From 974f4829b35eb9235e719361d1e6f58a7d4ab59d Mon Sep 17 00:00:00 2001
From: Juan Carlos Luciani <jluciani@novell.com>
Date: Mon, 4 Dec 2006 12:30:01 +0000
Subject: [PATCH] Added workaround to import eDirs Root CA Cert into Java's
 keystore until OES is updated to do the same for Java 1.5.

---
 .../Svc/linux/CasaBasicATSSetup.sh            | 43 +++++++++++++++++++
 .../package/linux/CASA_auth_token_svc.changes |  8 ++++
 2 files changed, 51 insertions(+)

diff --git a/CASA-auth-token/server-java/Svc/linux/CasaBasicATSSetup.sh b/CASA-auth-token/server-java/Svc/linux/CasaBasicATSSetup.sh
index 21818dbd..bc7dbb26 100755
--- a/CASA-auth-token/server-java/Svc/linux/CasaBasicATSSetup.sh
+++ b/CASA-auth-token/server-java/Svc/linux/CasaBasicATSSetup.sh
@@ -63,6 +63,45 @@ function display_usage
    echo ""
 }
 
+
+function java_1_5_oes_workaround
+{
+   #
+   # Notice, this function is here temporarily to support
+   # OES before it starts dealing with IBM's 1.5 JVM.
+   #
+
+   # Determine the file and folder names 
+   CERT_FOLDER=/etc/opt/novell/certs
+   ALT_CERT_FOLDER=/etc/opt/novell
+   CERT_FILE_NAME=SSCert.der
+   JAVA_KEY_STORE_PATH=$JAVA_HOME/lib/security/cacerts
+
+   # Determine the path to the eDir cert file
+   if [ ! -f $CERT_FOLDER/$CERT_FILE_NAME ]; then
+      if [ ! -f $ALT_CERT_FOLDER/$CERT_FILE_NAME ]; then
+         echo "eDir CA Cert not found!"
+         echo "Verify that Java_1_5 will be able to accept certificates from configured LDAP server."
+         return 2
+      else
+         CERT_FILE_PATH=$ALT_CERT_FOLDER/$CERT_FILE_NAME
+      fi
+   else
+      CERT_FILE_PATH=$CERT_FOLDER/$CERT_FILE_NAME
+   fi
+
+   # Now import the cert into java's keystore
+   $JAVA_HOME/bin/keytool -import\
+      -trustcacerts\
+      -alias edit_root_ca\
+      -keystore $JAVA_KEY_STORE_PATH\
+      -storepass changeit\
+      -file $CERT_FILE_PATH
+
+   return 0
+}
+
+
 function setup_jaas_file
 {
    # Determine the file names 
@@ -217,7 +256,11 @@ else
    CONFIG_FILE_FOLDER=$DEFAULT_CONFIG_FILE_FOLDER
 fi
 
+# Source our environment variables file
+. /etc/CASA/authtoken/svc/envvars
+
 # Setup the configuration files
+java_1_5_oes_workaround
 setup_jaas_file
 setup_iaRealms_file
 RETVAL=$?
diff --git a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes
index 20ca1b23..56b9d6a3 100644
--- a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes
+++ b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Dec  4 17:21:00 MST 2006 - jluciani@novell.com
+
+- Added a workaround to the CasaBasicATSSetup script to import
+  eDirs CA Cert into the Java keystore if it is present. This
+  workaround will be removed once OES starts performing it.
+  This addresses BUG225428. 
+
 -------------------------------------------------------------------
 Mon Dec  4 15:14:12 MST 2006 - jluciani@novell.com