Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Avoid use of hard-coded password in Open Liberty configuration #339

Open
scottkurz opened this issue Oct 6, 2020 · 4 comments
Open

Avoid use of hard-coded password in Open Liberty configuration #339

scottkurz opened this issue Oct 6, 2020 · 4 comments
Assignees
Milestone

Comments

@scottkurz
Copy link
Contributor

See: #335 though the fix there broke the project tests, so was reverted.

@Emily-Jiang
Copy link
Member

Back to the drawing board. The previous PR #336 did cause JWT tests to fail though. A different solution needs to be provided.

@scottkurz
Copy link
Contributor Author

scottkurz commented Oct 12, 2020

It seems like there could be two directions to go in, to enable the Open Liberty config change made in #336.

  1. Have the automated test generate the certificates using the password generated by the Open Liberty runtime. It looks like they might be generated here https://github.com/eclipse/microprofile-starter/blob/master/gencerts.sh but this might be done with a static, fixed key using "atbash" as password. This might require some rework/reordering of the test logic. I'm not too familiar with any of this. ((I noticed too it was: https://github.com/eclipse/microprofile-starter/blob/master/src/main/resources/files/TestSecureController.java.tpl where the JWT code loads the keys.)

  2. Accept that the Open Liberty server config during the test is going to be different from that generated from the MicroProfile starter, and accept that that is "close enough" or acceptable. In this approach, we're OK taking the config actually generated and overriding it using a configDropin or similar override mechanism to test using something like the existing config, with the pre-generated certificate.

But in either case, I'm suggesting adjusting the tests and using the Open Liberty runtime config I suggested from #336.

Hope that moves the discussion forward a bit.

@gkwan-ibm
Copy link

and use p12 instead of JKS

@Karm
Copy link
Contributor

Karm commented Aug 11, 2022

@Emily-Jiang Is this still an issue?

@Karm Karm added this to the next milestone Aug 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants