From 77e210dd656ae1965daca40020d8eaf5afb5486f Mon Sep 17 00:00:00 2001
From: Dennis Heimbigner <dmh@ucar.edu>
Date: Tue, 14 Feb 2012 14:07:02 -0700
Subject: [PATCH] fixing auth keys

---
 cdm/src/test/resources/emptykeystore.jks | Bin 0 -> 32 bytes
 cdm/src/test/resources/gen.sh            |  43 +++++++++++++++++++++++
 2 files changed, 43 insertions(+)
 create mode 100644 cdm/src/test/resources/emptykeystore.jks
 create mode 100644 cdm/src/test/resources/gen.sh

diff --git a/cdm/src/test/resources/emptykeystore.jks b/cdm/src/test/resources/emptykeystore.jks
new file mode 100644
index 0000000000000000000000000000000000000000..c408465500cb0af9cfd1f7371422ef8899ae6725
GIT binary patch
literal 32
ncmezO_TO6u1_mY|W_Xm5=la|E{*s%M?mC{^wn--0;QAy0^AQhj

literal 0
HcmV?d00001

diff --git a/cdm/src/test/resources/gen.sh b/cdm/src/test/resources/gen.sh
new file mode 100644
index 0000000000..77e77a6fad
--- /dev/null
+++ b/cdm/src/test/resources/gen.sh
@@ -0,0 +1,43 @@
+PWD="changeit"
+SDN="CN=localhost, OU=Unidata, O=UCAR, L=Boulder, ST=Colorado, C=US"
+CDN="CN=Client, OU=Unidata, O=UCAR, L=Boulder, ST=Colorado, C=US"
+JAVACERTS="c:/tools/jdk1.6/jre/lib/security/cacerts"
+
+rm -f *.jks *.cer *.p12 *.pem tmp*
+
+# Create a server keystore containing key and cert
+keytool -genkey -keyalg RSA -alias server -keystore server.jks -storepass $PWD -validity 360 -dname "$SDN" -keypass $PWD
+
+# Create a client keystore containing key and cert
+keytool -genkey -keyalg RSA -alias client -keystore client.jks -storepass $PWD -validity 360 -dname "$CDN" -keypass $PWD
+ 
+# Export the client cert
+keytool -exportcert -alias client -keystore client.jks -storepass $PWD -file clientcert.cer
+
+# Create a server truststore containing client cert
+cp emptykeystore.jks servertrust.jks
+keytool -importcert -trustcacerts -alias server \
+        -keystore servertrust.jks -storepass $PWD \
+        -file clientcert.cer
+
+# Convert client .jks to pk12 format
+keytool -importkeystore -srckeystore client.jks -destkeystore client.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass $PWD -deststorepass $PWD -srcalias client -destalias client -srckeypass $PWD -destkeypass $PWD -noprompt
+
+## Convert the client cert to pem format
+#openssl x509 -inform der -in clientcert.cer -out clientcert.pem
+
+# Export the client key in pem format
+openssl pkcs12 -in client.p12 -out clientkey.pem -nodes -nocerts -password pass:$PWD
+
+# Install the tomcat key and trust stores
+rm -f "c:/tools/tomcat6/conf/keystore.jks"
+rm -f "c:/tools/tomcat6/conf/truststore.jks"
+cp ./server.jks "c:/tools/tomcat6/conf/keystore.jks"
+cp ./servertrust.jks "c:/tools/tomcat6/conf/truststore.jks"
+
+
+
+exit
+
+
+