[
https://issues.apache.org/jira/browse/TINKERPOP-3146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17945687#comment-17945687
]
ASF GitHub Bot commented on TINKERPOP-3146:
-------------------------------------------
cdegroc commented on code in PR #3078:
URL: https://github.com/apache/tinkerpop/pull/3078#discussion_r2050716404
##########
gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/util/SSLStoreFilesModificationWatcher.java:
##########
@@ -0,0 +1,124 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.tinkerpop.gremlin.server.util;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.attribute.BasicFileAttributes;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
+
+/**
+ * FileWatcher monitoring changes to SSL keyStore/trustStore files.
+ * If a keyStore/trustStore file is set to null, it will be ignored.
+ * If a keyStore/trustStore file is deleted, it will be considered not
modified.
+ */
+public class SSLStoreFilesModificationWatcher implements Runnable {
+
+ private static final Logger logger =
LoggerFactory.getLogger(SSLStoreFilesModificationWatcher.class);
+
+ private final Path keyStore;
+ private final Path trustStore;
+ private final Runnable onModificationRunnable;
+
+ private ZonedDateTime lastModifiedTimeKeyStore = null;
+ private ZonedDateTime lastModifiedTimeTrustStore = null;
+
+ /**
+ * Create a FileWatcher on keyStore/trustStore
+ *
+ * @param keyStore path to the keyStore file or null to
ignore
+ * @param trustStore path to the trustStore file or null to
ignore
+ * @param onModificationRunnable function to run when a modification to
the keyStore or trustStore is detected
+ */
+ public SSLStoreFilesModificationWatcher(String keyStore, String
trustStore, Runnable onModificationRunnable) {
Review Comment:
Added!
> Support SSL Certificates Reloading
> ----------------------------------
>
> Key: TINKERPOP-3146
> URL: https://issues.apache.org/jira/browse/TINKERPOP-3146
> Project: TinkerPop
> Issue Type: New Feature
> Components: server
> Reporter: Clément de Groc
> Priority: Minor
>
> Gremlin Server supports SSL and allows loading KeyStore/TrustStore
> certificate files on startup
> ([1|https://github.com/apache/tinkerpop/blob/c4e48dee7a3c3942b4597c7a234adfc94b7d9c76/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/GremlinServer.java#L170],
>
> [2|https://github.com/apache/tinkerpop/blob/c4e48dee7a3c3942b4597c7a234adfc94b7d9c76/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java#L133-L135]).
> However, in some environments, certificate files are rotated frequently and
> would need to be reloaded without disruption. This ticket aims to support
> transparently hot reloading file certificates on modification.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
