Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HDDS-10802. Improve logging for signature verification #6630

Merged
merged 3 commits into from
May 6, 2024
Merged

HDDS-10802. Improve logging for signature verification #6630

merged 3 commits into from
May 6, 2024

Conversation

tanvipenumudy
Copy link
Contributor

What changes were proposed in this pull request?

When one encounters a 'Tampered/Invalid token' exception, it may occur due to
OzoneDelegationTokenSecretManager#verifySignature failing in any one of the following scenarios:

  1. Failure when obtaining the signer's certificate (CertificateClient#getCertificate call).
  2. In case the signer's certificate returned from this code is simply null.
  3. In case of an expired certificate or a certificate not yet valid.
  4. Failure during CertificateClient#verifySignature (with the signer's certificate).

Related code snippet link.
While we are already logging an error for the latter two cases, this patch introduces additional logging for the former two cases.

What is the link to the Apache JIRA

https://issues.apache.org/jira/browse/HDDS-10802

How was this patch tested?

Trivial logging change.

@tanvipenumudy
Copy link
Contributor Author

@fapifta, @ChenSammi could you please take a look, thanks!

ayushtkn
ayushtkn approved these changes May 4, 2024
View reviewed changes
Copy link
Member

@ayushtkn ayushtkn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

adoroszlai
adoroszlai reviewed May 5, 2024
View reviewed changes
Copy link
Contributor

@adoroszlai adoroszlai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @tanvipenumudy for the patch.

...anager/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java Outdated Show resolved Hide resolved
...anager/src/main/java/org/apache/hadoop/ozone/security/OzoneDelegationTokenSecretManager.java Outdated Show resolved Hide resolved
tanvipenumudy and others added 2 commits May 6, 2024 12:17
@tanvipenumudy @adoroszlai
Update hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozo…
e623ebe 
…ne/security/OzoneDelegationTokenSecretManager.java

Co-authored-by: Doroszlai, Attila <[email protected]>
@tanvipenumudy @adoroszlai
Update hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozo…
fde7c9f 
…ne/security/OzoneDelegationTokenSecretManager.java

Co-authored-by: Doroszlai, Attila <[email protected]>
@adoroszlai adoroszlai merged commit 1cbee60 into apache:master May 6, 2024
39 checks passed
@adoroszlai
Copy link
Contributor

Thanks @tanvipenumudy for the patch, @ayushtkn for the review.

jojochuang pushed a commit to jojochuang/ozone that referenced this pull request May 29, 2024
@tanvipenumudy
HDDS-10802. Improve logging for signature verification (apache#6630)
9b74f5b 
(cherry picked from commit 1cbee60)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adoroszlai adoroszlai adoroszlai left review comments

@ayushtkn ayushtkn ayushtkn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tanvipenumudy @adoroszlai @ayushtkn