1#!/usr/bin/env python
2
3'''
4This script allows you to import a certificate into
5the Oracle Java trusted.certs keystore.
6
7Created by James Barclay on 2014-03-10.
8
9'''
10
11from __future__ import print_function
12
13import os
14import plistlib
15import subprocess
16import sys
17
18# Constants
19ALIAS = 'your_alias'
20INTERNET_PLUGINS = '/Library/Internet Plug-Ins'
21JAVA_CERT = '/private/tmp/your_cert.cer'
22
23JAVA_WEB_PLUGIN = os.path.join(INTERNET_PLUGINS, 'JavaAppletPlugin.plugin')
24
25def get_console_user():
26 '''Returns the currently logged-in user as
27 a string, even if running as EUID root.'''
28 if os.geteuid() == 0:
29 console_user = subprocess.check_output(['/usr/bin/stat',
30 '-f%Su',
31 '/dev/console']).strip()
32 else:
33 import getpass
34 console_user = getpass.getuser()
35
36 return console_user
37
38def determine_java_vendor(info_plist):
39 '''Determine Java vendor. Takes the path to
40 a Java Info.plist file and returns a string
41 of the Java vendor's name.'''
42 java_vendor = None
43 try:
44 pl = plistlib.readPlist(info_plist)
45 java_vendor = pl['CFBundleIdentifier'].split('.')[1]
46
47 except KeyError:
48 print('CFBundleIdentifer does not exist in %s.' % info_plist)
49
50 except IOError:
51 print('%s does not exist!' % info_plist)
52
53 return java_vendor
54
55def get_keytool_path(java_vendor):
56 '''Returns the path to the keytool command-
57 line utility.'''
58 keytool_path = None
59 if java_vendor == 'oracle':
60 keytool_path = os.path.join(JAVA_WEB_PLUGIN, 'Contents/Home/bin/keytool')
61 elif java_vendor == 'apple':
62 keytool_path = '/usr/bin/keytool'
63
64 return keytool_path
65
66def cert_in_keystore(keytool, keystore, store_pass, alias):
67 '''Returns True if the specified certificate
68 alias exists in the specified keystore.'''
69 try:
70 if os.path.exists(keystore):
71 rc = subprocess.check_call([keytool,
72 '-list',
73 '-keystore',
74 keystore,
75 '-storepass',
76 store_pass,
77 '-alias',
78 alias])
79 if rc == 0:
80 return True
81
82 except subprocess.CalledProcessError, e:
83 print('An error occurred when attempting to locate alias '%s' in %s. Probably ok. Error: %s' % (alias, keystore, e))
84
85def add_cert_to_java_trusted_certs(keytool, store_pass, cert, keystore):
86 '''Adds the specified certificate to the specified
87 Java cacerts keystore.'''
88 try:
89 subprocess.check_output([keytool,
90 '-import',
91 '-v',
92 '-noprompt',
93 '-storepass',
94 store_pass,
95 '-alias',
96 ALIAS,
97 '-keystore',
98 keystore,
99 '-trustcacerts',
100 '-file',
101 cert])
102 except subprocess.CalledProcessError, e:
103 print('An error occurred when attempting to add %s to %s. Error: %s.' % (cert, keystore, e))
104
105def main():
106 real_java_path = os.path.realpath(JAVA_WEB_PLUGIN)
107 java_info_plist = os.path.join(real_java_path, 'Contents/Info.plist')
108 java_vendor = determine_java_vendor(java_info_plist)
109 trusted_certs = '/Users/%s/Library/Application Support/Oracle/Java/Deployment/security/trusted.certs' % get_console_user()
110
111 keytool = os.path.join(JAVA_WEB_PLUGIN, 'Contents/Home/bin/keytool')
112 if not os.path.isfile(keytool):
113 keytool = '/usr/bin/keytool'
114
115 store_pass = ''
116 if not os.path.isfile(trusted_certs):
117 store_pass = 'changeit'
118
119 if os.path.exists(JAVA_CERT):
120 if java_vendor == 'oracle':
121 if cert_in_keystore(keytool, trusted_certs, store_pass, ALIAS):
122 print('%s already exists in %s. Exiting now.' % (ALIAS, trusted_certs))
123 sys.exit(1)
124 else:
125 print('Using %s to add %s to %s.' % (keytool, JAVA_CERT, trusted_certs))
126 add_cert_to_java_trusted_certs(keytool, store_pass, JAVA_CERT, trusted_certs)
127 elif java_vendor == 'apple':
128 print('Unable to add certificate to trusted.certs. Modify com.apple.java.security.plist instead.')
129 sys.exit(1)
130 else:
131 print('Unable to continue. Unknown Java vendor: %s.' % java_vendor)
132 sys.exit(1)
133 else:
134 print('%s does not exist! Exiting now.' % JAVA_CERT)
135 sys.exit(1)
136
137if __name__ == '__main__':
138 main()