From cb67637012d0a6fda41f138b65d47f89c0fef459 Mon Sep 17 00:00:00 2001
From: Marcus Sorensen <mls@apple.com>
Date: Tue, 21 Mar 2023 15:16:54 -0600
Subject: [PATCH 1/2] Support Jetty's live cert reload

Signed-off-by: Marcus Sorensen <mls@apple.com>
---
 .../main/java/org/apache/cloudstack/ServerDaemon.java    | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/client/src/main/java/org/apache/cloudstack/ServerDaemon.java b/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
index 08f856655dc1..380a0a973b36 100644
--- a/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
+++ b/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
@@ -45,6 +45,7 @@
 import org.eclipse.jetty.server.handler.RequestLogHandler;
 import org.eclipse.jetty.server.handler.gzip.GzipHandler;
 import org.eclipse.jetty.server.session.SessionHandler;
+import org.eclipse.jetty.util.ssl.KeyStoreScanner;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
 import org.eclipse.jetty.util.thread.QueuedThreadPool;
 import org.eclipse.jetty.util.thread.ScheduledExecutorScheduler;
@@ -241,6 +242,14 @@ private void createHttpsConnector(final HttpConfiguration httpConfig) {
             sslConnector.setPort(httpsPort);
             sslConnector.setHost(bindInterface);
             server.addConnector(sslConnector);
+
+            // add scanner to auto-reload certs
+            try {
+                KeyStoreScanner scanner = new KeyStoreScanner(sslContextFactory);
+                server.addBean(scanner);
+            } catch (Throwable ex) {
+                LOG.error("failed to set up keystore scanner, manual refresh of certificates will be required", ex);
+            }
         }
     }
 

From cc00c6a26fe42f7c6ca6d05530b520e523f88073 Mon Sep 17 00:00:00 2001
From: Marcus Sorensen <marcus_sorensen@apple.com>
Date: Wed, 22 Mar 2023 11:50:23 -0600
Subject: [PATCH 2/2] Update ServerDaemon.java

---
 client/src/main/java/org/apache/cloudstack/ServerDaemon.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/src/main/java/org/apache/cloudstack/ServerDaemon.java b/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
index 380a0a973b36..63cdc45b8dc4 100644
--- a/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
+++ b/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
@@ -247,7 +247,7 @@ private void createHttpsConnector(final HttpConfiguration httpConfig) {
             try {
                 KeyStoreScanner scanner = new KeyStoreScanner(sslContextFactory);
                 server.addBean(scanner);
-            } catch (Throwable ex) {
+            } catch (Exception ex) {
                 LOG.error("failed to set up keystore scanner, manual refresh of certificates will be required", ex);
             }
         }