diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-03-01 12:30:16 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-03-01 12:30:16 +0100 |
commit | 7d7a1fb16696bf6b8e2daa88d4b95cadc3227650 (patch) | |
tree | 290933cd96874a8cb880b5870a52a3b39d331a4a /athenz-identity-provider-service/src/main | |
parent | c1596a75cf17c9b684c3b8f46e3df228081a38db (diff) |
Don't fail on keystore on disk read/write
Also rename getKeystoreExpiry to getCertificateExpiry
Diffstat (limited to 'athenz-identity-provider-service/src/main')
2 files changed, 10 insertions, 9 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java index 76b1b6bea56..da16bfe3c24 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java @@ -90,11 +90,12 @@ public class AthenzSslKeyStoreConfigurator extends AbstractComponent implements keyStore.load(in, new char[0]); } Instant minimumExpiration = Instant.now().plus(updatePeriod).plus(EXPIRATION_MARGIN); - boolean isExpired = getKeyStoreExpiry(keyStore).isBefore(minimumExpiration); + boolean isExpired = getCertificateExpiry(keyStore).isBefore(minimumExpiration); if (isExpired) return Optional.empty(); return Optional.of(keyStore); } catch (IOException | GeneralSecurityException e) { - throw new RuntimeException(e); + log.log(LogLevel.ERROR, "Failed to read keystore from disk: " + e.getMessage(), e); + return Optional.empty(); } } @@ -123,11 +124,11 @@ public class AthenzSslKeyStoreConfigurator extends AbstractComponent implements } } - Instant getKeyStoreExpiry() throws KeyStoreException { - return getKeyStoreExpiry(currentKeyStore); + Instant getCertificateExpiry() throws KeyStoreException { + return getCertificateExpiry(currentKeyStore); } - private static Instant getKeyStoreExpiry(KeyStore keyStore) throws KeyStoreException { + private static Instant getCertificateExpiry(KeyStore keyStore) throws KeyStoreException { X509Certificate certificate = (X509Certificate) keyStore.getCertificate(CERTIFICATE_ALIAS); return certificate.getNotAfter().toInstant(); } @@ -147,18 +148,18 @@ public class AthenzSslKeyStoreConfigurator extends AbstractComponent implements keyStore.load(null); keyStore.setKeyEntry( CERTIFICATE_ALIAS, privateKey, CERTIFICATE_PASSWORD.toCharArray(), new Certificate[]{certificate}); - writeKeystore(keyStore, keystoreCachePath); + tryWriteKeystore(keyStore, keystoreCachePath); return keyStore; } catch (IOException | GeneralSecurityException e) { throw new RuntimeException(e); } } - private static void writeKeystore(KeyStore keyStore, Path keystoreCachePath) { + private static void tryWriteKeystore(KeyStore keyStore, Path keystoreCachePath) { try (OutputStream out = new BufferedOutputStream(new FileOutputStream(keystoreCachePath.toFile()))) { keyStore.store(out, new char[0]); } catch (IOException | GeneralSecurityException e) { - throw new RuntimeException(e); + log.log(LogLevel.ERROR, "Failed to write keystore to disk: " + e.getMessage(), e); } } diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/CertificateExpiryMetricUpdater.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/CertificateExpiryMetricUpdater.java index cf734facf34..2d80b15c7ec 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/CertificateExpiryMetricUpdater.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/CertificateExpiryMetricUpdater.java @@ -59,7 +59,7 @@ public class CertificateExpiryMetricUpdater extends AbstractComponent { Instant now = Instant.now(); try { - Duration keyStoreExpiry = Duration.between(now, keyStoreConfigurator.getKeyStoreExpiry()); + Duration keyStoreExpiry = Duration.between(now, keyStoreConfigurator.getCertificateExpiry()); metric.set(ATHENZ_CONFIGSERVER_CERT_METRIC_NAME, keyStoreExpiry.getSeconds(), null); } catch (KeyStoreException e) { logger.log(Level.WARNING, "Failed to update key store expiry metric", e); |