Import Let's Encrypt certs to JDK

import_certs.sh

#!/bin/bash
set -e

STOREPASS=changeit
BACKUP=false

function usage {
  echo "Usage: $0 [-h] [-b] [-s password] /path/to/java/home"
  echo " -h: show usage"
  echo " -b: backup keystore file"
  echo " -s: keystore password [default: $STOREPASS]"
  exit 1
}

OPTIND=1
while getopts ":hbs:" opt; do
  case $opt in
          h)      usage;;
          b)      BACKUP=true;;
          s)      STOREPASS=$OPTARG;;
          *)      usage;;
  esac
done
shift "$((OPTIND-1))"

JAVA_HOME=${1-text}
KEYSTORE=$JAVA_HOME/jre/lib/security/cacerts

[ $# -eq 0 ] && usage
[ -f $KEYSTORE ] || exit 2
$BACKUP && ( cp -a $KEYSTORE $KEYSTORE-$(date +"%Y%m%d%H%M%S") || exit 3 )

declare -A certs=( \
  ["isrgrootx1"]="https://letsencrypt.org/certs/letsencryptauthorityx1.der" \
  ["isrgrootx2"]="https://letsencrypt.org/certs/letsencryptauthorityx2.der" \
  ["letsencryptauthorityx1"]="https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.der" \
  ["letsencryptauthorityx2"]="https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.der" \
  ["letsencryptauthorityx3"]="https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der" \
  ["letsencryptauthorityx4"]="https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.der" \
) 


for cert in "${!certs[@]}"; do 
  echo "$cert - Importing from ${certs["$cert"]}"
  URL=${certs["$cert"]}
  FILENAME=${URL##*/}
  curl -sSLO "${URL}"
  keytool -delete -alias $cert -keystore $KEYSTORE -storepass $STOREPASS -noprompt 2> /dev/null || true
  keytool -trustcacerts -keystore $KEYSTORE -storepass $STOREPASS -noprompt -importcert -alias $cert -file $FILENAME
  rm -f $FILENAME
  echo
done