Merge pull request #205 from wttech/184-ssl-setup-race-condition

Retry on failed POST to 'SSL By Default' form endpoint

Author: piotr-andruszkiewicz-wttech

examples/docker/src/aem/default/etc/aem.yml

@@ -153,6 +153,10 @@ instance:
       # Fail on case 'installed with errors'
       strict: true
 
+  # 'SSL By Default'
+  ssl:
+    setup_timeout: 30s
+
   # OSGi Framework
   osgi:
     bundle:

pkg/cfg/defaults.go

@@ -104,6 +104,8 @@ func (c *Config) setDefaults() {
 	v.SetDefault("instance.osgi.bundle.install.start_level", 20)
 	v.SetDefault("instance.osgi.bundle.install.refresh_packages", true)
 
+	v.SetDefault("instance.ssl.setup_timeout", time.Second*30)
+
 	v.SetDefault("instance.crypto.key_bundle_symbolic_name", "com.adobe.granite.crypto.file")
 
 	v.SetDefault("instance.workflow.lib_root", "/libs/settings/workflow/launcher")

pkg/project/app_classic/aem/default/etc/aem.yml

@@ -153,6 +153,10 @@ instance:
       # Fail on case 'installed with errors'
       strict: true
 
+  # 'SSL By Default'
+  ssl:
+    setup_timeout: 30s
+
   # OSGi Framework
   osgi:
     shutdown_delay: 3s

pkg/project/app_cloud/aem/default/etc/aem.yml

@@ -152,6 +152,10 @@ instance:
       # Fail on case 'installed with errors'
       strict: true
 
+  # 'SSL By Default'
+  ssl:
+    setup_timeout: 30s
+
   # OSGi Framework
   osgi:
     shutdown_delay: 3s

pkg/project/instance/aem/default/etc/aem.yml

@@ -153,6 +153,10 @@ instance:
       # Fail on case 'installed with errors'
       strict: true
 
+  # 'SSL By Default'
+  ssl:
+    setup_timeout: 30s
+
   # OSGi Framework
   osgi:
     shutdown_delay: 3s

pkg/ssl.go

@@ -1,8 +1,10 @@
 package pkg
 
 import (
+	"context"
 	"encoding/pem"
 	"fmt"
+	"github.com/go-resty/resty/v2"
 	log "github.com/sirupsen/logrus"
 	"github.com/wttech/aemc/pkg/common/certx"
 	"github.com/wttech/aemc/pkg/common/cryptox"
@@ -12,14 +14,16 @@ import (
 	"io"
 	"os"
 	"strings"
+	"time"
 )
 
 const (
 	SSLSetupPath = "/libs/granite/security/post/sslSetup.html"
 )
 
 type SSL struct {
-	instance *Instance
+	instance     *Instance
+	setupTimeout time.Duration
 }
 
 type sslLock struct {
@@ -32,7 +36,12 @@ type sslLock struct {
 }
 
 func NewSSL(instance *Instance) *SSL {
-	return &SSL{instance: instance}
+	configValues := instance.manager.aem.config.Values()
+
+	return &SSL{
+		instance:     instance,
+		setupTimeout: configValues.GetDuration("instance.ssl.setup_timeout"),
+	}
 }
 
 func (s SSL) Setup(keyStorePassword, trustStorePassword, certificateFile, privateKeyFile, httpsHostname, httpsPort string) (bool, error) {
@@ -79,14 +88,12 @@ func (s SSL) Setup(keyStorePassword, trustStorePassword, certificateFile, privat
 		"httpsPort":                 httpsPort,
 	}
 
-	response, err := s.instance.http.
-		RequestFormData(params).
-		SetFiles(map[string]string{
-			"certificateFile": certificateFile,
-			"privatekeyFile":  privateKeyFile,
-		}).
-		SetDoNotParseResponse(true).
-		Post(SSLSetupPath)
+	files := map[string]string{
+		"certificateFile": certificateFile,
+		"privatekeyFile":  privateKeyFile,
+	}
+
+	response, err := s.sendSetupRequest(params, files)
 
 	if err != nil {
 		return false, fmt.Errorf("%s > failed to setup SSL: %w", s.instance.ID(), err)
@@ -114,6 +121,30 @@ func (s SSL) Setup(keyStorePassword, trustStorePassword, certificateFile, privat
 	return true, nil
 }
 
+func (s SSL) sendSetupRequest(params map[string]any, files map[string]string) (*resty.Response, error) {
+	pause := time.Duration(2) * time.Second
+	ctx, cancel := context.WithTimeout(context.Background(), s.setupTimeout)
+	defer cancel()
+
+	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		default:
+			response, err := s.instance.http.
+				RequestFormData(params).
+				SetFiles(files).
+				SetDoNotParseResponse(true).
+				Post(SSLSetupPath)
+			if err == nil {
+				return response, err
+			}
+			log.Warnf("%s > failed to setup SSL: %s, retrying", s.instance.ID(), err)
+			time.Sleep(pause)
+		}
+	}
+}
+
 // From HTML response body, e.g.:
 // <!DOCTYPE html>
 // <html lang='en'>