org.jgroups.util.ReloadingX509TrustManager Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of wildfly-client-all

This artifact provides a single jar that contains all classes required to use remote Jakarta Enterprise Beans and Jakarta Messaging, including all dependencies. It is intended for use by those not using maven, maven users should just import the Jakarta Enterprise Beans and Jakarta Messaging BOM's instead (shaded JAR's cause lots of problems with maven, as it is very easy to inadvertently end up with different versions on classes on the class path).

The newest version!

package org.jgroups.util;

import java.io.Closeable;
import java.io.IOException;
import java.net.Socket;
import java.nio.file.Path;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Function;

import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedTrustManager;

import org.jgroups.logging.Log;
import org.jgroups.logging.LogFactory;

/**
 * A {@link X509ExtendedTrustManager} which uses a @{@link FileWatcher} to check for changes.
 */
public class ReloadingX509TrustManager extends X509ExtendedTrustManager implements Closeable {

   static final Log LOG = LogFactory.getLog(ReloadingX509TrustManager.class);

   private final AtomicReference manager;
   private final Path path;
   private final Function action;
   private final FileWatcher watcher;
   private Instant lastLoaded;

   public ReloadingX509TrustManager(FileWatcher watcher, Path path, Function action) {
      Objects.requireNonNull(watcher, "watcher must be non-null");
      Objects.requireNonNull(path, "path must be non-null");
      Objects.requireNonNull(action, "action must be non-null");
      this.manager = new AtomicReference<>();
      this.path = path;
      this.action = action;
      this.watcher = watcher;
      reload(this.path);
      watcher.watch(this.path, this::reload);
   }

   private void reload(Path path) {
      manager.set(action.apply(path));
      lastLoaded = Instant.now();
      LOG.debug("Loaded '%s'", path);
   }

   @Override
   public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
      manager.get().checkClientTrusted(chain, authType);
   }

   @Override
   public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
      manager.get().checkServerTrusted(chain, authType);
   }

   @Override
   public X509Certificate[] getAcceptedIssuers() {
      return manager.get().getAcceptedIssuers();
   }

   @Override
   public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
      manager.get().checkClientTrusted(chain, authType, socket);
   }

   @Override
   public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
      manager.get().checkServerTrusted(chain, authType, socket);
   }

   @Override
   public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
      manager.get().checkClientTrusted(chain, authType, engine);
   }

   @Override
   public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
      manager.get().checkServerTrusted(chain, authType, engine);
   }

   public Instant lastLoaded() {
      return lastLoaded;
   }

   @Override
   public void close() throws IOException {
      watcher.unwatch(path);
   }
}