Omit specifying trust store or CA cert when generating KeyRefresher (#…

…2650)

Signed-off-by: Masahiro Sakamoto <[email protected]>

libs/java/cert_refresher/src/main/java/com/oath/auth/KeyRefresher.java

@@ -125,7 +125,8 @@ private void scanForFileChanges() {
             // run loop contents here
             while (!shutdown) {
                 try {
-                    if (haveFilesBeenChanged(trustStore.getFilePath(), lastTrustManagerChecksum)) {
+                    if (trustStore != null && trustManagerProxy != null
+                            && haveFilesBeenChanged(trustStore.getFilePath(), lastTrustManagerChecksum)) {
                         trustManagerProxy.setTrustManager(trustStore.getTrustManagers());
                         if (LOGGER.isDebugEnabled()) {
                             LOGGER.debug("KeyRefresher detected changes. Reloaded Trust Managers");

libs/java/cert_refresher/src/main/java/com/oath/auth/Utils.java

@@ -244,8 +244,10 @@ public static KeyRefresher generateKeyRefresher(final String trustStorePath,
                                                     final char[] trustStorePassword, final String athenzPublicCert,
                                                     final String athenzPrivateKey, final KeyRefresherListener keyRefresherListener)
             throws FileNotFoundException, IOException, InterruptedException, KeyRefresherException {
-        TrustStore trustStore = new TrustStore(trustStorePath,
-                new JavaKeyStoreProvider(trustStorePath, trustStorePassword));
+        TrustStore trustStore = null;
+        if (trustStorePath != null && !trustStorePath.isEmpty()) {
+            trustStore = new TrustStore(trustStorePath, new JavaKeyStoreProvider(trustStorePath, trustStorePassword));
+        }
         return getKeyRefresher(athenzPublicCert, athenzPrivateKey, trustStore, keyRefresherListener);
     }
 
@@ -269,7 +271,10 @@ public static KeyRefresher generateKeyRefresher(final String trustStorePath,
     public static KeyRefresher generateKeyRefresherFromCaCert(final String caCertPath,
             final String athenzPublicCert, final String athenzPrivateKey)
             throws IOException, InterruptedException, KeyRefresherException {
-        TrustStore trustStore = new TrustStore(caCertPath, new CaCertKeyStoreProvider(caCertPath));
+        TrustStore trustStore = null;
+        if (caCertPath != null && !caCertPath.isEmpty()) {
+            trustStore = new TrustStore(caCertPath, new CaCertKeyStoreProvider(caCertPath));
+        }
         return getKeyRefresher(athenzPublicCert, athenzPrivateKey, trustStore);
     }
 
@@ -284,7 +289,10 @@ static KeyRefresher getKeyRefresher(String athenzPublicCert, String athenzPrivat
         KeyRefresher keyRefresher;
         KeyManagerProxy keyManagerProxy =
                 new KeyManagerProxy(getKeyManagers(athenzPublicCert, athenzPrivateKey));
-        TrustManagerProxy trustManagerProxy = new TrustManagerProxy(trustStore.getTrustManagers());
+        TrustManagerProxy trustManagerProxy = null;
+        if (trustStore != null) {
+            trustManagerProxy = new TrustManagerProxy(trustStore.getTrustManagers());
+        }
         try {
             keyRefresher = new KeyRefresher(athenzPublicCert, athenzPrivateKey, trustStore,
                     keyManagerProxy, trustManagerProxy, keyRefresherListener);

libs/java/cert_refresher/src/test/java/com/oath/auth/KeyRefresherTest.java

@@ -170,6 +170,13 @@ public void testGenerateKeyRefresherFromCaCert() throws Exception {
                 "unit_test_gdpr.aws.core.key.pem");
         assertNotNull(keyRefresher);
 
+        keyRefresher = Utils.generateKeyRefresher(null, "gdpr.aws.core.cert.pem", "unit_test_gdpr.aws.core.key.pem");
+        assertNotNull(keyRefresher);
+
+        keyRefresher = Utils.generateKeyRefresherFromCaCert(null, "gdpr.aws.core.cert.pem",
+                "unit_test_gdpr.aws.core.key.pem");
+        assertNotNull(keyRefresher);
+
         final String caCertPath = Objects.requireNonNull(classLoader.getResource("ca.cert.pem")).getFile();
         keyRefresher = Utils.generateKeyRefresherFromCaCert(caCertPath, "gdpr.aws.core.cert.pem",
                 "unit_test_gdpr.aws.core.key.pem");