Add zcrypto library use for jceccaracfks support #529
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: 1000TurquoisePogs <[email protected]>
Signed-off-by: 1000TurquoisePogs <[email protected]>
Signed-off-by: 1000TurquoisePogs <[email protected]>
Signed-off-by: 1000TurquoisePogs <[email protected]>
…eyring_js or zcrypto Signed-off-by: 1000TurquoisePogs <[email protected]>
1000TurquoisePogs
force-pushed
the
feature/v2/zcrypto-library
branch
from
1a2f319 to
d4de2e7
Compare
Signed-off-by: 1000TurquoisePogs <[email protected]>
Signed-off-by: 1000TurquoisePogs <[email protected]>
Signed-off-by: 1000TurquoisePogs <[email protected]>
Signed-off-by: 1000TurquoisePogs <[email protected]>
Signed-off-by: 1000TurquoisePogs <[email protected]>
| try { | ||
| if (os.platform() == 'os390') { | ||
| keyring_js = require('keyring_js'); | ||
| if (USE_KEYRING_JS) { |
There was a problem hiding this comment.
turn this into a zowe.yaml config parameter
| @@ -300,7 +321,11 @@ WebServer.prototype = { | |||
| let certificateList; | |||
| if(userId && keyringName) { | |||
| try { | |||
| certificateList = keyring_js.listKeyring(userId, keyringName); | |||
| let includingPrivateKey = false; | |||
There was a problem hiding this comment.
add a note saying this will only work if there are truly only 2 types of objects in a keyring, but thus far that's all i've seen when working with users.
|
Seems not possible due to PKDS keys not being exportable via this technique. Instead, AT-TLS must be used. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
To address zowe/community#1851 for the app-server, the https://www.npmjs.com/package/zcrypto library uses gsk/systemssl for getting keyrings in node.
ZSS is also a user of gsk, and was tested as working for ICSF, so I am hopeful that switching away from our own keyring_js library towards this library will yield better long-term results for keyring support within the app-server.
In this PR, both libraries are still available, though only switchable via a const that is not yet exposed as a configuration item.
How to test:
In zowe's config, you want to use keyrings of either JCERACFKS type or of JCECCARACFKS.
We already support JCERACFKS, so we should see no regression (server loads and is accessible for a url such as the desktop or /plugins)
If we're successful with JCECARACFKS, we should see the same behavior, whereas before we could not load the key/cert at all.