Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improved KeyStoreScanner.scan(). 

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
This commit is contained in:
Simone Bordet 2020-12-02 19:24:19 +01:00
parent fe0e076055
commit 9c882ee796
2 changed files with 15 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/KeyStoreScanner.java
View File

@ -20,7 +20,7 @@ package org.eclipse.jetty.util.ssl;
import java.io.File;
import java.io.IOException;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.TimeUnit;
import java.util.function.Consumer;
@ -119,23 +119,18 @@ public class KeyStoreScanner extends ContainerLifeCycle implements Scanner.Discr
}
@ManagedOperation(value = "Scan for changes in the SSL Keystore", impact = "ACTION")
public boolean scan()
public boolean scan(long waitMillis)
{
if (LOG.isDebugEnabled())
LOG.debug("scanning");
CompletableFuture<Boolean> cf = new CompletableFuture<>();
try
{
CountDownLatch complete = new CountDownLatch(2);
Callback callback = Callback.from(complete::countDown, t ->
{
LOG.warn("Scan fail", t);
complete.countDown();
});
_scanner.scan(callback);
_scanner.scan(callback);
return complete.await(10, TimeUnit.SECONDS);
// Perform 2 scans to be sure that the scan is stable.
_scanner.scan(Callback.from(() ->
_scanner.scan(Callback.from(() -> cf.complete(true), cf::completeExceptionally)), cf::completeExceptionally));
return cf.get(waitMillis, TimeUnit.MILLISECONDS);
}
catch (Exception e)
{
@ -152,7 +147,8 @@ public class KeyStoreScanner extends ContainerLifeCycle implements Scanner.Discr
try
{
sslContextFactory.reload(scf ->
{});
{
});
}
catch (Throwable t)
{

12
tests/test-integration/src/test/java/org/eclipse/jetty/test/KeyStoreScannerTest.java
View File

@ -126,7 +126,7 @@ public class KeyStoreScannerTest
// Switch to use newKeystore which has a later expiry date.
useKeystore("newKeystore");
assertTrue(keystoreScanner.scan());
assertTrue(keystoreScanner.scan(5000));
// The scanner should have detected the updated keystore, expiry should be renewed.
X509Certificate cert2 = getCertificateFromServer();
@ -146,7 +146,7 @@ public class KeyStoreScannerTest
try (StacklessLogging ignored = new StacklessLogging(KeyStoreScanner.class))
{
useKeystore("badKeystore");
keystoreScanner.scan();
keystoreScanner.scan(5000);
}
// The good keystore is removed, now the bad keystore now causes an exception.
@ -167,7 +167,7 @@ public class KeyStoreScannerTest
{
Path keystorePath = keystoreDir.resolve("keystore");
assertTrue(Files.deleteIfExists(keystorePath));
keystoreScanner.scan();
keystoreScanner.scan(5000);
}
// The good keystore is removed, having no keystore causes an exception.
@ -175,7 +175,7 @@ public class KeyStoreScannerTest
// Switch to use keystore2 which has a later expiry date.
useKeystore("newKeystore");
keystoreScanner.scan();
keystoreScanner.scan(5000);
X509Certificate cert2 = getCertificateFromServer();
assertThat(getExpiryYear(cert2), is(2020));
}
@ -200,7 +200,7 @@ public class KeyStoreScannerTest
// Change the symlink to point to the newKeystore file location which has a later expiry date.
Files.delete(keystorePath);
Files.createSymbolicLink(keystorePath, useKeystore("newKeystore"));
keystoreScanner.scan();
keystoreScanner.scan(5000);
// The scanner should have detected the updated keystore, expiry should be renewed.
X509Certificate cert2 = getCertificateFromServer();
@ -232,7 +232,7 @@ public class KeyStoreScannerTest
// Change the target file of the symlink to the newKeystore which has a later expiry date.
Files.copy(newKeystoreSrc, target, StandardCopyOption.REPLACE_EXISTING);
System.err.println("### Triggering scan");
keystoreScanner.scan();
keystoreScanner.scan(5000);
// The scanner should have detected the updated keystore, expiry should be renewed.
X509Certificate cert2 = getCertificateFromServer();