(camel-k) 03/05: fix(jvm): Use consistent truststore password for all CA certificate imports

Mon, 19 Jan 2026 23:26:53 -0800 

This is an automated email from the ASF dual-hosted git repository.

pcongiusti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git

commit d5f32b02a0f36b2c7b799208631e0d4082c74b7b
Author: Pranjul Kalsi <[email protected]>
AuthorDate: Thu Jan 15 18:55:22 2026 +0530

    fix(jvm): Use consistent truststore password for all CA certificate imports
---
 pkg/trait/init_containers.go      | 7 ++++++-
 pkg/trait/init_containers_test.go | 6 ++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/pkg/trait/init_containers.go b/pkg/trait/init_containers.go
index 0468942d1..1183e3ac2 100644
--- a/pkg/trait/init_containers.go
+++ b/pkg/trait/init_containers.go
@@ -111,10 +111,15 @@ func (t *initContainersTrait) Configure(e *Environment) 
(bool, *TraitCondition,
                        }
 
                        certEntries := jvm.getAllCACertEntries()
+                       // Use the first certificate's password for all imports 
since they share the same truststore
+                       truststorePassPath := ""
+                       if len(certEntries) > 0 {
+                               truststorePassPath = certEntries[0].PasswordPath
+                       }
                        for i, entry := range certEntries {
                                cmd := fmt.Sprintf(
                                        "keytool -importcert -noprompt -alias 
custom-ca-%d -storepass:file %s -keystore %s -file %s",
-                                       i, entry.PasswordPath, 
jvm.getTrustStorePath(), entry.CertPath,
+                                       i, truststorePassPath, 
jvm.getTrustStorePath(), entry.CertPath,
                                )
                                allCommands = append(allCommands, cmd)
                        }
diff --git a/pkg/trait/init_containers_test.go 
b/pkg/trait/init_containers_test.go
index 3a8f477d1..ff2bcdfc0 100644
--- a/pkg/trait/init_containers_test.go
+++ b/pkg/trait/init_containers_test.go
@@ -526,6 +526,12 @@ func TestApplyInitContainerWithMultipleCACerts(t 
*testing.T) {
        assert.Contains(t, commandStr, "/etc/camel/conf.d/_secrets/ca2/ca.crt")
        assert.Contains(t, commandStr, "/etc/camel/conf.d/_secrets/ca3/ca.crt")
        assert.Contains(t, commandStr, "&&")
+
+       firstPasswordCount := strings.Count(commandStr, 
"/etc/camel/conf.d/_secrets/pass1/password")
+       assert.Equal(t, 3, firstPasswordCount, "All 3 keytool commands should 
use the first certificate's password")
+
+       assert.NotContains(t, commandStr, "storepass:file 
/etc/camel/conf.d/_secrets/pass2/password")
+       assert.NotContains(t, commandStr, "storepass:file 
/etc/camel/conf.d/_secrets/pass3/password")
 }
 
 func TestApplyInitContainerWithCACertsBackwardCompatibility(t *testing.T) {

Reply via email to