fix(proxy): 修复文件证书更新逻辑

- 添加对证书路径为空的检查
- 优化证书更新事件处理逻辑
- 修复证书更新时的路径检查问题

Signed-off-by: Async <raisinata@foxmail.com>

Author: EnableAsync

proxy/src/main/java/org/apache/rocketmq/proxy/service/cert/FileCertChangeSource.java

@@ -1,3 +1,19 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.apache.rocketmq.proxy.service.cert;
 
 import java.util.Collections;

proxy/src/main/java/org/apache/rocketmq/proxy/service/cert/TlsCertificateManager.java

@@ -69,6 +69,10 @@ public void shutdown() throws Exception {
     public void onCertChanged(CertChangeEvent event) {
         log.info("cert changed: {}", event);
         if (event.getSourceType() == CertChangeEvent.SourceType.FILE) {
+            if (event.getValues().isEmpty()) {
+                log.warn("cert path is empty, ignore");
+                return;
+            }
             String path = event.getValues().get(0);
             if (path.equals(ConfigurationManager.getProxyConfig().getTlsCertPath())) {
                 certChanged = true;
@@ -85,6 +89,10 @@ public void onCertChanged(CertChangeEvent event) {
                 keyChanged = false;
             }
         } else if (event.getSourceType() == CertChangeEvent.SourceType.INLINE) {
+            if (event.getValues().size() != 2) {
+                log.warn("cert inline is invalid, ignore");
+                return;
+            }
             for (TlsContextReloadListener listener : reloadListeners) {
                 listener.onTlsContextReload(
                     IOUtils.toInputStream(event.getValues().get(0), StandardCharsets.UTF_8),

remoting/src/main/java/org/apache/rocketmq/remoting/netty/TlsHelper.java

@@ -66,7 +66,7 @@ public interface DecryptionStrategy {
          * Decrypt the target encrpted private key file.
          *
          * @param privateKeyEncryptPath A pathname string
-         * @param forClient             tells whether it's a client-side key file
+         * @param forClient tells whether it's a client-side key file
          * @return An input stream for a decrypted key file
          * @throws IOException if an I/O error has occurred
          */
@@ -125,9 +125,9 @@ public static SslContext buildSslContext(boolean forClient, InputStream certInpu
                 }
 
                 return sslContextBuilder.keyManager(
-                        !isNullOrEmpty(tlsClientCertPath) ? new FileInputStream(tlsClientCertPath) : null,
-                        !isNullOrEmpty(tlsClientKeyPath) ? decryptionStrategy.decryptPrivateKey(tlsClientKeyPath, true) : null,
-                        !isNullOrEmpty(tlsClientKeyPassword) ? tlsClientKeyPassword : null)
+                    !isNullOrEmpty(tlsClientCertPath) ? new FileInputStream(tlsClientCertPath) : null,
+                    !isNullOrEmpty(tlsClientKeyPath) ? decryptionStrategy.decryptPrivateKey(tlsClientKeyPath, true) : null,
+                    !isNullOrEmpty(tlsClientKeyPassword) ? tlsClientKeyPassword : null)
                     .build();
             }
         } else {