certimport.sh - Android社区 - https://www.androidos.net.cn/

#!/bin/bash
#
# Copyright (C) 2009 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

#
# certimport.sh recreates the cacerts.bks file from the x509 CA
# certificates in the cacerts directory.
# 
# By convention, the filenames in the cacerts directory are in the
# format of <hash>.<n> where "hash" is the subject hash produced by:
# 
#     openssl x509 -subject_hash -in filename
#
# and the "n" is a unique integer identifier starting at 0 to deal
# with collisions. See OpenSSL's c_rehash manpage for details.
#
# The filename itself is not important, and is around just for convention sake.
#
# usage is simply running ./certimport.sh from the scripts directory
# 
# java version >= 1.6 is required for this script.
# 
# This script was tested to work with bouncycastle 1.32.
#

set -x
set -e

CERTSTORE=cacerts.bks

# put required 1.6 VM at head of PATH
JDK6PATH=/usr/lib/jvm/java-6-sun/bin
if [ ! -e $JDK6PATH/java ] ; then
  set +x
  echo
  echo "WARNING: could not find $JDK6PATH/java but continuing anyway."
  echo "    you might consider making sure the expected JDK is installed"
  echo "    or updating its location in this script."
  echo
  set -x
fi
export PATH=$JDK6PATH:$PATH

# Check java version.
JAVA_VERSION=`java -version 2>&1 | head -1`
JAVA_VERSION_MINOR=`expr match "$JAVA_VERSION" "java version \"[1-9]\.\([0-9]\).*\""`
if [ $JAVA_VERSION_MINOR -lt 6 ]; then
  set +x
  echo
  echo "ERROR: java version 1.6 or greater required for keytool usage"
  echo
  exit 1
fi

PROVIDER_CLASS=org.bouncycastle.jce.provider.BouncyCastleProvider
PROVIDER_PATH=/usr/share/java/bcprov.jar

if [ ! -e $PROVIDER_PATH ] ; then
  set +x
  echo
  echo "ERROR: could not find provider path $PROVIDER_PATH. Try installing with:"
  echo "    sudo apt-get install libbcprov-java"
  echo
  exit 1
fi

if [ -a $CERTSTORE ]; then
    rm $CERTSTORE || exit 1
fi

if [ -z "$STOREPASS" ]; then
    STOREPASS=changeit
fi

COUNTER=0
for cert in `ls -1 cacerts`
  do
  yes | keytool \
      -import \
      -v \
      -trustcacerts \
      -alias $COUNTER \
      -file <(openssl x509 -in cacerts/$cert) \
      -keystore $CERTSTORE \
      -storetype BKS \
      -provider $PROVIDER_CLASS \
      -providerpath $PROVIDER_PATH \
      -storepass $STOREPASS
  let "COUNTER=$COUNTER + 1"
done

keytool \
      -list \
      -v \
      -keystore $CERTSTORE \
      -storetype BKS \
      -provider $PROVIDER_CLASS \
      -providerpath $PROVIDER_PATH \
      -storepass $STOREPASS