-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
Copy pathinstall_ca_certificate.sh
executable file
·91 lines (76 loc) · 3.7 KB
/
install_ca_certificate.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/usr/bin/env bash
###########################################################################################
# #
# if `Permission denied` error is returned use sudo providing JAVA_HOME as follows: #
# #
# sudo JAVA_HOME=<JAVA_HOME> ./scripts/install_ca_certificate.sh #
# #
# on a mac /usr/libexec/java_home tool can be used to provide the JAVA_HOME as follows: #
# #
# sudo JAVA_HOME=`/usr/libexec/java_home` ./scripts/install_ca_certificate.sh #
# #
###########################################################################################
function runCommand {
echo
printf -v str "%-$((${#1} + 19))s" ' '; echo "${str// /=}"
echo "Executing command: $1"
printf -v str "%-$((${#1} + 19))s" ' '; echo "${str// /=}"
echo
eval $1
}
function printMessage {
echo
printf -v str "%-$((${#1}))s" ' '; echo "${str// /=}"
echo "$1"
printf -v str "%-$((${#1}))s" ' '; echo "${str// /=}"
echo
}
function determineTrustStoreOrKeyStoreLocation {
if [[ -z "$JAVA_HOME" ]]; then
echo "JAVA_HOME environment variable is not set, please set this before running this script";
exit 1;
fi
if [ -e "$JAVA_HOME/jre/lib/security/cacerts" ]; then
export KEYSTORE="-keystore $JAVA_HOME/jre/lib/security/cacerts"
printMessage "Using trust store location: $JAVA_HOME/jre/lib/security/cacerts"
elif [ -e "$JAVA_HOME/lib/security/cacerts" ]; then
export KEYSTORE="-keystore $JAVA_HOME/lib/security/cacerts"
printMessage "Using trust store location: $JAVA_HOME/lib/security/cacerts"
else
export KEYSTORE=""
printMessage "Trust store location not found using keystore"
fi
}
function downloadCertificate {
# download certificate
runCommand "wget https://raw.githubusercontent.com/mock-server/mockserver/master/mockserver-core/src/main/resources/org/mockserver/socket/CertificateAuthorityCertificate.pem"
}
function deleteDownloadedCertificate {
# delete the downloaded file
runCommand "rm -rf CertificateAuthorityCertificate.pem"
}
function removeIfAlreadyInstalled {
# test if already installed
CERT_ALREADY_INSTALLED=$(runCommand "keytool -list -v $KEYSTORE -storepass changeit -alias mockserver-ca")
# if already installed remove the current certificate (just in case it has been updated)
if [ ! -z "$CERT_ALREADY_INSTALLED" -a "$CERT_ALREADY_INSTALLED" != "1" ]; then
runCommand "keytool -delete $KEYSTORE -alias mockserver-ca -storepass changeit"
fi
}
function installCertificate {
determineTrustStoreOrKeyStoreLocation
downloadCertificate
removeIfAlreadyInstalled
# install the certificate
STORE_RESPONSE=$(runCommand "keytool -import -v $KEYSTORE -alias mockserver-ca -file CertificateAuthorityCertificate.pem -storepass changeit -trustcacerts -noprompt 2>&1")
echo "$STORE_RESPONSE"
deleteDownloadedCertificate
# print keystore location
KEY_STORE_FILE=$(echo $STORE_RESPONSE | tr ']' ' ' | awk '{print $7}')
echo
printf -v str "%-$((${#KEY_STORE_FILE} + 85))s" ' '; echo "${str// /=}"
echo "Ensure your JVM is using the correct keystore as follows: -Djavax.net.ssl.trustStore=$KEY_STORE_FILE"
printf -v str "%-$((${#KEY_STORE_FILE} + 85))s" ' '; echo "${str// /=}"
echo
}
installCertificate