Added workaround to import eDirs Root CA Cert into Java's keystore

until OES is updated to do the same for Java 1.5.
2006-12-04 12:30:01 +00:00 · 2006-12-04 12:30:01 +00:00 · 974f4829b3
commit 974f4829b3
parent b0fad0f85f
2 changed files with 51 additions and 0 deletions
--- a/CASA-auth-token/server-java/Svc/linux/CasaBasicATSSetup.sh
+++ b/CASA-auth-token/server-java/Svc/linux/CasaBasicATSSetup.sh
@ -63,6 +63,45 @@ function display_usage
   echo ""
 }
 function java_1_5_oes_workaround
 {
   #
   # Notice, this function is here temporarily to support
   # OES before it starts dealing with IBM's 1.5 JVM.
   #
   # Determine the file and folder names 
   CERT_FOLDER=/etc/opt/novell/certs
   ALT_CERT_FOLDER=/etc/opt/novell
   CERT_FILE_NAME=SSCert.der
   JAVA_KEY_STORE_PATH=$JAVA_HOME/lib/security/cacerts
   # Determine the path to the eDir cert file
   if [ ! -f $CERT_FOLDER/$CERT_FILE_NAME ]; then
      if [ ! -f $ALT_CERT_FOLDER/$CERT_FILE_NAME ]; then
         echo "eDir CA Cert not found!"
         echo "Verify that Java_1_5 will be able to accept certificates from configured LDAP server."
         return 2
      else
         CERT_FILE_PATH=$ALT_CERT_FOLDER/$CERT_FILE_NAME
      fi
   else
      CERT_FILE_PATH=$CERT_FOLDER/$CERT_FILE_NAME
   fi
   # Now import the cert into java's keystore
   $JAVA_HOME/bin/keytool -import\
      -trustcacerts\
      -alias edit_root_ca\
      -keystore $JAVA_KEY_STORE_PATH\
      -storepass changeit\
      -file $CERT_FILE_PATH
   return 0
 }
 function setup_jaas_file
 {
   # Determine the file names 
@ -217,7 +256,11 @@ else
   CONFIG_FILE_FOLDER=$DEFAULT_CONFIG_FILE_FOLDER
 fi
 # Source our environment variables file
 . /etc/CASA/authtoken/svc/envvars
 # Setup the configuration files
 java_1_5_oes_workaround
 setup_jaas_file
 setup_iaRealms_file
 RETVAL=$?
--- a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes
+++ b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes
@ -1,3 +1,11 @@
 -------------------------------------------------------------------
 Mon Dec  4 17:21:00 MST 2006 - jluciani@novell.com
 - Added a workaround to the CasaBasicATSSetup script to import
  eDirs CA Cert into the Java keystore if it is present. This
  workaround will be removed once OES starts performing it.
  This addresses BUG225428. 
 -------------------------------------------------------------------
 Mon Dec  4 15:14:12 MST 2006 - jluciani@novell.com