source: TI12-security/trunk/esg_keytool_utils/export_keystore_certs2pems.sh @ 7263

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/esg_keytool_utils/export_keystore_certs2pems.sh@7263
Revision 7263, 2.1 KB checked in by pjkersha, 11 years ago (diff)

Script to export certificates from a Java keystore to PEM format files.

  • Property svn:executable set to *
Line 
1#!/bin/bash
2#
3# Script to export all the certificates from Java key store to PEM format
4#
5# @author P J Kershaw 04/08/2010
6#
7# @copyright: (C) 2010 STFC
8#
9# @license: BSD
10#
11# $Id$
12cmdline_opt=`getopt -o hc: --long help,config-file:: -n "$0" -- "$@"`
13
14usage="Usage: $(basename $0) [-h|--help] [-c|--config-file filename]"
15if [ $? != 0 ] ; then
16    echo $usage >&2 ;
17    exit 1 ;
18fi
19
20# Note the quotes around `$cmdline_opt': they are essential!
21eval set -- "$cmdline_opt"
22
23while true ; do
24    case "$1" in
25        -h|--help) echo $usage ; exit 0 ;;
26        -c|--config-file) config_filepath=$2 ; shift 2 ;;
27        --) shift ; break ;;
28        *) echo "Internal error!" ; exit 1 ;;
29    esac
30done
31
32if [ -z $config_filepath ]; then
33    echo "Missing config file path setting." >&2;
34    echo $usage >&2 ;
35    exit 1;
36fi
37
38# Read config file settings
39. $config_filepath
40
41if [ -z "$keystore" ]; then
42    echo "Missing 'keystore' setting from config file." >&2;
43    echo $usage >&2 ;
44    exit 1;
45fi
46
47# Keystore password may be retrieved from stdin
48if [ -z "$keystore_passwd" ]; then
49    # Read from stdin
50    read -t 60 -p "Keystore password: " -s keystore_passwd ;
51    echo ;
52fi
53
54if [ -z "$keystore_passwd" ]; then
55    echo "No keystore password set: exiting ..." >&2 ;
56    exit 1;
57   
58elif [ ${#keystore_passwd} -lt 6 ]; then
59    echo "keystore password must be longer than 6 characters." >&2 ;
60    exit 1;
61fi
62
63# Aliases for all the stored certificates
64aliases=$(keytool -list -keystore $keystore -storepass $keystore_passwd | grep trustedCertEntry|awk -F, '{print $1}')
65
66# Export based on alias
67for alias in $aliases; do
68    # Export as DER format cert
69    der_file="$tmp_dir/${alias}.der"
70    keytool -export -alias "$alias" -keystore $keystore -storepass $keystore_passwd -file "$der_file" 
71
72    # Find out the hash and use this to name the exported PEM file
73    cert_hash=$(openssl x509 -inform DER -in "$der_file" -noout -hash)
74    pem_file="$export_dir/${cert_hash}.0"
75   
76    # Convert exported file to PEM
77    openssl x509 -inform DER -in "$der_file" -outform PEM -out "$pem_file"
78
79    # Cleanup
80    rm -f "$der_file"
81done
Note: See TracBrowser for help on using the repository browser.