[
https://issues.apache.org/jira/browse/HADOOP-16524?focusedWorklogId=521907&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-521907
]
ASF GitHub Bot logged work on HADOOP-16524:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 08/Dec/20 22:20
Start Date: 08/Dec/20 22:20
Worklog Time Spent: 10m
Work Description: bolerio commented on a change in pull request #2470:
URL: https://github.com/apache/hadoop/pull/2470#discussion_r538851004
##########
File path:
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/FileBasedKeyStoresFactory.java
##########
@@ -77,14 +84,118 @@
public static final String DEFAULT_KEYSTORE_TYPE = "jks";
/**
- * Reload interval in milliseconds.
+ * The default time interval in milliseconds used to check if either
+ * of the truststore or keystore certificates file has changed and needs
reloading.
*/
- public static final int DEFAULT_SSL_TRUSTSTORE_RELOAD_INTERVAL = 10000;
+ public static final int DEFAULT_SSL_STORES_RELOAD_INTERVAL = 10000;
private Configuration conf;
private KeyManager[] keyManagers;
private TrustManager[] trustManagers;
private ReloadingX509TrustManager trustManager;
+ private Timer fileMonitoringTimer;
+
+
+ private void createTrustManagersFromConfiguration(SSLFactory.Mode mode,
+ String truststoreType,
+ String truststoreLocation,
+ long storesReloadInterval)
+ throws IOException, GeneralSecurityException {
+ String passwordProperty = resolvePropertyName(mode,
+ SSL_TRUSTSTORE_PASSWORD_TPL_KEY);
+ String truststorePassword = getPassword(conf, passwordProperty, "");
+ if (truststorePassword.isEmpty()) {
+ // An empty trust store password is legal; the trust store password
+ // is only required when writing to a trust store. Otherwise it's
+ // an optional integrity check.
Review comment:
No, it won't, it will return the default passed as parameter if nothing
in config, and that is "".
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 521907)
Time Spent: 1h 50m (was: 1h 40m)
> Automatic keystore reloading for HttpServer2
> --------------------------------------------
>
> Key: HADOOP-16524
> URL: https://issues.apache.org/jira/browse/HADOOP-16524
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Kihwal Lee
> Assignee: Kihwal Lee
> Priority: Major
> Labels: pull-request-available
> Attachments: HADOOP-16524.patch
>
> Time Spent: 1h 50m
> Remaining Estimate: 0h
>
> Jetty 9 simplified reloading of keystore. This allows hadoop daemon's SSL
> cert to be updated in place without having to restart the service.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
