ivansharamok · October 25, 2017 05:05 · adoprog · Nov 17, 2017
diff --git a/import-docker-solrssl.ps1 b/import-docker-solrssl.ps1
 <#
 .Synopsis
    Get Solr SSL cert from docker container and install it into local Windows machine.

 .Example
  .\import-docker-solrssl.ps1 -DockerContainer sc90-solr66 -InstallCert

 .Example
  .\import-docker-solrssl.ps1 -DockerContainer sc90-solr66 -KeystoreFile ./solr-ssl.keystore.jsk -InstallCert
 #>
 [CmdletBinding()]
 param(
    [Parameter(Mandatory=$true)] $DockerContainer,
    [Parameter(Mandatory=$false)] $KeystoreFile='solr-ssl.keystore.jks',
    [Parameter(Mandatory=$false)] $KeystorePassword='secret',
    [switch] $InstallCert,
    [switch] $Clobber
 )

 $Error.Clear()
 Trap
 {
    Write-Error $_.ErrorDetails.Message
    Write-Error $_.InvocationInfo.PositionMessage
    Write-Error $_.CategoryInfo.ToString()
    Write-Error $_.FullyQualifiedErrorId
    $e = $_.Exception
    while ($e.InnerException) {
      $e = $e.InnerException
      $msg += "`n" + $e.Message
    }
    break;
 }

 $P12Path = [IO.Path]::ChangeExtension($KeystoreFile, 'p12')
 if((Test-Path $P12Path)) {
 	if($Clobber) {
 		Write-Host "Removing $P12Path..."
 		Remove-Item $P12Path
 	} else {
 		$P12Path = Resolve-Path $P12Path
 		Write-Error "Keystore file $P12Path already existed. To regenerate it, pass -Clobber."
 	}
 }
 else {
    $P12Path = Join-Path $PSScriptRoot $P12Path
 }
 Write-Verbose "p12 path `'$P12Path`'"

 # get cert from docker container
 # cert location in docker: /opt/solr/server/etc/solr-ssl.keystore.jks
 $dockerPath = $("$DockerContainer`:/opt/solr/server/etc/$KeystoreFile")
 Write-Verbose "First arg: $dockerPath"
 & docker cp $dockerPath $PSScriptRoot
 $certPath = Join-Path $PSScriptRoot $KeystoreFile
 if (Test-Path $certPath){
    Write-Verbose "Cert `'$certPath`' has been copied successfully."
 }
 else {
    Write-Verbose "Cannot find cert at location `'$certPath`'"
 }

 try {
  # requires JAVA_HOME to be in the PATH environment variable
 	$keytool = (Get-Command 'keytool.exe').Source
 } catch {
 	$keytool = Read-Host "keytool.exe not on path. Enter path to keytool (found in JRE bin folder)"

 	if([string]::IsNullOrEmpty($keytool) -or -not (Test-Path $keytool)) {
 		Write-Error "Keytool path was invalid."
 	}
 }

 Write-Host ''
 Write-Host 'Generating .p12 to import to Windows...'
 & $keytool -importkeystore -srckeystore $certPath -destkeystore $P12Path -srcstoretype jks -deststoretype pkcs12 -srcstorepass $KeystorePassword -deststorepass $KeystorePassword

 if ($InstallCert) {
    Write-Host ''
    Write-Host 'Trusting generated SSL certificate...'
    Write-Verbose "Installing cert `'$P12Path`'"
    $secureStringKeystorePassword = ConvertTo-SecureString -String $KeystorePassword -Force -AsPlainText
    $root = Import-PfxCertificate -FilePath $P12Path -Password $secureStringKeystorePassword -CertStoreLocation Cert:\LocalMachine\Root
    Write-Host "Solr SSL certificate was imported from docker container `'$DockerContainer`' and is now locally trusted. (added as root CA)"
 }
	<#
	.Synopsis
	Get Solr SSL cert from docker container and install it into local Windows machine.

	.Example
	.\import-docker-solrssl.ps1 -DockerContainer sc90-solr66 -InstallCert

	.Example
	.\import-docker-solrssl.ps1 -DockerContainer sc90-solr66 -KeystoreFile ./solr-ssl.keystore.jsk -InstallCert
	#>
	[CmdletBinding()]
	param(
	[Parameter(Mandatory=$true)] $DockerContainer,
	[Parameter(Mandatory=$false)] $KeystoreFile='solr-ssl.keystore.jks',
	[Parameter(Mandatory=$false)] $KeystorePassword='secret',
	[switch] $InstallCert,
	[switch] $Clobber
	)

	$Error.Clear()
	Trap
	{
	Write-Error $_.ErrorDetails.Message
	Write-Error $_.InvocationInfo.PositionMessage
	Write-Error $_.CategoryInfo.ToString()
	Write-Error $_.FullyQualifiedErrorId
	$e = $_.Exception
	while ($e.InnerException) {
	$e = $e.InnerException
	$msg += "`n" + $e.Message
	}
	break;
	}

	$P12Path = [IO.Path]::ChangeExtension($KeystoreFile, 'p12')
	if((Test-Path $P12Path)) {
	if($Clobber) {
	Write-Host "Removing $P12Path..."
	Remove-Item $P12Path
	} else {
	$P12Path = Resolve-Path $P12Path
	Write-Error "Keystore file $P12Path already existed. To regenerate it, pass -Clobber."
	}
	}
	else {
	$P12Path = Join-Path $PSScriptRoot $P12Path
	}
	Write-Verbose "p12 path `'$P12Path`'"

	# get cert from docker container
	# cert location in docker: /opt/solr/server/etc/solr-ssl.keystore.jks
	$dockerPath = $("$DockerContainer`:/opt/solr/server/etc/$KeystoreFile")
	Write-Verbose "First arg: $dockerPath"
	& docker cp $dockerPath $PSScriptRoot
	$certPath = Join-Path $PSScriptRoot $KeystoreFile
	if (Test-Path $certPath){
	Write-Verbose "Cert `'$certPath`' has been copied successfully."
	}
	else {
	Write-Verbose "Cannot find cert at location `'$certPath`'"
	}

	try {
	# requires JAVA_HOME to be in the PATH environment variable
	$keytool = (Get-Command 'keytool.exe').Source
	} catch {
	$keytool = Read-Host "keytool.exe not on path. Enter path to keytool (found in JRE bin folder)"

	if([string]::IsNullOrEmpty($keytool) -or -not (Test-Path $keytool)) {
	Write-Error "Keytool path was invalid."
	}
	}

	Write-Host ''
	Write-Host 'Generating .p12 to import to Windows...'
	& $keytool -importkeystore -srckeystore $certPath -destkeystore $P12Path -srcstoretype jks -deststoretype pkcs12 -srcstorepass $KeystorePassword -deststorepass $KeystorePassword

	if ($InstallCert) {
	Write-Host ''
	Write-Host 'Trusting generated SSL certificate...'
	Write-Verbose "Installing cert `'$P12Path`'"
	$secureStringKeystorePassword = ConvertTo-SecureString -String $KeystorePassword -Force -AsPlainText
	$root = Import-PfxCertificate -FilePath $P12Path -Password $secureStringKeystorePassword -CertStoreLocation Cert:\LocalMachine\Root
	Write-Host "Solr SSL certificate was imported from docker container `'$DockerContainer`' and is now locally trusted. (added as root CA)"
	}