You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "Bharat Viswanadham (Jira)" <ji...@apache.org> on 2021/08/09 09:57:00 UTC

[jira] [Created] (HDDS-5557) Fix OzoneBlockTokenSecretManager#ValidateToken

Bharat Viswanadham created HDDS-5557:
----------------------------------------

             Summary: Fix OzoneBlockTokenSecretManager#ValidateToken
                 Key: HDDS-5557
                 URL: https://issues.apache.org/jira/browse/HDDS-5557
             Project: Apache Ozone
          Issue Type: Bug
            Reporter: Bharat Viswanadham


validateToken is called from retrievePassword

  /**
   * Retrieve the password for the given token identifier. Should check the date
   * or registry to make sure the token hasn't expired or been revoked. Returns 
   * the relevant password.
   * @param identifier the identifier to validate
   * @return the password to use
   * @throws InvalidToken the token was invalid
   */
  public abstract byte[] retrievePassword(T identifier)

validateToken should validate expiry, and no need to call verifySignature. Similar to ShortLivedTokenSecretManager 

{code:java}
public boolean validateToken(OzoneBlockTokenIdentifier identifier)
      throws InvalidToken {
    long now = Time.now();
    if (identifier.getExpiryDate() < now) {
      throw new InvalidToken("token " + formatTokenId(identifier) + " is " +
          "expired, current time: " + Time.formatTime(now) +
          " expiry time: " + identifier.getExpiryDate());
    }

    // FIXME since verifySignature always throws, don't see how this could work
    if (!verifySignature(identifier, createPassword(identifier))) {
      throw new InvalidToken("Tampered/Invalid token.");
    }
    return true;
  }


  public boolean verifySignature(OzoneBlockTokenIdentifier identifier,
      byte[] password) {
    throw new UnsupportedOperationException("This operation is not " +
        "supported for block tokens.");
  }
{code}




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org