add new sealer key script

setNewSealerKey.sh

@@ -0,0 +1,66 @@
+#!/bin/bash
+#
+# This script generates a new sealer keystore with a new random password and configures the IdP to use it.
+# It is designed to be run when the shibboleth_idp container is built/rebuilt, which would ensure that multiple containers reamin in sync (same key, same pwd)
+# 
+
+# default directories
+TOMCFG=config/tomcat
+TOMLOG=logs/tomcat
+TOMCERT=credentials/tomcat
+TOMWWWROOT=wwwroot
+SHBCFG=config/shib-idp/conf
+SHBCREDS=credentials/shib-idp
+SHBVIEWS=config/shib-idp/views
+SHBEDWAPP=config/shib-idp/edit-webapp
+SHBMSGS=config/shib-idp/messages
+SHBMD=config/shib-idp/metadata
+SHBLOG=logs/shib-idp
+
+STARTDIR=$(pwd)
+CRYPTODIR=tmp_crypto
+LOGFILE=sealer-gen.log
+IDP_PROP=${SHBCFG}/idp.properties
+IDP_SEALER_FILE=${SHBCREDS}/sealer.jks
+
+#
+# build the shibboleth sealer java keystore
+#
+echo ""
+echo "Creating new Shibboleth sealer keystore..."
+echo ""
+#
+mkdir -p ${CRYPTODIR}
+cd ${CRYPTODIR}
+SEALERPWD=$(uuidgen)
+keytool -genseckey -storetype jceks -alias secret1 -providername SunJCE -keyalg AES -keysize 256 -storepass ${SEALERPWD} -keypass ${SEALERPWD} -keystore mysealer.jks >> ${LOGFILE} 2>&1
+cp -f mysealer.jks ${IDP_SEALER_FILE}
+cd ${STARTDIR}
+#
+#
+# updates to idp.properties to configure the auto-generated sealer password
+#	
+echo ""
+echo "Updating idp.properties with new sealer keystore password."
+echo ""
+
+cp -f ${IDP_PROP} ${IDP_PROP}.tmp
+
+sed '/idp.sealer.storePassword/c\
+idp.sealer.storePassword= '${SEALERPWD} ${IDP_PROP}.tmp > ${IDP_PROP}.tmp2
+
+sed '/idp.sealer.keyPassword/c\
+idp.sealer.keyPassword= '${SEALERPWD} ${IDP_PROP}.tmp2 > ${IDP_PROP}
+
+rm -f ${IDP_PROP}.tmp2
+rm -f ${IDP_PROP}.tmp
+
+rm -rf ${CRYPTODIR}/*
+rmdir ${CRYPTODIR}
+echo ""
+echo "The new sealer key was successfully generated and a new random password configured in idp.properties."
+echo ""
+echo "If you utilize a burned-in config, then you can now build a new image from this config."
+echo ""
+
+