Evict old connections during reconfiguration

Signed-off-by: MichaelMorris <[email protected]>

Author: MichaelMorrisEst

log4j-core/src/main/java/org/apache/logging/log4j/core/net/SslSocketManager.java

@@ -206,7 +206,7 @@ public static SslSocketManager getSocketManager(
         if (reconnectDelayMillis == 0) {
             reconnectDelayMillis = DEFAULT_RECONNECTION_DELAY_MILLIS;
         }
-        final String name = "TLS:" + host + ':' + port;
+        final String name = "TLS:" + host + ':' + port + ':' + sslConfig.getId();
         return (SslSocketManager) getManager(
                 name,
                 new SslFactoryData(

log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/SslConfiguration.java

@@ -20,6 +20,11 @@
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.UnrecoverableKeyException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Enumeration;
+import java.util.List;
 import java.util.Objects;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
@@ -59,6 +64,41 @@ private SslConfiguration(
         this.verifyHostName = verifyHostName;
     }
 
+    /**
+     * Creates an identifier based on the contents of the SSL configuration.
+     * 
+     * @return an ID based on the contents of the configuration
+     */
+    public String getId() {
+        ArrayList<String> hashElements = new ArrayList<>();
+        addElementsForHashingFromKeyStore(keyStoreConfig, hashElements);
+        addElementsForHashingFromKeyStore(trustStoreConfig, hashElements);
+        return String.valueOf(Arrays.hashCode(hashElements.toArray()));
+    }
+
+    private void addElementsForHashingFromKeyStore(
+            AbstractKeyStoreConfiguration keyStoreConfiguration, ArrayList<String> hashElements) {
+        final List<String> aliases = new ArrayList<>();
+        try {
+            Enumeration<String> aliasEnumeration =
+                    keyStoreConfiguration.getKeyStore().aliases();
+            while (aliasEnumeration.hasMoreElements()) {
+                aliases.add(aliasEnumeration.nextElement());
+            }
+            aliases.sort(null);
+            for (final String alias : aliases) {
+                final X509Certificate certificate =
+                        (X509Certificate) keyStoreConfiguration.getKeyStore().getCertificate(alias);
+                final String issuer = certificate.getIssuerX500Principal().getName();
+                final String serialNumber = certificate.getSerialNumber().toString();
+                hashElements.add(issuer);
+                hashElements.add(serialNumber);
+            }
+        } catch (KeyStoreException e) {
+            LOGGER.debug("Error encountered reading " + keyStoreConfiguration.getLocation(), e);
+        }
+    }
+
     /**
      * Clears the secret fields in this object but still allow it to operate normally.
      */