All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.signalfx.shaded.jetty.util.ssl.KeyStoreScanner Maven / Gradle / Ivy

The newest version!
//
//  ========================================================================
//  Copyright (c) 1995-2022 Mort Bay Consulting Pty Ltd and others.
//  ------------------------------------------------------------------------
//  All rights reserved. This program and the accompanying materials
//  are made available under the terms of the Eclipse Public License v1.0
//  and Apache License v2.0 which accompanies this distribution.
//
//      The Eclipse Public License is available at
//      http://www.eclipse.org/legal/epl-v10.html
//
//      The Apache License v2.0 is available at
//      http://www.opensource.org/licenses/apache2.0.php
//
//  You may elect to redistribute this code under either of these licenses.
//  ========================================================================
//

package com.signalfx.shaded.jetty.util.ssl;

import java.io.File;
import java.io.IOException;
import java.util.Collections;
import java.util.function.Consumer;

import com.signalfx.shaded.jetty.util.Scanner;
import com.signalfx.shaded.jetty.util.annotation.ManagedAttribute;
import com.signalfx.shaded.jetty.util.annotation.ManagedOperation;
import com.signalfx.shaded.jetty.util.component.ContainerLifeCycle;
import com.signalfx.shaded.jetty.util.log.Log;
import com.signalfx.shaded.jetty.util.log.Logger;
import com.signalfx.shaded.jetty.util.resource.Resource;

/**
 * 

The {@link KeyStoreScanner} is used to monitor the KeyStore file used by the {@link SslContextFactory}. * It will reload the {@link SslContextFactory} if it detects that the KeyStore file has been modified.

*

If the TrustStore file needs to be changed, then this should be done before touching the KeyStore file, * the {@link SslContextFactory#reload(Consumer)} will only occur after the KeyStore file has been modified.

*/ public class KeyStoreScanner extends ContainerLifeCycle implements Scanner.DiscreteListener { private static final Logger LOG = Log.getLogger(KeyStoreScanner.class); private final SslContextFactory sslContextFactory; private final File keystoreFile; private final Scanner _scanner; public KeyStoreScanner(SslContextFactory sslContextFactory) { this.sslContextFactory = sslContextFactory; try { Resource keystoreResource = sslContextFactory.getKeyStoreResource(); File monitoredFile = keystoreResource.getFile(); if (monitoredFile == null || !monitoredFile.exists()) throw new IllegalArgumentException("keystore file does not exist"); if (monitoredFile.isDirectory()) throw new IllegalArgumentException("expected keystore file not directory"); if (keystoreResource.getAlias() != null) { // this resource has an alias, use the alias, as that's what's returned in the Scanner monitoredFile = new File(keystoreResource.getAlias()); } keystoreFile = monitoredFile; if (LOG.isDebugEnabled()) LOG.debug("Monitored Keystore File: {}", monitoredFile); } catch (IOException e) { throw new IllegalArgumentException("could not obtain keystore file", e); } File parentFile = keystoreFile.getParentFile(); if (!parentFile.exists() || !parentFile.isDirectory()) throw new IllegalArgumentException("error obtaining keystore dir"); _scanner = new Scanner(); _scanner.setScanDirs(Collections.singletonList(parentFile)); _scanner.setScanInterval(1); _scanner.setReportDirs(false); _scanner.setReportExistingFilesOnStartup(false); _scanner.setScanDepth(1); _scanner.addListener(this); addBean(_scanner); } @Override public void fileAdded(String filename) { if (LOG.isDebugEnabled()) LOG.debug("added {}", filename); if (keystoreFile.toPath().toString().equals(filename)) reload(); } @Override public void fileChanged(String filename) { if (LOG.isDebugEnabled()) LOG.debug("changed {}", filename); if (keystoreFile.toPath().toString().equals(filename)) reload(); } @Override public void fileRemoved(String filename) { if (LOG.isDebugEnabled()) LOG.debug("removed {}", filename); if (keystoreFile.toPath().toString().equals(filename)) reload(); } @ManagedOperation(value = "Scan for changes in the SSL Keystore", impact = "ACTION") public void scan() { if (LOG.isDebugEnabled()) LOG.debug("scanning"); _scanner.scan(); _scanner.scan(); } @ManagedOperation(value = "Reload the SSL Keystore", impact = "ACTION") public void reload() { if (LOG.isDebugEnabled()) LOG.debug("reloading keystore file {}", keystoreFile); try { sslContextFactory.reload(scf -> {}); } catch (Throwable t) { LOG.warn("Keystore Reload Failed", t); } } @ManagedAttribute("scanning interval to detect changes which need reloaded") public int getScanInterval() { return _scanner.getScanInterval(); } public void setScanInterval(int scanInterval) { _scanner.setScanInterval(scanInterval); } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy