Elytron - How to make a keystore backed by rotating PEM files?

[Andrew Jenkins]

Hi,

I tried to search docs, this forum and stackoverflow before posting but I am new to Wildfly and Elytron so please direct me if I am missing something obvious.

I want to make a Wildfly app that uses SSL.  I have two requirements that seem atypical:

- The TLS certs and keys will be present on the filesystem as PEM files.

- The PEM files will periodically be rotated - the contents of the existing files rewritten atomically (by writing new files and then renaming on top - I can catch this using inotify).

This means it's not as easy for me as an existing JKS, or even using keytool to load PEMs into a JKS.

I think what I want to do is make a new keystore implementation (org.wildfly.security.keystore.KeyStore - in this neighborhood: https://github.com/wildfly-security/wildfly-elytron/tree/1.x/keystore/src/main/java/org/wildfly/security/keystore).  It would watch the specified files and when it detected a change, it would read them and massage in-memory into an implementation that satisfied the KeyStore interface.

Has anyone done/tried this before or have any advice?

Thanks,

Andrew