Removed hard dependency on IBM's JVM.

CASA-auth-token/server-java/Jaas/linux/client_keystore_setup.sh

@@ -34,23 +34,23 @@
 #                                                           #
 #############################################################
 
-JAVA_HOME=/usr/lib/jvm/java-1.5.0-ibm
+JAVA_HOME=/usr/lib/jvm/jre-1.5.0
 
 # Do not do anything if the client keystore has already been created
 if [ -f /etc/CASA/authtoken/keys/client/jks-store ]; then
-	echo "The client keystore is already setup"
+   echo "The client keystore is already setup"
 else
-	if [ -f /etc/CASA/authtoken/keys/casaatsdSigningCert ]; then
-		echo "Setting up the clients's keystore"
+   if [ -f /etc/CASA/authtoken/keys/casaatsdSigningCert ]; then
+      echo "Setting up the clients's keystore"
 
-                KEYTOOL_PATH=$JAVA_HOME/bin/keytool
+      KEYTOOL_PATH=$JAVA_HOME/bin/keytool
 
-		# Import the certificate to the client's keystore
-		$KEYTOOL_PATH -import -noprompt -keystore /etc/CASA/authtoken/keys/client/jks-store -alias signingCert -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
+      # Import the certificate to the client's keystore
+      $KEYTOOL_PATH -import -noprompt -keystore /etc/CASA/authtoken/keys/client/jks-store -alias signingCert -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
 
-		# List the content's of the client's keystore
-		#$KEYTOOL_PATH -list -rfc -keystore client/jks-store -alias signingCert -storepass secret
-	else
-		echo "File /etc/CASA/authtoken/keys/casaatsdSigningCert not found" 
-	fi
+      # List the content's of the client's keystore
+      #$KEYTOOL_PATH -list -rfc -keystore client/jks-store -alias signingCert -storepass secret
+   else
+      echo "File /etc/CASA/authtoken/keys/casaatsdSigningCert not found" 
+   fi
 fi

CASA-auth-token/server-java/Svc/Makefile.am

@@ -117,7 +117,7 @@ CLASSES = $(addprefix $(BUILDDIR)/, $(JAVAFILES:%.java=%.class))
 AXIS_LIBS = $(AXIS_JARS_DIR)/axis.jar:$(AXIS_JARS_DIR)/saaj.jar:$(AXIS_JARS_DIR)/wss4j-1.5.0.jar:$(AXIS_JARS_DIR)/xmlsec-1.2.1.jar
 #AXIS_LIBS = $(AXIS_JARS_DIR)/wss4j-1.5.0.jar
 
-LIBS = /usr/share/java/servletapi5.jar
+LIBS = /usr/share/java/servletapi5.jar:/usr/share/java/xerces-j2.jar
 CLASSPATH = $(AXIS_LIBS):$(IDENT_ABSTRACTION_DIR)/identity-abstraction.jar:$(LIBS)
 
 CUR_DIR := $(shell pwd)

CASA-auth-token/server-java/Svc/linux/CasaAuthtokenSvcD

@@ -86,14 +86,32 @@ StartDAEMON()
       test -d "$dir" && chown -R --dereference $DAEMON_USER:$DAEMON_GROUP "$dir" 2>/dev/null || true
     done
 
+    TEST_IBM_JVM=$($JAVA_HOME/bin/java -version 2>&1 | grep -i ibm)
+
+    # Append the java.security.auth.login.conf property on the JAVA_OPTS environment
+    # variable if not utilizing the IBM JVM.
+    if [ -z "${TEST_IBM_JVM}" ]; then
+      export JAVA_OPTS="$JAVA_OPTS -Djava.security.auth.login.config=/etc/CASA/authtoken/svc/jaas.conf"
+    fi
+
     # Make sure that the server.xml link has been made
     if [ ! -f /srv/www/casaats/conf/server.xml ]; then
-      ln -s /srv/www/casaats/conf/server-ibm.xml /srv/www/casaats/conf/server.xml
+      # The server.xml file link needs to be made. Use the appropriate
+      # file for the JVM version that we are using.
+      if [ -z "${TEST_IBM_JVM}" ]; then
+        # Assume Sun JVM
+        ln -s /srv/www/casaats/conf/server-sun.xml /srv/www/casaats/conf/server.xml
+      else
+        # IBM JVM
+        ln -s /srv/www/casaats/conf/server-ibm.xml /srv/www/casaats/conf/server.xml
+      fi
+
+      # Make sure that our service has rights to the file
       chown -h casaatsd:casaauth /srv/www/casaats/conf/server.xml
     fi
 
     # Start it up
-    su $DAEMON_USER -s /bin/bash -c "$CATALINA_HOME/bin/startup.sh" >"$CATALINA_BASE/logs//start.log" 2>&1
+    su $DAEMON_USER -s /bin/bash -c "$CATALINA_HOME/bin/startup.sh" >"$CATALINA_BASE/logs/start.log" 2>&1
     sleep 1
     if atsIsRunning ; then
       rc_failed 0

CASA-auth-token/server-java/Svc/linux/CasaBasicATSSetup.sh

@@ -63,6 +63,34 @@ function display_usage
    echo ""
 }
 
+function setup_jaas_file
+{
+   # Determine the file names 
+   TEMPLATE_FILE=$TEMPLATE_FILE_FOLDER/jaas.conf
+   CONFIG_FILE=$CONFIG_FILE_FOLDER/jaas.conf
+
+   # Verify that the template file exists
+   if [ ! -f $TEMPLATE_FILE ]; then
+      echo "Template file $TEMPLATE_FILE does not exist"
+      return 2
+   fi
+
+   # Verify that the output folder exists
+   if [ ! -d $CONFIG_FILE_FOLDER ]; then
+      echo "Output folder $CONFIG_FILE_FOLDER does not exist"
+      return 2
+   fi
+
+   # Clean-up the output folder
+   rm -f $CONFIG_FILE
+
+   # Create and edit the output file
+   host=`hostname -f`
+   sed s:HOSTNAME:$host:g $TEMPLATE_FILE > $CONFIG_FILE
+   return 0
+}
+
+
 function setup_iaRealms_file
 {
    # Determine the file names 
@@ -190,6 +218,7 @@ else
 fi
 
 # Setup the configuration files
+setup_jaas_file
 setup_iaRealms_file
 RETVAL=$?
 if [ "$RETVAL" = "0" ]; then

CASA-auth-token/server-java/Svc/linux/envvars

@@ -8,7 +8,7 @@
 ############################################################
 CATALINA_BASE="/srv/www/casaats"
 CATALINA_HOME="/usr/share/tomcat5"
-JAVA_HOME="/usr/lib/jvm/java-1.5.0-ibm"
+JAVA_HOME="/usr/lib/jvm/jre-1.5.0"
 JAVA_OPTS="-Dcom.novell.casa.authtoksvc.config=/etc/CASA/authtoken/svc"
 export CATALINA_BASE CATALINA_HOME JAVA_HOME JAVA_OPTS
 

CASA-auth-token/server-java/Svc/linux/server_keystore_setup.sh

@@ -46,32 +46,32 @@
 
 # Do not do anything if the server keystore has already been created
 if [ -f /etc/CASA/authtoken/keys/server/jks-store ]; then
-	echo "The server keystore is already setup"
+   echo "The server keystore is already setup"
         # Make sure that the keystore file is owned by our service
         chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
 else
-	echo "Setting up the server's keystore"
+   echo "Setting up the server's keystore"
 
    KEYTOOL_PATH=$JAVA_HOME/bin/keytool
 
-	# Create the server keystore with the key that will be used for signing tokens
-	host=`hostname -f`
-	$KEYTOOL_PATH -genkey -alias signingKey -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=casaatsd@$host" -validity 3600 -keypass secret -storepass secret
+   # Create the server keystore with the key that will be used for signing tokens
+   host=`hostname -f`
+   $KEYTOOL_PATH -genkey -alias signingKey -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=casaatsd@$host" -validity 3600 -keypass secret -storepass secret
 
-	# Export self-signed certificate for the signing key
-	$KEYTOOL_PATH -export -keystore /etc/CASA/authtoken/keys/server/jks-store -alias signingKey -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
+   # Export self-signed certificate for the signing key
+   $KEYTOOL_PATH -export -keystore /etc/CASA/authtoken/keys/server/jks-store -alias signingKey -storepass secret -keypass secret -file /etc/CASA/authtoken/keys/casaatsdSigningCert
 
-	# Print the exported cert
-	#$KEYTOOL_PATH -printcert -file /etc/CASA/authtoken/keys/casaatsdSigningCert
+   # Print the exported cert
+   #$KEYTOOL_PATH -printcert -file /etc/CASA/authtoken/keys/casaatsdSigningCert
 
         # Create a key for Tomcat to do SSL communications
         $KEYTOOL_PATH -genkey -alias tomcat -keyalg RSA -keystore /etc/CASA/authtoken/keys/server/jks-store -dname "cn=$host" -validity 3600 -keypass secret -storepass secret
 
-	# List the contents of the server's keystore
-	#$KEYTOOL_PATH -list -rfc -keystore /etc/CASA/authtoken/keys/server/jks-store -storepass secret
+   # List the contents of the server's keystore
+   #$KEYTOOL_PATH -list -rfc -keystore /etc/CASA/authtoken/keys/server/jks-store -storepass secret
 
-	# Make sure that the keystore is only accessible by the service
-	chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
-	chmod 600 /etc/CASA/authtoken/keys/server/jks-store
+   # Make sure that the keystore is only accessible by the service
+   chown casaatsd:casaauth /etc/CASA/authtoken/keys/server/jks-store
+   chmod 600 /etc/CASA/authtoken/keys/server/jks-store
 fi
 

CASA-auth-token/server-java/Svc/templates/Makefile.am

@@ -30,7 +30,8 @@ EXTRA_DIST = auth.policy \
 		authtoken.settings \
 		iaRealms.xml \
 		identoken.settings \
-		svc.settings
+		svc.settings \
+		jaas.conf
 
 .PHONY: package package-clean package-install package-uninstall
 package package-clean package-install package-uninstall:

CASA-auth-token/server-java/Svc/templates/jaas.conf

@@ -3,7 +3,7 @@ com.sun.security.auth.module.Krb5LoginModule required
 	useTicketCache=true
 	ticketCache="/var/lib/CASA/authtoken/svc/ticket.cache"
 	useKeyTab=true
-	principal="host/jcserver2.provo.novell.com"
+	principal="host/HOSTNAME"
 	doNotPrompt=true
 	storeKey=true
 	keyTab="/etc/krb5.keytab"

CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Nov 17 17:08:13 MST 2006 - jluciani@novell.com
+
+- Removed hard dependency on IBM's JVM. 
+
 -------------------------------------------------------------------
 Thu Nov  9 11:42:15 MST 2006 - jluciani@novell.com
 

CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in

@@ -17,7 +17,7 @@
 
 Name:          @PACKAGE@ 
 URL:           http://www.novell.com/products
-BuildRequires: libstdc++ gcc-c++ glib2-devel libstdc++-devel pkgconfig java-1_5_0-ibm java-1_5_0-ibm-devel java-1_5_0-ibm-alsa update-alternatives mono-devel servletapi5 identity-abstraction sysvinit insserv
+BuildRequires: libstdc++ gcc-c++ glib2-devel libstdc++-devel pkgconfig java-sdk-1.5.0 xerces-j2 update-alternatives mono-devel servletapi5 identity-abstraction sysvinit insserv
 %define prefix /usr
 License:       LGPL
 Group:         Applications/System
@@ -28,7 +28,8 @@ Release:       0
 Summary:       Novell Common Authentication Services Adapter Authentication Token Infrastructure "Java" (CASA_auth_token)
 Source:        %{name}-%{version}.tar.bz2
 BuildRoot:     %{_tmppath}/%{name}-%{version}-build
-Requires:      java-1_5_0-ibm servletapi5 tomcat5 sysvinit insserv identity-abstraction sed
+Requires:      java-1_5_0 >= 1.5.0
+Requires:      servletapi5 tomcat5 sysvinit insserv identity-abstraction sed
 PreReq:        %fillup_prereq %insserv_prereq
 PreReq:        /usr/bin/awk, /usr/bin/test, /bin/grep, /bin/cat, /usr/bin/install, /bin/pwd
 PreReq:        /usr/sbin/groupadd, /usr/sbin/useradd, /usr/sbin/userdel, /usr/bin/getent
@@ -154,6 +155,7 @@ ln -sf CasaAuthPolicyEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/a
 install -m 600 Svc/templates/svc.settings %{buildroot}/etc/CASA/authtoken/svc/templates/svc.settings
 install -m 600 Svc/templates/auth.policy %{buildroot}/etc/CASA/authtoken/svc/templates/auth.policy
 install -m 600 Svc/templates/iaRealms.xml %{buildroot}/etc/CASA/authtoken/svc/templates/iaRealms.xml
+install -m 600 Svc/templates/jaas.conf %{buildroot}/etc/CASA/authtoken/svc/templates/jaas.conf
 install -m 600 Svc/templates/authtoken.settings %{buildroot}/etc/CASA/authtoken/svc/authtoken.settings
 install -m 600 Svc/templates/identoken.settings %{buildroot}/etc/CASA/authtoken/svc/identoken.settings
 install -m 600 Svc/src/com/novell/casa/authtoksvc/Krb5_mechanism.settings %{buildroot}/etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate/mechanism.settings
@@ -311,6 +313,7 @@ userdel casaatsd
 /etc/CASA/authtoken/svc/templates/svc.settings
 /etc/CASA/authtoken/svc/templates/auth.policy
 /etc/CASA/authtoken/svc/templates/iaRealms.xml
+/etc/CASA/authtoken/svc/templates/jaas.conf
 %config /etc/CASA/authtoken/svc/authtoken.settings
 %config /etc/CASA/authtoken/svc/identoken.settings
 %config /etc/CASA/authtoken/svc/auth_mechanisms/Krb5Authenticate/mechanism.settings