Skip to content

Commit

Permalink
fix: Do not load keystore when ATTLS is set, to allow for ICSF keys. …
Browse files Browse the repository at this point in the history 
…Keystore reading of ICSF keys is failing, but ICSF keys can be used with ATTLS. (#3612)

Signed-off-by: 1000TurquoisePogs <[email protected]>
  • Loading branch information
@1000TurquoisePogs
1000TurquoisePogs authored Jun 26, 2024
1 parent 7b8e29b commit bd4e738
Show file tree
Hide file tree
Showing 6 changed files with 78 additions and 18 deletions.
16 changes: 13 additions & 3 deletions api-catalog-package/src/main/resources/bin/start.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,7 @@ fi

keystore_type="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}"
keystore_pass="${ZWE_configs_certificate_keystore_password:-${ZWE_zowe_certificate_keystore_password}}"
key_alias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}"
key_pass="${ZWE_configs_certificate_key_password:-${ZWE_zowe_certificate_key_password:-${keystore_pass}}}"
truststore_type="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}"
truststore_pass="${ZWE_configs_certificate_truststore_password:-${ZWE_zowe_certificate_truststore_password}}"
Expand Down Expand Up @@ -187,6 +188,15 @@ if [ $JAVA_VERSION -ge 61 ]; then
fi
fi

if [ "${ATTLS_ENABLED}" = "true" ]; then
keystore_type=
keystore_pass=
key_pass=
key_alias=
keystore_location=
fi


# NOTE: these are moved from below
# -Dapiml.service.ipAddress=${ZOWE_IP_ADDRESS:-127.0.0.1} \
# -Dapiml.service.preferIpAddress=false \
Expand Down Expand Up @@ -228,12 +238,12 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${CATALOG_CODE} java \
-Dserver.ssl.enabled=${ZWE_configs_server_ssl_enabled:-true} \
-Dserver.ssl.protocol=${ZWE_configs_server_ssl_protocol:-"TLSv1.2"} \
-Dserver.ssl.keyStore="${keystore_location}" \
-Dserver.ssl.keyStoreType="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}" \
-Dserver.ssl.keyStoreType="${keystore_type}" \
-Dserver.ssl.keyStorePassword="${keystore_pass}" \
-Dserver.ssl.keyAlias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}" \
-Dserver.ssl.keyAlias="${key_alias}" \
-Dserver.ssl.keyPassword="${key_pass}" \
-Dserver.ssl.trustStore="${truststore_location}" \
-Dserver.ssl.trustStoreType="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}" \
-Dserver.ssl.trustStoreType="${truststore_type}" \
-Dserver.ssl.trustStorePassword="${truststore_pass}" \
-Djava.protocol.handler.pkgs=com.ibm.crypto.provider \
-Dloader.path=${COMMON_LIB} \
Expand Down
16 changes: 13 additions & 3 deletions caching-service-package/src/main/resources/bin/start.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,7 @@ fi

keystore_type="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}"
keystore_pass="${ZWE_configs_certificate_keystore_password:-${ZWE_zowe_certificate_keystore_password}}"
key_alias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}"
key_pass="${ZWE_configs_certificate_key_password:-${ZWE_zowe_certificate_key_password:-${keystore_pass}}}"
truststore_type="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}"
truststore_pass="${ZWE_configs_certificate_truststore_password:-${ZWE_zowe_certificate_truststore_password}}"
Expand Down Expand Up @@ -173,6 +174,15 @@ if [ $JAVA_VERSION -ge 61 ]; then
fi
fi

if [ "${ATTLS_ENABLED}" = "true" ]; then
keystore_type=
keystore_pass=
key_pass=
key_alias=
keystore_location=
fi


CACHING_CODE=CS
_BPX_JOBNAME=${ZWE_zowe_job_prefix}${CACHING_CODE} java \
-Xms${ZWE_configs_heap_init:-32}m -Xmx${ZWE_configs_heap_max:-512}m \
Expand Down Expand Up @@ -205,12 +215,12 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${CACHING_CODE} java \
-Dserver.ssl.enabled=${ZWE_configs_server_ssl_enabled:-true} \
-Dserver.ssl.protocol=${ZWE_configs_server_ssl_protocol:-"TLSv1.2"} \
-Dserver.ssl.keyStore="${keystore_location}" \
-Dserver.ssl.keyStoreType="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}" \
-Dserver.ssl.keyStoreType="${keystore_type}" \
-Dserver.ssl.keyStorePassword="${keystore_pass}" \
-Dserver.ssl.keyAlias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}" \
-Dserver.ssl.keyAlias="${key_alias}" \
-Dserver.ssl.keyPassword="${key_pass}" \
-Dserver.ssl.trustStore="${truststore_location}" \
-Dserver.ssl.trustStoreType="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}" \
-Dserver.ssl.trustStoreType="${truststore_type}" \
-Dserver.ssl.trustStorePassword="${truststore_pass}" \
-Djava.protocol.handler.pkgs=com.ibm.crypto.provider \
-Djavax.net.debug=${ZWE_configs_sslDebug:-""} \
Expand Down
16 changes: 13 additions & 3 deletions cloud-gateway-package/src/main/resources/bin/start.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@ fi

keystore_type="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}"
keystore_pass="${ZWE_configs_certificate_keystore_password:-${ZWE_zowe_certificate_keystore_password}}"
key_alias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}"
key_pass="${ZWE_configs_certificate_key_password:-${ZWE_zowe_certificate_key_password:-${keystore_pass}}}"
truststore_type="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}"
truststore_pass="${ZWE_configs_certificate_truststore_password:-${ZWE_zowe_certificate_truststore_password}}"
Expand Down Expand Up @@ -133,6 +134,15 @@ if [ $JAVA_VERSION -ge 61 ]; then
fi
fi

if [ "${ATTLS_ENABLED}" = "true" ]; then
keystore_type=
keystore_pass=
key_pass=
key_alias=
keystore_location=
fi


CLOUD_GATEWAY_CODE=CG
_BPX_JOBNAME=${ZWE_zowe_job_prefix}${CLOUD_GATEWAY_CODE} java \
-Xms${ZWE_configs_heap_init:-32}m -Xmx${ZWE_configs_heap_max:-512}m \
Expand All @@ -157,12 +167,12 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${CLOUD_GATEWAY_CODE} java \
-Dserver.maxConnectionsPerRoute=${ZWE_configs_server_maxConnectionsPerRoute:-100} \
-Dserver.maxTotalConnections=${ZWE_configs_server_maxTotalConnections:-1000} \
-Dserver.ssl.keyStore="${keystore_location}" \
-Dserver.ssl.keyStoreType="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}" \
-Dserver.ssl.keyStoreType="${keystore_type}" \
-Dserver.ssl.keyStorePassword="${keystore_pass}" \
-Dserver.ssl.keyAlias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}" \
-Dserver.ssl.keyAlias="${key_alias}" \
-Dserver.ssl.keyPassword="${key_pass}" \
-Dserver.ssl.trustStore="${truststore_location}" \
-Dserver.ssl.trustStoreType="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}" \
-Dserver.ssl.trustStoreType="${truststore_type}" \
-Dserver.ssl.trustStorePassword="${truststore_pass}" \
-Djava.protocol.handler.pkgs=com.ibm.crypto.provider \
-Djavax.net.debug=${ZWE_configs_sslDebug:-""} \
Expand Down
16 changes: 13 additions & 3 deletions discovery-package/src/main/resources/bin/start.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,7 @@ LIBPATH="$LIBPATH":"${LIBRARY_PATH}"

keystore_type="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}"
keystore_pass="${ZWE_configs_certificate_keystore_password:-${ZWE_zowe_certificate_keystore_password}}"
key_alias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}"
key_pass="${ZWE_configs_certificate_key_password:-${ZWE_zowe_certificate_key_password:-${keystore_pass}}}"
truststore_type="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}"
truststore_pass="${ZWE_configs_certificate_truststore_password:-${ZWE_zowe_certificate_truststore_password}}"
Expand Down Expand Up @@ -182,6 +183,15 @@ if [ $JAVA_VERSION -ge 61 ]; then
fi
fi

if [ "${ATTLS_ENABLED}" = "true" ]; then
keystore_type=
keystore_pass=
key_pass=
key_alias=
keystore_location=
fi


DISCOVERY_CODE=AD
_BPX_JOBNAME=${ZWE_zowe_job_prefix}${DISCOVERY_CODE} java \
-Xms${ZWE_configs_heap_init:-32}m -Xmx${ZWE_configs_heap_max:-512}m \
Expand All @@ -208,12 +218,12 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${DISCOVERY_CODE} java \
-Dserver.ssl.enabled=${ZWE_configs_server_ssl_enabled:-true} \
-Dserver.ssl.protocol=${ZWE_configs_server_ssl_protocol:-"TLSv1.2"} \
-Dserver.ssl.keyStore="${keystore_location}" \
-Dserver.ssl.keyStoreType="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}" \
-Dserver.ssl.keyStoreType="${keystore_type}" \
-Dserver.ssl.keyStorePassword="${keystore_pass}" \
-Dserver.ssl.keyAlias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}" \
-Dserver.ssl.keyAlias="${key_alias}" \
-Dserver.ssl.keyPassword="${key_pass}" \
-Dserver.ssl.trustStore="${truststore_location}" \
-Dserver.ssl.trustStoreType="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}" \
-Dserver.ssl.trustStoreType="${truststore_type}" \
-Dserver.ssl.trustStorePassword="${truststore_pass}" \
-Djava.protocol.handler.pkgs=com.ibm.crypto.provider \
-Dloader.path=${DISCOVERY_LOADER_PATH} \
Expand Down
16 changes: 13 additions & 3 deletions gateway-package/src/main/resources/bin/start.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,6 +212,7 @@ fi

keystore_type="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}"
keystore_pass="${ZWE_configs_certificate_keystore_password:-${ZWE_zowe_certificate_keystore_password}}"
key_alias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}"
key_pass="${ZWE_configs_certificate_key_password:-${ZWE_zowe_certificate_key_password:-${keystore_pass}}}"
truststore_type="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}"
truststore_pass="${ZWE_configs_certificate_truststore_password:-${ZWE_zowe_certificate_truststore_password}}"
Expand Down Expand Up @@ -251,6 +252,15 @@ if [ $JAVA_VERSION -ge 61 ]; then
fi
fi

if [ "${ATTLS_ENABLED}" = "true" ]; then
keystore_type=
keystore_pass=
key_pass=
key_alias=
keystore_location=
fi


GATEWAY_CODE=AG
_BPX_JOBNAME=${ZWE_zowe_job_prefix}${GATEWAY_CODE} java \
-Xms${ZWE_configs_heap_init:-32}m -Xmx${ZWE_configs_heap_max:-512}m \
Expand Down Expand Up @@ -294,12 +304,12 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${GATEWAY_CODE} java \
-Dserver.ssl.enabled=${ZWE_configs_server_ssl_enabled:-true} \
-Dserver.ssl.protocol=${ZWE_configs_server_ssl_protocol:-"TLSv1.2"} \
-Dserver.ssl.keyStore="${keystore_location}" \
-Dserver.ssl.keyStoreType="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}" \
-Dserver.ssl.keyStoreType="${keystore_type}" \
-Dserver.ssl.keyStorePassword="${keystore_pass}" \
-Dserver.ssl.keyAlias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}" \
-Dserver.ssl.keyAlias="${key_alias}" \
-Dserver.ssl.keyPassword="${key_pass}" \
-Dserver.ssl.trustStore="${truststore_location}" \
-Dserver.ssl.trustStoreType="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}" \
-Dserver.ssl.trustStoreType="${truststore_type}" \
-Dserver.ssl.trustStorePassword="${truststore_pass}" \
-Dserver.internal.enabled=${ZWE_configs_server_internal_enabled:-false} \
-Dserver.internal.ssl.enabled=${ZWE_configs_server_internal_ssl_enabled:-true} \
Expand Down
16 changes: 13 additions & 3 deletions metrics-service-package/src/main/resources/bin/start.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,13 +99,23 @@ fi

keystore_type="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}"
keystore_pass="${ZWE_configs_certificate_keystore_password:-${ZWE_zowe_certificate_keystore_password}}"
key_alias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}"
key_pass="${ZWE_configs_certificate_key_password:-${ZWE_zowe_certificate_key_password:-${keystore_pass}}}"
truststore_type="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}"
truststore_pass="${ZWE_configs_certificate_truststore_password:-${ZWE_zowe_certificate_truststore_password}}"

keystore_location="${ZWE_configs_certificate_keystore_file:-${ZWE_zowe_certificate_keystore_file}}"
truststore_location="${ZWE_configs_certificate_truststore_file:-${ZWE_zowe_certificate_truststore_file}}"

if [ "${ATTLS_ENABLED}" = "true" ]; then
keystore_type=
keystore_pass=
key_pass=
key_alias=
keystore_location=
fi


# NOTE: these are moved from below
# -Dapiml.service.ipAddress=${ZOWE_IP_ADDRESS:-127.0.0.1} \
# -Dapiml.service.preferIpAddress=${APIML_PREFER_IP_ADDRESS:-false} \
Expand Down Expand Up @@ -155,12 +165,12 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${METRICS_CODE} java \
-Dserver.ssl.enabled=${ZWE_components_gateway_server_ssl_enabled:-true} \
-Dserver.ssl.protocol=${ZWE_components_gateway_server_ssl_protocol:-"TLSv1.2"} \
-Dserver.ssl.keyStore="${keystore_location}" \
-Dserver.ssl.keyStoreType="${ZWE_configs_certificate_keystore_type:-${ZWE_zowe_certificate_keystore_type:-PKCS12}}" \
-Dserver.ssl.keyStoreType="${keystore_type}" \
-Dserver.ssl.keyStorePassword="${keystore_pass}" \
-Dserver.ssl.keyAlias="${ZWE_configs_certificate_keystore_alias:-${ZWE_zowe_certificate_keystore_alias}}" \
-Dserver.ssl.keyAlias="${key_alias}" \
-Dserver.ssl.keyPassword="${key_pass}" \
-Dserver.ssl.trustStore="${truststore_location}" \
-Dserver.ssl.trustStoreType="${ZWE_configs_certificate_truststore_type:-${ZWE_zowe_certificate_truststore_type:-PKCS12}}" \
-Dserver.ssl.trustStoreType="${truststore_type}" \
-Dserver.ssl.trustStorePassword="${truststore_pass}" \
-Djava.protocol.handler.pkgs=com.ibm.crypto.provider \
-Dloader.path=${COMMON_LIB} \
Expand Down

0 comments on commit bd4e738

Please sign in to comment.