use of org.apache.hadoop.hdds.protocol.proto.HddsProtos.ScmNodeDetailsProto in project ozone by apache.
the class HASecurityUtils method getRootCASignedSCMCert.
/**
* For bootstrapped SCM get sub-ca signed certificate and root CA
* certificate using scm security client and store it using certificate
* client.
*/
private static void getRootCASignedSCMCert(CertificateClient client, OzoneConfiguration config, SCMStorageConfig scmStorageConfig, InetSocketAddress scmAddress) {
try {
// Generate CSR.
PKCS10CertificationRequest csr = generateCSR(client, scmStorageConfig, config, scmAddress);
ScmNodeDetailsProto scmNodeDetailsProto = ScmNodeDetailsProto.newBuilder().setClusterId(scmStorageConfig.getClusterID()).setHostName(scmAddress.getHostName()).setScmNodeId(scmStorageConfig.getScmId()).build();
// Create SCM security client.
SCMSecurityProtocolClientSideTranslatorPB secureScmClient = HddsServerUtil.getScmSecurityClientWithFixedDuration(config);
// Get SCM sub CA cert.
SCMGetCertResponseProto response = secureScmClient.getSCMCertChain(scmNodeDetailsProto, getEncodedString(csr));
String pemEncodedCert = response.getX509Certificate();
// Store SCM sub CA and root CA certificate.
if (response.hasX509CACertificate()) {
String pemEncodedRootCert = response.getX509CACertificate();
client.storeCertificate(pemEncodedRootCert, true, true);
client.storeCertificate(pemEncodedCert, true);
X509Certificate certificate = CertificateCodec.getX509Certificate(pemEncodedCert);
persistSubCACertificate(config, client, CertificateCodec.getCertificateHolder(certificate));
// Persist scm cert serial ID.
scmStorageConfig.setScmCertSerialId(certificate.getSerialNumber().toString());
} else {
throw new RuntimeException("Unable to retrieve SCM certificate chain");
}
} catch (IOException | CertificateException e) {
LOG.error("Error while fetching/storing SCM signed certificate.", e);
throw new RuntimeException(e);
}
}
Aggregations