From b57121620831b2870d152a1ba12359ed269146de Mon Sep 17 00:00:00 2001 From: Milan Perera Date: Wed, 2 Aug 2017 16:14:10 +0530 Subject: [PATCH] Added JWT keystore to the script In order to start servers after doing IP changes, it is required to create new keystore for JWT signing and verification. So this fix adds that keystore generating logic to the bash script --- modules/scripts/change-ip.sh | 48 ++++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 18 deletions(-) diff --git a/modules/scripts/change-ip.sh b/modules/scripts/change-ip.sh index 39ced4b7..85603753 100644 --- a/modules/scripts/change-ip.sh +++ b/modules/scripts/change-ip.sh @@ -444,21 +444,33 @@ keytool -import -alias wso2iotcore -file ./tmp/c.crt -keystore ../wso2/analytics keytool -import -alias wso2analytics -file ./tmp/b.crt -keystore ../wso2/analytics/repository/resources/security/client-truststore.jks -storepass wso2carbon -noprompt echo "" -echo "Replacing IoT server public cert from iot-default.xml" - -#keytool -genkey -alias wso2carbon -keyalg RSA -keysize 2048 -keystore ../repository/resources/security/wso2carbonjwt.jks -dname "CN=192.168.1.2, -#OU=Home,O=Home,L=SL,S=WS,C=LK" -storepass wso2carbon -keypass wso2carbon -#cp -R ../repository/resources/security/wso2carbonjwt.jks ../wso2/analytics/repository/resources/security/ -# -#if hash tac; then -# VAR=$(keytool -exportcert -alias wso2carbon -keystore ../repository/resources/security/wso2carbonjwt.jks -rfc -storepass wso2carbon | tail -n +2 | tac | tail -n +2 | tac | tr -cd "[:print:]"); -#else -# VAR=$(keytool -exportcert -alias wso2carbon -keystore ../repository/resources/security/wso2carbonjwt.jks -rfc -storepass wso2carbon | tail -n +2 | tail -r | tail -n +2 | tail -r | tr -cd "[:print:]"); fi -# -# -#echo "" -#echo "Printing certificate" -#echo "-----------------------" -#echo $VAR -#sed -i -e 's#.*#'"$VAR"'#g' ../conf/identity/identity-providers/iot_default.xml -#echo "Completed!!!" \ No newline at end of file +echo "Generating jwt keystore" +keytool -genkey -alias wso2carbon -keyalg RSA -keysize 2048 -keystore ../repository/resources/security/wso2carbonjwt.jks -dname "CN=10.10.10.202,OU=Home,O=Home,L=SL,S=WS,C=LK" -storepass wso2carbon -keypass wso2carbon +cp -R ../repository/resources/security/wso2carbonjwt.jks ../wso2/analytics/repository/resources/security/ + +echo "Changing /conf/etc/jwt.properties" +sed -i -e 's/#KeyStore=.*/KeyStore=repository\/resources\/security\/wso2carbonjwt.jks /' ../conf/etc/jwt.properties +sed -i -e 's/#KeyStorePassword=.*/KeyStorePassword=wso2carbon /' ../conf/etc/jwt.properties +sed -i -e 's/#PrivateKeyAlias=.*/PrivateKeyAlias=wso2carbon /' ../conf/etc/jwt.properties +sed -i -e 's/#PrivateKeyPassword=.*/PrivateKeyPassword=wso2carbon /' ../conf/etc/jwt.properties +sed -i -e 's/#default-jwt-client=.*/default-jwt-client=false /' ../conf/etc/jwt.properties + +echo "Changing /wso2/analytics/conf/etc/jwt.properties" +sed -i -e 's/#KeyStore=.*/KeyStore=repository\/resources\/security\/wso2carbonjwt.jks /' ../wso2/analytics/conf/etc/jwt.properties +sed -i -e 's/#KeyStorePassword=.*/KeyStorePassword=wso2carbon /' ../wso2/analytics/conf/etc/jwt.properties +sed -i -e 's/#PrivateKeyAlias=.*/PrivateKeyAlias=wso2carbon /' ../wso2/analytics/conf/etc/jwt.properties +sed -i -e 's/#PrivateKeyPassword=.*/PrivateKeyPassword=wso2carbon /' ../wso2/analytics/conf/etc/jwt.properties +sed -i -e 's/#default-jwt-client=.*/default-jwt-client=false /' ../wso2/analytics/conf/etc/jwt.properties + +echo "Setting up the public certificate for the default idp" +if hash tac; then + VAR=$(keytool -exportcert -alias wso2carbon -keystore ../repository/resources/security/wso2carbonjwt.jks -rfc -storepass wso2carbon | tail -n +2 | tac | tail -n +2 | tac | tr -cd "[:print:]"); +else + VAR=$(keytool -exportcert -alias wso2carbon -keystore ../repository/resources/security/wso2carbonjwt.jks -rfc -storepass wso2carbon | tail -n +2 | tail -r | tail -n +2 | tail -r | tr -cd "[:print:]"); fi + +echo "" +echo "Printing certificate" +echo "-----------------------" +echo $VAR +sed -i -e 's#.*#'"$VAR"'#g' ../conf/identity/identity-providers/iot_default.xml +echo "Completed!!!"