Re: [tomcat] branch main updated: BZ 67667: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter()

2023-10-12 Thread Christopher Schultz 

Michael,

On 10/12/23 07:56, Michael Osipov wrote:

On 2023/10/12 11:46:55 Christopher Schultz wrote:

Michael,

On 10/12/23 06:13, micha...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
   new 69143e32da BZ 67667: TLSCertificateReloadListener prints unreadable 
rendering of X509Certificate#getNotAfter()


I'm not sure it's worth keeping the SimpleDateFormat object around after
this log statement. Consider discarding it.


I thought about it before, I decided not to:
* The listener runs in server scope, so it is always present for the lifetime 
of the JVM
* The listener runs periodic task which require to create the SDF over and over 
again instead of sharing it per instance

WDYT?


I forgot it runs periodically :)

Honestly, it probably doesn't matter much either way. It's not an object 
that will be user frequently, so holding onto it doesn't matter. But it 
also doesn't take up very much memory, so sure you can leave it.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] branch main updated: BZ 67667: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter()

2023-10-12 Thread Michael Osipov 
On 2023/10/12 11:46:55 Christopher Schultz wrote:
> Michael,
> 
> On 10/12/23 06:13, micha...@apache.org wrote:
> > This is an automated email from the ASF dual-hosted git repository.
> > 
> > michaelo pushed a commit to branch main
> > in repository https://gitbox.apache.org/repos/asf/tomcat.git
> > 
> > 
> > The following commit(s) were added to refs/heads/main by this push:
> >   new 69143e32da BZ 67667: TLSCertificateReloadListener prints 
> > unreadable rendering of X509Certificate#getNotAfter()
> 
> I'm not sure it's worth keeping the SimpleDateFormat object around after 
> this log statement. Consider discarding it.

I thought about it before, I decided not to:
* The listener runs in server scope, so it is always present for the lifetime 
of the JVM
* The listener runs periodic task which require to create the SDF over and over 
again instead of sharing it per instance

WDYT?

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] branch main updated: BZ 67667: TLSCertificateReloadListener prints unreadable rendering of X509Certificate#getNotAfter()

2023-10-12 Thread Christopher Schultz 

Michael,

On 10/12/23 06:13, micha...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
  new 69143e32da BZ 67667: TLSCertificateReloadListener prints unreadable 
rendering of X509Certificate#getNotAfter()


I'm not sure it's worth keeping the SimpleDateFormat object around after 
this log statement. Consider discarding it.


-chris


69143e32da is described below

commit 69143e32da1b51c9f2c08e280f9133175f5b8dc1
Author: Michael Osipov 
AuthorDate: Thu Oct 12 12:09:02 2023 +0200

 BZ 67667: TLSCertificateReloadListener prints unreadable rendering of 
X509Certificate#getNotAfter()
---
  .../apache/catalina/security/TLSCertificateReloadListener.java| 4 +++-
  webapps/docs/changelog.xml| 8 
  2 files changed, 11 insertions(+), 1 deletion(-)

diff --git 
a/java/org/apache/catalina/security/TLSCertificateReloadListener.java 
b/java/org/apache/catalina/security/TLSCertificateReloadListener.java
index 0596732575..3db6e286c3 100644
--- a/java/org/apache/catalina/security/TLSCertificateReloadListener.java
+++ b/java/org/apache/catalina/security/TLSCertificateReloadListener.java
@@ -17,6 +17,7 @@
  package org.apache.catalina.security;
  
  import java.security.cert.X509Certificate;

+import java.text.SimpleDateFormat;
  import java.util.Calendar;
  import java.util.Set;
  
@@ -45,6 +46,7 @@ public class TLSCertificateReloadListener implements LifecycleListener {
  
  private static final Log log = LogFactory.getLog(TLSCertificateReloadListener.class);

  private static final StringManager sm = 
StringManager.getManager(TLSCertificateReloadListener.class);
+private final SimpleDateFormat dateFormat = new 
SimpleDateFormat("-MM-dd'T'HH:mm:ssXXX");
  
  // Configuration

  private int checkPeriod = 24 * 60 * 60;
@@ -160,7 +162,7 @@ public class TLSCertificateReloadListener implements 
LifecycleListener {
  
log.warn(sm.getString("tlsCertRenewalListener.notRenewed", connector,
  sslHostConfig.getHostName(),
  
expiringCertificate.getSubjectX500Principal().getName(),
-
expiringCertificate.getNotAfter()));
+
dateFormat.format(expiringCertificate.getNotAfter(;
  }
  }
  } catch (IllegalArgumentException iae) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 09b0227b59..faf938bb4a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,14 @@
issues do not "pop up" wrt. others).
  -->
  
+  
+
+  
+67667: TLSCertificateReloadListener prints 
unreadable
+rendering of X509Certificate#getNotAfter(). (michaelo)
+  
+
+  
  
  



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org