You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ozone.apache.org by xy...@apache.org on 2021/04/20 01:24:35 UTC
[ozone] branch master updated: HDDS-5117. CRLInfo should include
CRL Sequence ID (#2161)
This is an automated email from the ASF dual-hosted git repository.
xyao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new 8036536 HDDS-5117. CRLInfo should include CRL Sequence ID (#2161)
8036536 is described below
commit 8036536100710a21afbcdc36e49fab4898a13df6
Author: Vivek Ratnavel Subramanian <vi...@gmail.com>
AuthorDate: Mon Apr 19 18:24:16 2021 -0700
HDDS-5117. CRLInfo should include CRL Sequence ID (#2161)
---
.../hadoop/hdds/security/x509/crl/CRLInfo.java | 24 ++++++++++++++++++----
.../interface-client/src/main/proto/hdds.proto | 1 +
.../hadoop/hdds/scm/server/SCMCertStore.java | 1 +
.../hadoop/hdds/scm/server/TestSCMCertStore.java | 6 ++++--
4 files changed, 26 insertions(+), 6 deletions(-)
diff --git a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/crl/CRLInfo.java b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/crl/CRLInfo.java
index f137adc..cd9c218 100644
--- a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/crl/CRLInfo.java
+++ b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/crl/CRLInfo.java
@@ -38,10 +38,12 @@ public class CRLInfo implements Comparator<CRLInfo>,
private X509CRL x509CRL;
private long creationTimestamp;
+ private long crlSequenceID;
- private CRLInfo(X509CRL x509CRL, long creationTimestamp) {
+ private CRLInfo(X509CRL x509CRL, long creationTimestamp, long crlSequenceID) {
this.x509CRL = x509CRL;
this.creationTimestamp = creationTimestamp;
+ this.crlSequenceID = crlSequenceID;
}
/**
@@ -56,6 +58,7 @@ public class CRLInfo implements Comparator<CRLInfo>,
return builder
.setX509CRL(CRLCodec.getX509CRL(info.getX509CRL()))
.setCreationTimestamp(info.getCreationTimestamp())
+ .setCrlSequenceID(info.getCrlSequenceID())
.build();
}
@@ -65,6 +68,7 @@ public class CRLInfo implements Comparator<CRLInfo>,
return builder.setX509CRL(CRLCodec.getPEMEncodedString(getX509CRL()))
.setCreationTimestamp(getCreationTimestamp())
+ .setCrlSequenceID(getCrlSequenceID())
.build();
}
@@ -76,6 +80,10 @@ public class CRLInfo implements Comparator<CRLInfo>,
return creationTimestamp;
}
+ public long getCrlSequenceID() {
+ return crlSequenceID;
+ }
+
/**
* Compares this object with the specified object for order. Returns a
* negative integer, zero, or a positive integer as this object is less
@@ -126,7 +134,8 @@ public class CRLInfo implements Comparator<CRLInfo>,
CRLInfo that = (CRLInfo) o;
- return this.getX509CRL().equals(that.x509CRL) &&
+ return this.crlSequenceID == that.crlSequenceID &&
+ this.getX509CRL().equals(that.x509CRL) &&
this.creationTimestamp == that.creationTimestamp;
}
@@ -138,7 +147,8 @@ public class CRLInfo implements Comparator<CRLInfo>,
@Override
public String toString() {
return "CRLInfo{" +
- "x509CRL=" + x509CRL.toString() +
+ "crlSequenceID=" + crlSequenceID +
+ ", x509CRL=" + x509CRL.toString() +
", creationTimestamp=" + creationTimestamp +
'}';
}
@@ -150,6 +160,7 @@ public class CRLInfo implements Comparator<CRLInfo>,
public static class Builder {
private X509CRL x509CRL;
private long creationTimestamp;
+ private long crlSequenceID;
public Builder setX509CRL(X509CRL x509CRL) {
this.x509CRL = x509CRL;
@@ -161,8 +172,13 @@ public class CRLInfo implements Comparator<CRLInfo>,
return this;
}
+ public Builder setCrlSequenceID(long crlSequenceID) {
+ this.crlSequenceID = crlSequenceID;
+ return this;
+ }
+
public CRLInfo build() {
- return new CRLInfo(x509CRL, creationTimestamp);
+ return new CRLInfo(x509CRL, creationTimestamp, crlSequenceID);
}
}
}
diff --git a/hadoop-hdds/interface-client/src/main/proto/hdds.proto b/hadoop-hdds/interface-client/src/main/proto/hdds.proto
index d826290..e7e4502 100644
--- a/hadoop-hdds/interface-client/src/main/proto/hdds.proto
+++ b/hadoop-hdds/interface-client/src/main/proto/hdds.proto
@@ -323,6 +323,7 @@ message BlockID {
message CRLInfoProto {
required string x509CRL = 1;
required uint64 creationTimestamp = 2;
+ required int64 crlSequenceID = 3;
}
/**
diff --git a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMCertStore.java b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMCertStore.java
index 195cad6..7a56858 100644
--- a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMCertStore.java
+++ b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMCertStore.java
@@ -189,6 +189,7 @@ public final class SCMCertStore implements CertificateStore {
CRLInfo crlInfo = new CRLInfo.Builder()
.setX509CRL(crl)
.setCreationTimestamp(now.getTime())
+ .setCrlSequenceID(id)
.build();
scmMetadataStore.getCRLInfoTable().putWithBatch(
batch, id, crlInfo);
diff --git a/hadoop-hdds/server-scm/src/test/java/org/apache/hadoop/hdds/scm/server/TestSCMCertStore.java b/hadoop-hdds/server-scm/src/test/java/org/apache/hadoop/hdds/scm/server/TestSCMCertStore.java
index fa3ac9f..5ddbe55 100644
--- a/hadoop-hdds/server-scm/src/test/java/org/apache/hadoop/hdds/scm/server/TestSCMCertStore.java
+++ b/hadoop-hdds/server-scm/src/test/java/org/apache/hadoop/hdds/scm/server/TestSCMCertStore.java
@@ -162,7 +162,6 @@ public class TestSCMCertStore {
List<CRLInfo> crls = scmCertStore.getCrls(Arrays.asList(crlId));
assertEquals(1, crls.size());
-
// CRL Info table should have a CRL with sequence id
assertNotNull(scmMetadataStore.getCRLInfoTable()
.get(sequenceId.get()));
@@ -173,6 +172,8 @@ public class TestSCMCertStore {
CRLInfo crlInfo = crls.get(0);
+ assertEquals(crlInfo.getCrlSequenceID(), sequenceId.get().longValue());
+
Set<? extends X509CRLEntry> revokedCertificates =
crlInfo.getX509CRL().getRevokedCertificates();
assertEquals(1L, revokedCertificates.size());
@@ -228,6 +229,8 @@ public class TestSCMCertStore {
c.getSerialNumber().equals(newSerialIDs.get(1)))
.findAny());
+ assertEquals(newCrlInfo.getCrlSequenceID(), sequenceId.get().longValue());
+
// Valid certs table should have 1 cert
assertEquals(1L,
getTableSize(scmMetadataStore.getValidCertsTable().iterator()));
@@ -249,7 +252,6 @@ public class TestSCMCertStore {
// Set revocation time in the future
Date revocationTime = new Date(now.getTime()+500);
-
X509CertificateHolder caCertificateHolder =
new X509CertificateHolder(generateX509Cert().getEncoded());
List<BigInteger> certs = new ArrayList<>();
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@ozone.apache.org
For additional commands, e-mail: commits-help@ozone.apache.org