ChenSammi commented on code in PR #4442:
URL: https://github.com/apache/ozone/pull/4442#discussion_r1147760065
##########
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java:
##########
@@ -331,6 +332,35 @@ public synchronized X509Certificate getCACertificate() {
return firstCertificateFrom(caCertPath);
}
+ /**
+ * Return all certificates in this component's trust chain,
+ * the last one is the root CA certificate.
+ */
+ public synchronized List<X509Certificate> getTrustChain() {
+ CertPath path = getCertPath();
+ if (path == null || path.getCertificates() == null) {
+ return null;
+ }
+
+ List<X509Certificate> chain = new ArrayList<>();
+ // certificate bundle case
+ if (path.getCertificates().size() > 1) {
+ for (int i = 0; i < path.getCertificates().size(); i++) {
+ chain.add((X509Certificate) path.getCertificates().get(i));
+ }
+ } else {
+ // case before certificate bundle is supported
+ chain.add(getCertificate());
+ chain.add(getCACertificate());
Review Comment:
Although I think there is always CA certificate in the old version Ozone,
but it's safer to check the CA certificate before add it to the list.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
