[GitHub] [ozone] fapifta commented on a diff in pull request #4390: HDDS-8149. Refactor the way to notify keyStoreFactory about certificate renewed

Tue, 14 Mar 2023 00:35:40 -0700 


fapifta commented on code in PR #4390:
URL: https://github.com/apache/ozone/pull/4390#discussion_r1135099177


##########
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/ssl/PemFileBasedKeyStoresFactory.java:
##########
@@ -44,87 +45,48 @@
  */
 @InterfaceAudience.Private
 @InterfaceStability.Evolving
-public class PemFileBasedKeyStoresFactory implements KeyStoresFactory {
+public class PemFileBasedKeyStoresFactory implements KeyStoresFactory,
+    CertificateNotification {
 
   private static final Logger LOG =
       LoggerFactory.getLogger(PemFileBasedKeyStoresFactory.class);
 
-  /**
-   * The name of the timer thread monitoring file changes.
-   */
-  public static final String SSL_MONITORING_THREAD_NAME =
-      "SSL Certificates Store Monitor";
-
   /**
    * Default format of the keystore files.
    */
   public static final String DEFAULT_KEYSTORE_TYPE = "jks";
 
-  private KeyManager[] keyManagers;
-  private TrustManager[] trustManagers;
-  private Timer monitoringTimer;
+  private AtomicReference<KeyManager[]> keyManagers;
+  private AtomicReference<TrustManager[]> trustManagers;

Review Comment:
   Is there a reason to use an AtomicReference to the arrays? As I see all 
access is synchronized, while we even give out the reference to the array from 
the class via the getter.
   
   I would suggest two things regarding these arrays:
   - as all access to these via the getter accesses the 0th element, for now we 
can expose a method that returns the 0th element, and if we need more, we can 
change. 
   - It might worth to revisit if we need these to be arrays, in the current 
implementation we seem to always use the 0th element, and we are storing these 
as arrays because underlying APIs return an array.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to