Home | History | Annotate | Download | only in files 
      1 #!/bin/bash
      2 #
      3 # Copyright (C) 2009 The Android Open Source Project
      4 #
      5 # Licensed under the Apache License, Version 2.0 (the "License");
      6 # you may not use this file except in compliance with the License.
      7 # You may obtain a copy of the License at
      8 #
      9 #      http://www.apache.org/licenses/LICENSE-2.0
     10 #
     11 # Unless required by applicable law or agreed to in writing, software
     12 # distributed under the License is distributed on an "AS IS" BASIS,
     13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14 # See the License for the specific language governing permissions and
     15 # limitations under the License.
     16 
     17 #
     18 # certimport.sh recreates the cacerts.bks file from the x509 CA
     19 # certificates in the cacerts directory.
     20 # 
     21 # By convention, the filenames in the cacerts directory are in the
     22 # format of <hash>.<n> where "hash" is the subject hash produced by:
     23 # 
     24 #     openssl x509 -subject_hash -in filename
     25 #
     26 # and the "n" is a unique integer identifier starting at 0 to deal
     27 # with collisions. See OpenSSL's c_rehash manpage for details.
     28 #
     29 # The filename itself is not important, and is around just for convention sake.
     30 #
     31 # usage is simply running ./certimport.sh from the scripts directory
     32 # 
     33 # java version >= 1.6 is required for this script.
     34 # 
     35 # This script was tested to work with bouncycastle 1.32.
     36 #
     37 
     38 set -x
     39 set -e
     40 
     41 CERTSTORE=cacerts.bks
     42 
     43 # put required 1.6 VM at head of PATH
     44 JDK6PATH=/usr/lib/jvm/java-6-sun/bin
     45 if [ ! -e $JDK6PATH/java ] ; then
     46   set +x
     47   echo
     48   echo "WARNING: could not find $JDK6PATH/java but continuing anyway."
     49   echo "    you might consider making sure the expected JDK is installed"
     50   echo "    or updating its location in this script."
     51   echo
     52   set -x
     53 fi
     54 export PATH=$JDK6PATH:$PATH
     55 
     56 # Check java version.
     57 JAVA_VERSION=`java -version 2>&1 | head -1`
     58 JAVA_VERSION_MINOR=`expr match "$JAVA_VERSION" "java version \"[1-9]\.\([0-9]\).*\""`
     59 if [ $JAVA_VERSION_MINOR -lt 6 ]; then
     60   set +x
     61   echo
     62   echo "ERROR: java version 1.6 or greater required for keytool usage"
     63   echo
     64   exit 1
     65 fi
     66 
     67 PROVIDER_CLASS=org.bouncycastle.jce.provider.BouncyCastleProvider
     68 PROVIDER_PATH=/usr/share/java/bcprov.jar
     69 
     70 if [ ! -e $PROVIDER_PATH ] ; then
     71   set +x
     72   echo
     73   echo "ERROR: could not find provider path $PROVIDER_PATH. Try installing with:"
     74   echo "    sudo apt-get install libbcprov-java"
     75   echo
     76   exit 1
     77 fi
     78 
     79 if [ -a $CERTSTORE ]; then
     80     rm $CERTSTORE || exit 1
     81 fi
     82 
     83 if [ -z "$STOREPASS" ]; then
     84     STOREPASS=changeit
     85 fi
     86 
     87 COUNTER=0
     88 for cert in `ls -1 cacerts`
     89   do
     90   yes | keytool \
     91       -import \
     92       -v \
     93       -trustcacerts \
     94       -alias $COUNTER \
     95       -file <(openssl x509 -in cacerts/$cert) \
     96       -keystore $CERTSTORE \
     97       -storetype BKS \
     98       -provider $PROVIDER_CLASS \
     99       -providerpath $PROVIDER_PATH \
    100       -storepass $STOREPASS
    101   let "COUNTER=$COUNTER + 1"
    102 done
    103 
    104 keytool \
    105       -list \
    106       -v \
    107       -keystore $CERTSTORE \
    108       -storetype BKS \
    109       -provider $PROVIDER_CLASS \
    110       -providerpath $PROVIDER_PATH \
    111       -storepass $STOREPASS
    112