You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Bharat Viswanadham (Jira)" <ji...@apache.org> on 2021/08/09 09:57:00 UTC
[jira] [Assigned] (HDDS-5557) Fix
OzoneBlockTokenSecretManager#ValidateToken
[ https://issues.apache.org/jira/browse/HDDS-5557?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bharat Viswanadham reassigned HDDS-5557:
----------------------------------------
Assignee: Bharat Viswanadham
> Fix OzoneBlockTokenSecretManager#ValidateToken
> ----------------------------------------------
>
> Key: HDDS-5557
> URL: https://issues.apache.org/jira/browse/HDDS-5557
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Bharat Viswanadham
> Assignee: Bharat Viswanadham
> Priority: Major
>
> validateToken is called from retrievePassword
> /**
> * Retrieve the password for the given token identifier. Should check the date
> * or registry to make sure the token hasn't expired or been revoked. Returns
> * the relevant password.
> * @param identifier the identifier to validate
> * @return the password to use
> * @throws InvalidToken the token was invalid
> */
> public abstract byte[] retrievePassword(T identifier)
> validateToken should validate expiry, and no need to call verifySignature. Similar to ShortLivedTokenSecretManager
> {code:java}
> public boolean validateToken(OzoneBlockTokenIdentifier identifier)
> throws InvalidToken {
> long now = Time.now();
> if (identifier.getExpiryDate() < now) {
> throw new InvalidToken("token " + formatTokenId(identifier) + " is " +
> "expired, current time: " + Time.formatTime(now) +
> " expiry time: " + identifier.getExpiryDate());
> }
> // FIXME since verifySignature always throws, don't see how this could work
> if (!verifySignature(identifier, createPassword(identifier))) {
> throw new InvalidToken("Tampered/Invalid token.");
> }
> return true;
> }
> public boolean verifySignature(OzoneBlockTokenIdentifier identifier,
> byte[] password) {
> throw new UnsupportedOperationException("This operation is not " +
> "supported for block tokens.");
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org