#!/bin/sh ######################################################################## # # Copyright (C) 2006 Novell, Inc. All Rights Reserved. # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; version 2.1 # of the License. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Library Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, Novell, Inc. # # To contact Novell about this file by physical or electronic mail, # you may find current contact information at www.novell.com. # # Author: Juan Carlos Luciani # ######################################################################## ######################################################################## # # CASA ATS Keystore Refresh Script. # # An ATS signs tokens and communicates with clients over # SSL. This scrip tries to update the ATS configuration to leverage # the server certificate and key if installed for SSL communications. # ######################################################################## # Source our environment variables file . /etc/CASA/authtoken/svc/envvars PKCS12_KEYSTORE_PATH=/etc/ssl/servercerts/keystore.p12 SERVER_CERT_PATH=/etc/ssl/servercerts/servercert.pem SERVER_KEY_PATH=/etc/ssl/servercerts/serverkey.pem SERVER_XML_PATH=/srv/www/casaats/conf/server.xml # Try to leverage server certificate and key if [ -f /etc/ssl/servercerts/serverkey.pem ]; then # Check if we must create PKCS12 keystore if [ ! -f $PKCS12_KEYSTORE_PATH ]; then # Create PKCS12 keystore openssl pkcs12 -export -in $SERVER_CERT_PATH -inkey $SERVER_KEY_PATH -name tomcat -out $PKCS12_KEYSTORE_PATH -password pass:password # Make sure that the PKCS12 keystore is only accessible by the service chown casaatsd:casaauth $PKCS12_KEYSTORE_PATH chmod 600 $PKCS12_KEYSTORE_PATH fi // Make sure that the ATS is configured to leverage the server certificate and key TEST_IBM_JVM=$($JAVA_HOME/bin/java -version 2>&1 | grep -i ibm) rm -f $SERVER_XML_PATH if [ -z "${TEST_IBM_JVM}" ]; then # Assume Sun JVM ln -s /srv/www/casaats/conf/server-pkcs12-sun.xml $SERVER_XML_PATH else # IBM JVM ln -s /srv/www/casaats/conf/server-pkcs12-ibm.xml $SERVER_XML_PATH fi fi