diff options
2 files changed, 7 insertions, 2 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java index 7c25e906b6f..971c2c00859 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java @@ -86,7 +86,7 @@ public class ConfigserverSslContextFactoryProvider extends TlsContextBasedProvid } Instant getCertificateNotAfter() { - return keyManager.getCertificateChain(CERTIFICATE_ALIAS)[0].getNotAfter().toInstant(); + return keyManager.currentManager().getCertificateChain(CERTIFICATE_ALIAS)[0].getNotAfter().toInstant(); } @Override diff --git a/security-utils/src/main/java/com/yahoo/security/tls/MutableX509KeyManager.java b/security-utils/src/main/java/com/yahoo/security/tls/MutableX509KeyManager.java index efd4d8ece87..02a32f79971 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/MutableX509KeyManager.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/MutableX509KeyManager.java @@ -50,6 +50,12 @@ public class MutableX509KeyManager extends X509ExtendedKeyManager { } } + public X509ExtendedKeyManager currentManager() { + synchronized (monitor) { + return currentManager; + } + } + @Override public String[] getServerAliases(String keyType, Principal[] issuers) { return updateAndGetThreadLocalManager() @@ -117,5 +123,4 @@ public class MutableX509KeyManager extends X509ExtendedKeyManager { return manager; } } - } |