2023-07-07 19:23:02 +00:00
|
|
|
#!/bin/bash
|
|
|
|
#####################################################################################
|
|
|
|
#
|
2023-08-18 16:38:41 +00:00
|
|
|
# Script to run ACA using the gradle spring pluing bootRun command with parameters
|
|
|
|
# parameters include setting up the DB with TLS and embedded Tomcat with TLS.
|
2023-07-07 19:23:02 +00:00
|
|
|
#
|
2023-08-18 16:38:41 +00:00
|
|
|
#####################################################################################
|
2023-07-07 19:23:02 +00:00
|
|
|
|
2023-07-18 17:09:11 +00:00
|
|
|
CONFIG_FILE="/etc/hirs/aca/application.properties"
|
2023-08-18 16:38:41 +00:00
|
|
|
ALG=RSA
|
|
|
|
RSA_PATH=rsa_3k_sha384_certs
|
|
|
|
ECC_PATH=ecc_512_sha384_certs
|
|
|
|
SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; )
|
|
|
|
LOG_FILE=/dev/null
|
2023-08-23 20:30:06 +00:00
|
|
|
GRADLE_WRAPPER="./gradlew"
|
|
|
|
|
2023-08-30 17:19:43 +00:00
|
|
|
# Check for sudo or root user
|
|
|
|
if [ "$EUID" -ne 0 ]
|
|
|
|
then echo "This script requires root. Please run as root"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2023-09-06 20:09:27 +00:00
|
|
|
help () {
|
|
|
|
echo " Setup script for the HIRS ACA"
|
|
|
|
echo " Syntax: sh aca_setup.sh [-u|h|sb|sp|--skip-db|--skip-pki]"
|
|
|
|
echo " options:"
|
|
|
|
echo " -p | --path Path to the HIRS_AttestationCAPortal.war file"
|
|
|
|
echo " -h | --help Print this Help."
|
|
|
|
echo
|
|
|
|
}
|
|
|
|
|
|
|
|
# Process parameters Argument handling
|
|
|
|
POSITIONAL_ARGS=()
|
|
|
|
ORIGINAL_ARGS=("$@")
|
|
|
|
while [[ $# -gt 0 ]]; do
|
|
|
|
case $1 in
|
|
|
|
-p|--path)
|
|
|
|
USE_WAR=YES
|
|
|
|
shift # past argument
|
|
|
|
WAR_PATH=$@
|
|
|
|
shift # past parameter
|
|
|
|
;;
|
|
|
|
-h|--help)
|
|
|
|
help
|
|
|
|
exit 0
|
|
|
|
shift # past argument
|
|
|
|
;;
|
|
|
|
-*|--*)
|
|
|
|
echo "aca_setup.sh: Unknown option $1"
|
|
|
|
help
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
POSITIONAL_ARGS+=("$1") # save positional arg
|
|
|
|
# shift # past argument
|
|
|
|
break
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
done
|
|
|
|
|
|
|
|
if [ -z "${WAR_PATH}" ]; then
|
|
|
|
WAR_PATH="HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war"
|
|
|
|
NOT_USING_RPM=true
|
|
|
|
fi
|
|
|
|
|
|
|
|
set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
|
|
|
|
|
2023-08-18 16:38:41 +00:00
|
|
|
source $SCRIPT_DIR/../db/start_mysqld.sh
|
|
|
|
|
|
|
|
if [ $ALG = "RSA" ]; then
|
|
|
|
CERT_PATH="/etc/hirs/certificates/HIRS/$RSA_PATH"
|
|
|
|
CERT_CHAIN="$CERT_PATH/HIRS_rsa_3k_sha384_Cert_Chain.pem"
|
|
|
|
CLIENT_DB_P12=$CERT_PATH/HIRS_db_client_rsa_3k_sha384.p12
|
|
|
|
ALIAS="hirs_aca_tls_rsa_3k_sha384"
|
|
|
|
else
|
|
|
|
CERT_PATH="/etc/hirs/certificates/HIRS/$ECC_PATH"
|
|
|
|
CERT_CHAIN="$CERT_PATH/HIRS_ecc_512_sha384_Cert_Chain.pem"
|
|
|
|
CLIENT_DB_P12=$CERT_PATH/HIRS_db_client_ecc_512_sha384.p12
|
|
|
|
ALIAS="hirs_aca_tls_ecc_512_sha384"
|
|
|
|
fi
|
|
|
|
|
|
|
|
check_for_container
|
|
|
|
start_mysqlsd
|
|
|
|
|
|
|
|
if [ ! -d "$CERT_PATH" ]; then
|
|
|
|
echo "$CERT_PATH directory does not exist. Please run aca_setup.sh and try again."
|
|
|
|
exit 1;
|
|
|
|
fi
|
2023-07-07 19:23:02 +00:00
|
|
|
|
2023-09-06 20:09:27 +00:00
|
|
|
if [ $NOT_USING_RPM = true ]; then
|
|
|
|
if [ ! -f "$GRADLE_WRAPPER" ]; then
|
2023-08-23 20:30:06 +00:00
|
|
|
echo "This script needs to be run from the HIRS top level project directory. Exiting."
|
|
|
|
exit 1;
|
2023-09-06 20:09:27 +00:00
|
|
|
fi
|
2023-08-23 20:30:06 +00:00
|
|
|
fi
|
|
|
|
|
2023-07-07 20:54:02 +00:00
|
|
|
echo "Starting HIRS ACA on https://localhost:8443/HIRS_AttestationCAPortal/portal/index"
|
2023-07-07 19:23:02 +00:00
|
|
|
|
2023-08-18 16:38:41 +00:00
|
|
|
source /etc/hirs/aca/aca.properties;
|
|
|
|
|
|
|
|
# Run the embedded tomcat server with Web TLS enabled and database client TLS enabled by overrding critical parameters
|
|
|
|
# Note "&" is a sub parameter continuation, space represents a new parameter. Spaces and quotes matter.
|
|
|
|
# hibernate.connection.url is used for the DB connector which established DB TLS connectivity
|
|
|
|
# server.ssl arguments support the embeded tomcats use of TLS for the ACA Portal
|
2023-08-23 20:30:06 +00:00
|
|
|
CONNECTOR_PARAMS="--hibernate.connection.url=jdbc:mariadb://localhost:3306/hirs_db?autoReconnect=true&\
|
|
|
|
user=$hirs_db_username&\
|
|
|
|
password=$hirs_db_password&\
|
2023-08-18 16:38:41 +00:00
|
|
|
sslMode=VERIFY_CA&\
|
|
|
|
serverSslCert=$CERT_CHAIN&\
|
|
|
|
keyStoreType=PKCS12&\
|
2023-08-23 20:30:06 +00:00
|
|
|
keyStorePassword=$hirs_pki_password&\
|
|
|
|
keyStore="$CLIENT_DB_P12" "
|
2023-08-18 16:38:41 +00:00
|
|
|
|
2023-08-23 20:30:06 +00:00
|
|
|
WEB_TLS_PARAMS="--server.ssl.key-store-password=$hirs_pki_password \
|
|
|
|
--server.ssl.trust-store-password=$hirs_pki_password"
|
2023-08-18 16:38:41 +00:00
|
|
|
|
2023-09-01 15:15:49 +00:00
|
|
|
# uncomment to show spring boot and hibernate properties used as gradle argumanets
|
|
|
|
#echo "--args=\"$CONNECTOR_PARAMS $WEB_TLS_PARAMS\""
|
2023-08-18 16:38:41 +00:00
|
|
|
|
2023-09-06 20:09:27 +00:00
|
|
|
if [ -z "$USE_WAR" ]; then
|
|
|
|
echo "Booting the ACA from local build..."
|
|
|
|
./gradlew bootRun --args="$CONNECTOR_PARAMS$WEB_TLS_PARAMS"
|
2023-08-18 16:38:41 +00:00
|
|
|
else
|
2023-09-06 20:09:27 +00:00
|
|
|
echo "Booting the ACA from a $USE_WAR file..."
|
|
|
|
java -jar $WAR_PATH $CONNECTOR_PARAMS$WEB_TLS_PARAMS &
|
|
|
|
# Note add check for ACA to get started
|
2023-08-18 16:38:41 +00:00
|
|
|
fi
|