hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/scm/update/client/ClientCRLStore.java - ozone - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with this
  * work for additional information regarding copyright ownership.  The ASF
  * licenses this file to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  * License for the specific language governing permissions and limitations under
  * the License.
  *
  */

 package org.apache.hadoop.hdds.scm.update.client;

 import org.apache.hadoop.hdds.security.x509.crl.CRLInfo;

 import java.io.IOException;
 import java.security.cert.X509CRL;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.List;
 import java.util.PriorityQueue;
 import java.util.stream.Collectors;

 /**
  * In memory Client CRL store, need to integrate with Client Table.
  */
 public class ClientCRLStore implements CRLStore {
   private PriorityQueue<CRLInfo> pendingCrls;
   private List<Long> revokedCerts;
   private long localCrlId;

   public ClientCRLStore() {
     localCrlId = 0;
     revokedCerts = new ArrayList<>();
     pendingCrls = new PriorityQueue<>(
         new Comparator<CRLInfo>() {
           @Override
           public int compare(CRLInfo o1, CRLInfo o2) {
             return o1.getRevocationTime()
                 .compareTo(o2.getRevocationTime());
           }
         });
   }

   @Override
   public long getLatestCrlId() {
     return localCrlId;
   }

   public void setLocalCrlId(long crlId) {
     localCrlId = crlId;
   }


   @Override
   public CRLInfo getCRL(long crlId) throws IOException {
     return null;
   }

   public void onRevokeCerts(CRLInfo crl) {
     if (crl.shouldRevokeNow()) {
       revokedCerts.addAll(getRevokedCertIds(crl.getX509CRL()));
     } else {
       pendingCrls.add(crl);
     }
     localCrlId = crl.getCrlSequenceID();
   }

   public List<Long> getRevokedCertIds(X509CRL crl) {
     return Collections.unmodifiableList(crl.getRevokedCertificates().stream()
         .map(cert->cert.getSerialNumber().longValue())
         .collect(Collectors.toList()));
   }

   public CRLInfo getNextPendingCrl() {
     return pendingCrls.peek();
   }

   public void removePendingCrl(CRLInfo crl) {
     pendingCrls.remove(crl);
     revokedCerts.addAll(getRevokedCertIds(crl.getX509CRL()));
   }

   public List<Long> getPendingCrlIds() {
     return new ArrayList<>(pendingCrls)
         .stream().map(crl->crl.getCrlSequenceID())
         .collect(Collectors.toList());
   }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with this
	* work for additional information regarding copyright ownership. The ASF
	* licenses this file to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	* License for the specific language governing permissions and limitations under
	* the License.
	*
	*/

	package org.apache.hadoop.hdds.scm.update.client;

	import org.apache.hadoop.hdds.security.x509.crl.CRLInfo;

	import java.io.IOException;
	import java.security.cert.X509CRL;
	import java.util.ArrayList;
	import java.util.Collections;
	import java.util.Comparator;
	import java.util.List;
	import java.util.PriorityQueue;
	import java.util.stream.Collectors;

	/**
	* In memory Client CRL store, need to integrate with Client Table.
	*/
	public class ClientCRLStore implements CRLStore {
	private PriorityQueue<CRLInfo> pendingCrls;
	private List<Long> revokedCerts;
	private long localCrlId;

	public ClientCRLStore() {
	localCrlId = 0;
	revokedCerts = new ArrayList<>();
	pendingCrls = new PriorityQueue<>(
	new Comparator<CRLInfo>() {
	@Override
	public int compare(CRLInfo o1, CRLInfo o2) {
	return o1.getRevocationTime()
	.compareTo(o2.getRevocationTime());
	}
	});
	}

	@Override
	public long getLatestCrlId() {
	return localCrlId;
	}

	public void setLocalCrlId(long crlId) {
	localCrlId = crlId;
	}


	@Override
	public CRLInfo getCRL(long crlId) throws IOException {
	return null;
	}

	public void onRevokeCerts(CRLInfo crl) {
	if (crl.shouldRevokeNow()) {
	revokedCerts.addAll(getRevokedCertIds(crl.getX509CRL()));
	} else {
	pendingCrls.add(crl);
	}
	localCrlId = crl.getCrlSequenceID();
	}

	public List<Long> getRevokedCertIds(X509CRL crl) {
	return Collections.unmodifiableList(crl.getRevokedCertificates().stream()
	.map(cert->cert.getSerialNumber().longValue())
	.collect(Collectors.toList()));
	}

	public CRLInfo getNextPendingCrl() {
	return pendingCrls.peek();
	}

	public void removePendingCrl(CRLInfo crl) {
	pendingCrls.remove(crl);
	revokedCerts.addAll(getRevokedCertIds(crl.getX509CRL()));
	}

	public List<Long> getPendingCrlIds() {
	return new ArrayList<>(pendingCrls)
	.stream().map(crl->crl.getCrlSequenceID())
	.collect(Collectors.toList());
	}

	}