blob: d955ecdf3cfd8cc4dc13225a10612335f813775a [file] [log] [blame]
Jozsef Csongvai9d4d5af2020-07-13 11:10:25 -04001#!/bin/bash
Jakub Latusek2eea1492020-10-21 13:36:29 +02002{{/*
Jozsef Csongvai9d4d5af2020-07-13 11:10:25 -04003
4# Copyright © 2020 Bell Canada
5#
6# Licensed under the Apache License, Version 2.0 (the "License");
7# you may not use this file except in compliance with the License.
8# You may obtain a copy of the License at
9#
10# http://www.apache.org/licenses/LICENSE-2.0
11#
12# Unless required by applicable law or agreed to in writing, software
13# distributed under the License is distributed on an "AS IS" BASIS,
14# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15# See the License for the specific language governing permissions and
16# limitations under the License.
Jakub Latusek2eea1492020-10-21 13:36:29 +020017*/}}
Jozsef Csongvai9d4d5af2020-07-13 11:10:25 -040018
19CERTS_DIR=${CERTS_DIR:-/certs}
20WORK_DIR=${WORK_DIR:-/updatedTruststore}
21ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks}
22JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts}
23TRUSTSTORE_OUTPUT_FILENAME=${TRUSTSTORE_OUTPUT_FILENAME:-truststore.jks}
24
25mkdir -p $WORK_DIR
26
27# Decrypt and move relevant files to WORK_DIR
28for f in $CERTS_DIR/*; do
Sylvain Desbureaux36389672021-01-19 14:51:24 +010029 export canonical_name_nob64=$(echo $f | sed 's/.*\/\([^\/]*\)/\1/')
30 export canonical_name_b64=$(echo $f | sed 's/.*\/\([^\/]*\)\(\.b64\)/\1/')
Guillaume Lambert5f4af052021-03-09 21:52:32 +010031 if [ "$AAF_ENABLED" = "false" ] && [ "$canonical_name_b64" = "$ONAP_TRUSTSTORE" ]; then
Jozsef Csongvai9d4d5af2020-07-13 11:10:25 -040032 # Dont use onap truststore when aaf is disabled
33 continue
34 fi
Guillaume Lambert5f4af052021-03-09 21:52:32 +010035 if [ "$AAF_ENABLED" = "false" ] && [ "$canonical_name_nob64" = "$ONAP_TRUSTSTORE" ]; then
Sylvain Desbureaux36389672021-01-19 14:51:24 +010036 # Dont use onap truststore when aaf is disabled
Jozsef Csongvai9d4d5af2020-07-13 11:10:25 -040037 continue
38 fi
Guillaume Lambert5f4af052021-03-09 21:52:32 +010039 if [ ${f: -3} = ".sh" ]; then
Sylvain Desbureaux36389672021-01-19 14:51:24 +010040 continue
41 fi
Guillaume Lambert5f4af052021-03-09 21:52:32 +010042 if [ ${f: -4} = ".b64" ]
Jozsef Csongvai9d4d5af2020-07-13 11:10:25 -040043 then
44 base64 -d $f > $WORK_DIR/`basename $f .b64`
45 else
46 cp $f $WORK_DIR/.
47 fi
48done
49
50# Prepare truststore output file
Guillaume Lambert5f4af052021-03-09 21:52:32 +010051if [ "$AAF_ENABLED" = "true" ]
Jozsef Csongvai9d4d5af2020-07-13 11:10:25 -040052 then
53 mv $WORK_DIR/$ONAP_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME
54 else
55 echo "AAF is disabled, using JRE truststore"
56 cp $JRE_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME
57fi
58
59# Import Custom Certificates
60for f in $WORK_DIR/*; do
Guillaume Lambert5f4af052021-03-09 21:52:32 +010061 if [ ${f: -4} = ".pem" ]; then
Jozsef Csongvai9d4d5af2020-07-13 11:10:25 -040062 echo "importing certificate: $f"
63 keytool -import -file $f -alias `basename $f` -keystore $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME -storepass $TRUSTSTORE_PASSWORD -noprompt
Sylvain Desbureaux36389672021-01-19 14:51:24 +010064 if [ $? != 0 ]; then
Jozsef Csongvai9d4d5af2020-07-13 11:10:25 -040065 echo "failed importing certificate: $f"
66 exit 1
67 fi
68 fi
69done