You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "Sammi Chen (Jira)" <ji...@apache.org> on 2023/01/05 04:03:00 UTC

[jira] [Created] (HDDS-7723) Refresh Keys and Certificate used in OzoneSecretManager after certificate renewed

Sammi Chen created HDDS-7723:
--------------------------------

             Summary: Refresh Keys and Certificate used in OzoneSecretManager after certificate renewed
                 Key: HDDS-7723
                 URL: https://issues.apache.org/jira/browse/HDDS-7723
             Project: Apache Ozone
          Issue Type: Sub-task
            Reporter: Sammi Chen
            Assignee: Sammi Chen


There are three child class of OzoneSecretManager. The current behavior is,
 # OzoneDelegationTokenSecretManager , use OM's private key to calculate the delegation token signature,  OM's certificate to verify the delegation token on token renew request on OM.
 # OzoneBlockTokenSecretManager, use OM's private key to calculate the block token signature, OM's certificate to verify the block token on DN.
 # ContainerTokenSecretManager, use SCM's private key to calculate the container token signature, SCM's certificate to verify the container token on DN.

OzoneBlockTokenSecretManager and ContainerTokenSecretManager are also leveraged in EC Reconstruction coordinator on DN.  This time, DN's private key and certificates are used to do the signature calculation and verification.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org