org.apache.hadoop.security.ssl.TestReloadingX509TrustManager checks the key store file's last modified time to decide whether to reload. This is to avoid unnecessary reload if the key store file is not changed. To do this, it maintains an internal state lastLoaded whenever it tries to reload a file. It also updates the lastLoaded variable in case of exception so failing reload will not be retried until the key store file's last modified time changes again.
Chances are that the reload happens when the key store file is being written. The reload fails (probably with EOFException) and won't load until key store files's last modified time changes. After a short period, the key store file is closed after update. However, the last modified time may not be updated as if it's in the same precision period (e.g. 1 second). In this case, the updated key store file is never reloaded.
A simple fix is to update the lastLoaded only when the reload succeeds. ReloadingX509TrustManager will keep reloading in case of exception.