Class CertificateReloader

java.lang.Object
com.loomcache.common.config.CertificateReloader
public final class CertificateReloader extends Object
Handles certificate reloading with validation and metrics.

Loads new keystores/truststores from disk, validates them before switching, and atomically swaps the SSLContext. Tracks metrics like reload count and certificate expiration warnings.

  • Constructor Details

    • CertificateReloader

      public CertificateReloader(TlsConfig tlsConfig, ReloadableSslContext reloadableSslContext)
      Create a certificate reloader.
      Parameters:
      tlsConfig - TLS configuration (must not be null)
      reloadableSslContext - the SSL context wrapper to update (must not be null)

  • Method Details

    • reload

      public void reload()
      Reload certificates from disk, validate, and swap SSLContext.

      Existing connections continue using the old context. New connections will use the newly loaded context. Errors are logged but do not crash.

    • checkCertificateExpiration

      public void checkCertificateExpiration()
      Check all certificates and log upcoming expirations. Called periodically or on-demand.

    • getReloadCount

      public int getReloadCount()
      Get the number of successful reloads.

    • getLastReloadTimeMs

      public long getLastReloadTimeMs()
      Get the timestamp of the last successful reload (ms since epoch). Returns 0 if no reload has occurred yet.

    • getNextCertExpiryMs

      public long getNextCertExpiryMs()
      Get the Unix timestamp (ms) when the earliest certificate expires. Returns Long.MAX_VALUE if unknown.

    • getNextCertExpiryFormatted

      public String getNextCertExpiryFormatted()
      Get human-readable expiration time of the earliest certificate.

    • getDaysUntilExpiry

      public long getDaysUntilExpiry()
      Get days until the earliest certificate expires. Returns 0 if already expired or unknown.