Created
December 19, 2016 17:35
-
-
Save jcjones/cba5b26b20d569da46218ab6fbdada49 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Download the current NSS keystore from Mozilla-Central, and import it into | |
| # a Java Keystore (JKS). | |
| # | |
| function ensure_in_path() { | |
| prog=$1 | |
| shift | |
| if [ ! -x $(which ${prog}) ] ; then | |
| echo "You must have $* in the path as ${prog}" | |
| exit | |
| fi | |
| } | |
| DATESTAMP=$(date +%Y%m%d) | |
| INTERMEDIATE_DIR=$(mktemp -d /tmp/nss_keystore.XXXXXX) | |
| ORIG_DIR=$(pwd) | |
| ensure_in_path curl "Curl" | |
| ensure_in_path go "Golang" | |
| ensure_in_path gcsplit "Coreutils (specifically gcsplit)" | |
| ensure_in_path keytool "Java Keytool" | |
| cd ${INTERMEDIATE_DIR} | |
| curl https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt -o certdata.txt | |
| go get github.com/agl/extract-nss-root-certs | |
| extract-nss-root-certs > certdata-${DATESTAMP}.pems | |
| gcsplit --elide-empty-files --digits=3 --prefix=outfile certdata-${DATESTAMP}.pems "/^-----END CERTIFICATE-----$/+1" "{*}" | |
| for root in outfile*; do | |
| keytool -import -keystore ${ORIG_DIR}/nss_keystore_${DATESTAMP}.jks -storepass ${DATESTAMP} -trustcacerts -noprompt -alias $root -file $root | |
| done | |
| echo Output in ${ORIG_DIR}/nss_keystore_${DATESTAMP}.jks | |
| echo Storepass is ${DATESTAMP} | |
| echo Example: keytool -list -keystore ${ORIG_DIR}/nss_keystore_${DATESTAMP}.jks -storepass ${DATESTAMP} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment