From 7d7a1fb16696bf6b8e2daa88d4b95cadc3227650 Mon Sep 17 00:00:00 2001
From: Bjørn Christian Seime <bjorncs@oath.com>
Date: Thu, 1 Mar 2018 12:30:16 +0100
Subject: Don't fail on keystore on disk read/write

Also rename getKeystoreExpiry to getCertificateExpiry
---
 .../AthenzSslKeyStoreConfigurator.java                  | 17 +++++++++--------
 .../CertificateExpiryMetricUpdater.java                 |  2 +-
 2 files changed, 10 insertions(+), 9 deletions(-)

(limited to 'athenz-identity-provider-service/src/main')

diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java
index 76b1b6bea56..da16bfe3c24 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java
@@ -90,11 +90,12 @@ public class AthenzSslKeyStoreConfigurator extends AbstractComponent implements
                 keyStore.load(in, new char[0]);
             }
             Instant minimumExpiration = Instant.now().plus(updatePeriod).plus(EXPIRATION_MARGIN);
-            boolean isExpired = getKeyStoreExpiry(keyStore).isBefore(minimumExpiration);
+            boolean isExpired = getCertificateExpiry(keyStore).isBefore(minimumExpiration);
             if (isExpired) return Optional.empty();
             return Optional.of(keyStore);
         } catch (IOException | GeneralSecurityException e) {
-            throw new RuntimeException(e);
+            log.log(LogLevel.ERROR, "Failed to read keystore from disk: " + e.getMessage(), e);
+            return Optional.empty();
         }
     }
 
@@ -123,11 +124,11 @@ public class AthenzSslKeyStoreConfigurator extends AbstractComponent implements
         }
     }
 
-    Instant getKeyStoreExpiry() throws KeyStoreException {
-        return getKeyStoreExpiry(currentKeyStore);
+    Instant getCertificateExpiry() throws KeyStoreException {
+        return getCertificateExpiry(currentKeyStore);
     }
 
-    private static Instant getKeyStoreExpiry(KeyStore keyStore) throws KeyStoreException {
+    private static Instant getCertificateExpiry(KeyStore keyStore) throws KeyStoreException {
         X509Certificate certificate = (X509Certificate) keyStore.getCertificate(CERTIFICATE_ALIAS);
         return certificate.getNotAfter().toInstant();
     }
@@ -147,18 +148,18 @@ public class AthenzSslKeyStoreConfigurator extends AbstractComponent implements
             keyStore.load(null);
             keyStore.setKeyEntry(
                     CERTIFICATE_ALIAS, privateKey, CERTIFICATE_PASSWORD.toCharArray(), new Certificate[]{certificate});
-            writeKeystore(keyStore, keystoreCachePath);
+            tryWriteKeystore(keyStore, keystoreCachePath);
             return keyStore;
         } catch (IOException | GeneralSecurityException e) {
             throw new RuntimeException(e);
         }
     }
 
-    private static void writeKeystore(KeyStore keyStore, Path keystoreCachePath) {
+    private static void tryWriteKeystore(KeyStore keyStore, Path keystoreCachePath) {
         try (OutputStream out = new BufferedOutputStream(new FileOutputStream(keystoreCachePath.toFile()))) {
             keyStore.store(out, new char[0]);
         } catch (IOException | GeneralSecurityException e) {
-            throw new RuntimeException(e);
+            log.log(LogLevel.ERROR, "Failed to write keystore to disk: " + e.getMessage(), e);
         }
     }
 
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/CertificateExpiryMetricUpdater.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/CertificateExpiryMetricUpdater.java
index cf734facf34..2d80b15c7ec 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/CertificateExpiryMetricUpdater.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/CertificateExpiryMetricUpdater.java
@@ -59,7 +59,7 @@ public class CertificateExpiryMetricUpdater extends AbstractComponent {
         Instant now = Instant.now();
 
         try {
-            Duration keyStoreExpiry = Duration.between(now, keyStoreConfigurator.getKeyStoreExpiry());
+            Duration keyStoreExpiry = Duration.between(now, keyStoreConfigurator.getCertificateExpiry());
             metric.set(ATHENZ_CONFIGSERVER_CERT_METRIC_NAME, keyStoreExpiry.getSeconds(), null);
         } catch (KeyStoreException e) {
             logger.log(Level.WARNING, "Failed to update key store expiry metric", e);
-- 
cgit v1.2.3