[GitHub] [hadoop] ajayydv commented on a change in pull request #601: HDDS-1119. DN get OM certificate from SCM CA for block token validat…

Thu, 14 Mar 2019 22:45:56 -0700 

ajayydv commented on a change in pull request #601: HDDS-1119. DN get OM 
certificate from SCM CA for block token validat…
URL: https://github.com/apache/hadoop/pull/601#discussion_r265855876
 
 

 ##########
 File path: 
hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java
 ##########
 @@ -131,34 +187,72 @@ public PublicKey getPublicKey() {
   }
 
   /**
-   * Returns the certificate  of the specified component if it exists on the
-   * local system.
+   * Returns the default certificate of given client if it exists.
    *
    * @return certificate or Null if there is no data.
    */
   @Override
   public X509Certificate getCertificate() {
-    if(x509Certificate != null){
+    if (x509Certificate != null) {
       return x509Certificate;
     }
 
-    Path certPath = securityConfig.getCertificateLocation();
-    if (OzoneSecurityUtil.checkIfFileExist(certPath,
-        securityConfig.getCertificateFileName())) {
-      CertificateCodec certificateCodec =
-          new CertificateCodec(securityConfig);
-      try {
-        X509CertificateHolder x509CertificateHolder =
-            certificateCodec.readCertificate();
-        x509Certificate =
-            CertificateCodec.getX509Certificate(x509CertificateHolder);
-      } catch (java.security.cert.CertificateException | IOException e) {
-        getLogger().error("Error reading certificate.", e);
-      }
+    if (certSerialId == null) {
+      getLogger().error("Default certificate serial id is not set. Can't " +
+          "locate the default certificate for this client.");
+      return null;
+    }
+    // Refresh the cache from file system.
+    loadAllCertificates();
 
 Review comment:
   initialized local certificate during initial call to loadAllCertificates. 
Now if it is null at L202 than it is also not present in map, so loading it 
again from filesystem and checking it again is the only option.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to