Utils for installing JCE in java dirs or JDK tar.gz archives

install-jce.sh

#!/usr/bin/env bash

# http://redsymbol.net/articles/unofficial-bash-strict-mode/
set -euo pipefail


function cleanUp() {
    local exitCode=$?
    [ $exitCode -ne 0 ] && echo "ERROR: The script is exiting with an error. Please check the logs above."
    [ -f "${myJceZip:-}" ] && echo "CLEANUP: Cleaning up jce zip..." && rm -f "${myJceZip}"
    [ -d "${myJceDir:-}" ] && echo "CLEANUP: Cleaning up jce dir..." && rm -rf "${myJceDir}"
    if [[ "${myTempDir:-}" == /tmp/tmp.* ]]; then
        echo "CLENAUP: Cleaning up temp dir '$myTempDir'"
        rm -rf "$myTempDir"
    elif [ -n "${myTempDir:-}" ]; then
        die "myTempDir '$myTempDir' found but does not have the expected name. Will not delete. Please check."
    fi
    exit $exitCode
}

function confirm () {
    # call with a prompt string or use a default
    [ -n "${1:-}" ] && echo -e "$1"
    read -p "Are you sure? [y/N]" -n 1 -r
    [ -n "$REPLY" ] && echo    # (optional) move to a new line
    if [[ ! $REPLY =~ ^[Yy]$ ]]
    then
        dieGracefully "Received '$REPLY'. Not upgrading."
    fi
}

function getAbsFilename() {
  # $1 : relative filename
  echo "$(cd "$(dirname "$1")" && pwd)/$(basename "$1")"
}

function die() { echo "ERROR: $@" 1>&2 ; exit 1; }

function installIntoArchive() {
    local myArchive="$1"
    myArchive="$(getAbsFilename "$myArchive")"

    # check
    hash tar 2>/dev/null || die "I require tar but it's not installed. Aborting."

    # unpack
    myTempDir=$(mktemp -d -p '/tmp')
    echo "Unpacking into temp dir '$myTempDir'..."
    tar -xpf "$myArchive" -C "$myTempDir"

    # make backup
    myArchiveBackup="${myArchive}.$(date +"%Y%m%d%H%M%S")"
    myArchiveNew="${myArchive}.new"
    if [ -e "$myArchiveBackup" ]; then
        echo "Backup found. Not making backup..."
    else
        echo "Making backup"
        cp -p "$myArchive" "$myArchiveBackup"
    fi

    # ensure just one sub-dir then set myJavaHome
    if [ "$(find "$myTempDir" -mindepth 1 -maxdepth 1 -type d -printf 1)" -eq 1 ]; then
        myJavaHome="$(find "$myTempDir" -mindepth 1 -maxdepth 1 -type d -print)"
        echo "Found myJavaHome = $myJavaHome"
        ls -al "$myJavaHome"
    else
        ls -al "$myTempDir"
        die "Found more than one sub directory in '$myTempDir'. See above"
    fi

    # install
    installIntoJavaHome "$myJavaHome"

    # repack
    echo "Repacking to '$myArchive'..."
    pushd "$myTempDir"
        tar cpzf "$myArchiveNew" *
        echo "Showing diff (NOTE: needed to use awk to ignore owner and timestamps)"
        if tar --version | grep -i bsd > /dev/null; then
            diff --suppress-common-lines <(tar -tvf "$myArchiveNew" | awk '{ print $1" "$5" "$9 }' | sort) <(tar -tvf "$myArchiveBackup" | awk '{ print $1" "$5" "$9 }' | sort) && echo "Arhives are identical" || true
        elif tar --version | grep -i gnu > /dev/null; then
            diff --suppress-common-lines <(tar -tvf "$myArchiveNew" | awk '{ print $1" "$3" "$6 }' | sort) <(tar -tvf "$myArchiveBackup" | awk '{ print $1" "$3" "$6 }' | sort) && echo "Arhives are identical" || true
        else
            echo "Not showing diff because I can't recognise the tar version"
        fi
    popd

    confirm "Please check the diff above. Do you want to replace\n${myArchive}\nwith\n${myArchiveNew}"
    mv -v "$myArchiveNew" "$myArchive"
}

function installIntoJavaHome() {
    local myJavaHome="$1"
    local myJavaVer= myJceUrl=
    myJavaHome=$(getAbsFilename "$myJavaHome")

    [ -n "${myJavaHome}" ] || die "Option -j <path-to-java-home> is mandatory"
    [ -d "${myJavaHome}/jre/lib/security" ] || die "Cannot find directory at '${myJavaHome}/jre/lib/security'"
    [ -w "${myJavaHome}/jre/lib/security" ] || die "You do not have permissions to write to '${myJavaHome}/jre/lib/security'. Perhaps you need sudo?"
    ${myJavaHome}/bin/java -version &> /dev/null || die "Error when calling '${myJavaHome}/bin/java -version'. Please check..."
    myJavaVerStr="$(${myJavaHome}/bin/java -version 2>&1)"
    
    # check for openjdk
    echo -e "$myJavaVerStr" | grep -i openjdk && die "OpenJDK found. This is only needed for Oracle JDKs" || true
    myJavaVer=$(echo -e "$myJavaVerStr" | sed -n ';s/.* version "\(.*\)\.\(.*\)\..*"/\1\2/p;')
    if [[ "${myJavaVer}" == "18" ]]; then
        myJceUrl="http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip"
        myJceDir="UnlimitedJCEPolicyJDK8"
        myJceZip="jce_policy-8.zip"
    elif [[ "${myJavaVer}" == "17" ]]; then
        myJceUrl="http://download.oracle.com/otn-pub/java/jce/7/UnlimitedJCEPolicyJDK7.zip"
        myJceDir="UnlimitedJCEPolicy"
        myJceZip="UnlimitedJCEPolicyJDK7.zip"
    else
        die "Unsupported java version when calling '${myJavaHome}/bin/java -version'. Found '$myJavaVer'"
    fi

    echo "Downloading JCE from '$myJceUrl'"
    wget -N -q --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" "$myJceUrl"
    if hash unzip &> /dev/null; then
        unzip "${myJceZip}"
    else
        echo "No unzip found. Need to use python zipfile module..."
        python -m zipfile -e "${myJceZip}" .
    fi

    echo "Adding new files"

    cp -v "${myJceDir}"/*.jar ${myJavaHome}/jre/lib/security/
}

function usage() {
    cat << EOF
Usage: $0 [OPTIONS]

This script installs jce into a given java home dir or tar.gz archive

OPTIONS:
   -h      Show this message
   -z <p>  Path to target tar.gz or target java home dir
EOF
}

# Options parsing
while getopts “:hz:” OPTION; do
    case $OPTION in
        h) usage; exit 0;;
        z) myArg=$OPTARG;;
        ?) die "Unrecognised option.";;
    esac
done
trap cleanUp EXIT

# vars and check mandatory
[ -e "${myArg}" ] || die "You need specify a target tar zip archive."
if [ -d "$myArg" ]; then
    installIntoJavaHome "${myArg}"
else
    installIntoArchive "${myArg}"
fi