From 866285fcff0501eb5b972d63155a0e17d261f3b1 Mon Sep 17 00:00:00 2001 From: Avery Wang Date: Tue, 16 Jul 2024 08:11:21 -0700 Subject: [PATCH] new script for automating truststore update --- README.md | 9 +++++++++ update_truststore.sh | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 update_truststore.sh diff --git a/README.md b/README.md index 2aac9ae..5b84dce 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,15 @@ keytool -import -noprompt \ -storepass annotation-tools ``` +### Updating an existing trust store + +If an existing trust store is already available, the `update_truststore.sh` script can be used to update it with the latest certificate. The script requires `openssl` and `keytool` be installed on the machine; it will pull the latest certificate from `https://genie.genomenexus.org` and update it in the trust store. + +The script can be run as follows: +``` +sh update_truststore.sh +``` + ### Install Python packages You need to have python3 installed. diff --git a/update_truststore.sh b/update_truststore.sh new file mode 100644 index 0000000..7aef3ca --- /dev/null +++ b/update_truststore.sh @@ -0,0 +1,37 @@ +#!/bin/bash + +GENIE_GENOMENEXUS_SITE="genie.genomenexus.org" +GENOMENEXUS_SERVERNAME="www.genomenexus.org" + +truststore=$1 +truststore_password=$2 + +if [ -z $truststore ] ; then + echo "Missing truststore, exiting..." + exit 1 +fi + +if [ -z $truststore_password ] ; then + echo "Missing truststore password, exiting..." + exit 1 +fi + +which openssl +if [ $? -ne 0 ] ; then + echo "openssl needs to be installed. Exiting..." + exit 1 +fi + +which keytool +if [ $? -ne 0 ] ; then + echo "keytool needs to be installed. Exiting..." + exit 1 +fi + +true | openssl s_client -connect $GENIE_GENOMENEXUS_SITE:443 -servername $GENOMENEXUS_SERVERNAME 2>/dev/null | openssl x509 > tmp.cert + +keytool -delete -noprompt -alias $GENIE_GENOMENEXUS_SITE -keystore $truststore -storepass $truststore_password +keytool -import -noprompt -alias $GENIE_GENOMENEXUS_SITE -file tmp.cert -keystore $truststore -storepass $truststore_password +rm tmp.cert + +echo "$truststore updated with newest cert from $GENOMENEXUS_SITE"