You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "ChenSammi (via GitHub)" <gi...@apache.org> on 2023/02/23 08:43:54 UTC
[GitHub] [ozone] ChenSammi commented on a diff in pull request #4145: HDDS-7590. Use keyManager and trustManager provided by keyStoreFactory in om grpc services
ChenSammi commented on code in PR #4145:
URL: https://github.com/apache/ozone/pull/4145#discussion_r1115375040
##########
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java:
##########
@@ -111,8 +112,10 @@ public abstract class DefaultCertificateClient implements CertificateClient {
private static final Random RANDOM = new SecureRandom();
- private static final String CERT_FILE_NAME_FORMAT = "%s.crt";
+ public static final String CERT_FILE_NAME_FORMAT = "%s.crt";
+ public static final String CA_CERT_PREFIX = "CA-";
private static final int CA_CERT_PREFIX_LEN = 3;
+ public static final String ROOT_CA_CERT_PREFIX = "ROOTCA-";
Review Comment:
@Galsza , thanks for the review. testUgi is necessary to make sure OM can connect SCM regarding kerberos login and kerberos service authentication. testSecureFlag for DefaultCAServer is to support a more fine grained certificate lifetime. CAType is a good suggestion. I will refactor this part of code.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org