You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by mm...@apache.org on 2022/02/05 17:36:48 UTC
[pulsar] branch master updated: [pulsar-proxy] Fix auto-cert refresh when proxy connects to broker (#14130)
This is an automated email from the ASF dual-hosted git repository.
mmerli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 5bd95e1 [pulsar-proxy] Fix auto-cert refresh when proxy connects to broker (#14130)
5bd95e1 is described below
commit 5bd95e1271511599758210da03769a63315e4476
Author: Rajan Dhabalia <rd...@apache.org>
AuthorDate: Sat Feb 5 09:33:18 2022 -0800
[pulsar-proxy] Fix auto-cert refresh when proxy connects to broker (#14130)
* [pulsar-proxy] Fix auto-cert refresh when proxy connects to broker
* fix npe
---
.../util/NettyClientSslContextRefresher.java | 10 +++-
.../common/util/FileModifiedTimeUpdaterTest.java | 53 ++++++++++++++++++++++
2 files changed, 62 insertions(+), 1 deletion(-)
diff --git a/pulsar-common/src/main/java/org/apache/pulsar/common/util/NettyClientSslContextRefresher.java b/pulsar-common/src/main/java/org/apache/pulsar/common/util/NettyClientSslContextRefresher.java
index 560746d..0016d98 100644
--- a/pulsar-common/src/main/java/org/apache/pulsar/common/util/NettyClientSslContextRefresher.java
+++ b/pulsar-common/src/main/java/org/apache/pulsar/common/util/NettyClientSslContextRefresher.java
@@ -35,6 +35,8 @@ public class NettyClientSslContextRefresher extends SslContextAutoRefreshBuilder
private volatile SslContext sslNettyContext;
private boolean tlsAllowInsecureConnection;
protected final FileModifiedTimeUpdater tlsTrustCertsFilePath;
+ protected final FileModifiedTimeUpdater tlsCertsFilePath;
+ protected final FileModifiedTimeUpdater tlsPrivateKeyFilePath;
private AuthenticationDataProvider authData;
public NettyClientSslContextRefresher(boolean allowInsecure,
@@ -46,6 +48,10 @@ public class NettyClientSslContextRefresher extends SslContextAutoRefreshBuilder
this.tlsAllowInsecureConnection = allowInsecure;
this.tlsTrustCertsFilePath = new FileModifiedTimeUpdater(trustCertsFilePath);
this.authData = authData;
+ this.tlsCertsFilePath = new FileModifiedTimeUpdater(
+ authData != null ? authData.getTlsCerificateFilePath() : null);
+ this.tlsPrivateKeyFilePath = new FileModifiedTimeUpdater(
+ authData != null ? authData.getTlsPrivateKeyFilePath() : null);
}
@Override
@@ -73,6 +79,8 @@ public class NettyClientSslContextRefresher extends SslContextAutoRefreshBuilder
@Override
public boolean needUpdate() {
- return tlsTrustCertsFilePath.checkAndRefresh();
+ return tlsTrustCertsFilePath.checkAndRefresh() || tlsCertsFilePath.checkAndRefresh()
+ || tlsPrivateKeyFilePath.checkAndRefresh();
+
}
}
diff --git a/pulsar-common/src/test/java/org/apache/pulsar/common/util/FileModifiedTimeUpdaterTest.java b/pulsar-common/src/test/java/org/apache/pulsar/common/util/FileModifiedTimeUpdaterTest.java
index 040263c..8e6094e 100644
--- a/pulsar-common/src/test/java/org/apache/pulsar/common/util/FileModifiedTimeUpdaterTest.java
+++ b/pulsar-common/src/test/java/org/apache/pulsar/common/util/FileModifiedTimeUpdaterTest.java
@@ -19,12 +19,17 @@
package org.apache.pulsar.common.util;
+import static org.testng.Assert.assertTrue;
+
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileTime;
+import java.util.concurrent.TimeUnit;
+import org.apache.pulsar.client.api.AuthenticationDataProvider;
+import org.awaitility.Awaitility;
import org.testng.Assert;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
@@ -35,6 +40,36 @@ public class FileModifiedTimeUpdaterTest {
return new Object[] { "/tmp/file.ini", "/tmp/file.log", "/tmp/f3/notes.txt" };
}
+ public static class BasicAuthenticationData implements AuthenticationDataProvider {
+ public String authParam;
+ public String certFilePath;
+ public String keyFilePath;
+
+ public BasicAuthenticationData(String authParam) {
+ this.authParam = authParam;
+ }
+
+ public boolean hasDataFromCommand() {
+ return true;
+ }
+
+ public String getCommandData() {
+ return authParam;
+ }
+
+ public boolean hasDataForHttp() {
+ return true;
+ }
+
+ public String getTlsCerificateFilePath() {
+ return certFilePath;
+ }
+
+ public String getTlsPrivateKeyFilePath() {
+ return keyFilePath;
+ }
+ }
+
@Test(dataProvider = "files")
public void testFileModified(String fileName) throws IOException, InterruptedException {
Path path = Paths.get(fileName);
@@ -65,4 +100,22 @@ public class FileModifiedTimeUpdaterTest {
Assert.assertFalse(fileModifiedTimeUpdater.checkAndRefresh());
Assert.assertEquals(fileTime, fileModifiedTimeUpdater.getLastModifiedTime());
}
+
+ @Test
+ public void testNettyClientSslContextRefresher() throws Exception {
+ BasicAuthenticationData provider = new BasicAuthenticationData(null);
+ String certFile = "/tmp/cert.txt";
+ createFile(Paths.get(certFile));
+ provider.certFilePath = certFile;
+ provider.keyFilePath = certFile;
+ NettyClientSslContextRefresher refresher = new NettyClientSslContextRefresher(false, certFile,
+ provider, 1);
+ Thread.sleep(5000);
+ Paths.get(certFile).toFile().delete();
+ // update the file
+ createFile(Paths.get(certFile));
+ Awaitility.await().atMost(30, TimeUnit.SECONDS).until(()-> refresher.needUpdate());
+ assertTrue(refresher.needUpdate());
+ }
+
}