Don't fail on keystore on disk read/write

Also rename getKeystoreExpiry to getCertificateExpiry
author: Bjørn Christian Seime <bjorncs@oath.com> 2018-03-01 12:30:16 +0100
committer: Bjørn Christian Seime <bjorncs@oath.com> 2018-03-01 12:30:16 +0100
commit: 7d7a1fb16696bf6b8e2daa88d4b95cadc3227650 (patch)
tree: 290933cd96874a8cb880b5870a52a3b39d331a4a /athenz-identity-provider-service/src/main
parent: c1596a75cf17c9b684c3b8f46e3df228081a38db (diff)
2 files changed, 10 insertions, 9 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java
index 76b1b6bea56..da16bfe3c24 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java
@@ -90,11 +90,12 @@ public class AthenzSslKeyStoreConfigurator extends AbstractComponent implements
                 keyStore.load(in, new char[0]);
             }
             Instant minimumExpiration = Instant.now().plus(updatePeriod).plus(EXPIRATION_MARGIN);
-            boolean isExpired = getKeyStoreExpiry(keyStore).isBefore(minimumExpiration);
+            boolean isExpired = getCertificateExpiry(keyStore).isBefore(minimumExpiration);
             if (isExpired) return Optional.empty();
             return Optional.of(keyStore);
         } catch (IOException | GeneralSecurityException e) {
-            throw new RuntimeException(e);
+            log.log(LogLevel.ERROR, "Failed to read keystore from disk: " + e.getMessage(), e);
+            return Optional.empty();
         }
     }
 
@@ -123,11 +124,11 @@ public class AthenzSslKeyStoreConfigurator extends AbstractComponent implements
         }
     }
 
-    Instant getKeyStoreExpiry() throws KeyStoreException {
-        return getKeyStoreExpiry(currentKeyStore);
+    Instant getCertificateExpiry() throws KeyStoreException {
+        return getCertificateExpiry(currentKeyStore);
     }
 
-    private static Instant getKeyStoreExpiry(KeyStore keyStore) throws KeyStoreException {
+    private static Instant getCertificateExpiry(KeyStore keyStore) throws KeyStoreException {
         X509Certificate certificate = (X509Certificate) keyStore.getCertificate(CERTIFICATE_ALIAS);
         return certificate.getNotAfter().toInstant();
     }
@@ -147,18 +148,18 @@ public class AthenzSslKeyStoreConfigurator extends AbstractComponent implements
             keyStore.load(null);
             keyStore.setKeyEntry(
                     CERTIFICATE_ALIAS, privateKey, CERTIFICATE_PASSWORD.toCharArray(), new Certificate[]{certificate});
-            writeKeystore(keyStore, keystoreCachePath);
+            tryWriteKeystore(keyStore, keystoreCachePath);
             return keyStore;
         } catch (IOException | GeneralSecurityException e) {
             throw new RuntimeException(e);
         }
     }
 
-    private static void writeKeystore(KeyStore keyStore, Path keystoreCachePath) {
+    private static void tryWriteKeystore(KeyStore keyStore, Path keystoreCachePath) {
         try (OutputStream out = new BufferedOutputStream(new FileOutputStream(keystoreCachePath.toFile()))) {
             keyStore.store(out, new char[0]);
         } catch (IOException | GeneralSecurityException e) {
-            throw new RuntimeException(e);
+            log.log(LogLevel.ERROR, "Failed to write keystore to disk: " + e.getMessage(), e);
         }
     }
 
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/CertificateExpiryMetricUpdater.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/CertificateExpiryMetricUpdater.java
index cf734facf34..2d80b15c7ec 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/CertificateExpiryMetricUpdater.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/CertificateExpiryMetricUpdater.java
@@ -59,7 +59,7 @@ public class CertificateExpiryMetricUpdater extends AbstractComponent {
         Instant now = Instant.now();
 
         try {
-            Duration keyStoreExpiry = Duration.between(now, keyStoreConfigurator.getKeyStoreExpiry());
+            Duration keyStoreExpiry = Duration.between(now, keyStoreConfigurator.getCertificateExpiry());
             metric.set(ATHENZ_CONFIGSERVER_CERT_METRIC_NAME, keyStoreExpiry.getSeconds(), null);
         } catch (KeyStoreException e) {
             logger.log(Level.WARNING, "Failed to update key store expiry metric", e);
author	Bjørn Christian Seime <bjorncs@oath.com>	2018-03-01 12:30:16 +0100
committer	Bjørn Christian Seime <bjorncs@oath.com>	2018-03-01 12:30:16 +0100
commit	7d7a1fb16696bf6b8e2daa88d4b95cadc3227650 (patch)
tree	290933cd96874a8cb880b5870a52a3b39d331a4a /athenz-identity-provider-service/src/main
parent	c1596a75cf17c9b684c3b8f46e3df228081a38db (diff)