Skip to content

HDDS-10802. Improve logging for signature verification#6630

Merged
adoroszlai merged 3 commits intoapache:masterfrom
tanvipenumudy:HDDS-10802
May 6, 2024
Merged

HDDS-10802. Improve logging for signature verification#6630
adoroszlai merged 3 commits intoapache:masterfrom
tanvipenumudy:HDDS-10802

Conversation

@tanvipenumudy
Copy link
Contributor

@tanvipenumudy tanvipenumudy commented May 3, 2024

What changes were proposed in this pull request?

When one encounters a 'Tampered/Invalid token' exception, it may occur due to
OzoneDelegationTokenSecretManager#verifySignature failing in any one of the following scenarios:

  1. Failure when obtaining the signer's certificate (CertificateClient#getCertificate call).
  2. In case the signer's certificate returned from this code is simply null.
  3. In case of an expired certificate or a certificate not yet valid.
  4. Failure during CertificateClient#verifySignature (with the signer's certificate).

Related code snippet link.
While we are already logging an error for the latter two cases, this patch introduces additional logging for the former two cases.

What is the link to the Apache JIRA

https://issues.apache.org/jira/browse/HDDS-10802

How was this patch tested?

Trivial logging change.

@tanvipenumudy
Copy link
Contributor Author

tanvipenumudy commented May 3, 2024

@fapifta, @ChenSammi could you please take a look, thanks!

ayushtkn
ayushtkn approved these changes May 4, 2024
View reviewed changes
Copy link
Member

@ayushtkn ayushtkn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

adoroszlai
adoroszlai reviewed May 5, 2024
View reviewed changes
Copy link
Contributor

@adoroszlai adoroszlai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @tanvipenumudy for the patch.

tanvipenumudy and others added 2 commits May 6, 2024 12:17
@tanvipenumudy @adoroszlai
Update hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozo…
e623ebe 
…ne/security/OzoneDelegationTokenSecretManager.java

Co-authored-by: Doroszlai, Attila <6454655+adoroszlai@users.noreply.github.com>
@tanvipenumudy @adoroszlai
Update hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozo…
fde7c9f 
…ne/security/OzoneDelegationTokenSecretManager.java

Co-authored-by: Doroszlai, Attila <6454655+adoroszlai@users.noreply.github.com>
@adoroszlai adoroszlai merged commit 1cbee60 into apache:master May 6, 2024
@adoroszlai
Copy link
Contributor

adoroszlai commented May 6, 2024

Thanks @tanvipenumudy for the patch, @ayushtkn for the review.

jojochuang pushed a commit to jojochuang/ozone that referenced this pull request May 29, 2024
@tanvipenumudy
HDDS-10802. Improve logging for signature verification (apache#6630)
9b74f5b 
(cherry picked from commit 1cbee60)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adoroszlai adoroszlai adoroszlai left review comments

@ayushtkn ayushtkn ayushtkn approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tanvipenumudy @adoroszlai @ayushtkn