From 9be462c4d7cddb4c4df29e8640cdfb6f22fa4e94 Mon Sep 17 00:00:00 2001
From: Bjørn Christian Seime <bjorncs@verizonmedia.com>
Date: Thu, 4 Jul 2019 16:39:19 +0200
Subject: Use current certificate manager to find certificate expiry

---
 .../ConfigserverSslContextFactoryProvider.java                     | 2 +-
 .../main/java/com/yahoo/security/tls/MutableX509KeyManager.java    | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java
index 7c25e906b6f..971c2c00859 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ConfigserverSslContextFactoryProvider.java
@@ -86,7 +86,7 @@ public class ConfigserverSslContextFactoryProvider extends TlsContextBasedProvid
     }
 
     Instant getCertificateNotAfter() {
-        return keyManager.getCertificateChain(CERTIFICATE_ALIAS)[0].getNotAfter().toInstant();
+        return keyManager.currentManager().getCertificateChain(CERTIFICATE_ALIAS)[0].getNotAfter().toInstant();
     }
 
     @Override
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/MutableX509KeyManager.java b/security-utils/src/main/java/com/yahoo/security/tls/MutableX509KeyManager.java
index efd4d8ece87..02a32f79971 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/MutableX509KeyManager.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/MutableX509KeyManager.java
@@ -50,6 +50,12 @@ public class MutableX509KeyManager extends X509ExtendedKeyManager {
         }
     }
 
+    public X509ExtendedKeyManager currentManager() {
+        synchronized (monitor) {
+            return currentManager;
+        }
+    }
+
     @Override
     public String[] getServerAliases(String keyType, Principal[] issuers) {
         return updateAndGetThreadLocalManager()
@@ -117,5 +123,4 @@ public class MutableX509KeyManager extends X509ExtendedKeyManager {
             return manager;
         }
     }
-
 }
-- 
cgit v1.2.3