kafka-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rsiva...@apache.org
Subject [kafka] branch 2.6 updated: KAFKA-10089 The stale ssl engine factory is not closed after reconfigure (#8792)
Date Wed, 03 Jun 2020 18:10:33 GMT
This is an automated email from the ASF dual-hosted git repository.

rsivaram pushed a commit to branch 2.6
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/2.6 by this push:
     new ac4c589  KAFKA-10089 The stale ssl engine factory is not closed after reconfigure
(#8792)
ac4c589 is described below

commit ac4c589b7908b6caa205de007f292245353ce8aa
Author: Chia-Ping Tsai <chia7712@gmail.com>
AuthorDate: Thu Jun 4 02:04:21 2020 +0800

    KAFKA-10089 The stale ssl engine factory is not closed after reconfigure (#8792)
    
    Reviewers: Rajini Sivaram <rajinisivaram@googlemail.com>
---
 .../kafka/common/security/ssl/SslFactory.java      |  1 +
 .../kafka/common/security/ssl/SslFactoryTest.java  | 28 ++++++++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/clients/src/main/java/org/apache/kafka/common/security/ssl/SslFactory.java b/clients/src/main/java/org/apache/kafka/common/security/ssl/SslFactory.java
index 68b7754..869662c 100644
--- a/clients/src/main/java/org/apache/kafka/common/security/ssl/SslFactory.java
+++ b/clients/src/main/java/org/apache/kafka/common/security/ssl/SslFactory.java
@@ -116,6 +116,7 @@ public class SslFactory implements Reconfigurable, Closeable {
     public void reconfigure(Map<String, ?> newConfigs) throws KafkaException {
         SslEngineFactory newSslEngineFactory = createNewSslEngineFactory(newConfigs);
         if (newSslEngineFactory != this.sslEngineFactory) {
+            Utils.closeQuietly(this.sslEngineFactory, "close stale ssl engine factory");
             this.sslEngineFactory = newSslEngineFactory;
             log.info("Created new {} SSL engine builder with keystore {} truststore {}",
mode,
                     newSslEngineFactory.keystore(), newSslEngineFactory.truststore());
diff --git a/clients/src/test/java/org/apache/kafka/common/security/ssl/SslFactoryTest.java
b/clients/src/test/java/org/apache/kafka/common/security/ssl/SslFactoryTest.java
index c38669f..269c7a2 100644
--- a/clients/src/test/java/org/apache/kafka/common/security/ssl/SslFactoryTest.java
+++ b/clients/src/test/java/org/apache/kafka/common/security/ssl/SslFactoryTest.java
@@ -17,7 +17,9 @@
 package org.apache.kafka.common.security.ssl;
 
 import java.io.File;
+import java.io.IOException;
 import java.nio.file.Files;
+import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -161,6 +163,32 @@ public class SslFactoryTest {
     }
 
     @Test
+    public void staleSslEngineFactoryShouldBeClosed() throws IOException, GeneralSecurityException
{
+        File trustStoreFile = File.createTempFile("truststore", ".jks");
+        Map<String, Object> clientSslConfig = sslConfigsBuilder(Mode.SERVER)
+                .createNewTrustStore(trustStoreFile)
+                .useClientCert(false)
+                .build();
+        clientSslConfig.put(SslConfigs.SSL_ENGINE_FACTORY_CLASS_CONFIG, TestSslUtils.TestSslEngineFactory.class);
+        SslFactory sslFactory = new SslFactory(Mode.SERVER);
+        sslFactory.configure(clientSslConfig);
+        TestSslUtils.TestSslEngineFactory sslEngineFactory = (TestSslUtils.TestSslEngineFactory)
sslFactory.sslEngineFactory();
+        assertNotNull(sslEngineFactory);
+        assertFalse(sslEngineFactory.closed);
+
+        trustStoreFile = File.createTempFile("truststore", ".jks");
+        clientSslConfig = sslConfigsBuilder(Mode.SERVER)
+                .createNewTrustStore(trustStoreFile)
+                .build();
+        clientSslConfig.put(SslConfigs.SSL_ENGINE_FACTORY_CLASS_CONFIG, TestSslUtils.TestSslEngineFactory.class);
+        sslFactory.reconfigure(clientSslConfig);
+        TestSslUtils.TestSslEngineFactory newSslEngineFactory = (TestSslUtils.TestSslEngineFactory)
sslFactory.sslEngineFactory();
+        assertNotEquals(sslEngineFactory, newSslEngineFactory);
+        // the older one should be closed
+        assertTrue(sslEngineFactory.closed);
+    }
+
+    @Test
     public void testReconfiguration() throws Exception {
         File trustStoreFile = File.createTempFile("truststore", ".jks");
         Map<String, Object> sslConfig = sslConfigsBuilder(Mode.SERVER)


Mime
View raw message