forked from oracle/docker-images
-
Notifications
You must be signed in to change notification settings - Fork 0
/
addCertificate
executable file
·110 lines (94 loc) · 3.83 KB
/
addCertificate
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
#!/bin/bash
# Copyright (c) 2019 Oracle and/or its affiliates. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
#
# Since: August, 2019
# Author: Stephen Balousek <[email protected]>
# Description: Load a certificate into the client wallet for a deployment
#
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
#
function error_exit {
## Displays an error message and then exits the application
echo "Error: $*"
exit 1
}
function get_deployments_directory {
## Sets ${deployments_directory} to the name of the base directory for deployments
[[ -n "${OGG_DEPLOY_BASE}" ]] || error_exit 'No definition for "OGG_DEPLOY_BASE"'
[[ -d "${OGG_DEPLOY_BASE}" ]] || error_exit 'OGG Deployments directory "'${OGG_DEPLOY_BASE}'" does not exist'
deployments_directory="${OGG_DEPLOY_BASE}"
}
function get_deployment_names {
## Sets ${deployment_names} to the names of known deployments
get_deployments_directory
deployment_names=$(ls -1 "${deployments_directory}")
}
function get_host_name {
## Ensure HOSTNAME is populated with something
[[ -n "${HOSTNAME}" ]] || export HOSTNAME="$(hostname 2>/dev/null || echo 'localhost')"
}
function get_password {
## Read a password from the terminal
local target=$1
local variable=$2
stty -echo
/bin/echo -n "Enter initial password for ${target}: " 1>&2
read ${variable}
/bin/echo
stty echo
}
function add_client_certificate {
## Add a certificate - either a file or a URL - to a client wallet
local target="$1"
local deployment_name="$2"
local deployment_directory="${deployments_directory}/${deployment_name}"
local client_wallet_directory="${deployment_directory}/etc/ssl/${HOSTNAME}"
[[ -f "${target}" ]] && {
local certificate=${target}
local user_certificate=true
} || {
local certificate=$(mktemp)
local user_certificate=false
ex +"/BEGIN CERTIFICATE/,/END CERTIFICATE/p" <(openssl s_client -showcerts -connect ${target} </dev/null) -scq > "${certificate}" || \
error_exit 'Failed to retrieve certificate from "'${target}'"'
}
local client_wallet_password="${OGG_ADMIN_PWD}"
[[ -n "${client_wallet_password}" ]] || get_password "OGG Administrator" client_wallet_password
client_wallet_password+="-A1"
orapki wallet add -wallet "${client_wallet_directory}" -cert "${certificate}" -trusted_cert -pwd "${client_wallet_password}"
( ${user_certificate} ) || rm -f "${certificate}"
}
function main {
## Application entry point
[[ -n "$1" ]] || {
cat<<EOF
Usage: $(basename $0) <remote-host> [ <deployment-name> ]
Example: $(basename $0) localhost:443 Target
Adds the certificate for https://localhost:443 to the 'Target' deployment's
client wallet.
Example: $(basename $0) localhost:443
Adds the certificate for https://localhost:443 to the client wallet for
all deployments.
EOF
exit 1
}
get_deployments_directory
get_host_name
local target="$1"
shift
deployment_names=$*
[[ -n "${deployment_names}" ]] || get_deployment_names
for deployment_name in ${deployment_names}; do
deployment_directory="${deployments_directory}/${deployment_name}"
[[ -d "${deployment_directory}" ]] || error_exit "Deployment '${deployment_name}' does not exist"
client_wallet_directory="${deployment_directory}/etc/ssl/${HOSTNAME}"
[[ -d "${client_wallet_directory}" ]] || continue
echo "--------------------------------------------------------------------------"
echo "-- Deployment: ${deployment_name}"
echo "--------------------------------------------------------------------------"
add_client_certificate "${target}" "${deployment_name}"
echo
done
}
main $*