tikv
/
client-java
mirror of https://github.com/tikv/client-java.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix TLS reload doesn't work after delete cert file (#609) (#612) 

Co-authored-by: Daemonxiao <35677990+Daemonxiao@users.noreply.github.com>
This commit is contained in:
ti-srebot 2022-06-14 23:23:00 +08:00 committed by GitHub
parent aacbb8c849
commit 64beacfb9c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/main/java/org/tikv/common/util/ChannelFactory.java
View File

@ -89,9 +89,15 @@ public class ChannelFactory implements AutoCloseable {
this::tryReload, pollInterval, pollInterval, TimeUnit.SECONDS); this::tryReload, pollInterval, pollInterval, TimeUnit.SECONDS);
} }
// If any execution of the task encounters an exception, subsequent executions are suppressed.
private void tryReload() { private void tryReload() {
if (needReload()) { // Add exception handling to avoid schedule stop.
onChange.run(); try {
if (needReload()) {
onChange.run();
}
} catch (Exception e) {
logger.error("Failed to reload cert!", e);
} }
} }
@ -180,11 +186,16 @@ public class ChannelFactory implements AutoCloseable {
@Override @Override
public SslContextBuilder createSslContextBuilder() { public SslContextBuilder createSslContextBuilder() {
SslContextBuilder builder = GrpcSslContexts.forClient(); SslContextBuilder builder = GrpcSslContexts.forClient();
if (trustPath != null) { try {
builder.trustManager(new File(trustPath)); if (trustPath != null) {
} builder.trustManager(new File(trustPath));
if (chainPath != null && keyPath != null) { }
builder.keyManager(new File(chainPath), new File(keyPath)); if (chainPath != null && keyPath != null) {
builder.keyManager(new File(chainPath), new File(keyPath));
}
} catch (Exception e) {
logger.error("Failed to create ssl context builder", e);
throw new IllegalArgumentException(e);
} }
return builder; return builder;
} }
@ -351,7 +362,9 @@ public class ChannelFactory implements AutoCloseable {
if (certContext != null) { if (certContext != null) {
recycler.shutdown(); recycler.shutdown();
certWatcher.close(); if (certWatcher != null) {
certWatcher.close();
}
} }
} }
} }

17
src/test/java/org/tikv/common/ChannelFactoryTest.java
View File

@ -26,6 +26,7 @@ import java.io.File;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicLong; import java.util.concurrent.atomic.AtomicLong;
import org.junit.Test; import org.junit.Test;
import org.tikv.common.util.ChannelFactory; import org.tikv.common.util.ChannelFactory;
@ -59,6 +60,22 @@ public class ChannelFactoryTest {
assertTrue(changed.get()); assertTrue(changed.get());
} }
@Test
public void testCertWatcherWithExceptionTask() throws InterruptedException {
AtomicInteger timesOfReloadTask = new AtomicInteger(0);
new CertWatcher(
1,
ImmutableList.of(new File(caPath), new File(clientCertPath), new File(clientKeyPath)),
() -> {
timesOfReloadTask.getAndIncrement();
touchCert();
throw new RuntimeException("Mock exception in reload task");
});
Thread.sleep(5000);
assertTrue(timesOfReloadTask.get() > 1);
}
@Test @Test
public void testMultiThreadTlsReload() throws InterruptedException { public void testMultiThreadTlsReload() throws InterruptedException {
ChannelFactory factory = createFactory(); ChannelFactory factory = createFactory();