/** * Builds a query that will select all (not ignored) documents that use any of the specified * certificates. */ private static Query buildCertUsageSelectionQuery(Collection<String> trustCertLinks, Collection<String> ignoredUsageLinks) { Builder queryBuilder = Query.Builder.create(); addClauseToQuery(queryBuilder, buildCertLinkClause(trustCertLinks)); addClauseToQuery(queryBuilder, buildSelfLinkExclusionClause(ignoredUsageLinks)); return queryBuilder.build(); }
private void trustCertCleanup(String excludeComputeLink) throws Throwable { CertificateCleanupUtil .removeTrustCertsIfUnused(host, Collections.singleton(sslTrustCert.documentSelfLink), excludeComputeLink == null ? null : Collections.singleton(excludeComputeLink)) .toCompletionStage() .toCompletableFuture().get(); }
Collection<String> trustCertLinks, Collection<String> ignoredUsageLinks) { trustCertLinks = sanitizeCollection(trustCertLinks); if (trustCertLinks.isEmpty()) { return DeferredResult.completed(null); ignoredUsageLinks = sanitizeCollection(ignoredUsageLinks); Query usagesQuery = buildCertUsageSelectionQuery(trustCertLinks, ignoredUsageLinks); }) .thenCompose(ignore -> deleteCertificatesByLink(serviceHost, unusedCertLinks));
private void doRemoveTrustCerts(ContainerHostRemovalTaskState state) { collectTrustCert(state) .thenApply(trustCertSelfLinks -> { return trustCertSelfLinks.stream() .filter(Objects::nonNull) .filter(link -> link.startsWith(SslTrustCertificateService.FACTORY_LINK)) .collect(Collectors.toSet()); }) .thenCompose(trustCertSelfLinks -> { return CertificateCleanupUtil.removeTrustCertsIfUnused(getHost(), trustCertSelfLinks, state.resourceLinks); }) .whenComplete((ignore, ex) -> { if (ex != null) { logWarning("Failed to remove unused trust certificates.", ex); } proceedTo(SubStage.REMOVED_CERTIFICATES); }); }
private DeferredResult<Void> cleanupUnusedEndpointCertificates(Endpoint removedEndpoint) { final String failedMessageFormat = "Failed to cleanup unused certificates when deleting endpoint [%s]: %s"; if (removedEndpoint == null || removedEndpoint.customProperties == null) { logWarning(failedMessageFormat, getSelfLink(), "endpoint or custom properties is null"); return DeferredResult.completed(null); } String pksUaaCertLink = removedEndpoint.customProperties .get(CertificateUtilExtended.CUSTOM_PROPERTY_PKS_UAA_TRUST_CERT_LINK); String pksApiCertLink = removedEndpoint.customProperties .get(CertificateUtilExtended.CUSTOM_PROPERTY_PKS_API_TRUST_CERT_LINK); if (StringUtils.isEmpty(pksUaaCertLink) && StringUtils.isEmpty(pksApiCertLink)) { logWarning(failedMessageFormat, getSelfLink(), "certificate links are not set"); return DeferredResult.completed(null); } return CertificateCleanupUtil.removeTrustCertsIfUnused(getHost(), Arrays.asList(pksUaaCertLink, pksApiCertLink), Collections.singleton(getSelfLink())) .exceptionally(ex -> { logWarning(failedMessageFormat, getSelfLink(), Utils.toString(ex)); // stop the propagation of the error so the endpoint can be // successfully deleted return null; }); }