matthiassb · April 1, 2022 08:50
diff --git a/importCert.sh b/importCert.sh
 #!/usr/bin/env bash

 if [ "$EUID" -ne 0 ]
  then echo "Please run as root"
  exit
 fi

 usage() {
  echo "
  -h [required] <hostname>
  -p [required] <truststore password>
  -e [optional] <extra params to pass to openssl>
  -f [optional] <force import of certificate(s)>
  -j [optional] <JAVA_HOME path>

  Examples:
    Regular connectivity
      $0 -h google.com -p changeit
    Mutual Authentication
      $0 -h privateServer.test.com -p changeit -e \"-key key.pem -cert server.pem -CAfile ca.pem \"" 1>&2;

 exit 1;
 }

 while getopts ":h:p:e:fj:" o; do
    case "${o}" in
        h)
            hostname=${OPTARG}
            ;;
        p)
            password=${OPTARG}
            ;;
        e)
            sslparams=${OPTARG}
            ;;
        f)
            FORCE=true
            ;;
        j)
            javahome=${OPTARG}
            ;;
        *)
            usage
            ;;
    esac
 done

 shift $((OPTIND-1))


 if [ -z "${hostname}" ] || [ -z "${password}" ]; then
    usage
 fi


 IFS=':' read -a hostSplitted <<< "$hostname"

 if [ -z "${hostSplitted[1]}" ]; then
  hostSplitted[1]=443
 fi

 HOST=${hostSplitted[0]}
 PORT=${hostSplitted[1]}

 TRUSTSTOREPASS=${password}

 if [ -z "${javahome}" ]; then
  JAVA_EXEC=$(which java 2>/dev/null)
  TRUSTSTOREFILE=$(readlink -f "$JAVA_EXEC" | sed "s:bin/java::")
  TRUSTSTORE_KEYTOOL="$TRUSTSTOREFILE/bin/keytool"
 else
  TRUSTSTOREFILE="${javahome}"
  TRUSTSTORE_KEYTOOL="$javahome/bin/keytool"
 fi

 TRUSTSTOREFILE_JRE="$TRUSTSTOREFILE/jre/lib/security/cacerts"
 TRUSTSTOREFILE_NO_JRE="$TRUSTSTOREFILE/lib/security/cacerts"

 TRUSTSTOREFILE=""
 if [ -f "$TRUSTSTOREFILE_JRE" ]; then
  TRUSTSTOREFILE=$TRUSTSTOREFILE_JRE
 fi

 if [ -f "$TRUSTSTOREFILE_NO_JRE" ]; then
  TRUSTSTOREFILE=$TRUSTSTOREFILE_NO_JRE
 fi

 if [  -z $TRUSTSTOREFILE ];
 then
  echo "Cannot find trust store."
  exit 1
 fi


 PREFIX=$(</dev/urandom tr -dc "[:alnum:]" | head -c5)
 # get the SSL certificate
 openssl s_client -host ${HOST} -port ${PORT} -showcerts ${sslparams} 2>/dev/null </dev/null \
  | awk '/-----BEGIN CERTIFICATE-----/,/----END CERTIFICATE-----/{ print $0 }' \
  | awk -v prefix="$PREFIX" 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > prefix "-" c ".pem"}'

 if ls ./$PREFIX* 1> /dev/null 2>&1; then
  echo "Inserting certificates for: $HOST:$PORT"
  # create a TRUSTSTORE and import certificate
  for file in ./$PREFIX*; do
    SUBJECT_CN=$(openssl x509 -noout -subject -in $file | sed -n '/^subject/s/^.*CN=//p')

    if [ $FORCE ]; then
      $TRUSTSTORE_KEYTOOL -delete -noprompt -alias "$SUBJECT_CN" \
        -keystore ${TRUSTSTOREFILE} -storepass ${TRUSTSTOREPASS}
    fi

    OUTPUT=$($TRUSTSTORE_KEYTOOL -import -noprompt -trustcacerts \
      -alias "$SUBJECT_CN" -file $file \
      -keystore ${TRUSTSTOREFILE} -storepass ${TRUSTSTOREPASS} 2>&1)

    OUTPUT=$(echo $OUTPUT | sed 's/^.*://')

    echo $SUBJECT_CN ":" $OUTPUT

  done

  rm $PREFIX*
 else
  echo "Error connecting to server"
 fi
	#!/usr/bin/env bash

	if [ "$EUID" -ne 0 ]
	then echo "Please run as root"
	exit
	fi

	usage() {
	echo "
	-h [required] <hostname>
	-p [required] <truststore password>
	-e [optional] <extra params to pass to openssl>
	-f [optional] <force import of certificate(s)>
	-j [optional] <JAVA_HOME path>

	Examples:
	Regular connectivity
	$0 -h google.com -p changeit
	Mutual Authentication
	$0 -h privateServer.test.com -p changeit -e \"-key key.pem -cert server.pem -CAfile ca.pem \"" 1>&2;

	exit 1;
	}

	while getopts ":h:p:e:fj:" o; do
	case "${o}" in
	h)
	hostname=${OPTARG}
	;;
	p)
	password=${OPTARG}
	;;
	e)
	sslparams=${OPTARG}
	;;
	f)
	FORCE=true
	;;
	j)
	javahome=${OPTARG}
	;;
	*)
	usage
	;;
	esac
	done

	shift $((OPTIND-1))


	if [ -z "${hostname}" ] \|\| [ -z "${password}" ]; then
	usage
	fi


	IFS=':' read -a hostSplitted <<< "$hostname"

	if [ -z "${hostSplitted[1]}" ]; then
	hostSplitted[1]=443
	fi

	HOST=${hostSplitted[0]}
	PORT=${hostSplitted[1]}

	TRUSTSTOREPASS=${password}

	if [ -z "${javahome}" ]; then
	JAVA_EXEC=$(which java 2>/dev/null)
	TRUSTSTOREFILE=$(readlink -f "$JAVA_EXEC" \| sed "s:bin/java::")
	TRUSTSTORE_KEYTOOL="$TRUSTSTOREFILE/bin/keytool"
	else
	TRUSTSTOREFILE="${javahome}"
	TRUSTSTORE_KEYTOOL="$javahome/bin/keytool"
	fi

	TRUSTSTOREFILE_JRE="$TRUSTSTOREFILE/jre/lib/security/cacerts"
	TRUSTSTOREFILE_NO_JRE="$TRUSTSTOREFILE/lib/security/cacerts"

	TRUSTSTOREFILE=""
	if [ -f "$TRUSTSTOREFILE_JRE" ]; then
	TRUSTSTOREFILE=$TRUSTSTOREFILE_JRE
	fi

	if [ -f "$TRUSTSTOREFILE_NO_JRE" ]; then
	TRUSTSTOREFILE=$TRUSTSTOREFILE_NO_JRE
	fi

	if [ -z $TRUSTSTOREFILE ];
	then
	echo "Cannot find trust store."
	exit 1
	fi


	PREFIX=$(</dev/urandom tr -dc "[:alnum:]" \| head -c5)
	# get the SSL certificate
	openssl s_client -host ${HOST} -port ${PORT} -showcerts ${sslparams} 2>/dev/null </dev/null \
	\| awk '/-----BEGIN CERTIFICATE-----/,/----END CERTIFICATE-----/{ print $0 }' \
	\| awk -v prefix="$PREFIX" 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > prefix "-" c ".pem"}'

	if ls ./$PREFIX* 1> /dev/null 2>&1; then
	echo "Inserting certificates for: $HOST:$PORT"
	# create a TRUSTSTORE and import certificate
	for file in ./$PREFIX*; do
	SUBJECT_CN=$(openssl x509 -noout -subject -in $file \| sed -n '/^subject/s/^.*CN=//p')

	if [ $FORCE ]; then
	$TRUSTSTORE_KEYTOOL -delete -noprompt -alias "$SUBJECT_CN" \
	-keystore ${TRUSTSTOREFILE} -storepass ${TRUSTSTOREPASS}
	fi

	OUTPUT=$($TRUSTSTORE_KEYTOOL -import -noprompt -trustcacerts \
	-alias "$SUBJECT_CN" -file $file \
	-keystore ${TRUSTSTOREFILE} -storepass ${TRUSTSTOREPASS} 2>&1)

	OUTPUT=$(echo $OUTPUT \| sed 's/^.*://')

	echo $SUBJECT_CN ":" $OUTPUT

	done

	rm $PREFIX*
	else
	echo "Error connecting to server"
	fi