Github user anmolnar commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/680#discussion_r239144917
--- Diff:
zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java ---
@@ -446,4 +458,119 @@ private void configureSSLServerSocket(SSLServerSocket
sslServerSocket) {
LOG.debug("Using Java8-optimized cipher suites for Java version
{}", javaVersion);
return DEFAULT_CIPHERS_JAVA8;
}
+
+ /**
+ * Enables automatic reloading of the trust store and key store files
when they change on disk.
+ *
+ * @throws IOException if creating the FileChangeWatcher objects fails.
+ */
+ public void enableCertFileReloading() throws IOException {
+ LOG.info("enabling cert file reloading");
+ ZKConfig config = new ZKConfig();
+ String keyStoreLocation =
config.getProperty(sslKeystoreLocationProperty);
+ if (keyStoreLocation != null && !keyStoreLocation.isEmpty()) {
+ final Path filePath =
Paths.get(keyStoreLocation).toAbsolutePath();
+ Path parentPath = filePath.getParent();
+ if (parentPath == null) {
+ throw new IOException(
+ "Key store path does not have a parent: " +
filePath);
+ }
+ FileChangeWatcher newKeyStoreFileWatcher = new
FileChangeWatcher(
+ parentPath,
+ watchEvent -> {
+ handleWatchEvent(filePath, watchEvent);
+ });
+ // stop old watcher if there is one
+ if (keyStoreFileWatcher != null) {
+ keyStoreFileWatcher.stop();
+ }
+ keyStoreFileWatcher = newKeyStoreFileWatcher;
+ keyStoreFileWatcher.start();
+ }
+ String trustStoreLocation =
config.getProperty(sslTruststoreLocationProperty);
+ if (trustStoreLocation != null && !trustStoreLocation.isEmpty()) {
--- End diff --
This logic is redundant and can be extracted in a separate method.
---
