78 lines
3.2 KiB
Bash
78 lines
3.2 KiB
Bash
|
#!/bin/sh
|
||
|
|
########################################################################
|
||
|
|
#
|
||
|
|
# Copyright (C) 2006 Novell, Inc. All Rights Reserved.
|
||
|
|
#
|
||
|
|
# This library is free software; you can redistribute it and/or
|
||
|
|
# modify it under the terms of the GNU Lesser General Public
|
||
|
|
# License as published by the Free Software Foundation; version 2.1
|
||
|
|
# of the License.
|
||
|
|
#
|
||
|
|
# This library is distributed in the hope that it will be useful,
|
||
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||
|
|
# Library Lesser General Public License for more details.
|
||
|
|
#
|
||
|
|
# You should have received a copy of the GNU Lesser General Public
|
||
|
|
# License along with this library; if not, Novell, Inc.
|
||
|
|
#
|
||
|
|
# To contact Novell about this file by physical or electronic mail,
|
||
|
|
# you may find current contact information at www.novell.com.
|
||
|
|
#
|
||
|
|
# Author: Juan Carlos Luciani <jluciani@novell.com>
|
||
|
|
#
|
||
|
|
########################################################################
|
||
|
|
|
||
|
|
########################################################################
|
||
|
|
#
|
||
|
|
# CASA ATS Keystore Setup Script.
|
||
|
|
#
|
||
|
|
# An ATS signs tokens and communicates with clients over
|
||
|
|
# SSL. This scrip sets up the necessary key-pairs and
|
||
|
|
# certificates for the ATS to perform these functions.
|
||
|
|
#
|
||
|
|
# For token signing purposes, this scrip creates a self
|
||
|
|
# signed certificate that it then exports. At this time it
|
||
|
|
# is sufficient to utilize self signed certificates because
|
||
|
|
# they are meant to be consumed by entities of the local
|
||
|
|
# box.
|
||
|
|
#
|
||
|
|
########################################################################
|
||
|
|
|
||
|
|
# Source our environment variables file
|
||
|
|
. /etc/CASA/authtoken/svc/envvars
|
||
|
|
|
||
|
|
# Perform the operation requested
|
||
|
|
|
||
|
|
# Do not do anything if the server keystore has already been created
|
||
|
|
if [ -f /etc/CASA/authtoken/keys/server/jks-store ]; then
|
||
|
|
echo "The server keystore is already setup"
|
||
|
|
# Make sure that the keystore file is owned by our service
|
||
|
|
chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
|
||
|
|
else
|
||
|
|
echo "Setting up the server's keystore"
|
||
|
|
|
||
|
|
KEYTOOL_PATH=$JAVA_HOME/bin/keytool
|
||
|
|
|
||
|
|
# Create the server keystore with the key that will be used for signing tokens
|
||
|
|
host=`hostname -f`
|
||
|
|
$KEYTOOL_PATH -genkey -alias signingKey -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=casaatsd@$host" -validity 3600 -keypass secret -storepass secret
|
||
|
|
|
||
|
|
# Export self-signed certificate for the signing key
|
||
|
|
$KEYTOOL_PATH -export -keystore /etc/CASA/authtoken/keys/server/jks-store -alias signingKey -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
|
||
|
|
|
||
|
|
# Print the exported cert
|
||
|
|
#$KEYTOOL_PATH -printcert -file /etc/CASA/authtoken/keys/casaatsdSigningCert
|
||
|
|
|
||
|
|
# Create a key for Tomcat to do SSL communications
|
||
|
|
$KEYTOOL_PATH -genkey -alias tomcat -keyalg RSA -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=$host" -validity 3600 -keypass secret -storepass secret
|
||
|
|
|
||
|
|
# List the contents of the server's keystore
|
||
|
|
#$KEYTOOL_PATH -list -rfc -keystore /etc/CASA/authtoken/keys/server/jks-store -storepass secret
|
||
|
|
|
||
|
|
# Make sure that the keystore is only accessible by the service
|
||
|
|
chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
|
||
|
|
chmod 600 /etc/CASA/authtoken/keys/server/jks-store
|
||
|
|
fi
|
||
|
|
|