fix: allow to set key password separately (#2684)

Signed-off-by: achmelo <[email protected]> Signed-off-by: achmelo <[email protected]>
zowe · Nov 25, 2022 · 4e3d3c7 · 4e3d3c7
1 parent cc8b258
commit 4e3d3c7
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 58 deletions.
diff --git a/api-catalog-package/src/main/resources/bin/start.sh b/api-catalog-package/src/main/resources/bin/start.sh
@@ -119,17 +119,10 @@ LIBPATH="$LIBPATH":"${LIBRARY_PATH}"
 
 keystore_type="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}"
 keystore_pass="${ZWE_configs_certificate_keystore_password:-${ZWE_zowe_certificate_keystore_password}}"
+key_pass="${ZWE_configs_certificate_key_password:-${ZWE_zowe_certificate_key_password:-${keystore_pass}}}"
 truststore_type="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}"
 truststore_pass="${ZWE_configs_certificate_truststore_password:-${ZWE_zowe_certificate_truststore_password}}"
 
-# There was an issue where java could throw an exception on keyring read if the password was blank
-# But, keyrings dont use passwords, so we just put a dummy value here.
-if [ "${keystore_type}" = "JCERACFKS" ]; then
-  keystore_pass="dummy"
-fi
-if [ "${truststore_type}" = "JCERACFKS" ]; then
-  truststore_pass="dummy"
-fi
 
 # Workaround for Java desiring safkeyring://// instead of just ://
 # We can handle both cases of user input by just adding extra "//" if we detect its missing.
@@ -177,7 +170,7 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${CATALOG_CODE} java \
     -Dserver.ssl.keyStoreType="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}" \
     -Dserver.ssl.keyStorePassword="${keystore_pass}" \
     -Dserver.ssl.keyAlias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}" \
-    -Dserver.ssl.keyPassword="${keystore_pass}" \
+    -Dserver.ssl.keyPassword="${key_pass}" \
     -Dserver.ssl.trustStore="${truststore_location}" \
     -Dserver.ssl.trustStoreType="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}" \
     -Dserver.ssl.trustStorePassword="${truststore_pass}" \

diff --git a/caching-service-package/src/main/resources/bin/start.sh b/caching-service-package/src/main/resources/bin/start.sh
@@ -113,17 +113,10 @@ LIBPATH="$LIBPATH":"${LIBRARY_PATH}"
 
 keystore_type="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}"
 keystore_pass="${ZWE_configs_certificate_keystore_password:-${ZWE_zowe_certificate_keystore_password}}"
+key_pass="${ZWE_configs_certificate_key_password:-${ZWE_zowe_certificate_key_password:-${keystore_pass}}}"
 truststore_type="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}"
 truststore_pass="${ZWE_configs_certificate_truststore_password:-${ZWE_zowe_certificate_truststore_password}}"
 
-# There was an issue where java could throw an exception on keyring read if the password was blank
-# But, keyrings dont use passwords, so we just put a dummy value here.
-if [ "${keystore_type}" = "JCERACFKS" ]; then
-  keystore_pass="dummy"
-fi
-if [ "${truststore_type}" = "JCERACFKS" ]; then
-  truststore_pass="dummy"
-fi
 
 # Workaround for Java desiring safkeyring://// instead of just ://
 # We can handle both cases of user input by just adding extra "//" if we detect its missing.
@@ -174,7 +167,7 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${CACHING_CODE} java -Xms16m -Xmx512m \
   -Dserver.ssl.keyStoreType="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}" \
   -Dserver.ssl.keyStorePassword="${keystore_pass}" \
   -Dserver.ssl.keyAlias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}" \
-  -Dserver.ssl.keyPassword="${keystore_pass}" \
+  -Dserver.ssl.keyPassword="${key_pass}" \
   -Dserver.ssl.trustStore="${truststore_location}" \
   -Dserver.ssl.trustStoreType="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}" \
   -Dserver.ssl.trustStorePassword="${truststore_pass}" \

diff --git a/cloud-gateway-package/src/main/resources/bin/start.sh b/cloud-gateway-package/src/main/resources/bin/start.sh
@@ -75,18 +75,10 @@ LIBPATH="$LIBPATH":"${LIBRARY_PATH}"
 
 keystore_type="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}"
 keystore_pass="${ZWE_configs_certificate_keystore_password:-${ZWE_zowe_certificate_keystore_password}}"
+key_pass="${ZWE_configs_certificate_key_password:-${ZWE_zowe_certificate_key_password:-${keystore_pass}}}"
 truststore_type="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}"
 truststore_pass="${ZWE_configs_certificate_truststore_password:-${ZWE_zowe_certificate_truststore_password}}"
 
-# There was an issue where java could throw an exception on keyring read if the password was blank
-# But, keyrings dont use passwords, so we just put a dummy value here.
-if [ "${keystore_type}" = "JCERACFKS" ]; then
-  keystore_pass="dummy"
-fi
-if [ "${truststore_type}" = "JCERACFKS" ]; then
-  truststore_pass="dummy"
-fi
-
 # Workaround for Java desiring safkeyring://// instead of just ://
 # We can handle both cases of user input by just adding extra "//" if we detect its missing.
 ensure_keyring_slashes() {
@@ -125,7 +117,7 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${CLOUD_GATEWAY_CODE} java \
     -Dserver.ssl.keyStoreType="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}" \
     -Dserver.ssl.keyStorePassword="${keystore_pass}" \
     -Dserver.ssl.keyAlias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}" \
-    -Dserver.ssl.keyPassword="${keystore_pass}" \
+    -Dserver.ssl.keyPassword="${key_pass}" \
     -Dserver.ssl.trustStore="${truststore_location}" \
     -Dserver.ssl.trustStoreType="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}" \
     -Dserver.ssl.trustStorePassword="${truststore_pass}" \

diff --git a/discovery-package/src/main/resources/bin/start.sh b/discovery-package/src/main/resources/bin/start.sh
@@ -121,18 +121,10 @@ LIBPATH="$LIBPATH":"${LIBRARY_PATH}"
 
 keystore_type="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}"
 keystore_pass="${ZWE_configs_certificate_keystore_password:-${ZWE_zowe_certificate_keystore_password}}"
+key_pass="${ZWE_configs_certificate_key_password:-${ZWE_zowe_certificate_key_password:-${keystore_pass}}}"
 truststore_type="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}"
 truststore_pass="${ZWE_configs_certificate_truststore_password:-${ZWE_zowe_certificate_truststore_password}}"
 
-# There was an issue where java could throw an exception on keyring read if the password was blank
-# But, keyrings dont use passwords, so we just put a dummy value here.
-if [ "${keystore_type}" = "JCERACFKS" ]; then
-  keystore_pass="dummy"
-fi
-if [ "${truststore_type}" = "JCERACFKS" ]; then
-  truststore_pass="dummy"
-fi
-
 # Workaround for Java desiring safkeyring://// instead of just ://
 # We can handle both cases of user input by just adding extra "//" if we detect its missing.
 ensure_keyring_slashes() {
@@ -176,7 +168,7 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${DISCOVERY_CODE} java -Xms32m -Xmx256m ${QUI
     -Dserver.ssl.keyStoreType="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}" \
     -Dserver.ssl.keyStorePassword="${keystore_pass}" \
     -Dserver.ssl.keyAlias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}" \
-    -Dserver.ssl.keyPassword="${keystore_pass}" \
+    -Dserver.ssl.keyPassword="${key_pass}" \
     -Dserver.ssl.trustStore="${truststore_location}" \
     -Dserver.ssl.trustStoreType="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}" \
     -Dserver.ssl.trustStorePassword="${truststore_pass}" \

diff --git a/gateway-package/src/main/resources/bin/start.sh b/gateway-package/src/main/resources/bin/start.sh
@@ -161,18 +161,10 @@ fi
 
 keystore_type="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}"
 keystore_pass="${ZWE_configs_certificate_keystore_password:-${ZWE_zowe_certificate_keystore_password}}"
+key_pass="${ZWE_configs_certificate_key_password:-${ZWE_zowe_certificate_key_password:-${keystore_pass}}}"
 truststore_type="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}"
 truststore_pass="${ZWE_configs_certificate_truststore_password:-${ZWE_zowe_certificate_truststore_password}}"
 
-# There was an issue where java could throw an exception on keyring read if the password was blank
-# But, keyrings dont use passwords, so we just put a dummy value here.
-if [ "${keystore_type}" = "JCERACFKS" ]; then
-  keystore_pass="dummy"
-fi
-if [ "${truststore_type}" = "JCERACFKS" ]; then
-  truststore_pass="dummy"
-fi
-
 # Workaround for Java desiring safkeyring://// instead of just ://
 # We can handle both cases of user input by just adding extra "//" if we detect its missing.
 ensure_keyring_slashes() {
@@ -228,7 +220,7 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${GATEWAY_CODE} java \
     -Dserver.ssl.keyStoreType="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}" \
     -Dserver.ssl.keyStorePassword="${keystore_pass}" \
     -Dserver.ssl.keyAlias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}" \
-    -Dserver.ssl.keyPassword="${keystore_pass}" \
+    -Dserver.ssl.keyPassword="${key_pass}" \
     -Dserver.ssl.trustStore="${truststore_location}" \
     -Dserver.ssl.trustStoreType="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}" \
     -Dserver.ssl.trustStorePassword="${truststore_pass}" \

diff --git a/metrics-service-package/src/main/resources/bin/start.sh b/metrics-service-package/src/main/resources/bin/start.sh
@@ -87,18 +87,10 @@ LIBPATH="$LIBPATH":"${LIBRARY_PATH}"
 
 keystore_type="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}"
 keystore_pass="${ZWE_configs_certificate_keystore_password:-${ZWE_zowe_certificate_keystore_password}}"
+key_pass="${ZWE_configs_certificate_key_password:-${ZWE_zowe_certificate_key_password:-${keystore_pass}}}"
 truststore_type="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}"
 truststore_pass="${ZWE_configs_certificate_truststore_password:-${ZWE_zowe_certificate_truststore_password}}"
 
-# There was an issue where java could throw an exception on keyring read if the password was blank
-# But, keyrings dont use passwords, so we just put a dummy value here.
-if [ "${keystore_type}" = "JCERACFKS" ]; then
-  keystore_pass="dummy"
-fi
-if [ "${truststore_type}" = "JCERACFKS" ]; then
-  truststore_pass="dummy"
-fi
-
 # Workaround for Java desiring safkeyring://// instead of just ://
 # We can handle both cases of user input by just adding extra "//" if we detect its missing.
 ensure_keyring_slashes() {
@@ -134,7 +126,7 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${METRICS_CODE} java -Xms16m -Xmx512m \
   -Dserver.ssl.keyStoreType="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}" \
   -Dserver.ssl.keyStorePassword="${keystore_pass}" \
   -Dserver.ssl.keyAlias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}" \
-  -Dserver.ssl.keyPassword="${keystore_pass}" \
+  -Dserver.ssl.keyPassword="${key_pass}" \
   -Dserver.ssl.trustStore="${truststore_location}" \
   -Dserver.ssl.trustStoreType="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}" \
   -Dserver.ssl.trustStorePassword="${truststore_pass}" \