X509Certificate x509Certificate;
+  private Map<String, X509Certificate> certificateMap;
 
 
   DefaultCertificateClient(SecurityConfig securityConfig, Logger log) {
     Objects.requireNonNull(securityConfig);
     this.securityConfig = securityConfig;
     keyCodec = new KeyCodec(securityConfig);
     this.logger = log;
+    this.certificateMap = new ConcurrentHashMap<>();
+
+    loadAllCertificates();
   }
 
   /**
-   * Returns the private key of the specified component if it exists on the
-   * local system.
+   * Load all certificates from configured location.
+   * */
+  private void loadAllCertificates() {
+    // See if certs directory exists in file system.
+    Path certPath = securityConfig.getCertificateLocation();
+    if (Files.exists(certPath) && Files.isDirectory(certPath) &&
+        certPath.toFile().listFiles() != null) {
+      getLogger().info("Loading certificate from location:{}.",
+          certPath);
+
+      for (File file : certPath.toFile().listFiles()) {
 
 Review comment:
   There are two issues here:
   1. 2nd listFIles() call can be avoided on line: 113.
   2. This seems load only the local cert not those downloaded from scm because 
they are saved under subdirectories (certSerialID)

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to