Submitted By: DJ Lucas Date: 2010-09-08 Initial Package Version: 1.9 Upstream Status: submitted Origin: self Description: Allows the build to generate a valid JDK cacerts file using the system installed CA certificates. diff -Naurp icedtea6-1.9-orig/acinclude.m4 icedtea6-1.9/acinclude.m4 --- icedtea6-1.9-orig/acinclude.m4 2010-09-07 18:28:40.000000000 -0500 +++ icedtea6-1.9/acinclude.m4 2010-09-07 18:29:15.000000000 -0500 @@ -316,6 +316,91 @@ AC_DEFUN_ONCE([IT_CAN_HARDLINK_TO_SOURCE AM_CONDITIONAL([SRC_DIR_HARDLINKABLE], test x"${it_cv_hardlink_src}" = "xyes") ]) +AC_DEFUN([IT_GENERATE_CACERTS], +[ + AC_MSG_CHECKING([whether to generate a cacerts file for distribution]) + AC_ARG_ENABLE([cacerts], + [AS_HELP_STRING(--enable-cacerts, generate a cacerts file for distribution [[default=no]])], + [ + case "${enableval}" in + no) + generate_cacerts=no + ;; + *) + generate_cacerts=yes + ;; + esac + ], + [ + generate_cacerts=no + ]) + AC_MSG_RESULT([$generate_cacerts]) + AM_CONDITIONAL([GENERATE_CACERTS], test x"${generate_cacerts}" = "xyes") +]) + +AC_DEFUN([IT_GET_LOCAL_CACERTS], +[ + AC_MSG_CHECKING([for a local x509 certificate directory]) + AC_ARG_WITH([ca-dir], + [AS_HELP_STRING(--with-ca-dir=DIR, specify a top-level local x509 certificate directory)], + [ + if test -d "${withval}"; then + CADIR="${withval}" + fi + ], + [ + CADIR= + ]) + if test -z "${CADIR}"; then + for dir in /etc/pki/tls/certs \ + /usr/share/ca-certificates \ + /etc/ssl/certs \ + /etc/certs ; do + if test -d "${dir}"; then + CADIR="${dir}" + break + fi + done + if test -z "${CADIR}"; then + CADIR=no + fi + fi + AC_MSG_RESULT(${CADIR}) + AC_SUBST(CADIR) + + AC_MSG_CHECKING([for a local x509 certificate file]) + AC_ARG_WITH([ca-file], + [AS_HELP_STRING(--with-ca-file=FILE, specify a local x509 certificate file)], + [ + if test -f "${withval}"; then + CAFILE="${withval}" + fi + ], + [ + CAFILE= + ]) + if test -z "${CAFILE}"; then + for file in /etc/pki/tls/certs/ca-bundle.crt \ + /etc/ssl/certs/ca-bundle.crt \ + /etc/ssl/ca-bundle.crt \ + /etc/ca-bundle.crt ; do + if test -e "${file}"; then + CAFILE=$file + break + fi + done + if test -z "${CAFILE}"; then + CAFILE=no + fi + fi + AC_MSG_RESULT(${CAFILE}) + AC_SUBST(CAFILE) + if test "${CADIR}x" = "nox" -a "${CAFILE}x" = "nox"; then + AC_MSG_WARN([Could not find a suitable x509 certificate store.]) + AC_MSG_ERROR([Supply a valid location using --with-ca-dir or --with-ca-file, or remove the --enable-cacerts switch.]) + fi +]) + AC_DEFUN([FIND_ECJ_JAR], [ AC_MSG_CHECKING([for an ecj JAR file]) diff -Naurp icedtea6-1.9-orig/configure icedtea6-1.9/configure --- icedtea6-1.9-orig/configure 2010-09-07 18:28:40.000000000 -0500 +++ icedtea6-1.9/configure 2010-09-07 18:29:54.000000000 -0500 @@ -737,6 +737,10 @@ DIST_ID PKGVERSION HAS_PKGVERSION_FALSE HAS_PKGVERSION_TRUE +CAFILE +CADIR +GENERATE_CACERTS_FALSE +GENERATE_CACERTS_TRUE ENABLE_NSS_FALSE ENABLE_NSS_TRUE NSS_LIBDIR @@ -915,6 +919,9 @@ enable_xrender enable_nio2 enable_systemtap enable_nss +enable_cacerts +with_ca_dir +with_ca_file with_pkgversion enable_bootstrap with_jdk_home @@ -1625,6 +1632,8 @@ Optional Features: --enable-nio2 Enable inclusion of backported NIO2 --enable-systemtap Enable inclusion of SystemTap trace support --enable-nss Enable inclusion of NSS security provider + --enable-cacerts generate a cacerts file for distribution + [default=no] --disable-bootstrap don't build a bootstrap version [default=no] --enable-cacao use CACAO as VM [default=no] --disable-optimizations build with -O0 -g [default=no] @@ -1643,6 +1652,8 @@ Optional Packages: --with-parallel-jobs build IcedTea using the specified number of parallel jobs --with-ant-home Ant home directory (default is /usr/share/ant) + --with-ca-dir=DIR specify a top-level local x509 certificate directory + --with-ca-file=FILE specify a local x509 certificate file --with-pkgversion=PKG Use PKG in the version string in addition to "IcedTea" --with-jdk-home jdk home directory (default is first predefined JDK @@ -7712,6 +7723,117 @@ $as_echo "disabled by default (edit java fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to generate a cacerts file for distribution" >&5 +$as_echo_n "checking whether to generate a cacerts file for distribution... " >&6; } + # Check whether --enable-cacerts was given. +if test "${enable_cacerts+set}" = set; then : + enableval=$enable_cacerts; + case "${enableval}" in + no) + generate_cacerts=no + ;; + *) + generate_cacerts=yes + ;; + esac + +else + + generate_cacerts=no + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $generate_cacerts" >&5 +$as_echo "$generate_cacerts" >&6; } + if test x"${generate_cacerts}" = "xyes"; then + GENERATE_CACERTS_TRUE= + GENERATE_CACERTS_FALSE='#' +else + GENERATE_CACERTS_TRUE='#' + GENERATE_CACERTS_FALSE= +fi + + + +if test "x${generate_cacerts}" = "xyes" +then + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a local x509 certificate directory" >&5 +$as_echo_n "checking for a local x509 certificate directory... " >&6; } + +# Check whether --with-ca-dir was given. +if test "${with_ca_dir+set}" = set; then : + withval=$with_ca_dir; + if test -d "${withval}"; then + CADIR="${withval}" + fi + +else + + CADIR= + +fi + + if test -z "${CADIR}"; then + for dir in /etc/pki/tls/certs \ + /usr/share/ca-certificates \ + /etc/ssl/certs \ + /etc/certs ; do + if test -d "${dir}"; then + CADIR="${dir}" + break + fi + done + if test -z "${CADIR}"; then + CADIR=no + fi + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${CADIR}" >&5 +$as_echo "${CADIR}" >&6; } + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a local x509 certificate file" >&5 +$as_echo_n "checking for a local x509 certificate file... " >&6; } + +# Check whether --with-ca-file was given. +if test "${with_ca_file+set}" = set; then : + withval=$with_ca_file; + if test -f "${withval}"; then + CAFILE="${withval}" + fi + +else + + CAFILE= + +fi + + if test -z "${CAFILE}"; then + for file in /etc/pki/tls/certs/ca-bundle.crt \ + /etc/ssl/certs/ca-bundle.crt \ + /etc/ssl/ca-bundle.crt \ + /etc/ca-bundle.crt ; do + if test -e "${file}"; then + CAFILE=$file + break + fi + done + if test -z "${CAFILE}"; then + CAFILE=no + fi + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${CAFILE}" >&5 +$as_echo "${CAFILE}" >&6; } + + if test "${CADIR}x" = "nox" -a "${CAFILE}x" = "nox"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Could not find a suitable x509 certificate store." >&5 +$as_echo "$as_me: WARNING: Could not find a suitable x509 certificate store." >&2;} + as_fn_error "Supply a valid location using --with-ca-dir or --with-ca-file, or remove the --enable-cacerts switch." "$LINENO" 5 + fi + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for distribution package version" >&5 $as_echo_n "checking for distribution package version... " >&6; } @@ -11146,7 +11268,7 @@ else mkdir tmp.$$ cd tmp.$$ cat << \EOF > $CLASS -/* [#]line 11149 "configure" */ +/* [#]line 11271 "configure" */ import javax.xml.namespace.QName; import javax.xml.stream.Location; import javax.xml.stream.events.Attribute; @@ -11553,7 +11675,7 @@ SUBHEADER=$(echo $SUBCLASS|sed 's#\.java mkdir tmp.$$ cd tmp.$$ cat << \EOF > $SUPERCLASS -/* #line 11556 "configure" */ +/* #line 11678 "configure" */ public class Test { public static final int POTATO = 0; @@ -11561,7 +11683,7 @@ public class Test } EOF cat << \EOF > $SUBCLASS -/* #line 11564 "configure" */ +/* #line 11686 "configure" */ public class TestImpl extends Test { @@ -13291,6 +13413,10 @@ if test -z "${ENABLE_NSS_TRUE}" && test as_fn_error "conditional \"ENABLE_NSS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${GENERATE_CACERTS_TRUE}" && test -z "${GENERATE_CACERTS_FALSE}"; then + as_fn_error "conditional \"GENERATE_CACERTS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${HAS_PKGVERSION_TRUE}" && test -z "${HAS_PKGVERSION_FALSE}"; then as_fn_error "conditional \"HAS_PKGVERSION\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 diff -Naurp icedtea6-1.9-orig/configure.ac icedtea6-1.9/configure.ac --- icedtea6-1.9-orig/configure.ac 2010-09-07 18:28:40.000000000 -0500 +++ icedtea6-1.9/configure.ac 2010-09-07 18:29:15.000000000 -0500 @@ -135,6 +135,13 @@ else AC_MSG_RESULT([disabled by default (edit java.security to enable)]) fi +IT_GENERATE_CACERTS + +if test "x${generate_cacerts}" = "xyes" +then + IT_GET_LOCAL_CACERTS +fi + IT_GET_PKGVERSION IT_GET_LSB_DATA diff -Naurp icedtea6-1.9-orig/Makefile.am icedtea6-1.9/Makefile.am --- icedtea6-1.9-orig/Makefile.am 2010-09-07 18:28:40.000000000 -0500 +++ icedtea6-1.9/Makefile.am 2010-09-07 18:29:15.000000000 -0500 @@ -1270,7 +1270,7 @@ if ENABLE_SYSTEMTAP $(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/hotspot_jni.stp; \ fi; \ cp $(abs_top_builddir)/tapset/jstack.stp \ - $(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp + $(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp; endif cp $(abs_top_builddir)/nss.cfg \ $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security; @@ -1278,6 +1278,19 @@ if WITH_TZDATA_DIR cp $(abs_top_builddir)/tz.properties \ $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib; endif +if GENERATE_CACERTS + if test -n "${CADIR}"; then \ + sh scripts/mkcacerts.sh -d "${CADIR}" \ + -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \ + -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \ + else \ + sh scripts/mkcacerts.sh -f "${CAFILE}" \ + -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \ + -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \ + fi; \ + cp -f $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts \ + $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security/cacerts; +endif @echo "IcedTea is served:" $(BUILD_OUTPUT_DIR) mkdir -p stamps touch stamps/icedtea.stamp @@ -1334,7 +1347,7 @@ if ENABLE_SYSTEMTAP $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/tapset/hotspot_jni.stp; \ fi; \ cp $(abs_top_builddir)/tapset/jstack.stp \ - $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp + $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp; endif cp $(abs_top_builddir)/nss.cfg \ $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security; @@ -1342,6 +1355,19 @@ if WITH_TZDATA_DIR cp $(abs_top_builddir)/tz.properties \ $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib; endif +if GENERATE_CACERTS + if test -n "${CADIR}"; then \ + sh scripts/mkcacerts.sh -d "${CADIR}" \ + -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \ + -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \ + else \ + sh scripts/mkcacerts.sh -f "${CAFILE}" \ + -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \ + -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \ + fi; \ + cp -f $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts \ + $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security/cacerts; +endif @echo "IcedTea (debug build) is served:" \ $(DEBUG_BUILD_OUTPUT_DIR) mkdir -p stamps diff -Naurp icedtea6-1.9-orig/Makefile.in icedtea6-1.9/Makefile.in --- icedtea6-1.9-orig/Makefile.in 2010-09-07 18:28:40.000000000 -0500 +++ icedtea6-1.9/Makefile.in 2010-09-07 18:29:54.000000000 -0500 @@ -162,6 +162,8 @@ AWK = @AWK@ BUILD_ARCH_DIR = @BUILD_ARCH_DIR@ BUILD_OS_DIR = @BUILD_OS_DIR@ CACAO_IMPORT_PATH = @CACAO_IMPORT_PATH@ +CADIR = @CADIR@ +CAFILE = @CAFILE@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ @@ -1738,11 +1740,22 @@ stamps/icedtea.stamp: stamps/bootstrap-d @ENABLE_SYSTEMTAP_TRUE@ $(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/hotspot_jni.stp; \ @ENABLE_SYSTEMTAP_TRUE@ fi; \ @ENABLE_SYSTEMTAP_TRUE@ cp $(abs_top_builddir)/tapset/jstack.stp \ -@ENABLE_SYSTEMTAP_TRUE@ $(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp +@ENABLE_SYSTEMTAP_TRUE@ $(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp; cp $(abs_top_builddir)/nss.cfg \ $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security; @WITH_TZDATA_DIR_TRUE@ cp $(abs_top_builddir)/tz.properties \ @WITH_TZDATA_DIR_TRUE@ $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib; +@GENERATE_CACERTS_TRUE@ if test -n "${CADIR}"; then \ +@GENERATE_CACERTS_TRUE@ sh scripts/mkcacerts.sh -d "${CADIR}" \ +@GENERATE_CACERTS_TRUE@ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \ +@GENERATE_CACERTS_TRUE@ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \ +@GENERATE_CACERTS_TRUE@ else \ +@GENERATE_CACERTS_TRUE@ sh scripts/mkcacerts.sh -f "${CAFILE}" \ +@GENERATE_CACERTS_TRUE@ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \ +@GENERATE_CACERTS_TRUE@ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \ +@GENERATE_CACERTS_TRUE@ fi; \ +@GENERATE_CACERTS_TRUE@ cp -f $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts \ +@GENERATE_CACERTS_TRUE@ $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security/cacerts; @echo "IcedTea is served:" $(BUILD_OUTPUT_DIR) mkdir -p stamps touch stamps/icedtea.stamp @@ -1790,11 +1803,22 @@ stamps/icedtea-debug.stamp: stamps/boots @ENABLE_SYSTEMTAP_TRUE@ $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/tapset/hotspot_jni.stp; \ @ENABLE_SYSTEMTAP_TRUE@ fi; \ @ENABLE_SYSTEMTAP_TRUE@ cp $(abs_top_builddir)/tapset/jstack.stp \ -@ENABLE_SYSTEMTAP_TRUE@ $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp +@ENABLE_SYSTEMTAP_TRUE@ $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp; cp $(abs_top_builddir)/nss.cfg \ $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security; @WITH_TZDATA_DIR_TRUE@ cp $(abs_top_builddir)/tz.properties \ @WITH_TZDATA_DIR_TRUE@ $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib; +@GENERATE_CACERTS_TRUE@ if test -n "${CADIR}"; then \ +@GENERATE_CACERTS_TRUE@ sh scripts/mkcacerts.sh -d "${CADIR}" \ +@GENERATE_CACERTS_TRUE@ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \ +@GENERATE_CACERTS_TRUE@ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \ +@GENERATE_CACERTS_TRUE@ else \ +@GENERATE_CACERTS_TRUE@ sh scripts/mkcacerts.sh -f "${CAFILE}" \ +@GENERATE_CACERTS_TRUE@ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \ +@GENERATE_CACERTS_TRUE@ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \ +@GENERATE_CACERTS_TRUE@ fi; \ +@GENERATE_CACERTS_TRUE@ cp -f $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts \ +@GENERATE_CACERTS_TRUE@ $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security/cacerts; @echo "IcedTea (debug build) is served:" \ $(DEBUG_BUILD_OUTPUT_DIR) mkdir -p stamps diff -Naurp icedtea6-1.9-orig/scripts/mkcacerts.sh icedtea6-1.9/scripts/mkcacerts.sh --- icedtea6-1.9-orig/scripts/mkcacerts.sh 1969-12-31 18:00:00.000000000 -0600 +++ icedtea6-1.9/scripts/mkcacerts.sh 2010-09-07 18:29:15.000000000 -0500 @@ -0,0 +1,154 @@ +#!/bin/sh +# Simple script to extract x509 certificates and create a JRE cacerts file. + +function get_args() + { + if test -z "${1}" ; then + showhelp + exit 1 + fi + + while test -n "${1}" ; do + case "${1}" in + -f | --cafile) + check_arg $1 $2 + CAFILE="${2}" + shift 2 + ;; + -d | --cadir) + check_arg $1 $2 + CADIR="${2}" + shift 2 + ;; + -o | --outfile) + check_arg $1 $2 + OUTFILE="${2}" + shift 2 + ;; + -k | --keytool) + check_arg $1 $2 + KEYTOOL="${2}" + shift 2 + ;; + -h | --help) + showhelp + exit 0 + ;; + *) + showhelp + exit 1 + ;; + esac + done + } + +function check_arg() + { + echo "${2}" | grep -v "^-" > /dev/null + if [ -z "$?" -o ! -n "$2" ]; then + echo "Error: $1 requires a valid argument." + exit 1 + fi + } + + +function showhelp() + { + echo "`basename ${0}` creates a valid cacerts file for use with IcedTea." + echo "" + echo " -f --cafile The path to a file containing PEM formated CA" + echo " certificates. May not be used with -d/--cadir." + echo " -d --cadir The path to a diectory of PEM formatted CA" + echo " certificates. May not be used with -f/--cafile." + echo " -o --outfile The path to the output file." + echo "" + echo " -k --keytool The path to the java keytool utility." + echo "" + echo " -h --help Show this help message and exit." + echo "" + echo "" + } + +# Initialize empty variables so that the shell does not polute the script +CAFILE="" +CADIR="" +OUTFILE="" +KEYTOOL="" + +# Process command line arguments +get_args ${@} + +# Handle common errors +if test "${CAFILE}x" == "x" -a "${CADIR}x" == "x" ; then + echo "ERROR! You must provide an x509 certificate store!" + echo "\'$(basename ${0}) --help\' for more info." + echo "" + exit 1 +fi + +if test "${CAFILE}x" != "x" -a "${CADIR}x" != "x" ; then + echo "ERROR! You cannot provide two x509 certificate stores!" + echo "\'$(basename ${0}) --help\' for more info." + echo "" + exit 1 +fi + +if test "${KEYTOOL}x" == "x" ; then + echo "ERROR! You must provide a valid keytool program!" + echo "\'$(basename ${0}) --help\' for more info." + echo "" + exit 1 +fi + +if test "${OUTFILE}x" == "x" ; then + echo "ERROR! You must provide a valid output file!" + echo "\'$(basename ${0}) --help\' for more info." + echo "" + exit 1 +fi + +# Get on with the work + +# If using a CAFILE, split it into individual files in a temp directory +if test "${CAFILE}x" != "x" ; then + TEMPDIR=`mktemp -d` + CADIR="${TEMPDIR}" + + # Get a list of staring lines for each cert + CERTLIST=`grep -n "^-----BEGIN" "${CAFILE}" | cut -d ":" -f 1` + + # Get a list of ending lines for each cert + ENDCERTLIST=`grep -n "^-----END" "${CAFILE}" | cut -d ":" -f 1` + + # Start a loop + for certbegin in `echo "${CERTLIST}"` ; do + for certend in `echo "${ENDCERTLIST}"` ; do + if test "${certend}" -gt "${certbegin}"; then + break + fi + done + sed -n "${certbegin},${certend}p" "${CAFILE}" > "${CADIR}/${certbegin}" + keyhash=`openssl x509 -noout -in "${CADIR}/${certbegin}" -hash` + echo "Generated PEM file with hash: ${keyhash}." + mv "${CADIR}/${certbegin}" "${CADIR}/${keyhash}.pem" + done +fi + +# Write the output file +for cert in `find "${CADIR}" -type f -name "*.pem" -o -name "*.crt"` +do + ls "${cert}" + tempfile=`mktemp` + certbegin=`grep -n "^-----BEGIN" "${cert}" | cut -d ":" -f 1` + certend=`grep -n "^-----END" "${cert}" | cut -d ":" -f 1` + sed -n "${certbegin},${certend}p" "${cert}" > "${tempfile}" + echo yes | "${KEYTOOL}" -import -alias `basename "${cert}"` -keystore \ + "${OUTFILE}" -storepass 'changeit' -file "${tempfile}" + rm "${tempfile}" +done + +if test "${TEMPDIR}x" != "x" ; then + rm -rf "${TEMPDIR}" +fi +exit 0 +