turtlebender · August 6, 2015 13:42
diff --git a/getcert.sh b/getcert.sh
 !/bin/bash

 # This script will grab the certificate from the specified host and add it to the Java cacerts keystore

 function usage
 {
    printf 'Usage: grab-cert.sh hostname port\n' >&2
    exit 1
 }

 if [ `id -u` != "0" ]; then
    printf 'You must be running as root to perform this update!\n' >&2
    exit 1
 fi

 keytool_command=$(find //usr/lib/jvm/java* -name keytool | head -1)
 if  [ -z keytool_command ]; then
    printf 'Unable to locate the Java keytool command!\n' >&2;
    exit 1;
 fi

 if [ $# -gt 2 ]; then
    usage
 fi

 if [[ "$1" == "-h"  ||  "$1" == "--help" ]]; then
    usage
 fi

 if [ $# -ne 0 ]; then
    host=$(echo $1 | cut -f 1 -d':')
    port=$(echo $1 | grep ':' | cut -f 2 -d':')
 fi

 if [ $# -eq 2 ]; then
    port=${port:-$2}
 fi

 while [ -z $host ]
 do
    read -p 'Enter the hostname where you wish to get the certificate from: ' host
    host=$(echo $host | cut -f 2 -d':')
    port=$(echo $host | grep ':' | cut -f 2 -d':')
 done

 if [ -z $port ]; then
    read -p 'Enter the port (default is 443): ' port
 fi

 port=${port:-443}

 cacerts_file=(`find /usr/lib/jvm/java* -name cacerts`)

 if [ ${#cacerts_file[@]} -gt 1 ] ; then
   printf "More than 1 cacerts file was found.  You will need to modify this script to process the correct one!!!!\n"
   for file in "${cacerts_file[@]}"
   do
        printf "${file}\n"
   done

   printf "grab-cert.sh failed!\n\n"
   
   exit 1
 fi

 if [ -z $cacerts_file ] ; then
    printf 'Could not locate the Java keystore!\n' >&2
    exit 1
 fi


 $keytool_command -delete -alias $host -keystore $cacerts_file -storepass changeit  > /dev/null 2>&1

 rm -f /tmp/${host}.pem

 echo "Grabbing the certificate from the server ${host}:${port} ...."

 echo "QUIT" | openssl s_client -connect ${host}:${port} 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/${host}.pem

 echo "Importing the certificate into the truststore ${cacerts_file} ...."

 $keytool_command -import -noprompt -trustcacerts -alias $host -file /tmp/${host}.pem -keystore $cacerts_file -storepass changeit

 rm -f /tmp/${host}.pem

 $keytool_command -list -v -keystore $cacerts_file -storepass changeit -alias $host | grep "Alias name:" | sed 's/^ *//'
 $keytool_command -list -v -keystore $cacerts_file -storepass changeit -alias $host | grep "IPAddress:"  | sed 's/^ *//'
 $keytool_command -list -v -keystore $cacerts_file -storepass changeit -alias $host | grep "DNSName:"    | sed 's/^ *//'
	!/bin/bash

	# This script will grab the certificate from the specified host and add it to the Java cacerts keystore

	function usage
	{
	printf 'Usage: grab-cert.sh hostname port\n' >&2
	exit 1
	}

	if [ `id -u` != "0" ]; then
	printf 'You must be running as root to perform this update!\n' >&2
	exit 1
	fi

	keytool_command=$(find //usr/lib/jvm/java* -name keytool \| head -1)
	if [ -z keytool_command ]; then
	printf 'Unable to locate the Java keytool command!\n' >&2;
	exit 1;
	fi

	if [ $# -gt 2 ]; then
	usage
	fi

	if [[ "$1" == "-h" \|\| "$1" == "--help" ]]; then
	usage
	fi

	if [ $# -ne 0 ]; then
	host=$(echo $1 \| cut -f 1 -d':')
	port=$(echo $1 \| grep ':' \| cut -f 2 -d':')
	fi

	if [ $# -eq 2 ]; then
	port=${port:-$2}
	fi

	while [ -z $host ]
	do
	read -p 'Enter the hostname where you wish to get the certificate from: ' host
	host=$(echo $host \| cut -f 2 -d':')
	port=$(echo $host \| grep ':' \| cut -f 2 -d':')
	done

	if [ -z $port ]; then
	read -p 'Enter the port (default is 443): ' port
	fi

	port=${port:-443}

	cacerts_file=(`find /usr/lib/jvm/java* -name cacerts`)

	if [ ${#cacerts_file[@]} -gt 1 ] ; then
	printf "More than 1 cacerts file was found. You will need to modify this script to process the correct one!!!!\n"
	for file in "${cacerts_file[@]}"
	do
	printf "${file}\n"
	done

	printf "grab-cert.sh failed!\n\n"

	exit 1
	fi

	if [ -z $cacerts_file ] ; then
	printf 'Could not locate the Java keystore!\n' >&2
	exit 1
	fi


	$keytool_command -delete -alias $host -keystore $cacerts_file -storepass changeit > /dev/null 2>&1

	rm -f /tmp/${host}.pem

	echo "Grabbing the certificate from the server ${host}:${port} ...."

	echo "QUIT" \| openssl s_client -connect ${host}:${port} 2>&1 \| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/${host}.pem

	echo "Importing the certificate into the truststore ${cacerts_file} ...."

	$keytool_command -import -noprompt -trustcacerts -alias $host -file /tmp/${host}.pem -keystore $cacerts_file -storepass changeit

	rm -f /tmp/${host}.pem

	$keytool_command -list -v -keystore $cacerts_file -storepass changeit -alias $host \| grep "Alias name:" \| sed 's/^ *//'
	$keytool_command -list -v -keystore $cacerts_file -storepass changeit -alias $host \| grep "IPAddress:" \| sed 's/^ *//'
	$keytool_command -list -v -keystore $cacerts_file -storepass changeit -alias $host \| grep "DNSName:" \| sed 's/^ *//'