ATS changes to allow it to leverage installed server certificate and

server key (/etc/ssl/servercerts/serverkey.pem and
/etc/ssl/servercerts/servercert.pem) for SSL communications.
This commit is contained in:
Juan Carlos Luciani 2007-06-01 22:07:46 +00:00
parent 718b0fda28
commit ba8e155d69
9 changed files with 442 additions and 8 deletions

View File

@ -100,11 +100,21 @@ StartDAEMON()
# file for the JVM version that we are using.
if [ -z "${TEST_IBM_JVM}" ]; then
# Assume Sun JVM
# Use PKCS12 version if PKCS12 store exists
if [ -f /etc/ssl/servercerts/keystore.p12 ]; then
ln -s /srv/www/casaats/conf/server-pkcs12-sun.xml /srv/www/casaats/conf/server.xml
else
ln -s /srv/www/casaats/conf/server-sun.xml /srv/www/casaats/conf/server.xml
fi
else
# IBM JVM
# Use PKCS12 version if PKCS12 store exists
if [ -f /etc/ssl/servercerts/keystore.p12 ]; then
ln -s /srv/www/casaats/conf/server-pkcs12-ibm.xml /srv/www/casaats/conf/server.xml
else
ln -s /srv/www/casaats/conf/server-ibm.xml /srv/www/casaats/conf/server.xml
fi
fi
# Make sure that our service has rights to the file
chown -h casaatsd:casaauth /srv/www/casaats/conf/server.xml

View File

@ -31,6 +31,7 @@ EXTRA_DIST = CasaAuthtokenSvcD \
envvars.zen \
server_keystore_setup.sh \
refresh_trusted_ats_keystore.sh \
refresh_server_keystore.sh \
casa_crypto.properties \
CasaBasicATSSetup.sh \
CasaAuthPolicyEditor.sh \

View File

@ -0,0 +1,68 @@
#!/bin/sh
########################################################################
#
# Copyright (C) 2006 Novell, Inc. All Rights Reserved.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; version 2.1
# of the License.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Library Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, Novell, Inc.
#
# To contact Novell about this file by physical or electronic mail,
# you may find current contact information at www.novell.com.
#
# Author: Juan Carlos Luciani <jluciani@novell.com>
#
########################################################################
########################################################################
#
# CASA ATS Keystore Refresh Script.
#
# An ATS signs tokens and communicates with clients over
# SSL. This scrip tries to update the ATS configuration to leverage
# the server certificate and key if installed for SSL communications.
#
########################################################################
# Source our environment variables file
. /etc/CASA/authtoken/svc/envvars
PKCS12_KEYSTORE_PATH=/etc/ssl/servercerts/keystore.p12
SERVER_CERT_PATH=/etc/ssl/servercerts/servercert.pem
SERVER_KEY_PATH=/etc/ssl/servercerts/serverkey.pem
SERVER_XML_PATH=/srv/www/casaats/conf/server.xml
# Try to leverage server certificate and key
if [ -f /etc/ssl/servercerts/serverkey.pem ]; then
# Check if we must create PKCS12 keystore
if [ ! -f $PKCS12_KEYSTORE_PATH ]; then
# Create PKCS12 keystore
openssl pkcs12 -export -in $SERVER_CERT_PATH -inkey $SERVER_KEY_PATH -name tomcat -out PKCS12_KEYSTORE_PATH -password pass:password
# Make sure that the PKCS12 keystore is only accessible by the service
chown casaatsd:casaauth $PKCS12_KEYSTORE_PATH
chmod 600 $PKCS12_KEYSTORE_PATH
fi
// Make sure that the ATS is configured to leverage the server certificate and key
TEST_IBM_JVM=$($JAVA_HOME/bin/java -version 2>&1 | grep -i ibm)
rm -f $SERVER_XML_PATH
if [ -z "${TEST_IBM_JVM}" ]; then
# Assume Sun JVM
ln -s /srv/www/casaats/conf/server-pkcs12-sun.xml $SERVER_XML_PATH
else
# IBM JVM
ln -s /srv/www/casaats/conf/server-pkcs12-ibm.xml $SERVER_XML_PATH
fi
fi

View File

@ -50,9 +50,10 @@ LOCAL_ATS_SIGNING_CERT_PATH=/etc/CASA/authtoken/keys/localSigningCert
# Perform the operation requested
# Do not do anything if the server keystore has already been created
# Proceed based on whether or not the server keystore has been created
if [ -f $KEYSTORE_PATH ]; then
echo "The server keystore is already setup"
# Make sure that the keystore file is owned by our service
chown casaatsd:casaauth $KEYSTORE_PATH
else
@ -82,3 +83,5 @@ else
chmod 600 $KEYSTORE_PATH
fi

View File

@ -27,7 +27,9 @@ DIST_SUBDIRS = zen
CFILES =
EXTRA_DIST = server-ibm.xml \
server-sun.xml
server-sun.xml \
server-pkcs12-ibm.xml \
server-pkcs12-sun.xml
.PHONY: package package-clean package-install package-uninstall
package package-clean package-install package-uninstall:

View File

@ -0,0 +1,169 @@
<!-- CASA ATS Server Configuration File -->
<!-- A "Server" is a singleton element that represents the entire JVM,
which may contain one or more "Service" instances. The Server
listens for a shutdown command on the indicated port.
Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" or "Loggers" at this level.
-->
<Server port="8585" shutdown="SHUTDOWN" debug="0">
<!-- Global JNDI resources -->
<GlobalNamingResources>
<!-- Test entry for demonstration purposes -->
<Environment name="simpleValue" type="java.lang.Integer" value="30"/>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users -->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved">
</Resource>
<ResourceParams name="UserDatabase">
<parameter>
<name>factory</name>
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
</parameter>
<parameter>
<name>pathname</name>
<value>conf/tomcat-users.xml</value>
</parameter>
</ResourceParams>
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" (and therefore the web applications visible
within that Container). Normally, that Container is an "Engine",
but this is not required.
Note: A "Service" is not itself a "Container", so you may not
define subcomponents such as "Valves" or "Loggers" at this level.
-->
<!-- Define the Tomcat Stand-Alone Service -->
<Service name="Catalina">
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Each Connector passes requests on to the
associated "Container" (normally an Engine) for processing.
By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
You can also enable an SSL HTTP/1.1 Connector on port 8443 by
following the instructions below and uncommenting the second Connector
entry. SSL support requires the following steps (see the SSL Config
HOWTO in the Tomcat 5 documentation bundle for more detailed
instructions):
* If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
* Execute:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
with a password value of "changeit" for both the certificate and
the keystore itself.
By default, DNS lookups are enabled when a web application calls
request.getRemoteHost(). This can have an adverse impact on
performance, so you can disable it by setting the
"enableLookups" attribute to "false". When DNS lookups are disabled,
request.getRemoteHost() will return the String version of the
IP address of the remote client.
-->
<!-- Note : To disable connection timeouts, set connectionTimeout value
to 0 -->
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
<Connector port="2645"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
maxPostSize="16384" connectionTimeout="10000"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/ssl/servercerts/keystore.p12"
keystorePass="password" keystoreType="pkcs12" algorithm="IbmX509" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host). -->
<!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
<Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">
-->
<!-- Define the top level container in our container hierarchy -->
<Engine name="Catalina" defaultHost="localhost" debug="0">
<!-- The request dumper valve dumps useful debugging information about
the request headers and cookies that were received, and the response
headers and cookies that were sent, for all requests received by
this instance of Tomcat. If you care only about requests to a
particular virtual host, or a particular application, nest this
element inside the corresponding <Host> or <Context> entry instead.
For a similar mechanism that is portable to all Servlet 2.4
containers, check out the "RequestDumperFilter" Filter in the
example application (the source for this filter may be found in
"$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
Request dumping is disabled by default. Uncomment the following
element to enable it. -->
<!--
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
-->
<!-- Global logger unless overridden at lower levels -->
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="catalina_log" suffix=".txt"
timestamp="false"/>
<!-- Because this Realm is here, an instance will be shared globally -->
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
debug="0" resourceName="UserDatabase"/>
<!-- Define the default virtual host
Note: XML Schema validation will not work with Xerces 2.2.
-->
<Host name="localhost" debug="0" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<!-- Access log processes all requests for this virtual host. By
default, log files are created in the "logs" directory relative to
$CATALINA_HOME. If you wish, you can specify a different
directory with the "directory" attribute. Specify either a relative
(to $CATALINA_HOME) or absolute path to the desired directory.
-->
<!--
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="localhost_access_log." suffix=".txt"
pattern="common" resolveHosts="false"/>
-->
<!-- Logger shared by all Contexts related to this virtual host. By
default (when using FileLogger), log files are created in the "logs"
directory relative to $CATALINA_HOME. If you wish, you can specify
a different directory with the "directory" attribute. Specify either a
relative (to $CATALINA_HOME) or absolute path to the desired
directory.-->
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="localhost_log" suffix=".txt"
timestamp="false"/>
</Host>
</Engine>
</Service>
</Server>

View File

@ -0,0 +1,169 @@
<!-- CASA ATS Server Configuration File -->
<!-- A "Server" is a singleton element that represents the entire JVM,
which may contain one or more "Service" instances. The Server
listens for a shutdown command on the indicated port.
Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" or "Loggers" at this level.
-->
<Server port="8585" shutdown="SHUTDOWN" debug="0">
<!-- Global JNDI resources -->
<GlobalNamingResources>
<!-- Test entry for demonstration purposes -->
<Environment name="simpleValue" type="java.lang.Integer" value="30"/>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users -->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved">
</Resource>
<ResourceParams name="UserDatabase">
<parameter>
<name>factory</name>
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
</parameter>
<parameter>
<name>pathname</name>
<value>conf/tomcat-users.xml</value>
</parameter>
</ResourceParams>
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" (and therefore the web applications visible
within that Container). Normally, that Container is an "Engine",
but this is not required.
Note: A "Service" is not itself a "Container", so you may not
define subcomponents such as "Valves" or "Loggers" at this level.
-->
<!-- Define the Tomcat Stand-Alone Service -->
<Service name="Catalina">
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Each Connector passes requests on to the
associated "Container" (normally an Engine) for processing.
By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
You can also enable an SSL HTTP/1.1 Connector on port 8443 by
following the instructions below and uncommenting the second Connector
entry. SSL support requires the following steps (see the SSL Config
HOWTO in the Tomcat 5 documentation bundle for more detailed
instructions):
* If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
* Execute:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
with a password value of "changeit" for both the certificate and
the keystore itself.
By default, DNS lookups are enabled when a web application calls
request.getRemoteHost(). This can have an adverse impact on
performance, so you can disable it by setting the
"enableLookups" attribute to "false". When DNS lookups are disabled,
request.getRemoteHost() will return the String version of the
IP address of the remote client.
-->
<!-- Note : To disable connection timeouts, set connectionTimeout value
to 0 -->
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
<Connector port="2645"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
maxPostSize="16384" connectionTimeout="10000"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/ssl/servercerts/keystore.p12"
keystorePass="password" keystoreType="pkcs12" algorithm="SunX509" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host). -->
<!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
<Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">
-->
<!-- Define the top level container in our container hierarchy -->
<Engine name="Catalina" defaultHost="localhost" debug="0">
<!-- The request dumper valve dumps useful debugging information about
the request headers and cookies that were received, and the response
headers and cookies that were sent, for all requests received by
this instance of Tomcat. If you care only about requests to a
particular virtual host, or a particular application, nest this
element inside the corresponding <Host> or <Context> entry instead.
For a similar mechanism that is portable to all Servlet 2.4
containers, check out the "RequestDumperFilter" Filter in the
example application (the source for this filter may be found in
"$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
Request dumping is disabled by default. Uncomment the following
element to enable it. -->
<!--
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
-->
<!-- Global logger unless overridden at lower levels -->
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="catalina_log" suffix=".txt"
timestamp="false"/>
<!-- Because this Realm is here, an instance will be shared globally -->
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
debug="0" resourceName="UserDatabase"/>
<!-- Define the default virtual host
Note: XML Schema validation will not work with Xerces 2.2.
-->
<Host name="localhost" debug="0" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<!-- Access log processes all requests for this virtual host. By
default, log files are created in the "logs" directory relative to
$CATALINA_HOME. If you wish, you can specify a different
directory with the "directory" attribute. Specify either a relative
(to $CATALINA_HOME) or absolute path to the desired directory.
-->
<!--
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="localhost_access_log." suffix=".txt"
pattern="common" resolveHosts="false"/>
-->
<!-- Logger shared by all Contexts related to this virtual host. By
default (when using FileLogger), log files are created in the "logs"
directory relative to $CATALINA_HOME. If you wish, you can specify
a different directory with the "directory" attribute. Specify either a
relative (to $CATALINA_HOME) or absolute path to the desired
directory.-->
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="localhost_log" suffix=".txt"
timestamp="false"/>
</Host>
</Engine>
</Service>
</Server>

View File

@ -172,7 +172,8 @@ install -m 700 Svc/linux/log4j.properties %{buildroot}/etc/CASA/authtoken/svc/lo
# Others
install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
install -m 700 Svc/linux/refresh_trusted_ats_keystore.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
install -m 700 Svc/linux/refresh_server_keystore.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_server_keystore.sh
install -m 700 Svc/linux/CasaBasicATSSetup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
install -m 700 Svc/linux/CasaAuthPolicyEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
install -m 700 Svc/linux/CasaTomcatConnectorEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
@ -187,7 +188,9 @@ install -m 600 Svc/tomcat5/conf/catalina.policy %{buildroot}/srv/www/casaats/con
install -m 600 Svc/tomcat5/conf/catalina.properties %{buildroot}/srv/www/casaats/conf/catalina.properties
install -m 600 Svc/tomcat5/conf/jk2.properties %{buildroot}/srv/www/casaats/conf/jk2.properties
install -m 600 Svc/tomcat5/conf/linux/server-ibm.xml %{buildroot}/srv/www/casaats/conf/server-ibm.xml
install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-ibm.xml
install -m 600 Svc/tomcat5/conf/linux/server-sun.xml %{buildroot}/srv/www/casaats/conf/server-sun.xml
install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-sun.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-sun.xml
install -m 600 Svc/tomcat5/conf/tomcat-users.xml %{buildroot}/srv/www/casaats/conf/tomcat-users.xml
install -m 600 Svc/tomcat5/conf/web.xml %{buildroot}/srv/www/casaats/conf/web.xml
@ -262,6 +265,7 @@ rm -f /srv/www/casaats/conf/server.xml
%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war
%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
%{prefix}/share/java/CASA/authtoken/bin/refresh_server_keystore.sh
%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
@ -307,7 +311,9 @@ rm -f /srv/www/casaats/conf/server.xml
%config /srv/www/casaats/conf/catalina.properties
%config /srv/www/casaats/conf/jk2.properties
%config /srv/www/casaats/conf/server-ibm.xml
%config /srv/www/casaats/conf/server-pkcs12-ibm.xml
%config /srv/www/casaats/conf/server-sun.xml
%config /srv/www/casaats/conf/server-pkcs12-sun.xml
%config /srv/www/casaats/conf/tomcat-users.xml
%config /srv/www/casaats/conf/web.xml
%config /etc/CASA/authtoken/svc/envvars

View File

@ -172,7 +172,8 @@ install -m 700 Svc/linux/log4j.properties %{buildroot}/etc/CASA/authtoken/svc/lo
# Others
install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
install -m 700 Svc/linux/refresh_trusted_ats_keystore.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
install -m 700 Svc/linux/refresh_server_keystore.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_server_keystore.sh
install -m 700 Svc/linux/CasaBasicATSSetup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
install -m 700 Svc/linux/CasaAuthPolicyEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
install -m 700 Svc/linux/CasaTomcatConnectorEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
@ -187,7 +188,9 @@ install -m 600 Svc/tomcat5/conf/catalina.policy %{buildroot}/srv/www/casaats/con
install -m 600 Svc/tomcat5/conf/linux/zen/catalina.properties %{buildroot}/srv/www/casaats/conf/catalina.properties
install -m 600 Svc/tomcat5/conf/jk2.properties %{buildroot}/srv/www/casaats/conf/jk2.properties
install -m 600 Svc/tomcat5/conf/linux/server-ibm.xml %{buildroot}/srv/www/casaats/conf/server-ibm.xml
install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-ibm.xml
install -m 600 Svc/tomcat5/conf/linux/zen/server.xml %{buildroot}/srv/www/casaats/conf/server-sun.xml
install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-sun.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-sun.xml
install -m 600 Svc/tomcat5/conf/tomcat-users.xml %{buildroot}/srv/www/casaats/conf/tomcat-users.xml
install -m 600 Svc/tomcat5/conf/web.xml %{buildroot}/srv/www/casaats/conf/web.xml
@ -262,6 +265,7 @@ rm -f /srv/www/casaats/conf/server.xml
%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war
%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
%{prefix}/share/java/CASA/authtoken/bin/refresh_server_keystore.sh
%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
@ -307,7 +311,9 @@ rm -f /srv/www/casaats/conf/server.xml
%config /srv/www/casaats/conf/catalina.properties
%config /srv/www/casaats/conf/jk2.properties
%config /srv/www/casaats/conf/server-ibm.xml
%config /srv/www/casaats/conf/server-pkcs12-ibm.xml
%config /srv/www/casaats/conf/server-sun.xml
%config /srv/www/casaats/conf/server-pkcs12-sun.xml
%config /srv/www/casaats/conf/tomcat-users.xml
%config /srv/www/casaats/conf/web.xml
%config /etc/CASA/authtoken/svc/envvars