[
https://issues.apache.org/jira/browse/HDDS-11029?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chung En Lee updated HDDS-11029:
--------------------------------
Target Version/s: 2.2.0
2.2.0 (was: 2.1.0)
<<Bulk update>>
Apache Ozone 2.1.0 release is in progress. I'm updating all unresolved jiras
targeting 2.1.0 to retarget 2.2.0.
> Replace PKCS10CertificationRequest usage in DefaultCAServer
> -----------------------------------------------------------
>
> Key: HDDS-11029
> URL: https://issues.apache.org/jira/browse/HDDS-11029
> Project: Apache Ozone
> Issue Type: Sub-task
> Reporter: István Fajth
> Assignee: István Fajth
> Priority: Major
>
> Currently, we serialize the PEM encoded String represenation of a certificate
> sign request to send it over the wire to be signed by our CA server
> implementation.
> On the server side, the SCMSecurityProtocolServer class right away turns this
> transferred string representation back to a PKCS10CertificationRequest
> object, and then passes it on to the DefaultCAServer object. This
> DefaultCAServer then passes it on to the approver implementation to inspect
> if the CSR conforms with our predefined profiles, then to sign it.
> Instead of this, we should only convert the PEM encoded String back to a
> PKCS10CertificationRequest instance within the approver, with that limiting
> the scope of BouncyCastle usage for this purpose.
> Note:
> One idea to do so, is to create a separate approver for all the CSR-s that
> are arriving, as it is a lightweight to create object, and during the
> instance initialization we can do the conversion from String to
> PKCS10CertificationRequest.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
