Test: Create Integration Test for Certificate Hot Reload Scenario #1448
Description
Story Description:
The ecChronos application supports hot reload of TLS certificates through the ReloadingCertificateHandler, which uses MD5 checksum-based detection to identify when certificate files have changed on disk. This mechanism is used by both the CQL native connection (AgentNativeConnectionProvider) and the Jolokia HTTP client (JolokiaNotificationController) to refresh SSLContext without requiring an application restart.
Currently, there are no integration tests that validate the full end-to-end hot reload flow: starting the application with valid short-lived certificates, letting them expire (causing connection failures), replacing the expired certificates with new ones at the same file path, and verifying that connections are automatically restored.
The test should be implemented in the standalone integration test module (ecchronos-standalone-integration) and should cover the following flow:
- Generate short-lived TLS certificates (e.g., 60–90 seconds validity) for Cassandra and Jolokia.
- Start ecChronos configured with PEM-based TLS (security.yml pointing to the generated cert/key files).
- Verify that initial connections (CQL and JMX/Jolokia) are established successfully and repairs execute.
- Wait for the certificates to expire and confirm that connections start failing.
- Generate new certificates at the same file paths as the originals.
- Verify that ReloadingCertificateHandler detects the file change (via checksum comparison in getContext()), rebuilds the SSLContext, and connections are restored without application restart.
- Verify that repairs resume successfully after certificate renewal.
Acceptance Criteria:
- An integration test exists that starts ecChronos with short-lived PEM certificates and verifies that CQL and JMX/Jolokia connections are established successfully.
- The test validates that after certificates expire, connection attempts fail as expected.
- The test replaces the expired certificate and key files at the same path with newly generated valid ones.
- The test verifies that ReloadingCertificateHandler detects the new certificates and rebuilds the SSLContext automatically, without application restart.
- The test confirms that JMX/Jolokia connections are restored and repair operations resume successfully after certificate renewal.
Definition of Done:
- Integration test is implemented and passes consistently in CI.
- Test uses realistic short-lived certificates (not mocked) to validate the actual reload mechanism.
- Test covers both CQL and Jolokia connection paths.
- Test cleans up generated certificate files after execution.
Notes: