From 4f7ca60a5fb3a71861c08a7c3beb24cbd3a7e645 Mon Sep 17 00:00:00 2001
From: Martin Perina <mperina@redhat.com>
Date: Fri, 19 Aug 2022 11:38:33 +0200
Subject: [PATCH] Fix checking ovirt-provider-ovn certificate validity

There was added an ovirt-provider-ovn certificate validity check as
a part of https://github.com/oVirt/ovirt-engine/pull/576 but
unfortunately the path to certificate file was wrong and as this
certificate is optional (it doesn't exists on setup with OVN integration
disable), the certificate validity checker didn't raise any error even
for setups with OVN integration enabled and ovirt-provider-ovn
certificate going to expire soon.

Bug-Url: https://bugzilla.redhat.com/2097560
Signed-off-by: Martin Perina <mperina@redhat.com>
---
 .../org/ovirt/engine/core/bll/CertificationValidityChecker.java | 1 +
 .../java/org/ovirt/engine/core/utils/EngineLocalConfig.java     | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CertificationValidityChecker.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CertificationValidityChecker.java
index cc9feda9d35..f82ca9dfa82 100644
--- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CertificationValidityChecker.java
+++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CertificationValidityChecker.java
@@ -125,6 +125,7 @@ private boolean checkOptionalCertificate(File certFile,
             AuditLogType alertExpirationEventType,
             AuditLogType alertAboutToExpireEventType,
             AuditLogType warnAboutToExpireEventType) {
+        log.debug("Checking optional certificate '{}'.", certFile.getAbsolutePath());
         if (certFile == null || !certFile.exists()) {
             // certificate file doesn't exist, which may be OK, as the service using the certificate is optional
             return true;
diff --git a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/EngineLocalConfig.java b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/EngineLocalConfig.java
index 3629215cfac..84c44419f58 100644
--- a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/EngineLocalConfig.java
+++ b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/EngineLocalConfig.java
@@ -213,7 +213,7 @@ public File getPKIEngineCert() {
     }
 
     public File getPKIOvirtProviderOVNCert() {
-        return Paths.get(getProperty("ENGINE_PKI"), "ovirt-provider-ovn.cer").toFile();
+        return Paths.get(getProperty("ENGINE_PKI"), "certs", "ovirt-provider-ovn.cer").toFile();
     }
 
     public String getPKITrustStoreType() {