2007-06-02 00:07:46 +02:00
|
|
|
#!/bin/sh
|
|
|
|
########################################################################
|
|
|
|
#
|
|
|
|
# Copyright (C) 2006 Novell, Inc. All Rights Reserved.
|
|
|
|
#
|
|
|
|
# This library is free software; you can redistribute it and/or
|
|
|
|
# modify it under the terms of the GNU Lesser General Public
|
|
|
|
# License as published by the Free Software Foundation; version 2.1
|
|
|
|
# of the License.
|
|
|
|
#
|
|
|
|
# This library is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
# Library Lesser General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU Lesser General Public
|
|
|
|
# License along with this library; if not, Novell, Inc.
|
|
|
|
#
|
|
|
|
# To contact Novell about this file by physical or electronic mail,
|
|
|
|
# you may find current contact information at www.novell.com.
|
|
|
|
#
|
|
|
|
# Author: Juan Carlos Luciani <jluciani@novell.com>
|
|
|
|
#
|
|
|
|
########################################################################
|
|
|
|
|
|
|
|
########################################################################
|
|
|
|
#
|
|
|
|
# CASA ATS Keystore Refresh Script.
|
|
|
|
#
|
|
|
|
# An ATS signs tokens and communicates with clients over
|
|
|
|
# SSL. This scrip tries to update the ATS configuration to leverage
|
|
|
|
# the server certificate and key if installed for SSL communications.
|
|
|
|
#
|
|
|
|
########################################################################
|
|
|
|
|
|
|
|
# Source our environment variables file
|
|
|
|
. /etc/CASA/authtoken/svc/envvars
|
|
|
|
|
|
|
|
PKCS12_KEYSTORE_PATH=/etc/ssl/servercerts/keystore.p12
|
|
|
|
SERVER_CERT_PATH=/etc/ssl/servercerts/servercert.pem
|
|
|
|
SERVER_KEY_PATH=/etc/ssl/servercerts/serverkey.pem
|
|
|
|
SERVER_XML_PATH=/srv/www/casaats/conf/server.xml
|
|
|
|
|
|
|
|
|
|
|
|
# Try to leverage server certificate and key
|
|
|
|
if [ -f /etc/ssl/servercerts/serverkey.pem ]; then
|
|
|
|
# Check if we must create PKCS12 keystore
|
|
|
|
if [ ! -f $PKCS12_KEYSTORE_PATH ]; then
|
|
|
|
# Create PKCS12 keystore
|
2007-06-02 01:05:03 +02:00
|
|
|
openssl pkcs12 -export -in $SERVER_CERT_PATH -inkey $SERVER_KEY_PATH -name tomcat -out $PKCS12_KEYSTORE_PATH -password pass:password
|
2007-06-02 00:07:46 +02:00
|
|
|
|
|
|
|
# Make sure that the PKCS12 keystore is only accessible by the service
|
|
|
|
chown casaatsd:casaauth $PKCS12_KEYSTORE_PATH
|
|
|
|
chmod 600 $PKCS12_KEYSTORE_PATH
|
|
|
|
fi
|
|
|
|
|
|
|
|
// Make sure that the ATS is configured to leverage the server certificate and key
|
|
|
|
TEST_IBM_JVM=$($JAVA_HOME/bin/java -version 2>&1 | grep -i ibm)
|
|
|
|
rm -f $SERVER_XML_PATH
|
|
|
|
if [ -z "${TEST_IBM_JVM}" ]; then
|
|
|
|
# Assume Sun JVM
|
|
|
|
ln -s /srv/www/casaats/conf/server-pkcs12-sun.xml $SERVER_XML_PATH
|
|
|
|
else
|
|
|
|
# IBM JVM
|
|
|
|
ln -s /srv/www/casaats/conf/server-pkcs12-ibm.xml $SERVER_XML_PATH
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|