From f4c617541779b756f85e641ae9d9e3a1c617e55e Mon Sep 17 00:00:00 2001
From: Krzysztof Opasiak <k.opasiak@samsung.com>
Date: Thu, 18 Mar 2021 11:08:36 +0100
Subject: [VID] Obfuscate truststore password at the entrypoint

VID unfortunately expects truststore password to be obfuscated instead
of getting it in plain text.

Current solution that we had in the master branch was only a temporary
fix which hardcoded obfuscated password in our charts.

This patch introduces a proper solution that uses jetty-util to
obfuscate the password before starting VID application.

Issue-ID: OOM-1
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I391c29b6552121fd0b574a1046b4c1551c1a927a
---
 kubernetes/vid/templates/deployment.yaml | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'kubernetes/vid/templates')

diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml
index 8872863e42..d1b4bcdbf2 100644
--- a/kubernetes/vid/templates/deployment.yaml
+++ b/kubernetes/vid/templates/deployment.yaml
@@ -63,6 +63,8 @@ spec:
           - -c
           - |
             export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+            export VID_TRUSTSTORE_PLAIN_PASSWORD=${VID_TRUSTSTORE_PASSWORD}
+            export VID_TRUSTSTORE_PASSWORD=`java -cp /usr/local/tomcat/webapps/vid/WEB-INF/lib/jetty-util-9.4.20.v20190813.jar org.eclipse.jetty.util.security.Password ${VID_TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
             /tmp/vid/localize.sh
           {{- end }}
           ports:
-- 
cgit 1.2.3-korg