https://bz.apache.org/bugzilla/show_bug.cgi?id=60762
--- Comment #20 from Mahesh <mahesh.ratt...@gmail.com> ---
Sure. I could find some ways myself. Posting them here for anyone who comes
across this.
There is now a solution to this starting with Tomcat v8.5.24.
They introduced 2 methods named:
reloadSslHostConfig(String hostName) - to reload a specific host
reloadSslHostConfigs() - reload all
They can be called in various ways:
1. Using jmx
2. Using manager service
3. By making custom protocol - I found this way during my research
Details of way 1 and way 2 are easily available online.
Details of how to go about using way 3:
1. Make a class extending the protocol of your choice for eg.
Http11NioProtocol
2. Override the required methods and just call super in them to keep default
behavior
3. Make a thread in this class to call reloadSslHostConfigs method time to
time
4. Package this class in a jar and put that jar in tomcat's lib folder
5. Edit protocol in connector in server.xml to use this custom defined
protocol
Find sample code below:
Main protocol class:
package com.myown.connector;
import java.io.File;
import java.io.InputStream;
import java.lang.reflect.Field;
import java.net.URL;
import java.net.URLConnection;
import java.nio.file.StandardCopyOption;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.ConcurrentMap;
import javax.management.MalformedObjectNameException;
import javax.management.ObjectName;
import javax.net.ssl.SSLSessionContext;
import org.apache.coyote.http11.Http11NioProtocol;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.modeler.Registry;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.AbstractJsseEndpoint;
import org.apache.tomcat.util.net.GetSslConfig;
import org.apache.tomcat.util.net.SSLContext;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.SSLImplementation;
import org.apache.tomcat.util.net.SSLUtil;
public class ReloadProtocol extends Http11NioProtocol {
private static final Log log =
LogFactory.getLog(Http12ProtocolSSL.class);
public ReloadProtocol() {
super();
RefreshSslConfigThread refresher = new
RefreshSslConfigThread(this.getEndpoint(), this);
refresher.start();
}
@Override
public void setKeystorePass(String s) {
super.setKeystorePass(s);
}
@Override
public void setKeyPass(String s) {
super.setKeyPass(s);
}
@Override
public void setTruststorePass(String p) {
super.setTruststorePass(p);
}
class RefreshSslConfigThread extends Thread {
AbstractJsseEndpoint<?> abstractJsseEndpoint = null;
Http11NioProtocol protocol = null;
public RefreshSslConfigThread(AbstractJsseEndpoint<?>
abstractJsseEndpoint, Http11NioProtocol protocol) {
this.abstractJsseEndpoint =
abstractJsseEndpoint;
this.protocol = protocol;
}
public void run() {
int timeBetweenRefreshesInt = 1000000; // time
in milli-seconds
while (true) {
try {
abstractJsseEndpoint.reloadSslHostConfigs();
System.out.println("Config Updated");
} catch (Exception e) {
System.out.println("Problem
while reloading.");
}
try {
Thread.sleep(timeBetweenRefreshesInt);
} catch (InterruptedException e) {
System.out.println("Error while
sleeping");
}
}
}
}
}
Connector in server.xml should mention this as the protocol:
<Connector protocol="com.myown.connector.ReloadProtocol"
..........
Hope this helps.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
