Skip to content

Commit

Permalink
add: secure connection for docker compose (#2344)
Browse files Browse the repository at this point in the history
Signed-off-by: Viet Nguyen Duc <[email protected]>
  • Loading branch information
VietND96 authored Aug 10, 2024
1 parent 9ba062a commit b91d300
Show file tree
Hide file tree
Showing 36 changed files with 750 additions and 287 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -153,3 +153,4 @@ ENV/
/charts/*/**.lock
/charts/*.tgz
/charts/*/RELEASE_NOTES.md
Base/certs
18 changes: 16 additions & 2 deletions Base/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ RUN if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
#==========
# Selenium & relaxing permissions for OpenShift and other non-sudo environments
#==========
&& mkdir -p /opt/selenium /opt/selenium/assets /var/run/supervisor /var/log/supervisor ${SEL_DOWNLOAD_DIR} \
&& mkdir -p /opt/selenium /opt/selenium/assets /opt/selenium/secrets /var/run/supervisor /var/log/supervisor ${SEL_DOWNLOAD_DIR} \
${HOME}/.mozilla ${HOME}/.vnc ${HOME}/.pki/nssdb \
# NSSDB initialization with an empty password
&& certutil -d sql:${HOME}/.pki/nssdb -N --empty-password \
Expand Down Expand Up @@ -134,11 +134,20 @@ COPY --chown="${SEL_UID}:${SEL_GID}" check-grid.sh entry_point.sh configs/node/n
#======================================
COPY supervisord.conf /etc

#===================================================
# Add the default self-signed certificate to the bundle CA
#===================================================
ARG CERT_TRUST_ATTR=TCu,Cu,Tu
COPY --chown="${SEL_UID}:${SEL_GID}" certs/add-cert-helper.sh certs/add-jks-helper.sh /opt/bin/
COPY --chown="${SEL_UID}:${SEL_GID}" certs/tls.crt certs/tls.key certs/server.jks certs/server.pass /opt/selenium/secrets/

#===================================================
# Run the following commands as non-privileged user
#===================================================
USER ${SEL_UID}:${SEL_GID}

RUN /opt/bin/add-jks-helper.sh -d /opt/selenium/secrets \
&& /opt/bin/add-cert-helper.sh -d /opt/selenium/secrets ${CERT_TRUST_ATTR}
#======================================
# Configure environement
#======================================
Expand All @@ -150,6 +159,11 @@ ENV SE_BIND_HOST=false \
SE_OTEL_JAVA_GLOBAL_AUTOCONFIGURE_ENABLED=true \
SE_OTEL_TRACES_EXPORTER="otlp" \
SE_SUPERVISORD_LOG_LEVEL="info" \
SE_OPT_BIN="/opt/bin"
SE_ENABLE_TLS=false \
SE_JAVA_SSL_TRUST_STORE="/opt/selenium/secrets/server.jks" \
SE_JAVA_SSL_TRUST_STORE_PASSWORD="/opt/selenium/secrets/server.pass" \
SE_JAVA_DISABLE_HOSTNAME_VERIFICATION=true \
SE_HTTPS_CERTIFICATE="/opt/selenium/secrets/tls.crt" \
SE_HTTPS_PRIVATE_KEY="/opt/selenium/secrets/tls.key"

CMD ["/opt/bin/entry_point.sh"]
2 changes: 1 addition & 1 deletion Base/entry_point.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/usr/bin/env bash

NODE_CONFIG_DIRECTORY=${NODE_CONFIG_DIRECTORY:-$SE_OPT_BIN}
NODE_CONFIG_DIRECTORY=${NODE_CONFIG_DIRECTORY:-"/opt/bin"}
#==============================================
# OpenShift or non-sudo environments support
# https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines
Expand Down
42 changes: 25 additions & 17 deletions Distributor/start-selenium-grid-distributor.sh
Original file line number Diff line number Diff line change
Expand Up @@ -69,23 +69,31 @@ if [ ! -z "$SE_EXTERNAL_URL" ]; then
SE_OPTS="$SE_OPTS --external-url ${SE_EXTERNAL_URL}"
fi

if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
fi

if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
fi

if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
if [ "${SE_ENABLE_TLS}" = "true" ]; then
# Configure truststore for the server
if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
fi
if [ -f "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
echo "Getting Truststore password from ${SE_JAVA_SSL_TRUST_STORE_PASSWORD} to set Java options: -Djavax.net.ssl.trustStorePassword"
SE_JAVA_SSL_TRUST_STORE_PASSWORD="$(cat ${SE_JAVA_SSL_TRUST_STORE_PASSWORD})"
fi
if [ ! -z "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
fi
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
# Configure certificate and private key for component communication
if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
fi
if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
fi
fi

if [ ! -z "$SE_REGISTRATION_SECRET" ]; then
Expand Down
42 changes: 25 additions & 17 deletions EventBus/start-selenium-grid-eventbus.sh
Original file line number Diff line number Diff line change
Expand Up @@ -34,23 +34,31 @@ if [ ! -z "$SE_EXTERNAL_URL" ]; then
SE_OPTS="$SE_OPTS --external-url ${SE_EXTERNAL_URL}"
fi

if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
fi

if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
fi

if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
if [ "${SE_ENABLE_TLS}" = "true" ]; then
# Configure truststore for the server
if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
fi
if [ -f "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
echo "Getting Truststore password from ${SE_JAVA_SSL_TRUST_STORE_PASSWORD} to set Java options: -Djavax.net.ssl.trustStorePassword"
SE_JAVA_SSL_TRUST_STORE_PASSWORD="$(cat ${SE_JAVA_SSL_TRUST_STORE_PASSWORD})"
fi
if [ ! -z "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
fi
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
# Configure certificate and private key for component communication
if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
fi
if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
fi
fi

EXTRA_LIBS=""
Expand Down
42 changes: 25 additions & 17 deletions Hub/start-selenium-grid-hub.sh
Original file line number Diff line number Diff line change
Expand Up @@ -37,23 +37,31 @@ if [ ! -z "$SE_EXTERNAL_URL" ]; then
SE_OPTS="$SE_OPTS --external-url ${SE_EXTERNAL_URL}"
fi

if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
fi

if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
fi

if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
if [ "${SE_ENABLE_TLS}" = "true" ]; then
# Configure truststore for the server
if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
fi
if [ -f "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
echo "Getting Truststore password from ${SE_JAVA_SSL_TRUST_STORE_PASSWORD} to set Java options: -Djavax.net.ssl.trustStorePassword"
SE_JAVA_SSL_TRUST_STORE_PASSWORD="$(cat ${SE_JAVA_SSL_TRUST_STORE_PASSWORD})"
fi
if [ ! -z "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
fi
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
# Configure certificate and private key for component communication
if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
fi
if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
fi
fi

if [ ! -z "$SE_REGISTRATION_SECRET" ]; then
Expand Down
6 changes: 6 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,8 @@ ci: build test

base:
rm -rf ./Base/configs/node && mkdir -p ./Base/configs/node && cp -r ./charts/selenium-grid/configs/node ./Base/configs
rm -rf ./Base/certs && cp -r ./charts/selenium-grid/certs ./Base
./Base/certs/gen-cert-helper.sh -d ./Base/certs
cd ./Base && docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) --build-arg VERSION=$(BASE_VERSION) --build-arg RELEASE=$(BASE_RELEASE) --build-arg AUTHORS=$(AUTHORS) -t $(NAME)/base:$(TAG_VERSION) .

base_nightly:
Expand Down Expand Up @@ -554,6 +556,8 @@ test_chromium_standalone:

test_parallel: hub chrome firefox edge chromium
sudo rm -rf ./tests/tests
sudo rm -rf ./tests/videos; mkdir -p ./tests/videos
sudo cp -r ./charts/selenium-grid/certs ./tests/videos
for node in DeploymentAutoscaling JobAutoscaling ; do \
cd ./tests || true ; \
echo TAG=$(TAG_VERSION) > .env ; \
Expand All @@ -571,6 +575,8 @@ test_parallel: hub chrome firefox edge chromium
echo NODE_CHROME=chromium >> .env ; \
fi; \
echo TEST_PLATFORMS=$(PLATFORMS) >> .env ; \
echo SELENIUM_GRID_PROTOCOL=https >> .env ; \
echo CHART_CERT_PATH=$$(readlink -f ./videos/certs/tls.crt) >> .env ; \
export $$(cat .env | xargs) ; \
DOCKER_DEFAULT_PLATFORM=$(PLATFORMS) docker compose --profile $(PLATFORMS) -f docker-compose-v3-test-parallel.yml up -d --no-log-prefix ; \
RUN_IN_DOCKER_COMPOSE=true bash ./bootstrap.sh $$node ; \
Expand Down
42 changes: 25 additions & 17 deletions NodeBase/start-selenium-node.sh
Original file line number Diff line number Diff line change
Expand Up @@ -76,23 +76,31 @@ if [ ! -z "$SE_EXTERNAL_URL" ]; then
SE_OPTS="$SE_OPTS --external-url ${SE_EXTERNAL_URL}"
fi

if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
fi

if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
fi

if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
if [ "${SE_ENABLE_TLS}" = "true" ]; then
# Configure truststore for the server
if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
fi
if [ -f "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
echo "Getting Truststore password from ${SE_JAVA_SSL_TRUST_STORE_PASSWORD} to set Java options: -Djavax.net.ssl.trustStorePassword"
SE_JAVA_SSL_TRUST_STORE_PASSWORD="$(cat ${SE_JAVA_SSL_TRUST_STORE_PASSWORD})"
fi
if [ ! -z "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
fi
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
# Configure certificate and private key for component communication
if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
fi
if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
fi
fi

if [ ! -z "$SE_REGISTRATION_SECRET" ]; then
Expand Down
42 changes: 25 additions & 17 deletions NodeDocker/start-selenium-grid-docker.sh
Original file line number Diff line number Diff line change
Expand Up @@ -44,23 +44,31 @@ if [ ! -z "$SE_EXTERNAL_URL" ]; then
SE_OPTS="$SE_OPTS --external-url ${SE_EXTERNAL_URL}"
fi

if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
fi

if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
fi

if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION:-true}"
if [ "${SE_ENABLE_TLS}" = "true" ]; then
# Configure truststore for the server
if [ ! -z "$SE_JAVA_SSL_TRUST_STORE" ]; then
echo "Appending Java options: -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStore=${SE_JAVA_SSL_TRUST_STORE}"
fi
if [ -f "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
echo "Getting Truststore password from ${SE_JAVA_SSL_TRUST_STORE_PASSWORD} to set Java options: -Djavax.net.ssl.trustStorePassword"
SE_JAVA_SSL_TRUST_STORE_PASSWORD="$(cat ${SE_JAVA_SSL_TRUST_STORE_PASSWORD})"
fi
if [ ! -z "${SE_JAVA_SSL_TRUST_STORE_PASSWORD}" ]; then
echo "Appending Java options: -Djavax.net.ssl.trustStorePassword"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djavax.net.ssl.trustStorePassword=${SE_JAVA_SSL_TRUST_STORE_PASSWORD}"
fi
echo "Appending Java options: -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
SE_JAVA_OPTS="$SE_JAVA_OPTS -Djdk.internal.httpclient.disableHostnameVerification=${SE_JAVA_DISABLE_HOSTNAME_VERIFICATION}"
# Configure certificate and private key for component communication
if [ ! -z "$SE_HTTPS_CERTIFICATE" ]; then
echo "Appending Selenium options: --https-certificate ${SE_HTTPS_CERTIFICATE}"
SE_OPTS="$SE_OPTS --https-certificate ${SE_HTTPS_CERTIFICATE}"
fi
if [ ! -z "$SE_HTTPS_PRIVATE_KEY" ]; then
echo "Appending Selenium options: --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
SE_OPTS="$SE_OPTS --https-private-key ${SE_HTTPS_PRIVATE_KEY}"
fi
fi

EXTRA_LIBS=""
Expand Down
Loading

0 comments on commit b91d300

Please sign in to comment.