[HADOOP-13512] ReloadingX509TrustManager should keep reloading in case of exception - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.8.0, 2.7.4, 3.0.0-alpha1
Component/s: security
Labels:
None

Target Version/s:

2.7.4
Hadoop Flags:

Reviewed

Description

org.apache.hadoop.security.ssl.TestReloadingX509TrustManager checks the key store file's last modified time to decide whether to reload. This is to avoid unnecessary reload if the key store file is not changed. To do this, it maintains an internal state lastLoaded whenever it tries to reload a file. It also updates the lastLoaded variable in case of exception so failing reload will not be retried until the key store file's last modified time changes again.

Chances are that the reload happens when the key store file is being written. The reload fails (probably with EOFException) and won't load until key store files's last modified time changes. After a short period, the key store file is closed after update. However, the last modified time may not be updated as if it's in the same precision period (e.g. 1 second). In this case, the updated key store file is never reloaded.

A simple fix is to update the lastLoaded only when the reload succeeds. ReloadingX509TrustManager will keep reloading in case of exception.

Thoughts?

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-13512.000.patch
18/Aug/16 07:05
1 kB
Mingliang Liu

Activity

People

Assignee:: Mingliang Liu

Reporter:: Mingliang Liu

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 18/Aug/16 07:03

Updated:: 21/Nov/16 23:22

Resolved:: 18/Aug/16 21:26