Created
December 8, 2011 04:44
-
-
Save djangofan/1446137 to your computer and use it in GitHub Desktop.
A batch file to import Java JRE cacerts into a jssecacerts file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @ECHO off | |
| :: Script to import and trust CACERTS entries into the JSSECACERTS file | |
| :: run this file from a Java servers home directory with no arguments | |
| :: J_HOME is the parent directory of the directory you run your server out of. | |
| :: assumes J_HOME/Javasoft might be your JRE home | |
| ::------ | |
| SETLOCAL EnableDelayedExpansion | |
| SET fileobject=jars\myServer.jar | |
| if defined J_HOME ( | |
| GOTO JREHOMESET | |
| ) | |
| SET "dir=%~f0" | |
| :LOOP | |
| CALL :GETDIR "%dir%" | |
| IF EXIST "%dir%\%fileobject%" ( | |
| ECHO Found J_HOME at %dir%\ | |
| GOTO :HOMESET | |
| ) | |
| IF "%dir:~-1%" == ":" ( | |
| ECHO Reached root and directory containing "%fileobject%" not found. | |
| GOTO :end | |
| ) | |
| GOTO :LOOP | |
| :HOMESET | |
| SET J_HOME=%dir%\ | |
| :JREHOMESET | |
| if not defined JRE_HOME ( | |
| SET JRE_HOME=!J_HOME!Javasoft\jre | |
| ) | |
| echo Set JRE_HOME to %JRE_HOME% | |
| ::------ | |
| :: trust any self signed public keys that are contained in 'cacerts' directory | |
| if exist cacerts ( | |
| for /F "tokens=1 delims=." %%i in ('dir /b cacerts') do ( | |
| %JRE_HOME%\bin\keytool.exe -importkeystore -destkeystore jssecacerts^ | |
| -deststoretype jks -srcstorepass changeit -deststorepass changeit -v -srcalias^ | |
| tomcat -noprompt -destalias %%i -srckeystore cacerts\%%i.keystore | |
| ) | |
| ) | |
| ::------ | |
| :: then, trust some of the CA certs from the JRE default cacerts file | |
| %JRE_HOME%\bin\keytool.exe -importkeystore -destkeystore jssecacerts^ | |
| -deststoretype jks -srcstorepass changeit -deststorepass changeit -v^ | |
| -noprompt -srckeystore %JRE_HOME%\lib\security\cacerts | |
| ECHO. | |
| ::------ | |
| :: create the file trustedJSSEcerts.txt | |
| ECHO Determine trusted CAs of the candidate jssecacerts for the JRE | |
| %JRE_HOME%\bin\keytool.exe -list -keystore jssecacerts -storepass^ | |
| changeit >> trustedCAsTEMP.txt | |
| ECHO. 2>trustedJSSEcacerts.txt | |
| FOR /F "tokens=2,4*" %%i IN (trustedCAsTEMP.txt) DO ( | |
| IF "%%i" == "fingerprint" ( | |
| ECHO %%j >> trustedJSSEcacerts.txt | |
| ) | |
| ) | |
| SORT trustedJSSEcacerts.txt /OUTPUT trustedJSSEcerts.txt | |
| DEL /Q trustedCAsTEMP.txt | |
| :: the file trustedJSSEcacerts.txt is a unsorted temp file that can also be deleted | |
| DEL /Q trustedJSSEcacerts.txt | |
| ::------ | |
| :testexist | |
| if exist %JRE_HOME%\lib\security\trustedJSSEcerts.txt ( | |
| ECHO The file %JRE_HOME%\lib\security\trustedJSSEcerts.txt already exists. | |
| GOTO compare | |
| ) else ( | |
| XCOPY trustedJSSEcerts.txt %JRE_HOME%\lib\security\ /y /d >nul | |
| ECHO Copied a new trustedJSSEcerts.txt into %JRE_HOME%\lib\security for first time. | |
| GOTO nodiff | |
| ) | |
| :compare | |
| if exist %JRE_HOME%\lib\security\trustedJSSEcerts.txt ( | |
| ECHO Comparing candidate keystore signatures with JRE jssecacerts keystore | |
| fc trustedJSSEcerts.txt %JRE_HOME%\lib\security\trustedJSSEcerts.txt > nul | |
| if errorlevel 1 GOTO nodiff | |
| ) | |
| ECHO. | |
| ::------ | |
| GOTO diff | |
| :GETDIR | |
| SET "dir=%~dp1" | |
| SET "dir=%dir:~0,-1%" | |
| EXIT /B 0 | |
| ::------- | |
| :diff | |
| ECHO File compare: no differences. Will not update jssecacerts in JRE. | |
| GOTO end | |
| ::------ | |
| :nodiff | |
| XCOPY jssecacerts %JRE_HOME%\lib\security\ /y /d >nul | |
| ECHO Copied updated jssecacerts into JRE. File was newer than the previous version. | |
| ::------ | |
| :end | |
| pause |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment