HIRS/package/scripts/aca/aca_bootRun.sh

128 lines
3.9 KiB
Bash
Raw Normal View History

#!/bin/bash
#####################################################################################
#
2023-08-18 16:38:41 +00:00
# Script to run ACA using the gradle spring pluing bootRun command with parameters
# parameters include setting up the DB with TLS and embedded Tomcat with TLS.
#
2023-08-18 16:38:41 +00:00
#####################################################################################
CONFIG_FILE="/etc/hirs/aca/application.properties"
2023-08-18 16:38:41 +00:00
ALG=RSA
RSA_PATH=rsa_3k_sha384_certs
ECC_PATH=ecc_512_sha384_certs
SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; )
LOG_FILE=/dev/null
2023-08-23 20:30:06 +00:00
GRADLE_WRAPPER="./gradlew"
2023-08-30 17:19:43 +00:00
# Check for sudo or root user
if [ "$EUID" -ne 0 ]
then echo "This script requires root. Please run as root"
exit 1
fi
help () {
echo " Setup script for the HIRS ACA"
echo " Syntax: sh aca_setup.sh [-u|h|sb|sp|--skip-db|--skip-pki]"
echo " options:"
echo " -p | --path Path to the HIRS_AttestationCAPortal.war file"
echo " -h | --help Print this Help."
echo
}
# Process parameters Argument handling
POSITIONAL_ARGS=()
ORIGINAL_ARGS=("$@")
while [[ $# -gt 0 ]]; do
case $1 in
-p|--path)
USE_WAR=YES
shift # past argument
WAR_PATH=$@
shift # past parameter
;;
-h|--help)
help
exit 0
shift # past argument
;;
-*|--*)
echo "aca_setup.sh: Unknown option $1"
help
exit 1
;;
*)
POSITIONAL_ARGS+=("$1") # save positional arg
# shift # past argument
break
;;
esac
done
if [ -z "${WAR_PATH}" ]; then
WAR_PATH="HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war"
NOT_USING_RPM=true
fi
set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
2023-08-18 16:38:41 +00:00
source $SCRIPT_DIR/../db/start_mysqld.sh
if [ $ALG = "RSA" ]; then
CERT_PATH="/etc/hirs/certificates/HIRS/$RSA_PATH"
CERT_CHAIN="$CERT_PATH/HIRS_rsa_3k_sha384_Cert_Chain.pem"
CLIENT_DB_P12=$CERT_PATH/HIRS_db_client_rsa_3k_sha384.p12
ALIAS="hirs_aca_tls_rsa_3k_sha384"
else
CERT_PATH="/etc/hirs/certificates/HIRS/$ECC_PATH"
CERT_CHAIN="$CERT_PATH/HIRS_ecc_512_sha384_Cert_Chain.pem"
CLIENT_DB_P12=$CERT_PATH/HIRS_db_client_ecc_512_sha384.p12
ALIAS="hirs_aca_tls_ecc_512_sha384"
fi
check_for_container
start_mysqlsd
if [ ! -d "$CERT_PATH" ]; then
echo "$CERT_PATH directory does not exist. Please run aca_setup.sh and try again."
exit 1;
fi
if [ $NOT_USING_RPM = true ]; then
if [ ! -f "$GRADLE_WRAPPER" ]; then
2023-08-23 20:30:06 +00:00
echo "This script needs to be run from the HIRS top level project directory. Exiting."
exit 1;
fi
2023-08-23 20:30:06 +00:00
fi
2023-07-07 20:54:02 +00:00
echo "Starting HIRS ACA on https://localhost:8443/HIRS_AttestationCAPortal/portal/index"
2023-08-18 16:38:41 +00:00
source /etc/hirs/aca/aca.properties;
# Run the embedded tomcat server with Web TLS enabled and database client TLS enabled by overrding critical parameters
# Note "&" is a sub parameter continuation, space represents a new parameter. Spaces and quotes matter.
# hibernate.connection.url is used for the DB connector which established DB TLS connectivity
# server.ssl arguments support the embeded tomcats use of TLS for the ACA Portal
2023-08-23 20:30:06 +00:00
CONNECTOR_PARAMS="--hibernate.connection.url=jdbc:mariadb://localhost:3306/hirs_db?autoReconnect=true&\
user=$hirs_db_username&\
password=$hirs_db_password&\
2023-08-18 16:38:41 +00:00
sslMode=VERIFY_CA&\
serverSslCert=$CERT_CHAIN&\
keyStoreType=PKCS12&\
2023-08-23 20:30:06 +00:00
keyStorePassword=$hirs_pki_password&\
keyStore="$CLIENT_DB_P12" "
2023-08-18 16:38:41 +00:00
2023-08-23 20:30:06 +00:00
WEB_TLS_PARAMS="--server.ssl.key-store-password=$hirs_pki_password \
--server.ssl.trust-store-password=$hirs_pki_password"
2023-08-18 16:38:41 +00:00
# uncomment to show spring boot and hibernate properties used as gradle argumanets
#echo "--args=\"$CONNECTOR_PARAMS $WEB_TLS_PARAMS\""
2023-08-18 16:38:41 +00:00
if [ -z "$USE_WAR" ]; then
echo "Booting the ACA from local build..."
./gradlew bootRun --args="$CONNECTOR_PARAMS$WEB_TLS_PARAMS"
2023-08-18 16:38:41 +00:00
else
echo "Booting the ACA from a $USE_WAR file..."
java -jar $WAR_PATH $CONNECTOR_PARAMS$WEB_TLS_PARAMS &
# Note add check for ACA to get started
2023-08-18 16:38:41 +00:00
fi