update based on review comments

Author: lennyphan

operator/src/main/java/oracle/kubernetes/operator/helpers/PodHelper.java

@@ -132,7 +132,7 @@ protected Map<String, String> getPodAnnotations() {
     }
 
     private String getInternalOperatorCertFile(TuningParameters tuningParameters) {
-      return RestServer.getInstance().getInternalCertificate();
+      return RestServer.getInstance().getInternalCertificateAsBase64PEM();
     }
   }
 

operator/src/main/java/oracle/kubernetes/operator/rest/RestServer.java

@@ -19,6 +19,7 @@
 import javax.net.ssl.SSLContext;
 import oracle.kubernetes.operator.logging.LoggingFacade;
 import oracle.kubernetes.operator.logging.LoggingFactory;
+import oracle.kubernetes.operator.logging.MessageKeys;
 import oracle.kubernetes.operator.work.Container;
 import oracle.kubernetes.operator.work.ContainerResolver;
 import org.apache.commons.codec.binary.Base64;
@@ -66,18 +67,27 @@ public class RestServer {
   }; // ONLY support TLSv1.2 (by default, we would get TLSv1 and TLSv1.1 too)
 
   public static synchronized void create(RestConfig restConfig) {
-    if (INSTANCE == null) {
-      INSTANCE = new RestServer(restConfig);
+    LOGGER.entering();
+    try {
+      if (INSTANCE == null) {
+        INSTANCE = new RestServer(restConfig);
+        return;
+      }
+
+      throw new IllegalStateException();
+    } finally {
+      LOGGER.exiting();
     }
-    // throw new IllegalStateException();
   }
 
   public static synchronized RestServer getInstance() {
     return INSTANCE;
   }
 
   public static void destroy() {
+    LOGGER.entering();
     INSTANCE = null;
+    LOGGER.exiting();
   }
 
   /**
@@ -185,16 +195,27 @@ public void stop() {
     LOGGER.exiting();
   }
 
-  public String getInternalCertificate() {
+  /**
+   * Gets the internal https port's certificate as a base64 encoded PEM.
+   *
+   * @return base64 encoded PEM containing the certificate, or null if unable to read the
+   *     certificate data.
+   */
+  public String getInternalCertificateAsBase64PEM() {
+    LOGGER.entering();
+    String internalCert = null;
     try {
-      return readCertFromDataOrFile(
-          this.config.getOperatorInternalCertificateData(),
-          this.config.getOperatorInternalCertificateFile());
+      internalCert =
+          Base64.encodeBase64String(
+              readFromDataOrFile(
+                  this.config.getOperatorInternalCertificateData(),
+                  this.config.getOperatorInternalCertificateFile()));
     } catch (IOException e) {
-      LOGGER.warning("Unable to read internal certificate data", e);
+      LOGGER.warning(MessageKeys.EXCEPTION, e);
     }
 
-    return null;
+    LOGGER.exiting(internalCert);
+    return internalCert;
   }
 
   private HttpServer createExternalHttpsServer(Container container) throws Exception {
@@ -350,13 +371,6 @@ private KeyManager[] createKeyManagers(
     return result;
   }
 
-  private static String readCertFromDataOrFile(String data, String file) throws IOException {
-    if (data != null && data.length() > 0) {
-      return data;
-    }
-    return new String(Files.readAllBytes(new File(file).toPath()));
-  }
-
   private static byte[] readFromDataOrFile(String data, String file) throws IOException {
     if (data != null && data.length() > 0) {
       return Base64.decodeBase64(data);

operator/src/test/java/oracle/kubernetes/operator/helpers/AdminPodHelperTest.java

@@ -42,9 +42,7 @@
 
 @SuppressWarnings("SameParameterValue")
 public class AdminPodHelperTest extends PodHelperTestBase {
-  static final String INTERNAL_OPERATOR_CERT_FILE_PARAM = "internalOperatorCert";
   private static final String INTERNAL_OPERATOR_CERT_ENV_NAME = "INTERNAL_OPERATOR_CERT";
-  private static final String CERTFILE = "certfile";
 
   public AdminPodHelperTest() {
     super(ADMIN_SERVER, ADMIN_PORT);
@@ -210,7 +208,6 @@ public void whenAdminPodCreated_containerHasStartServerCommand() {
 
   @Test
   public void whenAdminPodCreated_hasOperatorCertEnvVariable() {
-    // putTuningParameter(INTERNAL_OPERATOR_CERT_FILE_PARAM, CERTFILE);
     assertThat(
         getCreatedPodSpecContainer().getEnv(),
         hasEnvVar(INTERNAL_OPERATOR_CERT_ENV_NAME, RestTest.OP_CERT_DATA));

operator/src/test/java/oracle/kubernetes/operator/rest/RestTest.java

@@ -286,6 +286,12 @@ public void testMissingAccessToken() {
     verifyNotAuthenticated(r);
   }
 
+  @Test
+  public void testGetInternalCertificateAsBase64PEM() {
+    String internalCertData = RestServer.getInstance().getInternalCertificateAsBase64PEM();
+    assertEquals(internalCertData, RestTest.OP_CERT_DATA);
+  }
+
   private VersionModel createLatestVersion() {
     return new VersionModel(V1, true, "active");
   }