István Fajth created HDDS-11029: ----------------------------------- Summary: Replace PKCS10CertificationRequest usage in DefaultCAServer Key: HDDS-11029 URL: https://issues.apache.org/jira/browse/HDDS-11029 Project: Apache Ozone Issue Type: Sub-task Reporter: István Fajth
Currently, we serialize the PEM encoded String represenation of a certificate sign request to send it over the wire to be signed by our CA server implementation. On the server side, the SCMSecurityProtocolServer class right away turns this transferred string representation back to a PKCS10CertificationRequest object, and then passes it on to the DefaultCAServer object. This DefaultCAServer then passes it on to the approver implementation to inspect if the CSR conforms with our predefined profiles, then to sign it. Instead of this, we should only convert the PEM encoded String back to a PKCS10CertificationRequest instance within the approver, with that limiting the scope of BouncyCastle usage for this purpose. Note: One idea to do so, is to create a separate approver for all the CSR-s that are arriving, as it is a lightweight to create object, and during the instance initialization we can do the conversion from String to PKCS10CertificationRequest. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org For additional commands, e-mail: issues-h...@ozone.apache.org