Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid use of hard-coded password in Open Liberty configuration #339

Open
scottkurz opened this issue Oct 6, 2020 · 4 comments
Open

Avoid use of hard-coded password in Open Liberty configuration #339

scottkurz opened this issue Oct 6, 2020 · 4 comments
Assignees
@Emily-Jiang
Milestone
next

Comments

@scottkurz
Copy link
Contributor

See: #335 though the fix there broke the project tests, so was reverted.
@scottkurz scottkurz mentioned this issue Oct 6, 2020
Merged
@Emily-Jiang
Copy link
Member

Back to the drawing board. The previous PR #336 did cause JWT tests to fail though. A different solution needs to be provided.

@scottkurz
Copy link
Contributor Author

scottkurz commented Oct 12, 2020
edited
Loading

It seems like there could be two directions to go in, to enable the Open Liberty config change made in #336.

  1. Have the automated test generate the certificates using the password generated by the Open Liberty runtime. It looks like they might be generated here https://github.com/eclipse/microprofile-starter/blob/master/gencerts.sh but this might be done with a static, fixed key using "atbash" as password. This might require some rework/reordering of the test logic. I'm not too familiar with any of this. ((I noticed too it was: https://github.com/eclipse/microprofile-starter/blob/master/src/main/resources/files/TestSecureController.java.tpl where the JWT code loads the keys.)

  2. Accept that the Open Liberty server config during the test is going to be different from that generated from the MicroProfile starter, and accept that that is "close enough" or acceptable. In this approach, we're OK taking the config actually generated and overriding it using a configDropin or similar override mechanism to test using something like the existing config, with the pre-generated certificate.

But in either case, I'm suggesting adjusting the tests and using the Open Liberty runtime config I suggested from #336.

Hope that moves the discussion forward a bit.

@gkwan-ibm
Copy link

and use p12 instead of JKS

@gkwan-ibm gkwan-ibm mentioned this issue Dec 18, 2020
Closed
@Karm
Copy link
Contributor

Karm commented Aug 11, 2022

@Emily-Jiang Is this still an issue?

@Karm Karm added this to the next milestone Aug 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Emily-Jiang Emily-Jiang

Labels
None yet
Projects
None yet
Milestone
next
Development

No branches or pull requests
4 participants
@Karm @scottkurz @Emily-Jiang @gkwan-ibm