chore: Import certificates on the start

Signed-off-by: Anatolii Bazko <[email protected]>

Author: tolusha

base/ubi10/entrypoint.sh

@@ -6,6 +6,44 @@ replace_user_home() {
   echo "$1" | sed "s|^/home/tooling|$HOME|"
 }
 
+java_import_ca_bundle() {
+  CA_BUNDLE="${JDK_CA_BUNDLE:-/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem}"
+  KEYSTORE_PASSWORD="${JDK_KEYSTORE_PASSWORD:-changeit}"
+
+  if ! command -v keytool >/dev/null 2>&1; then
+    return
+  fi
+
+  if [ ! -f "$CA_BUNDLE" ]; then
+    echo "[jdk] Failed to import CA certificates from ${CA_BUNDLE}. File doesn't exist"
+    return
+  fi
+
+  bundle_name=$(basename "$CA_BUNDLE")
+  certs_imported=0
+  cert_index=0
+  tmp_file=/tmp/cert.pem
+  is_cert=false
+  echo "[jdk] Importing certificates..."
+  while IFS= read -r line; do
+    if [ "$line" = "-----BEGIN CERTIFICATE-----" ]; then
+      is_cert=true
+      cert_index=$((cert_index+1))
+      echo "$line" > ${tmp_file}
+    elif [ "$line" = "-----END CERTIFICATE-----" ]; then
+      is_cert=false
+      echo "$line" >> ${tmp_file}
+      keytool -import -trustcacerts -cacerts -storepass "$KEYSTORE_PASSWORD" -noprompt -alias "${bundle_name}_${cert_index}" -file $tmp_file
+      certs_imported=$((certs_imported+1))
+    elif [ "$is_cert" = true ]; then
+      echo "$line" >> ${tmp_file}
+    fi
+  done < "$CA_BUNDLE"
+
+  echo "[jdk] Imported ${certs_imported} certificates from ${CA_BUNDLE}"
+  rm -f $tmp_file
+}
+
 # Ensure $HOME exists when starting
 if [ ! -d "${HOME}" ]; then
   mkdir -p "${HOME}"
@@ -219,4 +257,6 @@ if [ -d /home/tooling/.config ]; then
     echo "Finished creating .config symlinks."
 fi
 
+java_import_ca_bundle &
+
 exec "$@"

base/ubi9/entrypoint.sh

@@ -5,6 +5,44 @@ replace_user_home() {
   echo "$1" | sed "s|^/home/tooling|$HOME|"
 }
 
+jdk_import_ca_bundle() {
+  CA_BUNDLE="${JDK_CA_BUNDLE:-/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem}"
+  KEYSTORE_PASSWORD="${JDK_KEYSTORE_PASSWORD:-changeit}"
+
+  if ! command -v keytool >/dev/null 2>&1; then
+    return
+  fi
+
+  if [ ! -f "$CA_BUNDLE" ]; then
+    echo "[jdk] Failed to import CA certificates from ${CA_BUNDLE}. File doesn't exist"
+    return
+  fi
+
+  bundle_name=$(basename "$CA_BUNDLE")
+  certs_imported=0
+  cert_index=0
+  tmp_file=/tmp/cert.pem
+  is_cert=false
+  echo "[jdk] Importing certificates..."
+  while IFS= read -r line; do
+    if [ "$line" = "-----BEGIN CERTIFICATE-----" ]; then
+      is_cert=true
+      cert_index=$((cert_index+1))
+      echo "$line" > ${tmp_file}
+    elif [ "$line" = "-----END CERTIFICATE-----" ]; then
+      is_cert=false
+      echo "$line" >> ${tmp_file}
+      keytool -import -trustcacerts -cacerts -storepass "$KEYSTORE_PASSWORD" -noprompt -alias "${bundle_name}_${cert_index}" -file $tmp_file
+      certs_imported=$((certs_imported+1))
+    elif [ "$is_cert" = true ]; then
+      echo "$line" >> ${tmp_file}
+    fi
+  done < "$CA_BUNDLE"
+
+  echo "[jdk] Imported ${certs_imported} certificates from ${CA_BUNDLE}"
+  rm -f $tmp_file
+}
+
 # Ensure $HOME exists when starting
 if [ ! -d "${HOME}" ]; then
   mkdir -p "${HOME}"
@@ -218,4 +256,6 @@ if [ -d /home/tooling/.config ]; then
     echo "Finished creating .config symlinks."
 fi
 
+jdk_import_ca_bundle &
+
 exec "$@"