From 5fac0c6c58f9ca7eaa86396f35a87b23ea092c99 Mon Sep 17 00:00:00 2001 From: Brian Carlstrom Date: Tue, 9 Mar 2010 11:30:13 -0800 Subject: Fix certimport.sh to check for Bouncy Castle provider installation (and add 1.6 JDK to PATH) Now if certimport.sh is run on a machine without the BouncyCastleProvider installed, it will suggest how to apt-get install the proper package. At enh's suggestion, I tried running with out own local Bouncy Castle classes to see what would happen, but the code ended up depending on our NativeCrypto JNI code and there that isn't proper JNI code to be loading into a RI JDK. Also at enh's suggestion, we now prepend a JDK 1.6 bin directory to the path for correctly correct default behavior. I do make sure it exists and warn if it does not. Change-Id: Ic936a6cc69fa3795e917c052ed79d19b2e66b5a1 --- security/src/main/files/certimport.sh | 36 +++++++++++++++++++++++++++++++---- 1 file changed, 32 insertions(+), 4 deletions(-) (limited to 'security/src') diff --git a/security/src/main/files/certimport.sh b/security/src/main/files/certimport.sh index c021a10..ca36a70 100755 --- a/security/src/main/files/certimport.sh +++ b/security/src/main/files/certimport.sh @@ -7,12 +7,40 @@ set -e CERTSTORE=cacerts.bks +# put required 1.6 VM at head of PATH +JDK6PATH=/usr/lib/jvm/java-6-sun/bin +if [ ! -e $JDK6PATH/java ] ; then + set +x + echo + echo "WARNING: could not find $JDK6PATH/java but continuing anyway." + echo " you might consider making sure the expected JDK is installed" + echo " or updating its location in this script." + echo + set -x +fi +export PATH=$JDK6PATH:$PATH + # Check java version. JAVA_VERSION=`java -version 2>&1 | head -1` JAVA_VERSION_MINOR=`expr match "$JAVA_VERSION" "java version \"[1-9]\.\([0-9]\).*\""` if [ $JAVA_VERSION_MINOR -lt 6 ]; then - echo "java version 1.6 or greater required for keytool usage" - exit 255 + set +x + echo + echo "ERROR: java version 1.6 or greater required for keytool usage" + echo + exit 1 +fi + +PROVIDER_CLASS=org.bouncycastle.jce.provider.BouncyCastleProvider +PROVIDER_PATH=/usr/share/java/bcprov.jar + +if [ ! -e $PROVIDER_PATH ] ; then + set +x + echo + echo "ERROR: could not find provider path $PROVIDER_PATH. Try installing with:" + echo " sudo apt-get install libbcprov-java" + echo + exit 1 fi if [ -a $CERTSTORE ]; then @@ -34,8 +62,8 @@ for cert in `ls -1 cacerts` -file <(openssl x509 -in cacerts/$cert) \ -keystore $CERTSTORE \ -storetype BKS \ - -provider org.bouncycastle.jce.provider.BouncyCastleProvider \ - -providerpath /usr/share/java/bcprov.jar \ + -provider $PROVIDER_CLASS \ + -providerpath $PROVIDER_PATH \ -storepass $STOREPASS let "COUNTER=$COUNTER + 1" done -- cgit v1.1