#! /usr/bin/ksh
# IBM_PROLOG_BEGIN_TAG
# This is an automatically generated prolog.
#
# ike720 src/bos/usr/sbin/isakmp/cmd/certmgr.sh 1.6.1.2
#
# Licensed Materials - Property of IBM
#
# Restricted Materials of IBM
#
# COPYRIGHT International Business Machines Corp. 2000,2011
# All Rights Reserved
#
# US Government Users Restricted Rights - Use, duplication or
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
#
# IBM_PROLOG_END_TAG
# @(#)61 1.6.1.2 src/bos/usr/sbin/isakmp/cmd/certmgr.sh, ike_cmds, ike720 7/15/11 05:07:51
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Kshell Scripts: certmgr
# Purpose: Wrapper script that allows the user to easily run the
# IBM Key Management software (aka "gsk") without setting
# the necessary environment variables.
#
# This script will automatically identify the most current
# version of gsk installed, ensure that a compatable version
# of JAVA is installed, then configure the environment
# appropriately for gsk/JAVA set found. At that point gsk
# is automatically started for the user.
#
# Note that the user must have root privilege to execute
# this script and perform the operations specified.
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
trap INT Interupt
trap TERM Interupt
if [[ $* = -[Dd] ]]; then
DEBUG=1
fi
export readonly INTERUPT=1
export readonly NOTROOT=2
export readonly GSKITNOTINSTALLED=3
export readonly BADPATH=4
export readonly EXECUTABLENOTFOUND=5
export readonly UNRECOGNIZEDVERSION=6
export readonly NOJAVA=7
export readonly GSKJAVAMISMATCH=8
export readonly NOCONFIGFILE=9
export readonly BADCONFIGFILE=10
export readonly RTE=0
export readonly VERSION=1
export readonly BINDIR=2
export readonly HOMEDIR=3
export readonly ENDINFO=4
export readonly ENDVERSIONINFO="MARKER"
export readonly ALLVERSIONS="4 5 6 7"
export readonly GSK5PATHINFO="/usr/java_dev2/jre/sh:usr/java_dev2/sh"
export readonly CONFIGVAL="DEFAULT_SUBJECT_ALTERNATIVE_NAME_SUPPORT="
export NUMGSKITS=0
export GSKITEXE=""
export GSKITDIR=""
export GSKITVER=0
export JAVA_HOME=""
export JAVAVERSION=0
export JAVABIN=""
export ERRORS=0
export GSKIT_HOME=""
export IKMCONFIGFILE=""
set -A javaInfo
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Function: CertMgr
# Purpose: Main function for the CertMgr script
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
function CertMgr {
CheckIfRoot
SetVersionMatchArray
SetErrorMsgsArray
GetGskitVersion
GetJavaVersions
CheckJavaVersion
SetUpEnvironment
StartGsk
Done
}
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Function: CheckIfRoot
# Purpose: Checks to ensure the user is root. If not, we exit.
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
function CheckIfRoot {
if [[ $USER != "root" ]]; then
ERRORS=$NOTROOT
Done
fi
}
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Function: SetVersionMatchArray
# Purpose: This array defines the versions of JAVA that are compatable
# with the version of gsk that was found.
#
# Note: Note that the first entry in each "line" is the gsk version.
# The following entries in the "line" are regular expressions
# used to identify an accesptable version JAVA for the associated
# version of gsk.
#
# To extend the life of this script, simply append to the end
# of the array. When adding JAVA version expressions, be sure
# to put them in "preferred order", as the algorithm that looks
# for a matching version accepts the first one it finds.
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
function SetVersionMatchArray {
set -A gskToJava \
"4" "^1.2" "^1.1" "$ENDVERSIONINFO" \
"5" "^[2-9]" "^1.[3-9]" "$ENDVERSIONINFO" \
"6" "^1.[3-9]" "$ENDVERSIONINFO" \
"7" "^[2-9]" "^1.[3-9]" "$ENDVERSIONINFO"
}
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Function: ErrorMsgsArray
# Purpose: This array defines all the error messages that are
# associated with exit conditions that can be encountered.
#
# Note: As of the original release of this script, these messages
# are only printed if the DEBUG option is submitted at script
# invocation (-d on the command line). See the function "Done".
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
function SetErrorMsgsArray {
set -A ERRORMSGS "" \
"Interupt detected" \
"Must have root privilege to execute this script." \
"GSKIT is not installed." \
"Null path to gskit exectuable." \
"GSKIT executable not found." \
"Unrecognized version of GSKIT." \
"Cannot find JAVA." \
"GSK/JAVA version mismatch." \
"Ike Manager configuration file not found." \
"Unable to modify config file: $IKMCONFIGFILE"
}
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Function: GetGskitVersion
# Purpose: Checks to see if GSKIT is loaded on the system, is actually
# there, and if so - determines the version(s) installed. If
# more than one version is present, then the most recent
# version (as in highest version number) is used.
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
function GetGskitVersion {
if [[ $(/usr/bin/lslpp -L | /usr/bin/grep gsk ) != "" ]]; then
NUMGSKITS=$(/usr/bin/lslpp -l | /usr/bin/grep gsk | /usr/bin/grep -v "sdk" |/usr/bin/wc -l)
NUMGSKITS=${NUMGSKITS##+( )}
#Check to see if both version 4 and 5 are installed, if so use 5.
if [[ $NUMGSKITS != 1 ]] ; then
GSKRTE=$(/usr/bin/lslpp -l | /usr/bin/grep gsk | /usr/bin/grep -v "sdk" | /usr/bin/egrep "5|gskta" | /usr/bin/awk '{print $1}')
else
GSKRTE=$(/usr/bin/lslpp -l | /usr/bin/grep gsk | /usr/bin/grep -v "sdk" | /usr/bin/awk '{print $1}')
fi
GSKDIRNAME=$(print $GSKRTE | /usr/bin/cut -f1 -d.)
GSKITDIR=$(/usr/bin/lslpp -f $GSKRTE | /usr/bin/grep "/$GSKDIRNAME/bin$" | /usr/bin/awk '{print $1}')
# is the directory there?
if [[ -a $GSKITDIR ]]; then
# is there an executable there?
if [[ $(/usr/bin/ls ${GSKITDIR}/gsk?ikm 2> /dev/null) != "" ]]; then
# is there a recognizable version of gskit there?
for gskExe in ${GSKITDIR}/gsk?ikm; do
for version in $ALLVERSIONS; do
if [[ $gskExe = *gsk${version}ikm* ]]; then
if (( $version > $GSKITVER )); then
GSKITVER=$version
GSKITEXE=$gskExe
if (( $DEBUG )); then
print "gskit version is: $GSKITVER"
print "gskit exe is: $GSKITEXE"
fi
break
fi
fi
done
done
if [[ $GSKITVER = "0" ]]; then
ERRORS=$UNRECOGNIZEDVERSION
fi
if [[ $GSKITEXE = "" ]]; then
ERRORS=$BADPATH
fi
else
ERRORS=$EXECUTABLENOTFOUND
fi
else
ERRORS=$GSKITNOTINSTALLED
fi
else
ERRORS=$GSKITNOTINSTALLED
fi
if (( $GSKITVER < 6 )); then
export GSKIT_HOME="/usr/opt/ibm/gskkm"
else
export GSKIT_HOME="/usr/opt/ibm/gskak"
fi
if (( $GSKITVER == 7 )); then
export GSKIT_HOME="/usr/opt/ibm/gskta"
fi
export IKMCONFIGFILE="$GSKIT_HOME/classes/ikminit.properties"
if (( $ERRORS )); then
Done
fi
}
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Function: GetJavaVersions
# Purpose: Gets all the versions of Java installed on the system
# (there could be more than one), and stores them in the
# javaInfo array for later use.
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
function GetJavaVersions {
versionIsNext=0; thisVer=0; i=0
for jI in $(/usr/bin/lslpp -l | /usr/bin/grep Java); do
if (( $versionIsNext )); then
# the if below synched up on the RTE name, so the next
# item in the loop is the JAVA version.
javaInfo[$thisVer+$VERSION]=$jI
# Now get the rest of the version info...
JAVAPATH=$( /usr/bin/lslpp -f ${javaInfo[$thisVer+$RTE]} | /usr/bin/grep "bin/java$" )
if [[ $JAVAPATH = *"->"* ]]; then # symbolic link there?
JAVAPATH=$(print $JAVAPATH | /usr/bin/awk '{print $4}')
else
JAVAPATH=$(print $JAVAPATH | /usr/bin/awk '{print $1}')
fi
JAVABIN=${JAVAPATH%/java}
javaInfo[$thisVer+$BINDIR]=$JAVABIN
javaInfo[$thisVer+$HOMEDIR]="/$(print $JAVABIN | /usr/bin/cut -f2 -d/)/$(print $JAVABIN | /usr/bin/cut -f3 -d/)"
javaInfo[$thisVer+$ENDINFO]=$ENDVERSIONINFO
let thisVer=$thisVer+$ENDINFO+1
versionIsNext=0
fi
if [[ $(print $jI | /usr/bin/grep "Java.*.rte.bin") != "" ]] ||
[[ $(print $jI | /usr/bin/grep "Java.*.sdk") != "" ]]; then
javaInfo[$thisVer+$RTE]=$jI
versionIsNext=1
fi
done
}
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Function: CheckJavaVersion
# Purpose: Checks to see that there is a version of JAVA available
# that is compatable with the version of gsk that is in use.
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
function CheckJavaVersion {
# sync up on the version of gsk that was found.
thisGsk=0; export gskVerIndex=0; gskVer=0
while (( $thisGsk < ${#gskToJava[*]} )); do
if [[ ${gskToJava[$thisGsk]} = $GSKITVER ]]; then
gskVerIndex=$thisGsk
gskVer=${gskToJava[$gskVerIndex]}
if (( $DEBUG )); then
print "GSKIT version is: $gskVer"
fi
break
fi
# Wrong gsk version - go to the next one.
while [[ ${gskToJava[$thisGsk]} != $ENDVERSIONINFO ]]; do
let thisGsk=$thisGsk+1
done
let thisGsk=$thisGsk+1
done
# if we found the version of gsk in use.
if (( $gskVer )); then
acceptableJava=$gskVerIndex+1
matched=0
while [[ ${gskToJava[$acceptableJava]} != $ENDVERSIONINFO ]]; do
jIndex=0
if (( $DEBUG )); then
print "Java Match Expression: \"${gskToJava[$acceptableJava]}\" Java Version Found:\c"
fi
while (( $jIndex != ${#javaInfo[*]} )); do
if (( $DEBUG )); then
print " \"${javaInfo[$jIndex+$VERSION]}\"\c"
fi
if [[ $(print "${javaInfo[$jIndex+$VERSION]}" | /usr/bin/grep "${gskToJava[$acceptableJava]}") != "" ]]; then
export JAVABIN=${javaInfo[$jIndex+$BINDIR]}
export JAVA_HOME=${javaInfo[$jIndex+$HOMEDIR]}
export JAVAVERSION=${javaInfo[$jIndex+$VERSION]}
if (( $DEBUG )); then
print "\nJAVA Version is: \"$JAVAVERSION\""
print "JAVA bin is: \"$JAVABIN\""
print "JAVA_HOME is: \"$JAVA_HOME\""
print "GSKIT_HOME is: \"$GSKIT_HOME\""
print "GSKITVER is: \"$GSKITVER\""
fi
matched=1
break
fi
let jIndex=$jIndex+$ENDINFO+1
done
if (( $matched )); then
break
else
if (( $DEBUG )); then
print
fi
fi
let acceptableJava=$acceptableJava+1
done
if (( ! $matched )); then
ERRORS=$GSKJAVAMISMATCH
fi
else
ERRORS=$UNRECOGNIZEDVERSION
fi
if (( $ERRORS )); then
Done
fi
}
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Function: SetUpEnvironment
# Purpose: Does what ever is necessary to setup the environment
# for the version of GSKIT that was found.
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
function SetUpEnvironment {
if (( $GSKITVER == 4 )); then
if [[ $JAVA_HOME = "" ]]; then
ERRORS=$CANTFINDJAVAHOME
fi
# Assumes environment is the same for all versions of gskit newer than 4
else
if (( $DEBUG )); then
print "Unsetting JAVA_HOME"
fi
unset JAVA_HOME
if [[ -a $IKMCONFIGFILE ]]; then
if [[ $(/usr/bin/egrep "$CONFIGVAL" $IKMCONFIGFILE) = "" ]]; then
# No config line present, so append one to the end.
print "${CONFIGVAL}true" >> $IKMCONFIGFILE
else
# the config line is there - simply make sure it is correct.
/usr/bin/sed "s/^#*.*${CONFIGVAL}.*$/${CONFIGVAL}true/g" $IKMCONFIGFILE > ${IKMCONFIGFILE}.new
/usr/bin/rm -f $IKMCONFIGFILE
/usr/bin/mv ${IKMCONFIGFILE}.new $IKMCONFIGFILE
fi
# Ok, now double check to ensure that the configuration setting is there.
if [[ $(/usr/bin/egrep "^${CONFIGVAL}[Tt][Rr][Uu][Ee]$" $IKMCONFIGFILE) != "" ]]; then
export PATH="$GSK5PATHINFO:$PATH"
if [[ $(whence java) = "" ]]; then
export PATH=$JAVABIN:$PATH
fi
else
ERROR=$BADCONFIGFILE
fi
else
ERRORS=$NOCONFIGFILE
fi
fi
if (( $ERRORS )); then
Done
fi
}
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Function: StartGsk
# Purpose: Starts gsk.
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
function StartGsk {
if (( $DEBUG )); then
print "Starting gsk: $GSKITEXE"
print "JAVA_HOME: $JAVA_HOME"
fi
$GSKITEXE
}
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Function: Done
# Purpose: The single exit point for this script.
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
function Done {
if (( $ERRORS )); then
if (( $DEBUG )); then
print "${ERRORMSGS[$ERRORS]}"
fi
exit 1
fi
exit 0
}
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Function: Interupt
# Purpose: Clean trap routine for SIGTERM and SIGINT
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
function Interupt {
ERRORS=$INTERUPT
Done
}
CertMgr