fix: reinitialize keystore if there are any loading problems (#24)

MikeDombo · web-flow · commit a7b72637b2da · 2022-10-14T15:13:10.000-07:00
diff --git a/src/main/java/com/aws/greengrass/localdebugconsole/SimpleHttpServer.java b/src/main/java/com/aws/greengrass/localdebugconsole/SimpleHttpServer.java
@@ -245,14 +245,11 @@ boolean initializeHttps() {
                 try (InputStream is = Files.newInputStream(keyStorePath)) {
                     ks.load(is, passphrase);
                 } catch (IOException e) {
-                    // If the password is wrong for whatever reason, delete the existing keystore and
-                    // reinitialize it
-                    if (e.getCause() instanceof UnrecoverableKeyException) {
-                        Files.deleteIfExists(keyStorePath);
-                        initializeKeyStore(ks, passphrase, keyStorePath);
-                    } else {
-                        throw e;
-                    }
+                    logger.warn(
+                            "Failed to load self-signed certificate keystore. Reinitializing keystore automatically",
+                            e);
+                    Files.deleteIfExists(keyStorePath);
+                    initializeKeyStore(ks, passphrase, keyStorePath);
                 }
             } else {
                 initializeKeyStore(ks, passphrase, keyStorePath);
diff --git a/src/test/java/com/aws/greengrass/localdebugconsole/SimpleHttpServerTest.java b/src/test/java/com/aws/greengrass/localdebugconsole/SimpleHttpServerTest.java
@@ -14,15 +14,19 @@
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.api.extension.ExtensionContext;
 import org.junit.jupiter.api.io.TempDir;
 
+import java.io.IOException;
+import java.nio.file.Files;
 import java.nio.file.Path;
 import java.time.Duration;
 import java.time.Instant;
 import java.util.Map;
 
 import static com.aws.greengrass.localdebugconsole.SimpleHttpServer.DEBUG_PASSWORD_NAMESPACE;
 import static com.aws.greengrass.localdebugconsole.SimpleHttpServer.EXPIRATION_NAMESPACE;
+import static com.aws.greengrass.testcommons.testutilities.ExceptionLogProtector.ignoreExceptionOfType;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
@@ -43,7 +47,8 @@ void after() {
     }
 
     @Test
-    void GIVEN_server_WHEN_authenticate_THEN_cleans_storage() {
+    void GIVEN_server_WHEN_authenticate_THEN_cleans_storage(ExtensionContext context) throws IOException {
+        ignoreExceptionOfType(context, IOException.class);
         kernel = new Kernel();
         kernel.parseArgs("-r", rootDir.toAbsolutePath().toString());
 
@@ -66,6 +71,11 @@ void GIVEN_server_WHEN_authenticate_THEN_cleans_storage() {
         http.getRuntimeConfig().remove(); // remove runtime config so that the password is lost
         kernel.getContext().waitForPublishQueueToClear();
         assertTrue(http.initializeHttps());
+
+        // Verify that corrupting the keystore is recoverable
+        Files.write(kernel.getNucleusPaths().workPath(SimpleHttpServer.AWS_GREENGRASS_DEBUG_SERVER)
+                .resolve("keystore.jks"), new byte[1024]);
+        assertTrue(http.initializeHttps());
     }
 
     @Test
