#!/bin/sh
########################################################################
# 
#   Copyright (C) 2006 Novell, Inc. All Rights Reserved.
# 
#   This library is free software; you can redistribute it and/or
#   modify it under the terms of the GNU Lesser General Public
#   License as published by the Free Software Foundation; version 2.1
#   of the License.
# 
#   This library is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
#   Library Lesser General Public License for more details.
# 
#   You should have received a copy of the GNU Lesser General Public
#   License along with this library; if not, Novell, Inc.
#  
#   To contact Novell about this file by physical or electronic mail, 
#   you may find current contact information at www.novell.com.
#  
#   Author: Juan Carlos Luciani <jluciani@novell.com>
#   
########################################################################

#############################################################
#                                                           #
# CASA Authentication Token Keystore Setup Script for       #
# auththentication token validating clients.                #
#                                                           #
# This script sets up the certificate associated with the   #
# keys used by the ATS to sign authentication tokens in the #
# keystore utilized by token validating clients.            #
#                                                           #
#############################################################

SILENT=0
if [ "$1" != "" ]; then
   if [ "$1" == "-s" ]; then
      SILENT=1
   fi
fi

if [ -d /usr/lib64 ]; then
   LIB=lib64
else
   LIB=lib
fi

JAVA_HOME=/usr/$LIB/jvm/jre-1.5.0
KEYTOOL_PATH=$JAVA_HOME/bin/keytool
KEYSTORE_PATH=/etc/CASA/authtoken/keys/trusted-ats-jks-store
LOCAL_ATS_SIGNING_CERT_PATH=/etc/CASA/authtoken/keys/localSigningCert

# Do not do anything if the client keystore has already been created
if [ -f $KEYSTORE_PATH ]; then
   if [ $SILENT == 0 ]; then
      echo "The client keystore is already setup"
   fi
else
   if [ -f $LOCAL_ATS_SIGNING_CERT_PATH ]; then
      echo "Setting up the clients's keystore"

      # Import the certificate to the client's keystore
      $KEYTOOL_PATH -import -noprompt -keystore $KEYSTORE_PATH -alias signingCert -storepass secret -keypass secret -file $LOCAL_ATS_SIGNING_CERT_PATH

      # List the content's of the client's keystore
      #$KEYTOOL_PATH -list -rfc -keystore $KEYSTORE_PATH -alias signingCert -storepass secret
   else
      echo "File $LOCAL_ATS_SIGNING_CERT_PATH not found" 
   fi
fi