rmarchei/import_certs.sh

## import_certs.sh
#!/bin/bash
set -e

STOREPASS=changeit
BACKUP=false

function usage {
  echo "Usage: $0 [-h] [-b] [-s password] /path/to/java/home"
  echo " -h: show usage"
  echo " -b: backup keystore file"
  echo " -s: keystore password [default: $STOREPASS]"
  exit 1
}

OPTIND=1
while getopts ":hbs:" opt; do
  case $opt in
          h)      usage;;
          b)      BACKUP=true;;
          s)      STOREPASS=$OPTARG;;
          *)      usage;;
  esac
done
shift "$((OPTIND-1))"

JAVA_HOME=${1-text}
KEYSTORE=$JAVA_HOME/jre/lib/security/cacerts

[ $# -eq 0 ] && usage
[ -f $KEYSTORE ] || exit 2
$BACKUP && ( cp -a $KEYSTORE $KEYSTORE-$(date +"%Y%m%d%H%M%S") || exit 3 )

declare -A certs=( \
  ["isrgrootx1"]="https://letsencrypt.org/certs/letsencryptauthorityx1.der" \
  ["isrgrootx2"]="https://letsencrypt.org/certs/letsencryptauthorityx2.der" \
  ["letsencryptauthorityx1"]="https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.der" \
  ["letsencryptauthorityx2"]="https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.der" \
  ["letsencryptauthorityx3"]="https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der" \
  ["letsencryptauthorityx4"]="https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.der" \
)


for cert in "${!certs[@]}"; do
  echo "$cert - Importing from ${certs["$cert"]}"
  URL=${certs["$cert"]}
  FILENAME=${URL##*/}
  curl -sSLO "${URL}"
  keytool -delete -alias $cert -keystore $KEYSTORE -storepass $STOREPASS -noprompt 2> /dev/null || true
  keytool -trustcacerts -keystore $KEYSTORE -storepass $STOREPASS -noprompt -importcert -alias $cert -file $FILENAME
  rm -f $FILENAME
  echo
done
	#!/bin/bash
	set -e

	STOREPASS=changeit
	BACKUP=false

	function usage {
	echo "Usage: $0 [-h] [-b] [-s password] /path/to/java/home"
	echo " -h: show usage"
	echo " -b: backup keystore file"
	echo " -s: keystore password [default: $STOREPASS]"
	exit 1
	}

	OPTIND=1
	while getopts ":hbs:" opt; do
	case $opt in
	h) usage;;
	b) BACKUP=true;;
	s) STOREPASS=$OPTARG;;
	*) usage;;
	esac
	done
	shift "$((OPTIND-1))"

	JAVA_HOME=${1-text}
	KEYSTORE=$JAVA_HOME/jre/lib/security/cacerts

	[ $# -eq 0 ] && usage
	[ -f $KEYSTORE ] \|\| exit 2
	$BACKUP && ( cp -a $KEYSTORE $KEYSTORE-$(date +"%Y%m%d%H%M%S") \|\| exit 3 )

	declare -A certs=( \
	["isrgrootx1"]="https://letsencrypt.org/certs/letsencryptauthorityx1.der" \
	["isrgrootx2"]="https://letsencrypt.org/certs/letsencryptauthorityx2.der" \
	["letsencryptauthorityx1"]="https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.der" \
	["letsencryptauthorityx2"]="https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.der" \
	["letsencryptauthorityx3"]="https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der" \
	["letsencryptauthorityx4"]="https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.der" \
	)


	for cert in "${!certs[@]}"; do
	echo "$cert - Importing from ${certs["$cert"]}"
	URL=${certs["$cert"]}
	FILENAME=${URL##*/}
	curl -sSLO "${URL}"
	keytool -delete -alias $cert -keystore $KEYSTORE -storepass $STOREPASS -noprompt 2> /dev/null \|\| true
	keytool -trustcacerts -keystore $KEYSTORE -storepass $STOREPASS -noprompt -importcert -alias $cert -file $FILENAME
	rm -f $FILENAME
	echo
	done