thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-12-02 04:22:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Small refactoring of CertificateReloader

Browse Source
This commit is contained in:
Anton Ivashkin 2024-06-14 14:31:58 +02:00
parent 983fa64e4f
commit fc6f2aa59a
2 changed files with 30 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
src/Server/CertificateReloader.cpp
View File

@ -89,10 +89,29 @@ void CertificateReloader::tryLoad(const Poco::Util::AbstractConfiguration & conf
void CertificateReloader::tryLoad(const Poco::Util::AbstractConfiguration & config, SSL_CTX * ctx, const std::string & prefix) void CertificateReloader::tryLoad(const Poco::Util::AbstractConfiguration & config, SSL_CTX * ctx, const std::string & prefix)
{ {
std::unique_lock<std::mutex> lock(data_mutex); std::lock_guard lock{data_mutex};
tryLoadImpl(config, ctx, prefix); tryLoadImpl(config, ctx, prefix);
} }
std::list<CertificateReloader::MultiData>::iterator CertificateReloader::findOrInsert(SSL_CTX * ctx, const std::string & prefix)
{
auto it = data.end();
auto i = data_index.find(prefix);
if (i != data_index.end())
it = i->second;
else
{
if (!ctx)
ctx = Poco::Net::SSLManager::instance().defaultServerContext()->sslContext();
data.push_back(MultiData(ctx));
--it;
data_index[prefix] = it;
}
return it;
}
void CertificateReloader::tryLoadImpl(const Poco::Util::AbstractConfiguration & config, SSL_CTX * ctx, const std::string & prefix) void CertificateReloader::tryLoadImpl(const Poco::Util::AbstractConfiguration & config, SSL_CTX * ctx, const std::string & prefix)
{ {
/// If at least one of the files is modified - recreate /// If at least one of the files is modified - recreate
@ -109,24 +128,15 @@ void CertificateReloader::tryLoadImpl(const Poco::Util::AbstractConfiguration &
} }
else else
{ {
auto it = data.end(); auto it = findOrInsert(ctx, prefix);
auto i = data_index.find(prefix);
if (i != data_index.end())
it = i->second;
else
{
data.push_back(MultiData(ctx));
--it;
data_index[prefix] = it;
}
bool cert_file_changed = it->cert_file.changeIfModified(std::move(new_cert_path), log); bool cert_file_changed = it->cert_file.changeIfModified(std::move(new_cert_path), log);
bool key_file_changed = it->key_file.changeIfModified(std::move(new_key_path), log); bool key_file_changed = it->key_file.changeIfModified(std::move(new_key_path), log);
std::string pass_phrase = config.getString(prefix + "privateKeyPassphraseHandler.options.password", "");
if (cert_file_changed || key_file_changed) if (cert_file_changed || key_file_changed)
{ {
LOG_DEBUG(log, "Reloading certificate ({}) and key ({}).", it->cert_file.path, it->key_file.path); LOG_DEBUG(log, "Reloading certificate ({}) and key ({}).", it->cert_file.path, it->key_file.path);
std::string pass_phrase = config.getString(prefix + "privateKeyPassphraseHandler.options.password", "");
it->data.set(std::make_unique<const Data>(it->cert_file.path, it->key_file.path, pass_phrase)); it->data.set(std::make_unique<const Data>(it->cert_file.path, it->key_file.path, pass_phrase));
LOG_INFO(log, "Reloaded certificate ({}) and key ({}).", it->cert_file.path, it->key_file.path); LOG_INFO(log, "Reloaded certificate ({}) and key ({}).", it->cert_file.path, it->key_file.path);
} }
@ -134,12 +144,6 @@ void CertificateReloader::tryLoadImpl(const Poco::Util::AbstractConfiguration &
/// If callback is not set yet /// If callback is not set yet
try try
{ {
if (!ctx)
{
ctx = Poco::Net::SSLManager::instance().defaultServerContext()->sslContext();
it->ctx = ctx;
}
if (it->init_was_not_made) if (it->init_was_not_made)
init(&*it); init(&*it);
} }
@ -154,7 +158,7 @@ void CertificateReloader::tryLoadImpl(const Poco::Util::AbstractConfiguration &
void CertificateReloader::tryReloadAll(const Poco::Util::AbstractConfiguration & config) void CertificateReloader::tryReloadAll(const Poco::Util::AbstractConfiguration & config)
{ {
std::unique_lock<std::mutex> lock(data_mutex); std::lock_guard lock{data_mutex};
for (auto & item : data_index) for (auto & item : data_index)
tryLoadImpl(config, item.second->ctx, item.first); tryLoadImpl(config, item.second->ctx, item.first);
} }

12
src/Server/CertificateReloader.h
View File

@ -90,16 +90,18 @@ private:
CertificateReloader() = default; CertificateReloader() = default;
/// Initialize the callback and perform the initial cert loading /// Initialize the callback and perform the initial cert loading
void init(MultiData * pdata); void init(MultiData * pdata) TSA_REQUIRES(data_mutex);
/// Unsafe implementation /// Unsafe implementation
void tryLoadImpl(const Poco::Util::AbstractConfiguration & config, SSL_CTX * ctx, const std::string & prefix); void tryLoadImpl(const Poco::Util::AbstractConfiguration & config, SSL_CTX * ctx, const std::string & prefix) TSA_REQUIRES(data_mutex);
std::list<MultiData>::iterator findOrInsert(SSL_CTX * ctx, const std::string & prefix) TSA_REQUIRES(data_mutex);
LoggerPtr log = getLogger("CertificateReloader"); LoggerPtr log = getLogger("CertificateReloader");
std::mutex data_mutex; std::list<MultiData> data TSA_GUARDED_BY(data_mutex);
std::list<MultiData> data; std::unordered_map<std::string, std::list<MultiData>::iterator> data_index TSA_GUARDED_BY(data_mutex);
std::unordered_map<std::string, std::list<MultiData>::iterator> data_index; mutable std::mutex data_mutex;
}; };
} }