Added workaround to import eDirs Root CA Cert into Java's keystore

until OES is updated to do the same for Java 1.5.
2006-12-04 12:30:01 +00:00 · 2006-12-04 12:30:01 +00:00 · 974f4829b3
commit 974f4829b3
parent b0fad0f85f
2 changed files with 51 additions and 0 deletions
--- a/CASA-auth-token/server-java/Svc/linux/CasaBasicATSSetup.sh
+++ b/CASA-auth-token/server-java/Svc/linux/CasaBasicATSSetup.sh
@ -63,6 +63,45 @@ function display_usage
   echo ""
 }

+
+function java_1_5_oes_workaround
+{
+   #
+   # Notice, this function is here temporarily to support
+   # OES before it starts dealing with IBM's 1.5 JVM.
+   #
+
+   # Determine the file and folder names 
+   CERT_FOLDER=/etc/opt/novell/certs
+   ALT_CERT_FOLDER=/etc/opt/novell
+   CERT_FILE_NAME=SSCert.der
+   JAVA_KEY_STORE_PATH=$JAVA_HOME/lib/security/cacerts
+
+   # Determine the path to the eDir cert file
+   if [ ! -f $CERT_FOLDER/$CERT_FILE_NAME ]; then
+      if [ ! -f $ALT_CERT_FOLDER/$CERT_FILE_NAME ]; then
+         echo "eDir CA Cert not found!"
+         echo "Verify that Java_1_5 will be able to accept certificates from configured LDAP server."
+         return 2
+      else
+         CERT_FILE_PATH=$ALT_CERT_FOLDER/$CERT_FILE_NAME
+      fi
+   else
+      CERT_FILE_PATH=$CERT_FOLDER/$CERT_FILE_NAME
+   fi
+
+   # Now import the cert into java's keystore
+   $JAVA_HOME/bin/keytool -import\
+      -trustcacerts\
+      -alias edit_root_ca\
+      -keystore $JAVA_KEY_STORE_PATH\
+      -storepass changeit\
+      -file $CERT_FILE_PATH
+
+   return 0
+}
+
+
 function setup_jaas_file
 {
   # Determine the file names 
@ -217,7 +256,11 @@ else
   CONFIG_FILE_FOLDER=$DEFAULT_CONFIG_FILE_FOLDER
 fi

+# Source our environment variables file
+. /etc/CASA/authtoken/svc/envvars
+
 # Setup the configuration files
+java_1_5_oes_workaround
 setup_jaas_file
 setup_iaRealms_file
 RETVAL=$?
--- a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes
+++ b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Dec  4 17:21:00 MST 2006 - jluciani@novell.com
+
+- Added a workaround to the CasaBasicATSSetup script to import
+  eDirs CA Cert into the Java keystore if it is present. This
+  workaround will be removed once OES starts performing it.
+  This addresses BUG225428. 
+
 -------------------------------------------------------------------
 Mon Dec  4 15:14:12 MST 2006 - jluciani@novell.com