Merge branch 'master' into bjormel/aws-main-controllerbjormel/aws-main-controller

author: bjormel <bjormel@yahooinc.com> 2023-10-26 13:59:28 +0000
committer: bjormel <bjormel@yahooinc.com> 2023-10-26 13:59:28 +0000
commit: 567be9a1f6353cec41c23bfd1fcd46b4b2a4d2d7 (patch)
tree: 4664a743e166a5e11aee7b9acd70ad8ee2617612 /vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java
parent: e9058b555d4dfea2f6c872d9a677e8678b569569 (diff)
parent: bce3b8e926bf9da880172acbe1ba4b12d5e026d6 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java
index e97409b40ef..623a8c856bc 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java
@@ -1,4 +1,4 @@
-// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.athenz.identityprovider.client;
 
 import ai.vespa.metrics.ContainerMetrics;
@@ -278,17 +278,17 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen
                 identity, role, athenzUniqueInstanceId, null, keyPair);
         try (ZtsClient client = createZtsClient()) {
             X509Certificate roleCertificate = client.getRoleCertificate(role, csr);
-            updateRoleKeyManager(role, roleCertificate);
+            updateRoleKeyManager(role, keyPair.getPrivate(), roleCertificate);
             log.info(String.format("Requester role certificate for role %s, expires: %s", role.toResourceNameString(), roleCertificate.getNotAfter().toInstant().toString()));
             return roleCertificate;
         }
     }
 
-    private void updateRoleKeyManager(AthenzRole role, X509Certificate certificate) {
+    private void updateRoleKeyManager(AthenzRole role, PrivateKey privateKey, X509Certificate certificate) {
         MutableX509KeyManager keyManager = roleKeyManagerCache.computeIfAbsent(role, r -> new MutableX509KeyManager());
         keyManager.updateKeystore(
                 KeyStoreBuilder.withType(PKCS12)
-                        .withKeyEntry("default", autoReloadingX509KeyManager.getCurrentCertificateWithKey().privateKey(), certificate)
+                        .withKeyEntry("default", privateKey, certificate)
                         .build(),
                 new char[0]);
     }
author	bjormel <bjormel@yahooinc.com>	2023-10-26 13:59:28 +0000
committer	bjormel <bjormel@yahooinc.com>	2023-10-26 13:59:28 +0000
commit	567be9a1f6353cec41c23bfd1fcd46b4b2a4d2d7 (patch)
tree	4664a743e166a5e11aee7b9acd70ad8ee2617612 /vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java
parent	e9058b555d4dfea2f6c872d9a677e8678b569569 (diff)
parent	bce3b8e926bf9da880172acbe1ba4b12d5e026d6 (diff)