Importing certificates to Java Home for Non Admins

markacorum
New Contributor II

Hey all,

I just wanted to share something I have been working on. In my environment we have a lot of developers with many versions of Java installed. Of these users none of them are local admins. In an effort to cut down on the users reaching out on a daily basis for temporary admin rights to import a new certificate I pieced together this script to let the user choose their certificate, ask the user to choose an Alias for this certificate and then import it to all Java Home locations. Feel free to use or offer improvement.

EDIT: This will only allow certificates to be uploaded from a location Jamf can access. I have a note for my end users to ensure the certificates are either on their OneDrive or /Users/Shared/..

loggedInUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
JAVA_VERSIONS=$(sudo -u "$loggedInUser" /usr/libexec/java_home -V 2>&1 | awk -F'"' '{print $5}')


theSelectedFile="$(osascript -l JavaScript -e 'a=Application.currentApplication();a.includeStandardAdditions=true;a.chooseFile({withPrompt:"Please select a file to process:"}).toString()')"

echo "Selected file: $theSelectedFile"

user_entry=""

validateResponce() {
case "$user_entry" in
"noinput" ) echo "empty input" & askInput ;;
"cancelled" ) echo "time out/cancelled" & exit 1 ;;
* ) echo "$user_entry" ;;
esac
}

askInput() {
user_entry=$(osascript <<EOF
use AppleScript version "2.4" -- Yosemite (10.10) or later
use scripting additions
set theTextReturned to "nil"
tell application "System Events"
activate
try
set theResponse to display dialog "Please enter an Alias for this ceritificate" with title "Alias Entry" default answer ""
set theTextReturned to the text returned of theResponse
end try
if theTextReturned is "nil" then
return "cancelled"
else if theTextReturned is "" then
return "noinput"
else
return theTextReturned
end if
end tell
EOF
)
validateResponce "$user_entry"
}

askInput


for JAVA_HOME_ITEM in ${JAVA_VERSIONS};
do
CERT_FILE=${JAVA_HOME_ITEM}/lib/security/cacerts


echo 'Importing to: CERT_FILE='${CERT_FILE}

 

[ ! -f ${CERT_FILE} ] && CERT_FILE=${JAVA_HOME_ITEM}/jre/lib/security/cacerts

 

if [ -f ${CERT_FILE} ]; then

 

sudo keytool -import -alias "${user_entry}" -file "${theSelectedFile}" -keystore "${CERT_FILE}" -noprompt -storepass changeit

else
echo "File ${CERT_FILE} doesn't exist. skipping import..."
fi
done;

 

echo '';

0 REPLIES 0