Skip to content

Commit 418c07f

Browse files
idlewisidlewis
authored
Merge pull request #632 from OpenLiberty/vNext-keystore-beta
Beta: Add keystore.xml to overrides, not defaults, when keystore is generated by Liberty container startup process
2 parents 352b5f8 + 69326ab commit 418c07f

File tree

1 file changed

+8
-5
lines changed

1 file changed

+8
-5
lines changed

releases/latest/kernel-slim/helpers/runtime/docker-server.sh

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,8 @@ function importKeyCert() {
2323

2424
# Import the private key and certificate into new keystore
2525
if [ -f "${CERT_FOLDER}/${KEY_FILE}" ] && [ -f "${CERT_FOLDER}/${CRT_FILE}" ]; then
26+
# Mounted certificates found. Assume the user wants to overwrite any existing keystore
27+
# and add these certificates
2628
echo "Found mounted TLS certificates, generating keystore"
2729
setPasswords PASSWORD TRUSTSTORE_PASSWORD
2830
mkdir -p /output/resources/security
@@ -44,7 +46,7 @@ function importKeyCert() {
4446
fi
4547

4648
# Since we are creating new keystore, always write new password to a file
47-
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $SNIPPETS_TARGET_DEFAULTS/keystore.xml
49+
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $keystorePathOverride
4850

4951
# Add mounted CA to the truststore
5052
if [ -f "${CERT_FOLDER}/${CA_FILE}" ]; then
@@ -70,10 +72,10 @@ function importKeyCert() {
7072
rm -rf /tmp/certs
7173
fi
7274

73-
# Add the keystore password to server configuration
74-
if [ ! -e $keystorePath ]; then
75+
# If no keystore has been created, add a keystore password to server configuration
76+
if [ ! -e "$keystorePathDefault" ] && [ ! -e "$keystorePathOverride" ]; then
7577
setPasswords PASSWORD TRUSTSTORE_PASSWORD
76-
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $SNIPPETS_TARGET_DEFAULTS/keystore.xml
78+
sed "s|REPLACE|$PASSWORD|g" $SNIPPETS_SOURCE/keystore.xml > $keystorePathDefault
7779
fi
7880
if [ -e $TRUSTSTORE_FILE ]; then
7981
setPasswords PASSWORD TRUSTSTORE_PASSWORD
@@ -89,7 +91,8 @@ SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
8991
SNIPPETS_TARGET_DEFAULTS=/config/configDropins/defaults
9092
SNIPPETS_TARGET_OVERRIDES=/config/configDropins/overrides
9193

92-
keystorePath="$SNIPPETS_TARGET_DEFAULTS/keystore.xml"
94+
keystorePathDefault="$SNIPPETS_TARGET_DEFAULTS/keystore.xml"
95+
keystorePathOverride="$SNIPPETS_TARGET_OVERRIDES/keystore.xml"
9396

9497
if [ "$SSL" = "true" ] || [ "$TLS" = "true" ]; then
9598
cp $SNIPPETS_SOURCE/tls.xml $SNIPPETS_TARGET_OVERRIDES/tls.xml

0 commit comments

Comments
 (0)