From 3c9ec5f14cd32df6d286bcdbbb86a39ba67dc340 Mon Sep 17 00:00:00 2001
From: Robert Parker <parrobe@uk.ibm.com>
Date: Fri, 31 May 2019 11:36:04 +0100
Subject: [PATCH] Add fix for OIDC error

---
 internal/tls/tls.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/internal/tls/tls.go b/internal/tls/tls.go
index 856d692..f6b149e 100644
--- a/internal/tls/tls.go
+++ b/internal/tls/tls.go
@@ -346,6 +346,23 @@ func processTrustCertificates(trustDir string, cmsKeyDB, p12TrustDB *KeyStoreDat
 		if err != nil {
 			return fmt.Errorf("Could not add certificates to PKCS#12 Truststore: %v", err)
 		}
+
+		// We need to relabel everything because liberty doesn't play nicely with autolabelled certs
+		allCerts, err := p12TrustDB.Keystore.ListAllCertificates()
+		if err != nil || len(allCerts) <= 0 {
+			return fmt.Errorf("Could not get all certificates from PKCS#12 Truststore: %v", err)
+		}
+
+		for i, cert := range allCerts {
+			cert = strings.Trim(cert, "\"")
+			cert = strings.TrimSpace(cert)
+			newLabel := fmt.Sprintf("Trust%d", i)
+
+			err = p12TrustDB.Keystore.RenameCertificate(cert, newLabel)
+			if err != nil || len(allCerts) <= 0 {
+				return fmt.Errorf("Could not get rename certificate %s to %s in PKCS#12 Truststore: %v", cert, newLabel, err)
+			}
+		}
 	}
 
 	if len(cmsKeyDB.TrustedCerts) > 0 {