Permalink
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
shib-idp_noVM/bin/setNewSealerKey.sh
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
66 lines (56 sloc)
1.84 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # This script generates a new sealer keystore with a new random password and configures the IdP to use it. | |
| # It is designed to be run when the shibboleth_idp container is built/rebuilt, which would ensure that multiple containers reamin in sync (same key, same pwd) | |
| # | |
| # default directories | |
| TOMCFG=config/tomcat | |
| TOMLOG=logs/tomcat | |
| TOMCERT=credentials/tomcat | |
| TOMWWWROOT=wwwroot | |
| SHBCFG=config/shib-idp/conf | |
| SHBCREDS=credentials/shib-idp | |
| SHBVIEWS=config/shib-idp/views | |
| SHBEDWAPP=config/shib-idp/edit-webapp | |
| SHBMSGS=config/shib-idp/messages | |
| SHBMD=config/shib-idp/metadata | |
| SHBLOG=logs/shib-idp | |
| STARTDIR=$(pwd) | |
| CRYPTODIR=tmp_crypto | |
| LOGFILE=sealer-gen.log | |
| IDP_PROP=${SHBCFG}/idp.properties | |
| IDP_SEALER_FILE=${SHBCREDS}/sealer.jks | |
| # | |
| # build the shibboleth sealer java keystore | |
| # | |
| echo "" | |
| echo "Creating new Shibboleth sealer keystore..." | |
| echo "" | |
| # | |
| mkdir -p ${CRYPTODIR} | |
| cd ${CRYPTODIR} | |
| SEALERPWD=$(uuidgen) | |
| keytool -genseckey -storetype jceks -alias secret1 -providername SunJCE -keyalg AES -keysize 256 -storepass ${SEALERPWD} -keypass ${SEALERPWD} -keystore mysealer.jks >> ${LOGFILE} 2>&1 | |
| cp -f mysealer.jks ${IDP_SEALER_FILE} | |
| cd ${STARTDIR} | |
| # | |
| # | |
| # updates to idp.properties to configure the auto-generated sealer password | |
| # | |
| echo "" | |
| echo "Updating idp.properties with new sealer keystore password." | |
| echo "" | |
| cp -f ${IDP_PROP} ${IDP_PROP}.tmp | |
| sed '/idp.sealer.storePassword/c\ | |
| idp.sealer.storePassword= '${SEALERPWD} ${IDP_PROP}.tmp > ${IDP_PROP}.tmp2 | |
| sed '/idp.sealer.keyPassword/c\ | |
| idp.sealer.keyPassword= '${SEALERPWD} ${IDP_PROP}.tmp2 > ${IDP_PROP} | |
| rm -f ${IDP_PROP}.tmp2 | |
| rm -f ${IDP_PROP}.tmp | |
| rm -rf ${CRYPTODIR}/* | |
| rmdir ${CRYPTODIR} | |
| echo "" | |
| echo "The new sealer key was successfully generated and a new random password configured in idp.properties." | |
| echo "" | |
| echo "If you utilize a burned-in config, then you can now build a new image from this config." | |
| echo "" | |