From 718b0fda281187c815f739dfd631eb9e442137b3 Mon Sep 17 00:00:00 2001 From: Juan Carlos Luciani Date: Fri, 1 Jun 2007 17:56:42 +0000 Subject: [PATCH] Moved the copying of the ATS Signing Certificate to the init.d script because the CasaAuthTokenSvc webapp folder is not created until after Tomcat is started. --- .../server-java/Svc/linux/CasaAuthtokenSvcD | 20 ++++++++++++++++++- .../Svc/linux/server_keystore_setup.sh | 3 --- .../package/yast2-casa-ats.changes | 8 ++++++++ 3 files changed, 27 insertions(+), 4 deletions(-) diff --git a/CASA-auth-token/server-java/Svc/linux/CasaAuthtokenSvcD b/CASA-auth-token/server-java/Svc/linux/CasaAuthtokenSvcD index 98a04136..0cbd36f9 100644 --- a/CASA-auth-token/server-java/Svc/linux/CasaAuthtokenSvcD +++ b/CASA-auth-token/server-java/Svc/linux/CasaAuthtokenSvcD @@ -115,6 +115,24 @@ StartDAEMON() sleep 1 if atsIsRunning ; then rc_failed 0 + + # Check if we need to copy the Signing Certificate to the webapp folder + if [ ! -f /srv/www/casaats/webapps/CasaAuthTokenSvc/SigningCert ]; then + # Wait a max of 60 seconds for the webapp folder to be created + wait_sec=60 + while [ "$wait_sec" != "0" ] ; do + sleep 1 + if [ -d /srv/www/casaats/webapps/CasaAuthTokenSvc ]; then + # The folder was created, end the loop + wait_sec=0 + break + fi + wait_sec=$((wait_sec -1)) + done + + # Copy the signing certificate to the webapps folder so that it can be downloaded from the ATS + cp /etc/CASA/authtoken/keys/localSigningCert /srv/www/casaats/webapps/CasaAuthTokenSvc/SigningCert + fi else rc_failed 7 fi @@ -136,7 +154,7 @@ StopDAEMON() while [ "$wait_sec" != "0" ] ; do sleep 1 if ! atsIsRunning ; then - # the server is stoped, end the loop + # the server is stopped, end the loop wait_sec=0 break fi diff --git a/CASA-auth-token/server-java/Svc/linux/server_keystore_setup.sh b/CASA-auth-token/server-java/Svc/linux/server_keystore_setup.sh index 8ed4392c..25e2929b 100755 --- a/CASA-auth-token/server-java/Svc/linux/server_keystore_setup.sh +++ b/CASA-auth-token/server-java/Svc/linux/server_keystore_setup.sh @@ -68,9 +68,6 @@ else # Print the exported cert #$KEYTOOL_PATH -printcert -file $LOCAL_ATS_SIGNING_CERT_PATH - # Allow the signing certificate to be downloaded from the ATS - cp $LOCAL_ATS_SIGNING_CERT_PATH /srv/www/casaats/webapps/CasaAuthTokenSvc/SigningCert - # Import the signing certificate into the trusted ATS keystore $KEYTOOL_PATH -import -noprompt -keystore $TRUSTED_ATS_KEYSTORE_PATH -alias local_signingCert -storepass secret -keypass secret -file $LOCAL_ATS_SIGNING_CERT_PATH diff --git a/CASA-auth-token/yast2-casa-ats/package/yast2-casa-ats.changes b/CASA-auth-token/yast2-casa-ats/package/yast2-casa-ats.changes index e87cacd6..b56a5653 100644 --- a/CASA-auth-token/yast2-casa-ats/package/yast2-casa-ats.changes +++ b/CASA-auth-token/yast2-casa-ats/package/yast2-casa-ats.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri May 18 16:02:10 MDT 2007 - jluciani@novell.com + +- Fixed issue that would allow Proxy User Credentials to remain + in the miCASA store even though the related REALM has been + removed from the server's configuration. This takes care of + BUG276396. + ------------------------------------------------------------------- Thu May 17 09:45:18 MDT 2007 - jluciani@novell.com