trustManager = new ReloadingX509TrustManager(truststoreType, truststoreLocation, truststorePassword, truststoreReloadInterval); trustManager.init(); if (LOG.isDebugEnabled()) { LOG.debug(mode.toString() + " Loaded TrustStore: " + truststoreLocation);
/** * Releases any resources being used. */ @Override public synchronized void destroy() { if (trustManager != null) { trustManager.destroy(); trustManager = null; keyManagers = null; trustManagers = null; } }
@Override public void run() { while (running) { try { Thread.sleep(reloadInterval); } catch (InterruptedException e) { //NOP } if (running && needsReload()) { try { trustManagerRef.set(loadTrustManager()); } catch (Exception ex) { LOG.warn(RELOAD_ERROR_MESSAGE + ex.toString(), ex); } } } }
@Test public void testReloadMissingTrustStore() throws Exception { KeyPair kp = generateKeyPair("RSA"); cert1 = generateCertificate("CN=Cert1", kp, 30, "SHA1withRSA"); cert2 = generateCertificate("CN=Cert2", kp, 30, "SHA1withRSA"); String truststoreLocation = BASEDIR + "/testmissing.jks"; createTrustStore(truststoreLocation, "password", "cert1", cert1); ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation, "password", 10); try { tm.init(); assertEquals(1, tm.getAcceptedIssuers().length); X509Certificate cert = tm.getAcceptedIssuers()[0]; new File(truststoreLocation).delete(); // Wait so that the file modification time is different Thread.sleep((tm.getReloadInterval() + 200)); assertEquals(1, tm.getAcceptedIssuers().length); assertEquals(cert, tm.getAcceptedIssuers()[0]); } finally { tm.destroy(); } }
@Test(expected = IOException.class) public void testLoadMissingTrustStore() throws Exception { String truststoreLocation = BASEDIR + "/testmissing.jks"; ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation, "password", 10); try { tm.init(); } finally { tm.destroy(); } }
/** * Creates a reloadable trustmanager. The trustmanager reloads itself * if the underlying trustore file has changed. * * @param type type of truststore file, typically 'jks'. * @param location local path to the truststore file. * @param password password of the truststore file. * @param reloadInterval interval to check if the truststore file has * changed, in milliseconds. * @throws IOException thrown if the truststore could not be initialized due * to an IO error. * @throws GeneralSecurityException thrown if the truststore could not be * initialized due to a security error. */ public ReloadingX509TrustManager(String type, String location, String password, long reloadInterval) throws IOException, GeneralSecurityException { this.type = type; file = new File(location); this.password = password; trustManagerRef = new AtomicReference<X509TrustManager>(); trustManagerRef.set(loadTrustManager()); this.reloadInterval = reloadInterval; }
@Test public void testReloadMissingTrustStore() throws Exception { KeyPair kp = generateKeyPair("RSA"); cert1 = generateCertificate("CN=Cert1", kp, 30, "SHA1withRSA"); cert2 = generateCertificate("CN=Cert2", kp, 30, "SHA1withRSA"); String truststoreLocation = BASEDIR + "/testmissing.jks"; createTrustStore(truststoreLocation, "password", "cert1", cert1); ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation, "password", 10); try { tm.init(); assertEquals(1, tm.getAcceptedIssuers().length); X509Certificate cert = tm.getAcceptedIssuers()[0]; new File(truststoreLocation).delete(); // Wait so that the file modification time is different Thread.sleep((tm.getReloadInterval() + 200)); assertEquals(1, tm.getAcceptedIssuers().length); assertEquals(cert, tm.getAcceptedIssuers()[0]); } finally { tm.destroy(); } }
@Test(expected = IOException.class) public void testLoadMissingTrustStore() throws Exception { String truststoreLocation = BASEDIR + "/testmissing.jks"; ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation, "password", 10); try { tm.init(); } finally { tm.destroy(); } }
/** * Creates a reloadable trustmanager. The trustmanager reloads itself * if the underlying trustore file has changed. * * @param type type of truststore file, typically 'jks'. * @param location local path to the truststore file. * @param password password of the truststore file. * @param reloadInterval interval to check if the truststore file has * changed, in milliseconds. * @throws IOException thrown if the truststore could not be initialized due * to an IO error. * @throws GeneralSecurityException thrown if the truststore could not be * initialized due to a security error. */ public ReloadingX509TrustManager(String type, String location, String password, long reloadInterval) throws IOException, GeneralSecurityException { this.type = type; file = new File(location); this.password = password; trustManagerRef = new AtomicReference<X509TrustManager>(); trustManagerRef.set(loadTrustManager()); this.reloadInterval = reloadInterval; }
@Test public void testReloadCorruptTrustStore() throws Exception { KeyPair kp = generateKeyPair("RSA"); cert1 = generateCertificate("CN=Cert1", kp, 30, "SHA1withRSA"); cert2 = generateCertificate("CN=Cert2", kp, 30, "SHA1withRSA"); String truststoreLocation = BASEDIR + "/testcorrupt.jks"; createTrustStore(truststoreLocation, "password", "cert1", cert1); ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation, "password", 10); try { tm.init(); assertEquals(1, tm.getAcceptedIssuers().length); X509Certificate cert = tm.getAcceptedIssuers()[0]; OutputStream os = new FileOutputStream(truststoreLocation); os.write(1); os.close(); new File(truststoreLocation).setLastModified(System.currentTimeMillis() - 1000); // Wait so that the file modification time is different Thread.sleep((tm.getReloadInterval() + 200)); assertEquals(1, tm.getAcceptedIssuers().length); assertEquals(cert, tm.getAcceptedIssuers()[0]); } finally { tm.destroy(); } }
@Test(expected = IOException.class) public void testLoadCorruptTrustStore() throws Exception { String truststoreLocation = BASEDIR + "/testcorrupt.jks"; OutputStream os = new FileOutputStream(truststoreLocation); os.write(1); os.close(); ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation, "password", 10); try { tm.init(); } finally { tm.destroy(); } }
trustManager = new ReloadingX509TrustManager(truststoreType, truststoreLocation, truststorePassword, truststoreReloadInterval); trustManager.init(); if (LOG.isDebugEnabled()) { LOG.debug(mode.toString() + " Loaded TrustStore: " + truststoreLocation);
@Override public void run() { while (running) { try { Thread.sleep(reloadInterval); } catch (InterruptedException e) { //NOP } if (running && needsReload()) { try { trustManagerRef.set(loadTrustManager()); } catch (Exception ex) { LOG.warn(RELOAD_ERROR_MESSAGE + ex.toString(), ex); } } } }
/** * Releases any resources being used. */ @Override public synchronized void destroy() { if (trustManager != null) { trustManager.destroy(); trustManager = null; keyManagers = null; trustManagers = null; } }
/** * Creates a reloadable trustmanager. The trustmanager reloads itself * if the underlying trustore file has changed. * * @param type type of truststore file, typically 'jks'. * @param location local path to the truststore file. * @param password password of the truststore file. * @param reloadInterval interval to check if the truststore file has * changed, in milliseconds. * @throws IOException thrown if the truststore could not be initialized due * to an IO error. * @throws GeneralSecurityException thrown if the truststore could not be * initialized due to a security error. */ public ReloadingX509TrustManager(String type, String location, String password, long reloadInterval) throws IOException, GeneralSecurityException { this.type = type; file = new File(location); this.password = password; trustManagerRef = new AtomicReference<X509TrustManager>(); trustManagerRef.set(loadTrustManager()); this.reloadInterval = reloadInterval; }
@Test public void testReloadCorruptTrustStore() throws Exception { KeyPair kp = generateKeyPair("RSA"); cert1 = generateCertificate("CN=Cert1", kp, 30, "SHA1withRSA"); cert2 = generateCertificate("CN=Cert2", kp, 30, "SHA1withRSA"); String truststoreLocation = BASEDIR + "/testcorrupt.jks"; createTrustStore(truststoreLocation, "password", "cert1", cert1); ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation, "password", 10); try { tm.init(); assertEquals(1, tm.getAcceptedIssuers().length); X509Certificate cert = tm.getAcceptedIssuers()[0]; OutputStream os = new FileOutputStream(truststoreLocation); os.write(1); os.close(); new File(truststoreLocation).setLastModified(System.currentTimeMillis() - 1000); // Wait so that the file modification time is different Thread.sleep((tm.getReloadInterval() + 200)); assertEquals(1, tm.getAcceptedIssuers().length); assertEquals(cert, tm.getAcceptedIssuers()[0]); } finally { tm.destroy(); } }
@Test(expected = IOException.class) public void testLoadCorruptTrustStore() throws Exception { String truststoreLocation = BASEDIR + "/testcorrupt.jks"; OutputStream os = new FileOutputStream(truststoreLocation); os.write(1); os.close(); ReloadingX509TrustManager tm = new ReloadingX509TrustManager("jks", truststoreLocation, "password", 10); try { tm.init(); } finally { tm.destroy(); } }
trustManager = new ReloadingX509TrustManager(truststoreType, truststoreLocation, truststorePassword, truststoreReloadInterval); trustManager.init(); LOG.debug(mode.toString() + " Loaded TrustStore: " + truststoreLocation); trustManagers = new TrustManager[]{trustManager};
@Override public void run() { while (running) { try { Thread.sleep(reloadInterval); } catch (InterruptedException e) { //NOP } if (running && needsReload()) { try { trustManagerRef.set(loadTrustManager()); } catch (Exception ex) { LOG.warn("Could not load truststore (keep using existing one) : " + ex.toString(), ex); } } } }
/** * Releases any resources being used. */ @Override public synchronized void destroy() { if (trustManager != null) { trustManager.destroy(); trustManager = null; keyManagers = null; trustManagers = null; } }