fix: for allowing user to type keyring with either 4 or 2 slashes (#2626

) * fix for allowing user to type keyring paths using either 4 or 2 slashes instead of just 4 Signed-off-by: 1000TurquoisePogs <[email protected]> * fix to remove unused second arg on new function Signed-off-by: 1000TurquoisePogs <[email protected]> Signed-off-by: 1000TurquoisePogs <[email protected]>
zowe · Oct 19, 2022 · db33c4c · db33c4c
1 parent 5eb8ae6
commit db33c4c
Show file tree

Hide file tree

Showing 6 changed files with 95 additions and 12 deletions.
diff --git a/api-catalog-package/src/main/resources/bin/start.sh b/api-catalog-package/src/main/resources/bin/start.sh
@@ -131,6 +131,20 @@ if [ "${truststore_type}" = "JCERACFKS" ]; then
   truststore_pass="dummy"
 fi
 
+# Workaround for Java desiring safkeyring://// instead of just ://
+# We can handle both cases of user input by just adding extra "//" if we detect its missing.
+ensure_keyring_slashes() {
+  keyring_string="${1}"
+  only_two_slashes=$(echo "${keyring_string}" | grep "^safkeyring://[^//]")
+  if [ -n "${only_two_slashes}" ]; then
+    keyring_string=$(echo "${keyring_string}" | sed "s#safkeyring://#safkeyring:////#")
+  fi
+  # else, unmodified, perhaps its even p12
+  echo $keyring_string
+}
+
+keystore_location=$(ensure_keyring_slashes "${ZWE_configs_certificate_keystore_file:-${ZWE_zowe_certificate_keystore_file}}")
+truststore_location=$(ensure_keyring_slashes "${ZWE_configs_certificate_truststore_file:-${ZWE_zowe_certificate_truststore_file}}")
 
 # NOTE: these are moved from below
 #    -Dapiml.service.ipAddress=${ZOWE_IP_ADDRESS:-127.0.0.1} \
@@ -159,12 +173,12 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${CATALOG_CODE} java \
     -Dspring.profiles.include=$LOG_LEVEL \
     -Dserver.address=0.0.0.0 \
     -Dserver.ssl.enabled=${ZWE_components_gateway_server_ssl_enabled:-true}  \
-    -Dserver.ssl.keyStore="${ZWE_configs_certificate_keystore_file:-${ZWE_zowe_certificate_keystore_file}}" \
+    -Dserver.ssl.keyStore="${keystore_location}" \
     -Dserver.ssl.keyStoreType="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}" \
     -Dserver.ssl.keyStorePassword="${keystore_pass}" \
     -Dserver.ssl.keyAlias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}" \
     -Dserver.ssl.keyPassword="${keystore_pass}" \
-    -Dserver.ssl.trustStore="${ZWE_configs_certificate_truststore_file:-${ZWE_zowe_certificate_truststore_file}}" \
+    -Dserver.ssl.trustStore="${truststore_location}" \
     -Dserver.ssl.trustStoreType="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}" \
     -Dserver.ssl.trustStorePassword="${truststore_pass}" \
     -Djava.protocol.handler.pkgs=com.ibm.crypto.provider \

diff --git a/caching-service-package/src/main/resources/bin/start.sh b/caching-service-package/src/main/resources/bin/start.sh
@@ -125,6 +125,20 @@ if [ "${truststore_type}" = "JCERACFKS" ]; then
   truststore_pass="dummy"
 fi
 
+# Workaround for Java desiring safkeyring://// instead of just ://
+# We can handle both cases of user input by just adding extra "//" if we detect its missing.
+ensure_keyring_slashes() {
+  keyring_string="${1}"
+  only_two_slashes=$(echo "${keyring_string}" | grep "^safkeyring://[^//]")
+  if [ -n "${only_two_slashes}" ]; then
+    keyring_string=$(echo "${keyring_string}" | sed "s#safkeyring://#safkeyring:////#")
+  fi
+  # else, unmodified, perhaps its even p12
+  echo $keyring_string
+}
+
+keystore_location=$(ensure_keyring_slashes "${ZWE_configs_certificate_keystore_file:-${ZWE_zowe_certificate_keystore_file}}")
+truststore_location=$(ensure_keyring_slashes "${ZWE_configs_certificate_truststore_file:-${ZWE_zowe_certificate_truststore_file}}")
 
 # NOTE: these are moved from below
 #   -Dapiml.service.ipAddress=${ZOWE_IP_ADDRESS:-127.0.0.1} \
@@ -156,12 +170,12 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${CACHING_CODE} java -Xms16m -Xmx512m \
   -Dcaching.storage.infinispan.initialHosts=${ZWE_configs_storage_infinispan_initialHosts:-localhost[7098]} \
   -Dserver.address=0.0.0.0 \
   -Dserver.ssl.enabled=${ZWE_components_gateway_server_ssl_enabled:-true}  \
-  -Dserver.ssl.keyStore="${ZWE_configs_certificate_keystore_file:-${ZWE_zowe_certificate_keystore_file}}" \
+  -Dserver.ssl.keyStore="${keystore_location}" \
   -Dserver.ssl.keyStoreType="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}" \
   -Dserver.ssl.keyStorePassword="${keystore_pass}" \
   -Dserver.ssl.keyAlias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}" \
   -Dserver.ssl.keyPassword="${keystore_pass}" \
-  -Dserver.ssl.trustStore="${ZWE_configs_certificate_truststore_file:-${ZWE_zowe_certificate_truststore_file}}" \
+  -Dserver.ssl.trustStore="${truststore_location}" \
   -Dserver.ssl.trustStoreType="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}" \
   -Dserver.ssl.trustStorePassword="${truststore_pass}" \
   -Djava.protocol.handler.pkgs=com.ibm.crypto.provider \

diff --git a/cloud-gateway-package/src/main/resources/bin/start.sh b/cloud-gateway-package/src/main/resources/bin/start.sh
@@ -87,6 +87,21 @@ if [ "${truststore_type}" = "JCERACFKS" ]; then
   truststore_pass="dummy"
 fi
 
+# Workaround for Java desiring safkeyring://// instead of just ://
+# We can handle both cases of user input by just adding extra "//" if we detect its missing.
+ensure_keyring_slashes() {
+  keyring_string="${1}"
+  only_two_slashes=$(echo "${keyring_string}" | grep "^safkeyring://[^//]")
+  if [ -n "${only_two_slashes}" ]; then
+    keyring_string=$(echo "${keyring_string}" | sed "s#safkeyring://#safkeyring:////#")
+  fi
+  # else, unmodified, perhaps its even p12
+  echo $keyring_string
+}
+
+keystore_location=$(ensure_keyring_slashes "${ZWE_configs_certificate_keystore_file:-${ZWE_zowe_certificate_keystore_file}}")
+truststore_location=$(ensure_keyring_slashes "${ZWE_configs_certificate_truststore_file:-${ZWE_zowe_certificate_truststore_file}}")
+
 
 CLOUD_GATEWAY_CODE=CG
 _BPX_JOBNAME=${ZWE_zowe_job_prefix}${CLOUD_GATEWAY_CODE} java \
@@ -106,12 +121,12 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${CLOUD_GATEWAY_CODE} java \
     -Dserver.ssl.enabled=${ZWE_configs_server_ssl_enabled:-true} \
     -Dserver.maxConnectionsPerRoute=${ZWE_configs_server_maxConnectionsPerRoute:-100} \
     -Dserver.maxTotalConnections=${ZWE_configs_server_maxTotalConnections:-1000} \
-    -Dserver.ssl.keyStore="${ZWE_configs_certificate_keystore_file:-${ZWE_zowe_certificate_keystore_file}}" \
+    -Dserver.ssl.keyStore="${keystore_location}" \
     -Dserver.ssl.keyStoreType="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}" \
     -Dserver.ssl.keyStorePassword="${keystore_pass}" \
     -Dserver.ssl.keyAlias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}" \
     -Dserver.ssl.keyPassword="${keystore_pass}" \
-    -Dserver.ssl.trustStore="${ZWE_configs_certificate_truststore_file:-${ZWE_zowe_certificate_truststore_file}}" \
+    -Dserver.ssl.trustStore="${truststore_location}" \
     -Dserver.ssl.trustStoreType="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}" \
     -Dserver.ssl.trustStorePassword="${truststore_pass}" \
     -Djava.protocol.handler.pkgs=com.ibm.crypto.provider \

diff --git a/discovery-package/src/main/resources/bin/start.sh b/discovery-package/src/main/resources/bin/start.sh
@@ -133,6 +133,21 @@ if [ "${truststore_type}" = "JCERACFKS" ]; then
   truststore_pass="dummy"
 fi
 
+# Workaround for Java desiring safkeyring://// instead of just ://
+# We can handle both cases of user input by just adding extra "//" if we detect its missing.
+ensure_keyring_slashes() {
+  keyring_string="${1}"
+  only_two_slashes=$(echo "${keyring_string}" | grep "^safkeyring://[^//]")
+  if [ -n "${only_two_slashes}" ]; then
+    keyring_string=$(echo "${keyring_string}" | sed "s#safkeyring://#safkeyring:////#")
+  fi
+  # else, unmodified, perhaps its even p12
+  echo $keyring_string
+}
+
+keystore_location=$(ensure_keyring_slashes "${ZWE_configs_certificate_keystore_file:-${ZWE_zowe_certificate_keystore_file}}")
+truststore_location=$(ensure_keyring_slashes "${ZWE_configs_certificate_truststore_file:-${ZWE_zowe_certificate_truststore_file}}")
+#echo "keystore='$keystore_location' truststore='$truststore_location'"
 
 # NOTE: these are moved from below
 # -Dapiml.service.ipAddress=${ZOWE_IP_ADDRESS:-127.0.0.1} \
@@ -157,12 +172,12 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${DISCOVERY_CODE} java -Xms32m -Xmx256m ${QUI
     -Dapiml.security.ssl.verifySslCertificatesOfServices=${verifySslCertificatesOfServices:-false} \
     -Dapiml.security.ssl.nonStrictVerifySslCertificatesOfServices=${nonStrictVerifySslCertificatesOfServices:-false} \
     -Dserver.ssl.enabled=${ZWE_components_gateway_server_ssl_enabled:-true} \
-    -Dserver.ssl.keyStore="${ZWE_configs_certificate_keystore_file:-${ZWE_zowe_certificate_keystore_file}}" \
+    -Dserver.ssl.keyStore="${keystore_location}" \
     -Dserver.ssl.keyStoreType="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}" \
     -Dserver.ssl.keyStorePassword="${keystore_pass}" \
     -Dserver.ssl.keyAlias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}" \
     -Dserver.ssl.keyPassword="${keystore_pass}" \
-    -Dserver.ssl.trustStore="${ZWE_configs_certificate_truststore_file:-${ZWE_zowe_certificate_truststore_file}}" \
+    -Dserver.ssl.trustStore="${truststore_location}" \
     -Dserver.ssl.trustStoreType="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}" \
     -Dserver.ssl.trustStorePassword="${truststore_pass}" \
     -Djava.protocol.handler.pkgs=com.ibm.crypto.provider \

diff --git a/gateway-package/src/main/resources/bin/start.sh b/gateway-package/src/main/resources/bin/start.sh
@@ -173,6 +173,20 @@ if [ "${truststore_type}" = "JCERACFKS" ]; then
   truststore_pass="dummy"
 fi
 
+# Workaround for Java desiring safkeyring://// instead of just ://
+# We can handle both cases of user input by just adding extra "//" if we detect its missing.
+ensure_keyring_slashes() {
+  keyring_string="${1}"
+  only_two_slashes=$(echo "${keyring_string}" | grep "^safkeyring://[^//]")
+  if [ -n "${only_two_slashes}" ]; then
+    keyring_string=$(echo "${keyring_string}" | sed "s#safkeyring://#safkeyring:////#")
+  fi
+  # else, unmodified, perhaps its even p12
+  echo $keyring_string
+}
+
+keystore_location=$(ensure_keyring_slashes "${ZWE_configs_certificate_keystore_file:-${ZWE_zowe_certificate_keystore_file}}")
+truststore_location=$(ensure_keyring_slashes "${ZWE_configs_certificate_truststore_file:-${ZWE_zowe_certificate_truststore_file}}")
 
 # NOTE: these are moved from below
 #    -Dapiml.service.preferIpAddress=${APIML_PREFER_IP_ADDRESS:-false} \
@@ -208,12 +222,12 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${GATEWAY_CODE} java \
     -Dserver.maxConnectionsPerRoute=${ZWE_configs_server_maxConnectionsPerRoute:-100} \
     -Dserver.maxTotalConnections=${ZWE_configs_server_maxTotalConnections:-1000} \
     -Dserver.ssl.enabled=${ZWE_configs_server_ssl_enabled:-true} \
-    -Dserver.ssl.keyStore="${ZWE_configs_certificate_keystore_file:-${ZWE_zowe_certificate_keystore_file}}" \
+    -Dserver.ssl.keyStore="${keystore_location}" \
     -Dserver.ssl.keyStoreType="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}" \
     -Dserver.ssl.keyStorePassword="${keystore_pass}" \
     -Dserver.ssl.keyAlias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}" \
     -Dserver.ssl.keyPassword="${keystore_pass}" \
-    -Dserver.ssl.trustStore="${ZWE_configs_certificate_truststore_file:-${ZWE_zowe_certificate_truststore_file}}" \
+    -Dserver.ssl.trustStore="${truststore_location}" \
     -Dserver.ssl.trustStoreType="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}" \
     -Dserver.ssl.trustStorePassword="${truststore_pass}" \
     -Dserver.internal.enabled=${ZWE_configs_server_internal_enabled:-false} \

diff --git a/metrics-service-package/src/main/resources/bin/start.sh b/metrics-service-package/src/main/resources/bin/start.sh
@@ -99,6 +99,17 @@ if [ "${truststore_type}" = "JCERACFKS" ]; then
   truststore_pass="dummy"
 fi
 
+# Workaround for Java desiring safkeyring://// instead of just ://
+# We can handle both cases of user input by just adding extra "//" if we detect its missing.
+ensure_keyring_slashes() {
+  keyring_string="${1}"
+  only_two_slashes=$(echo "${keyring_string}" | grep "^safkeyring://[^//]")
+  if [ -n "${only_two_slashes}" ]; then
+    keyring_string=$(echo "${keyring_string}" | sed "s#safkeyring://#safkeyring:////#")
+  fi
+  # else, unmodified, perhaps its even p12
+  echo $keyring_string
+}
 
 # NOTE: these are moved from below
 # -Dapiml.service.ipAddress=${ZOWE_IP_ADDRESS:-127.0.0.1} \
@@ -119,12 +130,12 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${METRICS_CODE} java -Xms16m -Xmx512m \
   -Dapiml.service.ssl.nonStrictVerifySslCertificatesOfServices=${nonStrictVerifySslCertificatesOfServices:-false} \
   -Dserver.address=0.0.0.0 \
   -Dserver.ssl.enabled=${ZWE_components_gateway_server_ssl_enabled:-true} \
-  -Dserver.ssl.keyStore="${ZWE_configs_certificate_keystore_file:-${ZWE_zowe_certificate_keystore_file}}" \
+  -Dserver.ssl.keyStore="${keystore_location}" \
   -Dserver.ssl.keyStoreType="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}" \
   -Dserver.ssl.keyStorePassword="${keystore_pass}" \
   -Dserver.ssl.keyAlias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}" \
   -Dserver.ssl.keyPassword="${keystore_pass}" \
-  -Dserver.ssl.trustStore="${ZWE_configs_certificate_truststore_file:-${ZWE_zowe_certificate_truststore_file}}" \
+  -Dserver.ssl.trustStore="${truststore_location}" \
   -Dserver.ssl.trustStoreType="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}" \
   -Dserver.ssl.trustStorePassword="${truststore_pass}" \
   -Djava.protocol.handler.pkgs=com.ibm.crypto.provider \