This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 1d665571aa0c94d4d7dca257b6ef7ffaf06996bb
Author: Antonin Stefanutti <anto...@stefanutti.fr>
AuthorDate: Fri Mar 26 10:01:18 2021 +0100
feat(build): Import root CA certificates into custom truststore
---
pkg/util/jvm/keystore.go | 27 +++++++++++++++++++++++++--
1 file changed, 25 insertions(+), 2 deletions(-)
diff --git a/pkg/util/jvm/keystore.go b/pkg/util/jvm/keystore.go
index c1de152..60003d2 100644
--- a/pkg/util/jvm/keystore.go
+++ b/pkg/util/jvm/keystore.go
@@ -35,11 +35,34 @@ func GenerateJavaKeystore(ctx context.Context, keystoreDir,
keystoreName string,
}
defer os.Remove(path.Join(keystoreDir, tmpFile))
- args := strings.Fields(fmt.Sprintf("-importcert -alias maven -file %s
-keystore %s", tmpFile, keystoreName))
+ args := strings.Fields(fmt.Sprintf("-importcert -noprompt -alias maven
-file %s -keystore %s", tmpFile, keystoreName))
cmd := exec.CommandContext(ctx, "keytool", args...)
cmd.Dir = keystoreDir
cmd.Stderr = os.Stderr
cmd.Stdout = os.Stdout
- return cmd.Run()
+ err := cmd.Run()
+ if err != nil {
+ return err
+ }
+
+ // Try to locale root CA certificates truststore, in order to import
them
+ // into the newly created truststore. It avoids tempering the
system-wide
+ // JVM truststore.
+ javaHome, ok := os.LookupEnv("JAVA_HOME")
+ if ok {
+ caCertsPath := path.Join(javaHome, "lib/security/cacerts")
+ args := strings.Fields(fmt.Sprintf("-importkeystore -noprompt
-srckeystore %s -srcstorepass %s -destkeystore %s", caCertsPath, "changeit",
keystoreName))
+ cmd := exec.CommandContext(ctx, "keytool", args...)
+ cmd.Dir = keystoreDir
+ cmd.Stderr = os.Stderr
+ cmd.Stdout = os.Stdout
+
+ err := cmd.Run()
+ if err != nil {
+ return err
+ }
+ }
+
+ return nil
}
