Blame - kubernetes/common/cert-wrapper/resources/import-custom-certs.sh - onap/oom

blob: 96b0c0c0c8f8168b530de2eda64b624ec9c2d7bf [file] [log] [blame]

a.sreekumar	f79b667	2021-05-19 12:52:14 +0100	[diff] [blame]	1	#!/bin/sh
Jakub Latusek	2eea149	2020-10-21 13:36:29 +0200	[diff] [blame]	2	{{/*
Jozsef Csongvai	9d4d5af	2020-07-13 11:10:25 -0400	[diff] [blame]	3
a.sreekumar	f79b667	2021-05-19 12:52:14 +0100	[diff] [blame]	4	# Copyright © 2020-2021 Bell Canada
Jozsef Csongvai	9d4d5af	2020-07-13 11:10:25 -0400	[diff] [blame]	5	#
				6	# Licensed under the Apache License, Version 2.0 (the "License");
				7	# you may not use this file except in compliance with the License.
				8	# You may obtain a copy of the License at
				9	#
				10	# http://www.apache.org/licenses/LICENSE-2.0
				11	#
				12	# Unless required by applicable law or agreed to in writing, software
				13	# distributed under the License is distributed on an "AS IS" BASIS,
				14	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				15	# See the License for the specific language governing permissions and
				16	# limitations under the License.
Jakub Latusek	2eea149	2020-10-21 13:36:29 +0200	[diff] [blame]	17	*/}}
Jozsef Csongvai	9d4d5af	2020-07-13 11:10:25 -0400	[diff] [blame]	18
				19	CERTS_DIR=${CERTS_DIR:-/certs}
Sylvain Desbureaux	bd94a04	2021-04-19 16:00:49 +0200	[diff] [blame]	20	MORE_CERTS_DIR=${MORE_CERTS_DIR:-/more_certs}
Jozsef Csongvai	9d4d5af	2020-07-13 11:10:25 -0400	[diff] [blame]	21	WORK_DIR=${WORK_DIR:-/updatedTruststore}
				22	ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks}
				23	JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts}
				24	TRUSTSTORE_OUTPUT_FILENAME=${TRUSTSTORE_OUTPUT_FILENAME:-truststore.jks}
Abdelmuhaimen Seaudi	3dc8cc2	2021-09-05 16:32:22 +0200	[diff] [blame]	25	SSL_WORKDIR=${SSL_WORKDIR:-/usr/local/share/ca-certificates}
Jozsef Csongvai	9d4d5af	2020-07-13 11:10:25 -0400	[diff] [blame]	26
				27	mkdir -p $WORK_DIR
				28
				29	# Decrypt and move relevant files to WORK_DIR
				30	for f in $CERTS_DIR/*; do
Sylvain Desbureaux	3638967	2021-01-19 14:51:24 +0100	[diff] [blame]	31	export canonical_name_nob64=$(echo $f \| sed 's/.\/$[^\/]$/\1/')
				32	export canonical_name_b64=$(echo $f \| sed 's/.\/$[^\/]$$\.b64$/\1/')
Guillaume Lambert	5f4af05	2021-03-09 21:52:32 +0100	[diff] [blame]	33	if [ "$AAF_ENABLED" = "false" ] && [ "$canonical_name_b64" = "$ONAP_TRUSTSTORE" ]; then
Jozsef Csongvai	9d4d5af	2020-07-13 11:10:25 -0400	[diff] [blame]	34	# Dont use onap truststore when aaf is disabled
				35	continue
				36	fi
Guillaume Lambert	5f4af05	2021-03-09 21:52:32 +0100	[diff] [blame]	37	if [ "$AAF_ENABLED" = "false" ] && [ "$canonical_name_nob64" = "$ONAP_TRUSTSTORE" ]; then
Sylvain Desbureaux	3638967	2021-01-19 14:51:24 +0100	[diff] [blame]	38	# Dont use onap truststore when aaf is disabled
Jozsef Csongvai	9d4d5af	2020-07-13 11:10:25 -0400	[diff] [blame]	39	continue
				40	fi
guillaume.lambert	639768e	2021-09-07 16:09:54 +0200	[diff] [blame]	41	if echo $f \| grep '\.sh$' >/dev/null; then
Sylvain Desbureaux	3638967	2021-01-19 14:51:24 +0100	[diff] [blame]	42	continue
				43	fi
Bartek Grzybowski	44037b9	2022-01-26 12:27:00 +0100	[diff] [blame]	44	if echo $f \| grep '\.b64$' >/dev/null
Jozsef Csongvai	9d4d5af	2020-07-13 11:10:25 -0400	[diff] [blame]	45	then
				46	base64 -d $f > $WORK_DIR/`basename $f .b64`
				47	else
				48	cp $f $WORK_DIR/.
				49	fi
				50	done
				51
Sylvain Desbureaux	bd94a04	2021-04-19 16:00:49 +0200	[diff] [blame]	52	for f in $MORE_CERTS_DIR/*; do
guillaume.lambert	639768e	2021-09-07 16:09:54 +0200	[diff] [blame]	53	if echo $f \| grep '\.pem$' >/dev/null; then
Sylvain Desbureaux	bd94a04	2021-04-19 16:00:49 +0200	[diff] [blame]	54	cp $f $WORK_DIR/.
				55	fi
				56	done
				57
Jozsef Csongvai	9d4d5af	2020-07-13 11:10:25 -0400	[diff] [blame]	58	# Prepare truststore output file
Guillaume Lambert	5f4af05	2021-03-09 21:52:32 +0100	[diff] [blame]	59	if [ "$AAF_ENABLED" = "true" ]
Jozsef Csongvai	9d4d5af	2020-07-13 11:10:25 -0400	[diff] [blame]	60	then
Sylvain Desbureaux	ff5947f	2021-04-19 15:32:44 +0200	[diff] [blame]	61	echo "AAF is enabled, use 'AAF' truststore"
				62	export TRUSTSTORE_OUTPUT_FILENAME=${ONAP_TRUSTSTORE}
Jozsef Csongvai	9d4d5af	2020-07-13 11:10:25 -0400	[diff] [blame]	63	else
				64	echo "AAF is disabled, using JRE truststore"
				65	cp $JRE_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME
				66	fi
				67
				68	# Import Custom Certificates
				69	for f in $WORK_DIR/*; do
guillaume.lambert	639768e	2021-09-07 16:09:54 +0200	[diff] [blame]	70	if echo $f \| grep '\.pem$' >/dev/null; then
Jozsef Csongvai	9d4d5af	2020-07-13 11:10:25 -0400	[diff] [blame]	71	echo "importing certificate: $f"
				72	keytool -import -file $f -alias `basename $f` -keystore $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME -storepass $TRUSTSTORE_PASSWORD -noprompt
Sylvain Desbureaux	3638967	2021-01-19 14:51:24 +0100	[diff] [blame]	73	if [ $? != 0 ]; then
Jozsef Csongvai	9d4d5af	2020-07-13 11:10:25 -0400	[diff] [blame]	74	echo "failed importing certificate: $f"
				75	exit 1
				76	fi
				77	fi
				78	done
Abdelmuhaimen Seaudi	3dc8cc2	2021-09-05 16:32:22 +0200	[diff] [blame]	79
				80	# Import certificates to Linux SSL Truststore
				81	cp $CERTS_DIR/*.crt $SSL_WORKDIR/.
				82	cp $MORE_CERTS_DIR/*.crt $SSL_WORKDIR/.
				83	update-ca-certificates
				84	if [ $? != 0 ]
				85	then
				86	echo "failed importing certificates"
				87	exit 1
				88	else
				89	cp /etc/ssl/certs/ca-certificates.crt $WORK_DIR/.
Bartek Grzybowski	44037b9	2022-01-26 12:27:00 +0100	[diff] [blame]	90	fi