address review comments

trentjeff · Sep 5, 2023 · da765ea · da765ea
1 parent 4868cb5
commit da765ea
Show file tree

Hide file tree

Showing 8 changed files with 14 additions and 18 deletions.
diff --git a/common/tls/src/main/java/io/helidon/common/tls/TlsConfigBlueprint.java b/common/tls/src/main/java/io/helidon/common/tls/TlsConfigBlueprint.java
@@ -36,7 +36,7 @@
 @Configured
 interface TlsConfigBlueprint extends Prototype.Factory<Tls> {
     /**
-     * The default protocol.
+     * The default protocol is set to {@value}.
      */
     String DEFAULT_PROTOCOL = "TLS";
 

diff --git a/examples/microprofile/oci-tls-certificates/README.md b/examples/microprofile/oci-tls-certificates/README.md
@@ -68,7 +68,7 @@ for both [rotating](#rotating-mtls-certificates) certificates and [running](#bui
 - **VAULT_MANAGEMENT_ENDPOINT** - crypto endpoint of the vault we are rotating the private keys in
 - **CA_OCID** - OCID of the CA authority we have created in [Prepare CA](#prepare-cacertification-authority) step
 
-Following env variables are generated automatically by [createKeys.sh](etc/unsupported-cert-tools/createKeys.sh) or needs to be configured manually for [rotateKeys.sh](etc/unsupported-cert-tools/rotateKeys.sh) in [generated-config.sh](etc/unsupported-cert-tools/generated-config.sh)
+Following env variables are generated automatically by [create-keys.sh](etc/unsupported-cert-tools/create-keys.sh) or needs to be configured manually for [rotate-keys.sh](etc/unsupported-cert-tools/rotate-keys.sh) in [generated-config.sh](etc/unsupported-cert-tools/generated-config.sh)
 - **SERVER_CERT_OCID** - OCID of the server certificate(not the specific version!)
 - **SERVER_KEY_OCID** - OCID of the server private key in vault(not the specific version!)
 
@@ -79,13 +79,13 @@ Optional:
 ### Prepare keys and certificates
 Make sure you are in the directory [./etc/unsupported-cert-tools/](etc/unsupported-cert-tools/).
 ```shell
-bash createKeys.sh
+bash create-keys.sh
 ```
 
 ## Rotating mTLS certificates
 Make sure you are in the directory [./etc/unsupported-cert-tools/](etc/unsupported-cert-tools/).
 ```shell
-bash rotateKeys.sh
+bash rotate-keys.sh
 ```
 ⚠️ Keep in mind that rotation creates new [versions](https://docs.oracle.com/en-us/iaas/Content/certificates/rotation-states.htm), OCIDs of the keys and certificates stays the same, and you don't need to change your configuration.
 

diff --git a/.../etc/unsupported-cert-tools/createKeys.sh → ...etc/unsupported-cert-tools/create-keys.sh b/.../etc/unsupported-cert-tools/createKeys.sh → ...etc/unsupported-cert-tools/create-keys.sh
@@ -50,7 +50,7 @@ echo "Client private key OCID: $NEW_CLIENT_KEY_OCID"
 echo "Saving to gen-config.sh"
 tee ${CDIR}/generated-config.sh << EOF
 #!/bin/bash
-## Content of this file gets rewritten by createKeys.sh
+## Content of this file gets rewritten by create-keys.sh
 export SERVER_CERT_OCID=$NEW_SERVER_CERT_OCID
 export SERVER_KEY_OCID=$NEW_SERVER_KEY_OCID
 

diff --git a/examples/microprofile/oci-tls-certificates/etc/unsupported-cert-tools/generated-config.sh b/examples/microprofile/oci-tls-certificates/etc/unsupported-cert-tools/generated-config.sh
@@ -16,7 +16,7 @@
 # limitations under the License.
 #
 
-## Content of this file gets rewritten by createKeys.sh
+## Content of this file gets rewritten by create-keys.sh
 export SERVER_CERT_OCID=ocid1.certificate.oc1.
 export SERVER_KEY_OCID=ocid1.key.oc1.
 

diff --git a/.../etc/unsupported-cert-tools/rotateKeys.sh → ...etc/unsupported-cert-tools/rotate-keys.sh b/.../etc/unsupported-cert-tools/rotateKeys.sh → ...etc/unsupported-cert-tools/rotate-keys.sh
diff --git a/examples/microprofile/oci-tls-certificates/pom.xml b/examples/microprofile/oci-tls-certificates/pom.xml
@@ -92,10 +92,10 @@
                 <configuration>
                     <systemPropertyVariables>
                         <!-- To be changed manually - see README.md -->
-<!--                        <VAULT_CRYPTO_ENDPOINT>https://XXX-crypto.kms.XXX.oraclecloud.com</VAULT_CRYPTO_ENDPOINT>-->
-<!--                        <CA_OCID>ocid1.XXX</CA_OCID>-->
-<!--                        <SERVER_CERT_OCID>ocid1.certificate.oc1.XXX</SERVER_CERT_OCID>-->
-<!--                        <SERVER_KEY_OCID>ocid1.key.oc1.id1.certificate.oc1.</SERVER_KEY_OCID>-->
+<!--                        <VAULT_CRYPTO_ENDPOINT>SETME</VAULT_CRYPTO_ENDPOINT>-->
+<!--                        <CA_OCID>SETME</CA_OCID>-->
+<!--                        <SERVER_CERT_OCID>SETME</SERVER_CERT_OCID>-->
+<!--                        <SERVER_KEY_OCID>SETME</SERVER_KEY_OCID>-->
 
                         <java.util.logging.config.file>${project.build.testOutputDirectory}/logging.properties</java.util.logging.config.file>
                         <org.jboss.logging.provider>jdk</org.jboss.logging.provider>

diff --git a/integrations/oci/tls-certificates/pom.xml b/integrations/oci/tls-certificates/pom.xml
@@ -227,10 +227,10 @@
                 <artifactId>maven-surefire-plugin</artifactId>
                 <configuration>
                     <systemPropertyVariables>
-                        <VAULT_CRYPTO_ENDPOINT>https://dvsozhzvaaf3q-crypto.kms.us-ashburn-1.oraclecloud.com</VAULT_CRYPTO_ENDPOINT>
-                        <CA_OCID>ocid1.certificateauthority.oc1.iad.amaaaaaa2rcccgyar6imoqdt43ochnaygyhgoqb65z6bd7w2xzv2tdcsbsga</CA_OCID>
-                        <SERVER_CERT_OCID>ocid1.certificate.oc1.iad.amaaaaaa2rcccgya4fxntgo7cctdvcftwzor7l6ls6oglgyrpm6uaun2fgaq</SERVER_CERT_OCID>
-                        <SERVER_KEY_OCID>ocid1.key.oc1.iad.dvsozhzvaaf3q.abuwcljsplsjcctmc25t6ciqrhqnuiacb6trrqepepltk6vrrfp6xflynctq</SERVER_KEY_OCID>
+                        <VAULT_CRYPTO_ENDPOINT>SETME</VAULT_CRYPTO_ENDPOINT>
+                        <CA_OCID>SETME</CA_OCID>
+                        <SERVER_CERT_OCID>SETME</SERVER_CERT_OCID>
+                        <SERVER_KEY_OCID>SETME</SERVER_KEY_OCID>
 
                         <oci.real.usage>false</oci.real.usage>
                     </systemPropertyVariables>

diff --git a/...n/java/io/helidon/integrations/oci/tls/certificates/DefaultOciCertificatesTlsManager.java b/...n/java/io/helidon/integrations/oci/tls/certificates/DefaultOciCertificatesTlsManager.java
@@ -146,19 +146,16 @@ void config(io.helidon.common.config.Config config) {
      * @return true if a reload occurred
      */
     boolean loadContext(boolean initialLoad) {
-        long startTime = System.currentTimeMillis();
         try {
             // download all of our security collateral from OCI
             OciCertificatesDownloader cd = certDownloader.get();
             OciCertificatesDownloader.Certificates certificates = cd.loadCertificates(cfg.certOcid());
-            long finishTime = System.currentTimeMillis();
             if (lastVersionDownloaded.get().equals(certificates.version())) {
                 assert (!initialLoad);
                 return false;
             }
 
             // reset start time for the next update phase
-            startTime = System.currentTimeMillis();
             Certificate ca = cd.loadCACertificate(cfg.caOcid());
 
             OciPrivateKeyDownloader pd = pkDownloader.get();
@@ -197,7 +194,6 @@ boolean loadContext(boolean initialLoad) {
             } else {
                 reload(keyManager, trustManager);
             }
-            finishTime = System.currentTimeMillis();
 
             return true;
         } catch (KeyStoreException e) {