Merge pull request #9964 from vespa-engine/bjorncs/fix

Use current certificate manager to find certificate expiry
author: gjoranv <gv@verizonmedia.com> 2019-07-04 16:41:08 +0200
committer: GitHub <noreply@github.com> 2019-07-04 16:41:08 +0200
commit: 39d5cb834b233f7684be6410b973c0bff441e4c5 (patch)
tree: e55f6637df26b3a3dac279f0390055ac50b602d2
parent: 5ea083be3e4cf2e5b8ff98bba1524c20bcbe8677 (diff)
parent: 9be462c4d7cddb4c4df29e8640cdfb6f22fa4e94 (diff)
2 files changed, 7 insertions, 2 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java
index 7c25e906b6f..971c2c00859 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java
@@ -86,7 +86,7 @@ public class ConfigserverSslContextFactoryProvider extends TlsContextBasedProvid
     }
 
     Instant getCertificateNotAfter() {
-        return keyManager.getCertificateChain(CERTIFICATE_ALIAS)[0].getNotAfter().toInstant();
+        return keyManager.currentManager().getCertificateChain(CERTIFICATE_ALIAS)[0].getNotAfter().toInstant();
     }
 
     @Override
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/MutableX509KeyManager.java b/security-utils/src/main/java/com/yahoo/security/tls/MutableX509KeyManager.java
index efd4d8ece87..02a32f79971 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/MutableX509KeyManager.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/MutableX509KeyManager.java
@@ -50,6 +50,12 @@ public class MutableX509KeyManager extends X509ExtendedKeyManager {
         }
     }
 
+    public X509ExtendedKeyManager currentManager() {
+        synchronized (monitor) {
+            return currentManager;
+        }
+    }
+
     @Override
     public String[] getServerAliases(String keyType, Principal[] issuers) {
         return updateAndGetThreadLocalManager()
@@ -117,5 +123,4 @@ public class MutableX509KeyManager extends X509ExtendedKeyManager {
             return manager;
         }
     }
-
 }
author	gjoranv <gv@verizonmedia.com>	2019-07-04 16:41:08 +0200
committer	GitHub <noreply@github.com>	2019-07-04 16:41:08 +0200
commit	39d5cb834b233f7684be6410b973c0bff441e4c5 (patch)
tree	e55f6637df26b3a3dac279f0390055ac50b602d2
parent	5ea083be3e4cf2e5b8ff98bba1524c20bcbe8677 (diff)
parent	9be462c4d7cddb4c4df29e8640cdfb6f22fa4e94 (diff)