Expose role certificate

1 files changed, 14 insertions, 1 deletions

diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java
index 418f7ec024b..1523537d84c 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java
@@ -213,7 +213,7 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen
         try {
             AthenzRole athenzRole = new AthenzRole(new AthenzDomain(domain), role);
             // Make sure to request a certificate which triggers creating a new key manager for this role
-            X509Certificate x509Certificate = roleSslCertCache.get(athenzRole);
+            X509Certificate x509Certificate = getRoleCertificate(athenzRole);
             MutableX509KeyManager keyManager = roleKeyManagerCache.get(athenzRole);
             return new SslContextBuilder()
                     .withKeyManager(keyManager)
@@ -278,6 +278,19 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen
         return Collections.singletonList(credentials.getCertificate());
     }
 
+    @Override
+    public X509Certificate getRoleCertificate(String domain, String role) {
+        return getRoleCertificate(new AthenzRole(new AthenzDomain(domain), role));
+    }
+
+    private X509Certificate getRoleCertificate(AthenzRole athenzRole) {
+        try {
+            return roleSslCertCache.get(athenzRole);
+        } catch (Exception e) {
+            throw new AthenzIdentityProviderException("Could not retrieve role certificate: " + e.getMessage(), e);
+        }
+    }
+
     private void updateIdentityCredentials(AthenzCredentials credentials) {
         this.credentials = credentials;
         this.identityKeyManager.updateKeystore(