You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Bharat Viswanadham (Jira)" <ji...@apache.org> on 2021/08/09 09:57:00 UTC
[jira] [Created] (HDDS-5557) Fix
OzoneBlockTokenSecretManager#ValidateToken
Bharat Viswanadham created HDDS-5557:
----------------------------------------
Summary: Fix OzoneBlockTokenSecretManager#ValidateToken
Key: HDDS-5557
URL: https://issues.apache.org/jira/browse/HDDS-5557
Project: Apache Ozone
Issue Type: Bug
Reporter: Bharat Viswanadham
validateToken is called from retrievePassword
/**
* Retrieve the password for the given token identifier. Should check the date
* or registry to make sure the token hasn't expired or been revoked. Returns
* the relevant password.
* @param identifier the identifier to validate
* @return the password to use
* @throws InvalidToken the token was invalid
*/
public abstract byte[] retrievePassword(T identifier)
validateToken should validate expiry, and no need to call verifySignature. Similar to ShortLivedTokenSecretManager
{code:java}
public boolean validateToken(OzoneBlockTokenIdentifier identifier)
throws InvalidToken {
long now = Time.now();
if (identifier.getExpiryDate() < now) {
throw new InvalidToken("token " + formatTokenId(identifier) + " is " +
"expired, current time: " + Time.formatTime(now) +
" expiry time: " + identifier.getExpiryDate());
}
// FIXME since verifySignature always throws, don't see how this could work
if (!verifySignature(identifier, createPassword(identifier))) {
throw new InvalidToken("Tampered/Invalid token.");
}
return true;
}
public boolean verifySignature(OzoneBlockTokenIdentifier identifier,
byte[] password) {
throw new UnsupportedOperationException("This operation is not " +
"supported for block tokens.");
}
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org