This is an automated email from the ASF dual-hosted git repository. mmerli pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push: new 5bd95e1 [pulsar-proxy] Fix auto-cert refresh when proxy connects to broker (#14130) 5bd95e1 is described below commit 5bd95e1271511599758210da03769a63315e4476 Author: Rajan Dhabalia <rdhaba...@apache.org> AuthorDate: Sat Feb 5 09:33:18 2022 -0800 [pulsar-proxy] Fix auto-cert refresh when proxy connects to broker (#14130) * [pulsar-proxy] Fix auto-cert refresh when proxy connects to broker * fix npe --- .../util/NettyClientSslContextRefresher.java | 10 +++- .../common/util/FileModifiedTimeUpdaterTest.java | 53 ++++++++++++++++++++++ 2 files changed, 62 insertions(+), 1 deletion(-) diff --git a/pulsar-common/src/main/java/org/apache/pulsar/common/util/NettyClientSslContextRefresher.java b/pulsar-common/src/main/java/org/apache/pulsar/common/util/NettyClientSslContextRefresher.java index 560746d..0016d98 100644 --- a/pulsar-common/src/main/java/org/apache/pulsar/common/util/NettyClientSslContextRefresher.java +++ b/pulsar-common/src/main/java/org/apache/pulsar/common/util/NettyClientSslContextRefresher.java @@ -35,6 +35,8 @@ public class NettyClientSslContextRefresher extends SslContextAutoRefreshBuilder private volatile SslContext sslNettyContext; private boolean tlsAllowInsecureConnection; protected final FileModifiedTimeUpdater tlsTrustCertsFilePath; + protected final FileModifiedTimeUpdater tlsCertsFilePath; + protected final FileModifiedTimeUpdater tlsPrivateKeyFilePath; private AuthenticationDataProvider authData; public NettyClientSslContextRefresher(boolean allowInsecure, @@ -46,6 +48,10 @@ public class NettyClientSslContextRefresher extends SslContextAutoRefreshBuilder this.tlsAllowInsecureConnection = allowInsecure; this.tlsTrustCertsFilePath = new FileModifiedTimeUpdater(trustCertsFilePath); this.authData = authData; + this.tlsCertsFilePath = new FileModifiedTimeUpdater( + authData != null ? authData.getTlsCerificateFilePath() : null); + this.tlsPrivateKeyFilePath = new FileModifiedTimeUpdater( + authData != null ? authData.getTlsPrivateKeyFilePath() : null); } @Override @@ -73,6 +79,8 @@ public class NettyClientSslContextRefresher extends SslContextAutoRefreshBuilder @Override public boolean needUpdate() { - return tlsTrustCertsFilePath.checkAndRefresh(); + return tlsTrustCertsFilePath.checkAndRefresh() || tlsCertsFilePath.checkAndRefresh() + || tlsPrivateKeyFilePath.checkAndRefresh(); + } } diff --git a/pulsar-common/src/test/java/org/apache/pulsar/common/util/FileModifiedTimeUpdaterTest.java b/pulsar-common/src/test/java/org/apache/pulsar/common/util/FileModifiedTimeUpdaterTest.java index 040263c..8e6094e 100644 --- a/pulsar-common/src/test/java/org/apache/pulsar/common/util/FileModifiedTimeUpdaterTest.java +++ b/pulsar-common/src/test/java/org/apache/pulsar/common/util/FileModifiedTimeUpdaterTest.java @@ -19,12 +19,17 @@ package org.apache.pulsar.common.util; +import static org.testng.Assert.assertTrue; + import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; import java.nio.file.attribute.FileTime; +import java.util.concurrent.TimeUnit; +import org.apache.pulsar.client.api.AuthenticationDataProvider; +import org.awaitility.Awaitility; import org.testng.Assert; import org.testng.annotations.DataProvider; import org.testng.annotations.Test; @@ -35,6 +40,36 @@ public class FileModifiedTimeUpdaterTest { return new Object[] { "/tmp/file.ini", "/tmp/file.log", "/tmp/f3/notes.txt" }; } + public static class BasicAuthenticationData implements AuthenticationDataProvider { + public String authParam; + public String certFilePath; + public String keyFilePath; + + public BasicAuthenticationData(String authParam) { + this.authParam = authParam; + } + + public boolean hasDataFromCommand() { + return true; + } + + public String getCommandData() { + return authParam; + } + + public boolean hasDataForHttp() { + return true; + } + + public String getTlsCerificateFilePath() { + return certFilePath; + } + + public String getTlsPrivateKeyFilePath() { + return keyFilePath; + } + } + @Test(dataProvider = "files") public void testFileModified(String fileName) throws IOException, InterruptedException { Path path = Paths.get(fileName); @@ -65,4 +100,22 @@ public class FileModifiedTimeUpdaterTest { Assert.assertFalse(fileModifiedTimeUpdater.checkAndRefresh()); Assert.assertEquals(fileTime, fileModifiedTimeUpdater.getLastModifiedTime()); } + + @Test + public void testNettyClientSslContextRefresher() throws Exception { + BasicAuthenticationData provider = new BasicAuthenticationData(null); + String certFile = "/tmp/cert.txt"; + createFile(Paths.get(certFile)); + provider.certFilePath = certFile; + provider.keyFilePath = certFile; + NettyClientSslContextRefresher refresher = new NettyClientSslContextRefresher(false, certFile, + provider, 1); + Thread.sleep(5000); + Paths.get(certFile).toFile().delete(); + // update the file + createFile(Paths.get(certFile)); + Awaitility.await().atMost(30, TimeUnit.SECONDS).until(()-> refresher.needUpdate()); + assertTrue(refresher.needUpdate()); + } + }