46 lines
1.4 KiB
Bash
Executable File
46 lines
1.4 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# determine the location of the cacerts file we're adding to
|
|
|
|
JDK_DIR="$(find /usr -type d -name jdk | head -n 1)"
|
|
|
|
CACERTS_FILE="$JDK_DIR"/lib/security/cacerts
|
|
KEYTOOL_BIN="$JDK_DIR"/bin/keytool
|
|
|
|
if [[ ! -f "$CACERTS_FILE" ]] || [[ ! -x "$KEYTOOL_BIN" ]]; then
|
|
echo "Unable to locate cacerts and/or keytool " >&2
|
|
exit 1
|
|
fi
|
|
|
|
unset TRUSTED_CA_DIR
|
|
TRUSTED_CA_DIRNAME=${CA_DIR:-"ca-trust"}
|
|
CA_DIR_PARENTS=(
|
|
"$JDK_DIR"/../"$TRUSTED_CA_DIRNAME"
|
|
/etc/"$TRUSTED_CA_DIRNAME"
|
|
/opt/"$TRUSTED_CA_DIRNAME"
|
|
/"$TRUSTED_CA_DIRNAME"
|
|
)
|
|
for i in ${CA_DIR_PARENTS[@]}; do
|
|
TMP_DIR="$(realpath "$i")"
|
|
if [[ -d "$i" ]]; then
|
|
TRUSTED_CA_DIR="$i"
|
|
break;
|
|
fi
|
|
done
|
|
|
|
if [[ -z $TRUSTED_CA_DIR ]] || [[ ! -d "$TRUSTED_CA_DIR" ]]; then
|
|
echo "Unable to locate directory containing trusted CA certificates" >&2
|
|
exit 1
|
|
fi
|
|
|
|
echo
|
|
find "$TRUSTED_CA_DIR" -type f -print0 | while read -d $'\0' CRT_FILE; do
|
|
CRT_FILE_BASE="$(basename "$CRT_FILE" | sed 's/\.[^.]*$//')"
|
|
if [[ -n $CRT_FILE_BASE ]] && [[ "$CRT_FILE_BASE" != \.* ]] ; then
|
|
echo "Importing \"$CRT_FILE_BASE\"... "
|
|
( "$KEYTOOL_BIN" -importcert -cacerts -trustcacerts -file "$CRT_FILE" -alias "$CRT_FILE_BASE" -keypass changeit -storepass changeit -noprompt 2>&1 | grep -Pv "(already exists)" ) || true
|
|
"$KEYTOOL_BIN" -list -cacerts -alias "$CRT_FILE_BASE" -keypass changeit -storepass changeit -noprompt
|
|
echo
|
|
fi
|
|
done
|