Skip to content

Commit 7538089

Browse files
idlewisidlewis
authored
Merge pull request #693 from WASdev/keystore-config-override
Add keystore.xml to overrides, not defaults, when keystore is generat…
2 parents 071c2e5 + 9ce7a32 commit 7538089

File tree

1 file changed

+11
-8
lines changed

1 file changed

+11
-8
lines changed

ga/latest/kernel/helpers/runtime/docker-server.sh

Lines changed: 11 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -26,8 +26,10 @@ function importKeyCert() {
2626
local KEYSTORE_FILE="/output/resources/security/key.p12"
2727
local TRUSTSTORE_FILE="/output/resources/security/trust.p12"
2828

29-
# Import the private key and certificate into new keytore
29+
# Import the private key and certificate into new keystore
3030
if [ -f "${CERT_FOLDER}/${KEY_FILE}" ] && [ -f "${CERT_FOLDER}/${CRT_FILE}" ]; then
31+
# Mounted certificates found. Assume the user wants to overwrite any existing keystore
32+
# and add these certificates
3133
echo "Found mounted TLS certificates, generating keystore"
3234
mkdir -p /output/resources/security
3335
if [ -f "${CERT_FOLDER}/${CA_FILE}" ]; then
@@ -47,9 +49,9 @@ function importKeyCert() {
4749
-password pass:"${PASSWORD}" >&/dev/null
4850
fi
4951

50-
# Since we are creating new keystore, always write new password to a file
51-
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $SNIPPETS_TARGET_DEFAULTS/keystore.xml
52-
52+
# Since we are creating new keystore, always write new password to a file
53+
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $keystorePathOverride
54+
5355
# Add mounted CA to the truststore
5456
if [ -f "${CERT_FOLDER}/${CA_FILE}" ]; then
5557
echo "Found mounted TLS CA certificate, adding to truststore"
@@ -73,9 +75,9 @@ function importKeyCert() {
7375
rm -rf /tmp/certs
7476
fi
7577

76-
# Add the keystore password to server configuration
77-
if [ ! -e $keystorePath ]; then
78-
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $SNIPPETS_TARGET_DEFAULTS/keystore.xml
78+
# If no keystore has been created, add a keystore password to server configuration
79+
if [ ! -e "$keystorePathDefault" ] && [ ! -e "$keystorePathOverride" ]; then
80+
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $keystorePathDefault
7981
fi
8082
if [ -e $TRUSTSTORE_FILE ]; then
8183
sed "s|PWD_TRUST|$TRUSTSTORE_PASSWORD|g" $SNIPPETS_SOURCE/truststore.xml > $SNIPPETS_TARGET_OVERRIDES/truststore.xml
@@ -107,7 +109,8 @@ SNIPPETS_SOURCE=/opt/ibm/helpers/build/configuration_snippets
107109
SNIPPETS_TARGET_DEFAULTS=/config/configDropins/defaults
108110
SNIPPETS_TARGET_OVERRIDES=/config/configDropins/overrides
109111

110-
keystorePath="$SNIPPETS_TARGET_DEFAULTS/keystore.xml"
112+
keystorePathDefault="$SNIPPETS_TARGET_DEFAULTS/keystore.xml"
113+
keystorePathOverride="$SNIPPETS_TARGET_OVERRIDES/keystore.xml"
111114

112115
importKeyCert
113116

0 commit comments

Comments
 (0)