[jira] [Commented] (GEODE-9017) Reload key store and trust store upon change

[ASF GitHub Bot (Jira)]

    [ 
https://issues.apache.org/jira/browse/GEODE-9017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17299172#comment-17299172
 ] 

ASF GitHub Bot commented on GEODE-9017:
---------------------------------------

onichols-pivotal commented on pull request #6106:
URL: https://github.com/apache/geode/pull/6106#issuecomment-796236320


   > PMD flagged the static ConcurrentHashMaps I was using to prevent multiple 
file watches from being created for the same path. So I need to figure out a 
different way to do this without static mutable state.
   
   PMD is not particularly smart...don't change perfectly good code _just_ to 
play games with PMD.  I believe you can annotate it with @Immutable to suppress 
the PMD message.  
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Reload key store and trust store upon change
> --------------------------------------------
>
>                 Key: GEODE-9017
>                 URL: https://issues.apache.org/jira/browse/GEODE-9017
>             Project: Geode
>          Issue Type: New Feature
>            Reporter: Aaron Lindsey
>            Assignee: Aaron Lindsey
>            Priority: Major
>              Labels: pull-request-available
>
> [Link to 
> RFC|https://cwiki.apache.org/confluence/display/GEODE/Make+key+and+trust+stores+reload+automatically+upon+change]
> (The below text is copied from the RFC document.)
> h3. Problem
> Currently, in order to rotate certificates each member of the cluster needs 
> to be restarted to load new certs and trust. It would be preferable if 
> certificates can be rotated without having to restart members.
> h3. Solution
> When starting up a cluster member we currently read the TLS configuration 
> which, when TLS is enabled has key and trust store files defined. In case 
> those files are defined they are read, and the information inside them is 
> loaded into the key and trust manager objects that are loaded into the 
> SSLContext.
> This solution will introduce wrapper objects for the key and trust managers 
> and file/directory watcher(s) that can detect changes to the key and trust 
> store files. When key and trust store files are changed this will trigger a 
> reload into key and trust managers and through the wrapper objects these new 
> key and trust managers will be injected into the SSLContext so that the 
> context can start using the new key and trust managers in process.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)