You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ozone.apache.org by xy...@apache.org on 2021/04/20 01:24:35 UTC

[ozone] branch master updated: HDDS-5117. CRLInfo should include CRL Sequence ID (#2161)

This is an automated email from the ASF dual-hosted git repository.

xyao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git


The following commit(s) were added to refs/heads/master by this push:
     new 8036536  HDDS-5117. CRLInfo should include CRL Sequence ID (#2161)
8036536 is described below

commit 8036536100710a21afbcdc36e49fab4898a13df6
Author: Vivek Ratnavel Subramanian <vi...@gmail.com>
AuthorDate: Mon Apr 19 18:24:16 2021 -0700

    HDDS-5117. CRLInfo should include CRL Sequence ID (#2161)
---
 .../hadoop/hdds/security/x509/crl/CRLInfo.java     | 24 ++++++++++++++++++----
 .../interface-client/src/main/proto/hdds.proto     |  1 +
 .../hadoop/hdds/scm/server/SCMCertStore.java       |  1 +
 .../hadoop/hdds/scm/server/TestSCMCertStore.java   |  6 ++++--
 4 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/crl/CRLInfo.java b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/crl/CRLInfo.java
index f137adc..cd9c218 100644
--- a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/crl/CRLInfo.java
+++ b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/crl/CRLInfo.java
@@ -38,10 +38,12 @@ public class CRLInfo implements Comparator<CRLInfo>,
 
   private X509CRL x509CRL;
   private long creationTimestamp;
+  private long crlSequenceID;
 
-  private CRLInfo(X509CRL x509CRL, long creationTimestamp) {
+  private CRLInfo(X509CRL x509CRL, long creationTimestamp, long crlSequenceID) {
     this.x509CRL = x509CRL;
     this.creationTimestamp = creationTimestamp;
+    this.crlSequenceID = crlSequenceID;
   }
 
   /**
@@ -56,6 +58,7 @@ public class CRLInfo implements Comparator<CRLInfo>,
     return builder
         .setX509CRL(CRLCodec.getX509CRL(info.getX509CRL()))
         .setCreationTimestamp(info.getCreationTimestamp())
+        .setCrlSequenceID(info.getCrlSequenceID())
         .build();
   }
 
@@ -65,6 +68,7 @@ public class CRLInfo implements Comparator<CRLInfo>,
 
     return builder.setX509CRL(CRLCodec.getPEMEncodedString(getX509CRL()))
         .setCreationTimestamp(getCreationTimestamp())
+        .setCrlSequenceID(getCrlSequenceID())
         .build();
   }
 
@@ -76,6 +80,10 @@ public class CRLInfo implements Comparator<CRLInfo>,
     return creationTimestamp;
   }
 
+  public long getCrlSequenceID() {
+    return crlSequenceID;
+  }
+
   /**
    * Compares this object with the specified object for order.  Returns a
    * negative integer, zero, or a positive integer as this object is less
@@ -126,7 +134,8 @@ public class CRLInfo implements Comparator<CRLInfo>,
 
     CRLInfo that = (CRLInfo) o;
 
-    return this.getX509CRL().equals(that.x509CRL) &&
+    return this.crlSequenceID == that.crlSequenceID &&
+        this.getX509CRL().equals(that.x509CRL) &&
         this.creationTimestamp == that.creationTimestamp;
   }
 
@@ -138,7 +147,8 @@ public class CRLInfo implements Comparator<CRLInfo>,
   @Override
   public String toString() {
     return "CRLInfo{" +
-        "x509CRL=" + x509CRL.toString() +
+        "crlSequenceID=" + crlSequenceID +
+        ", x509CRL=" + x509CRL.toString() +
         ", creationTimestamp=" + creationTimestamp +
         '}';
   }
@@ -150,6 +160,7 @@ public class CRLInfo implements Comparator<CRLInfo>,
   public static class Builder {
     private X509CRL x509CRL;
     private long creationTimestamp;
+    private long crlSequenceID;
 
     public Builder setX509CRL(X509CRL x509CRL) {
       this.x509CRL = x509CRL;
@@ -161,8 +172,13 @@ public class CRLInfo implements Comparator<CRLInfo>,
       return this;
     }
 
+    public Builder setCrlSequenceID(long crlSequenceID) {
+      this.crlSequenceID = crlSequenceID;
+      return this;
+    }
+
     public CRLInfo build() {
-      return new CRLInfo(x509CRL, creationTimestamp);
+      return new CRLInfo(x509CRL, creationTimestamp, crlSequenceID);
     }
   }
 }
diff --git a/hadoop-hdds/interface-client/src/main/proto/hdds.proto b/hadoop-hdds/interface-client/src/main/proto/hdds.proto
index d826290..e7e4502 100644
--- a/hadoop-hdds/interface-client/src/main/proto/hdds.proto
+++ b/hadoop-hdds/interface-client/src/main/proto/hdds.proto
@@ -323,6 +323,7 @@ message BlockID {
 message CRLInfoProto {
     required string x509CRL = 1;
     required uint64 creationTimestamp = 2;
+    required int64 crlSequenceID = 3;
 }
 
 /**
diff --git a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMCertStore.java b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMCertStore.java
index 195cad6..7a56858 100644
--- a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMCertStore.java
+++ b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMCertStore.java
@@ -189,6 +189,7 @@ public final class SCMCertStore implements CertificateStore {
           CRLInfo crlInfo = new CRLInfo.Builder()
               .setX509CRL(crl)
               .setCreationTimestamp(now.getTime())
+              .setCrlSequenceID(id)
               .build();
           scmMetadataStore.getCRLInfoTable().putWithBatch(
               batch, id, crlInfo);
diff --git a/hadoop-hdds/server-scm/src/test/java/org/apache/hadoop/hdds/scm/server/TestSCMCertStore.java b/hadoop-hdds/server-scm/src/test/java/org/apache/hadoop/hdds/scm/server/TestSCMCertStore.java
index fa3ac9f..5ddbe55 100644
--- a/hadoop-hdds/server-scm/src/test/java/org/apache/hadoop/hdds/scm/server/TestSCMCertStore.java
+++ b/hadoop-hdds/server-scm/src/test/java/org/apache/hadoop/hdds/scm/server/TestSCMCertStore.java
@@ -162,7 +162,6 @@ public class TestSCMCertStore {
     List<CRLInfo> crls = scmCertStore.getCrls(Arrays.asList(crlId));
     assertEquals(1, crls.size());
 
-
     // CRL Info table should have a CRL with sequence id
     assertNotNull(scmMetadataStore.getCRLInfoTable()
         .get(sequenceId.get()));
@@ -173,6 +172,8 @@ public class TestSCMCertStore {
 
     CRLInfo crlInfo = crls.get(0);
 
+    assertEquals(crlInfo.getCrlSequenceID(), sequenceId.get().longValue());
+
     Set<? extends X509CRLEntry> revokedCertificates =
         crlInfo.getX509CRL().getRevokedCertificates();
     assertEquals(1L, revokedCertificates.size());
@@ -228,6 +229,8 @@ public class TestSCMCertStore {
             c.getSerialNumber().equals(newSerialIDs.get(1)))
             .findAny());
 
+    assertEquals(newCrlInfo.getCrlSequenceID(), sequenceId.get().longValue());
+
     // Valid certs table should have 1 cert
     assertEquals(1L,
         getTableSize(scmMetadataStore.getValidCertsTable().iterator()));
@@ -249,7 +252,6 @@ public class TestSCMCertStore {
     // Set revocation time in the future
     Date revocationTime = new Date(now.getTime()+500);
 
-
     X509CertificateHolder caCertificateHolder =
         new X509CertificateHolder(generateX509Cert().getEncoded());
     List<BigInteger> certs = new ArrayList<>();

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@ozone.apache.org
For additional commands, e-mail: commits-help@ozone.apache.org