Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-13512

ReloadingX509TrustManager should keep reloading in case of exception

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.8.0, 2.7.4, 3.0.0-alpha1
    • Component/s: security
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      org.apache.hadoop.security.ssl.TestReloadingX509TrustManager checks the key store file's last modified time to decide whether to reload. This is to avoid unnecessary reload if the key store file is not changed. To do this, it maintains an internal state lastLoaded whenever it tries to reload a file. It also updates the lastLoaded variable in case of exception so failing reload will not be retried until the key store file's last modified time changes again.

      Chances are that the reload happens when the key store file is being written. The reload fails (probably with EOFException) and won't load until key store files's last modified time changes. After a short period, the key store file is closed after update. However, the last modified time may not be updated as if it's in the same precision period (e.g. 1 second). In this case, the updated key store file is never reloaded.

      A simple fix is to update the lastLoaded only when the reload succeeds. ReloadingX509TrustManager will keep reloading in case of exception.

      Thoughts?

        Attachments

          Activity

            People

            • Assignee:
              liuml07 Mingliang Liu
              Reporter:
              liuml07 Mingliang Liu
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: