Partial changes to enable client-ats communciations over SSL.

CASA-auth-token/java/server/Svc/linux/server_keystore_setup.sh

@@ -27,11 +27,11 @@
 #                                                           #
 # CASA ATS Keystore Setup Script.                           #
 #                                                           #
-# This script sets up a keystore for the ATS with a key     #
-# pair which the ATS will use for signing authentication    #
-# and session tokens.                                       #
+# An ATS signs tokens and communicates with clients over    #
+# SSL. This scrip sets up the necessary key-pairs and       #
+# certificates for the ATS to perform these functions.      #
 #                                                           #
-# Ths script creates a self signed certificate that it then #
+# For token signing purposes, this scrip creates a self signed certificate that it then #
 # exports. At this time it is sufficient to utilize self    #
 # signed certificates because they are meant to be consumed #
 # by entities of the local box.                             # 
@@ -45,18 +45,24 @@ if [ -f /etc/CASA/authtoken/keys/server/jks-store ]; then
         chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
 else
 	echo "Setting up the server's keystore"
+
+        KEYTOOL_PATH=/usr/lib/jvm/java-1.5.0-ibm/bin/keytool
+
 	# Create the server keystore with the key that will be used for signing tokens
 	host=`hostname -f`
-	/usr/lib/jvm/java-1.5.0-ibm/bin/keytool -genkey -alias signingKey -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=casaatsd@$host" -validity 3600 -keypass secret -storepass secret
+	$KEYTOOL_PATH -genkey -alias signingKey -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=casaatsd@$host" -validity 3600 -keypass secret -storepass secret
 
 	# Export self-signed certificate for the signing key
-	/usr/lib/jvm/java-1.5.0-ibm/bin/keytool -export -keystore /etc/CASA/authtoken/keys/server/jks-store -alias signingKey -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
-
-	# List the contents of the server's keystore
-	#usr/lib/jvm/java-1.5.0-ibm/bin/keytool -list -rfc -keystore /etc/CASA/authtoken/keys/server/jks-store -alias signingKey -storepass secret
+	$KEYTOOL_PATH -export -keystore /etc/CASA/authtoken/keys/server/jks-store -alias signingKey -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
 
 	# Print the exported cert
-	#usr/lib/jvm/java-1.5.0-ibm/bin/keytool -printcert -file /etc/CASA/authtoken/keys/casaatsdSigningCert
+	#$KEYTOOL_PATH -printcert -file /etc/CASA/authtoken/keys/casaatsdSigningCert
+
+        # Create a key for Tomcat to do SSL communications
+        $KEYTOOL_PATH -genkey -alias tomcat -keyalg RSA -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=$host" -validity 3600 -keypass secret -storepass secret
+
+	# List the contents of the server's keystore
+	#$KEYTOOL_PATH -list -rfc -keystore /etc/CASA/authtoken/keys/server/jks-store -storepass secret
 
 	# Make sure that the keystore is only accessible by the service
 	chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store