Conversion of the keystore to CMS format on z/OS
You can set up dynamic routing for Liberty collectives on a z/OS system. An element of that task is to convert the keystore to a CMS format.
The sample script that is provided is an example of how to set up the CMS provider for the ikeycmd. Your environment might be different. You must ensure that you locate the CMS provider and specify the correct provider offset.
Both the gskcmd commands in step 5 of Setting up dynamic routing for Liberty collectives must be run for z/OS by using ikeycmd in place of gskcmd. The ikeycmd commands must include the additional -Djava.security.properties as indicated in the sample script to append the CMS provider with an appropriate provider offset. The -Djava.security.properties parameter must precede the other parameters that are specified in step 5 of Setting up dynamic routing for Liberty collectives for each command.
#!/bin/sh
# z/os ikeycmd wrapper that adds CMS v3 support.
# Author:
if [ -n "$JAVA_HOME" ]; then
echo "Using JAVA_HOME=$JAVA_HOME"
else
JAVA_HOME=/usr/lpp/java/java800/J8.0_64/
fi
# Should not require edits below this line
> /tmp/java.security.append
# Check for non-v3 CMS provider in java.security.
if grep CMSProvider $JAVA_HOME/lib/security/java.security >/dev/null; then
if ! grep -i "CMSProvider V3" $JAVA_HOME/lib/security/java.security; then
echo "CMS Provider already present, but no 'V3' argument: $JAVA_HOME/lib/security/java.security"
exit 1
fi
else
# Need to add CMSv3 provider.
# Hunt for the next provider offset
let NEXT_PROVIDER=1
for PROVIDER in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do
if grep security.provider.$PROVIDER $JAVA_HOME/lib/security/java.security >/dev/null; then
let NEXT_PROVIDER=$NEXT_PROVIDER+1
fi
done
# Stash the provider line in a file
echo "security.provider.$NEXT_PROVIDER=com.ibm.security.cmskeystore.CMSProvider V3" > /tmp/java.security.append
fi
if [ $# -eq 0 ]; then
$JAVA_HOME/bin/ikeycmd -Djava.security.properties=/tmp/java.security.append -help
else
$JAVA_HOME/bin/ikeycmd -Djava.security.properties=/tmp/java.security.append "$@"
fi