[GitHub] [bookkeeper] eolivelli commented on a change in pull request #2235: [bookie-server] add support of client auto cert refresh

Tue, 07 Jan 2020 15:12:03 -0800 

eolivelli commented on a change in pull request #2235: [bookie-server] add 
support of client auto cert refresh
URL: https://github.com/apache/bookkeeper/pull/2235#discussion_r363996369
 
 

 ##########
 File path: 
bookkeeper-server/src/main/java/org/apache/bookkeeper/tls/TLSContextFactory.java
 ##########
 @@ -267,29 +277,33 @@ private void createClientContext()
         }
 
         sslContext = sslContextBuilder.build();
+        certLastRefreshTime = System.currentTimeMillis();
     }
 
     private void createServerContext()
             throws SecurityException, KeyStoreException, 
NoSuchAlgorithmException, CertificateException, IOException,
             UnrecoverableKeyException, InvalidKeySpecException, 
IllegalArgumentException {
         isServerCtx = true;
-        ServerConfiguration serverConf = (ServerConfiguration) config;
-        tTLSCertificatePath = new 
FileModifiedTimeUpdater(serverConf.getTLSCertificatePath());
-        tLSKeyStoreFilePath = new 
FileModifiedTimeUpdater(serverConf.getTLSKeyStore());
-        tLSKeyStorePasswordFilePath = new 
FileModifiedTimeUpdater(serverConf.getTLSKeyStorePasswordPath());
-        tLSTrustStoreFilePath = new 
FileModifiedTimeUpdater(serverConf.getTLSTrustStore());
-        tLSTrustStorePasswordFilePath = new 
FileModifiedTimeUpdater(serverConf.getTLSTrustStorePasswordPath());
+        ServerConfiguration clientConf = (ServerConfiguration) config;
+        markAutoCertRefresh(clientConf.getTLSCertificatePath(), 
clientConf.getTLSKeyStore(),
+                clientConf.getTLSKeyStorePasswordPath(), 
clientConf.getTLSTrustStore(),
+                clientConf.getTLSTrustStorePasswordPath());
         updateServerContext();
     }
 
     private synchronized SslContext getSSLContext() {
         long now = System.currentTimeMillis();
-        if (isServerCtx && (certRefreshTime > 0 && now > (certLastRefreshTime 
+ certRefreshTime))) {
-            if (tTLSCertificatePath.checkAndRefresh() || 
tLSKeyStoreFilePath.checkAndRefresh()
-                    || tLSKeyStorePasswordFilePath.checkAndRefresh() || 
tLSTrustStoreFilePath.checkAndRefresh()
-                    || tLSTrustStorePasswordFilePath.checkAndRefresh()) {
+        if ((certRefreshTime > 0 && now > (certLastRefreshTime + 
certRefreshTime))) {
+            if (tlsCertificateFilePath.checkAndRefresh() || 
tlsKeyStoreFilePath.checkAndRefresh()
+                    || tlsKeyStorePasswordFilePath.checkAndRefresh() || 
tlsTrustStoreFilePath.checkAndRefresh()
+                    || tlsTrustStorePasswordFilePath.checkAndRefresh()) {
                 try {
-                    updateServerContext();
+                    LOG.info("Updating tls certs");
 
 Review comment:
   What about writing the path of the file?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to