Changes to allow for the setup of trust relationships with ATSs.

CASA-auth-token/yast2-casa-ats/src/CasaAts.ycp

@@ -57,6 +57,7 @@ string authPolicyFile = "/etc/CASA/authtoken/svc/auth.policy";
 string authPolicyEditor = "/usr/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh";
 string iaRealmsFile = "/etc/CASA/authtoken/svc/iaRealms.xml";
 string iaRealmsEditor = "/usr/share/java/CASA/authtoken/bin/CasaIaRealmsEditor.sh";
+string trustedServerCertsFolder = "/etc/CASA/authtoken/keys/trustedATSCerts";
 
 /**
  * Settings Map
@@ -480,6 +481,10 @@ global boolean Write() {
     else
 		SCR::Execute(.target.bash, "/bin/cp "+trustedServerConfigFile+" "+trustedServerConfigFile+".YaST2save");
 
+	// Create a fresh folder to hold the Signing Certs of the trusted ATSs
+	SCR::Execute(.target.bash, "/bin/rm -fr " + trustedServerCertsFolder);
+	SCR::Execute(.target.bash, "/bin/mkdir " + trustedServerCertsFolder);
+
 	// Update the trusted server config 
     any anyRet = false;
 	list<string> trustedServerList = Settings["CONFIG_CASAATS_TRUSTED"]:[];
@@ -487,10 +492,32 @@ global boolean Write() {
     if (trustedServerList != []) {
 		// Merge all of the addresses onto the string
 		trustedServerListString = mergestring(trustedServerList, "\n");
+
+		// Import the Signing Certs from the trusted ATSs
+		foreach(string trustedATS, trustedServerList, {
+			if (trustedATS != "")
+			{
+				string cmd = sformat("curl -f --capath /etc/ssl/certs -o %1/%2 https://%3:443/CasaAuthTokenSvc/SigningCert", trustedServerCertsFolder, trustedATS, trustedATS);
+				integer exit = (integer) SCR::Execute(.target.bash, cmd);
+				if (exit != 0)
+				{
+					y2error("SigningCert import from " + trustedATS + "using port 443 failed with Curl error" + tostring(exit) + " trying port 2645");
+				    cmd = sformat("curl -f --capath /etc/ssl/certs -o %1/%2 https://%3:2645/CasaAuthTokenSvc/SigningCert", trustedServerCertsFolder, trustedATS, trustedATS);
+					exit = (integer) SCR::Execute(.target.bash, cmd);
+					if (exit != 0)
+					{
+						y2error("SigningCert import from " + trustedATS + "using port 2645 failed with Curl error" + tostring(exit));
+					}
+				}
+			}
+		});
 	}
 	anyRet = SCR::Write(.target.string, trustedServerConfigFile, trustedServerListString);
     if (anyRet != true)
-      y2error("Failed to write to " + trustedServerConfigFile);
+		y2error("Failed to write to " + trustedServerConfigFile);
+
+	// Refresh the trusted ATS Keystore
+	SCR::Execute(.target.bash, "/usr/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh");
 
     // Write the /etc/sysconfig/casa-ats settings
     if(Abort()) return false;

CASA-auth-token/yast2-casa-ats/yast2-casa-ats.spec.in

@@ -1,8 +1,8 @@
 @HEADER-COMMENT@
 
 @HEADER@
-Requires:	yast2 CASA_auth_token_svc
-BuildRequires:	perl-XML-Writer update-desktop-files yast2 yast2-devtools yast2-testsuite CASA_auth_token_svc yast2-theme-NLD java-sdk-1.5.0 update-alternatives log4j jakarta-commons-logging pwdutils CASA-devel
+Requires:	yast2 CASA_auth_token_svc curl
+BuildRequires:	perl-XML-Writer update-desktop-files yast2 yast2-devtools yast2-testsuite CASA_auth_token_svc curl yast2-theme-NLD java-sdk-1.5.0 update-alternatives log4j jakarta-commons-logging pwdutils CASA-devel
 
 BuildArchitectures:	noarch