Github user anmolnar commented on a diff in the pull request: https://github.com/apache/zookeeper/pull/680#discussion_r239144917 --- Diff: zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java --- @@ -446,4 +458,119 @@ private void configureSSLServerSocket(SSLServerSocket sslServerSocket) { LOG.debug("Using Java8-optimized cipher suites for Java version {}", javaVersion); return DEFAULT_CIPHERS_JAVA8; } + + /** + * Enables automatic reloading of the trust store and key store files when they change on disk. + * + * @throws IOException if creating the FileChangeWatcher objects fails. + */ + public void enableCertFileReloading() throws IOException { + LOG.info("enabling cert file reloading"); + ZKConfig config = new ZKConfig(); + String keyStoreLocation = config.getProperty(sslKeystoreLocationProperty); + if (keyStoreLocation != null && !keyStoreLocation.isEmpty()) { + final Path filePath = Paths.get(keyStoreLocation).toAbsolutePath(); + Path parentPath = filePath.getParent(); + if (parentPath == null) { + throw new IOException( + "Key store path does not have a parent: " + filePath); + } + FileChangeWatcher newKeyStoreFileWatcher = new FileChangeWatcher( + parentPath, + watchEvent -> { + handleWatchEvent(filePath, watchEvent); + }); + // stop old watcher if there is one + if (keyStoreFileWatcher != null) { + keyStoreFileWatcher.stop(); + } + keyStoreFileWatcher = newKeyStoreFileWatcher; + keyStoreFileWatcher.start(); + } + String trustStoreLocation = config.getProperty(sslTruststoreLocationProperty); + if (trustStoreLocation != null && !trustStoreLocation.isEmpty()) { --- End diff -- This logic is redundant and can be extracted in a separate method.
---