Dan Burkert has posted comments on this change. Change subject: java: implement Channel Bindings ......................................................................
Patch Set 1: (4 comments) http://gerrit.cloudera.org:8080/#/c/5953/1/java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java File java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java: Line 267: if ("GSSAPI".equals(clientMech)) { This needs to be predicated on TLS as well. Line 339: if (certs.length > 0) { I think this check is unnecessary, and in fact we would want it to throw if there was no cert (but I don't think it can happen in practice). Line 434: throw new RuntimeException("invalid channel bindings provided by remote peer"); May want to log a warning like on the C++ side. http://gerrit.cloudera.org:8080/#/c/5953/1/java/kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java File java/kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java: Line 72: // The above list is exhaustive as of JDK7's implementation of and JDK8, it appears. https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#MessageDigest -- To view, visit http://gerrit.cloudera.org:8080/5953 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I8b604ea6a0cff55820f7fbbb3ba4beba3a888a48 Gerrit-PatchSet: 1 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <t...@apache.org> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Jean-Daniel Cryans <jdcry...@apache.org> Gerrit-Reviewer: Kudu Jenkins Gerrit-HasComments: Yes