[
https://issues.apache.org/jira/browse/HDDS-1119?focusedWorklogId=210558&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-210558
]
ASF GitHub Bot logged work on HDDS-1119:
----------------------------------------
Author: ASF GitHub Bot
Created on: 09/Mar/19 16:09
Start Date: 09/Mar/19 16:09
Worklog Time Spent: 10m
Work Description: xiaoyuyao commented on pull request #574: HDDS-1119. DN
get OM certificate from SCM CA for block token validation.
URL: https://github.com/apache/hadoop/pull/574#discussion_r264004618
##########
File path:
hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/token/BlockTokenVerifier.java
##########
@@ -78,29 +79,32 @@ public UserGroupInformation verify(String user, String
tokenStr)
throw new BlockTokenException("Failed to decode token : " + tokenStr);
}
- // TODO: revisit this when caClient is ready, skip signature check now.
- /**
- * the final code should like
- * if (caClient == null) {
- * throw new SCMSecurityException("Certificate client not available to
- * validate token");
- * }
- */
- if (caClient != null) {
- X509Certificate singerCert = caClient.queryCertificate(
- "certId=" + tokenId.getOmCertSerialId());
- if (singerCert == null) {
- throw new BlockTokenException("Can't find signer certificate " +
- "(OmCertSerialId: " + tokenId.getOmCertSerialId() +
- ") of the block token for user: " + tokenId.getUser());
- }
- Boolean validToken = caClient.verifySignature(tokenId.getBytes(),
- token.getPassword(), singerCert);
- if (!validToken) {
- throw new BlockTokenException("Invalid block token for user: " +
- tokenId.getUser());
- }
+ if (caClient == null) {
+ throw new SCMSecurityException("Certificate client not available " +
+ "to validate token");
}
+
+ X509Certificate singerCert;
+ try {
+ singerCert = caClient.getCertificate(tokenId.getOmCertSerialId());
Review comment:
The name is confusing. Maybe rename to getCertificateFromLocal to match with
getCertificateFromScm.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 210558)
Time Spent: 1h 10m (was: 1h)
> DN get OM certificate from SCM CA for block token validation
> ------------------------------------------------------------
>
> Key: HDDS-1119
> URL: https://issues.apache.org/jira/browse/HDDS-1119
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
> Reporter: Xiaoyu Yao
> Assignee: Ajay Kumar
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> This is needed when the DN received block token signed by OM and it does not
> have the certificate that OM.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
