Add load_local_certs.sh, and address issue #71

entrypoint/entrypoint.sh

@@ -9,6 +9,11 @@ if [ -e "${ENTRYPOINT_HOME}/pre_start.sh" ]; then
   fi
   sleep 1
   ${ENTRYPOINT_HOME}/pre_start.sh
+  _success=$?
+
+  if [ "${_success}" -eq 1 ]; then
+    exit 1
+  fi
 fi
 
 echo "Starting ${APP_NAME}"

entrypoint/files/test_certs/bad.pem

@@ -0,0 +1,7 @@
+<le bad cert>
+gjCCAmqgAwIBAgIEIAmjvzANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJV
+ETMBEGA1UEBxMKQnVybGluZ3RvbjERMA8GA1UEChMIQ29ubmV4dGEx
+this file is borken
+5iJg/A++H12bsiaE6b4AQ
+MSuz/mgQ9Q+fK7465H3SeVTf6PPX3efaT065HhIzGFVl2L75uDQ
+<bad cert>

entrypoint/files/test_certs/bar.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgjCCAmqgAwIBAgIEIAmjvzANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJV
+UzELMAkGA1UECBMCTUExEzARBgNVBAcTCkJ1cmxpbmd0b24xETAPBgNVBAoTCENv
+bm5leHRhMRAwDgYDVQQLEwdBcnJha2lzMREwDwYDVQQDEwhrZXljbG9hazAeFw0x
+OTEyMDUyMTA4NDdaFw00OTExMjcyMTA4NDdaMGcxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJNQTETMBEGA1UEBxMKQnVybGluZ3RvbjERMA8GA1UEChMIQ29ubmV4dGEx
+EDAOBgNVBAsTB0FycmFraXMxETAPBgNVBAMTCGtleWNsb2FrMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvu9JrsjA8TrN2baJ6NkHhyVns4/mgcQNPwDU
+tqVkWsnigxhs3V9m6ofFcmOvZ+wPdYt9WXkSOZtpG+TKA/5ROqFpwYcIqy9Etltm
+0N8yfbk6JpfSCwiK6A2ig20t1eh/En68BUfeaGH6vyhOwORBcIBY2Ms1/S6hiVfQ
+NaQYJGnRvSjuiTNPetSyLK9ikUTL0LSgUrcyipbXyDUMz0LmEkLnj5TxYyCwWYG9
+ZVETJVZC4HZNCIF7FsENevDIAdVyk/PQTMxKTyJEwACE4e2plJmiOc54A7NiX3/G
+lm/O6SpfEtYfe322UWx9UoqYvO6HNmEW4za51YRg/+zroSfPDwIDAQABozYwNDAT
+BgNVHREEDDAKgghrZXljbG9hazAdBgNVHQ4EFgQUm8DKaO3TzCxRjuAgVJdxE5FG
+YtUwDQYJKoZIhvcNAQELBQADggEBABJZzZmF2ZQZ2+B+Mekgq8o7WYLDxABqc7YM
+y5ME6upBG5qq+6WH/ocSw0D42LMRPIWNEG8Dxtzb4u/ZDsHFX7eAbyFSG6EwwcIS
+mlirsOurBXZK2wRqIHcp+lP5UI8G6IWyCCE7vcRHaCkaV21MWK+0FZ9ixf82TqSW
+03gRAUEH6XGkf389ri6Nyl8szX1Dx9Bd52FENz7Sg/D8EB5JqKRPfKrp/dmYXW4/
+h0RhrXBf4QqLp+3Xi3kBf6vCbwIMKSn1JMNuJAN5kT15iJg/A++H12bsiaE6b4AQ
+MSuz/mgQ9Q+fK7465H3SeVTf6PPX3efaT065HhIzGFVl2L75uDQ=
+-----END CERTIFICATE-----

entrypoint/files/test_certs/foo.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgjCCAmqgAwIBAgIEIAmjvzANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJV
+UzELMAkGA1UECBMCTUExEzARBgNVBAcTCkJ1cmxpbmd0b24xETAPBgNVBAoTCENv
+bm5leHRhMRAwDgYDVQQLEwdBcnJha2lzMREwDwYDVQQDEwhrZXljbG9hazAeFw0x
+OTEyMDUyMTA4NDdaFw00OTExMjcyMTA4NDdaMGcxCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJNQTETMBEGA1UEBxMKQnVybGluZ3RvbjERMA8GA1UEChMIQ29ubmV4dGEx
+EDAOBgNVBAsTB0FycmFraXMxETAPBgNVBAMTCGtleWNsb2FrMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvu9JrsjA8TrN2baJ6NkHhyVns4/mgcQNPwDU
+tqVkWsnigxhs3V9m6ofFcmOvZ+wPdYt9WXkSOZtpG+TKA/5ROqFpwYcIqy9Etltm
+0N8yfbk6JpfSCwiK6A2ig20t1eh/En68BUfeaGH6vyhOwORBcIBY2Ms1/S6hiVfQ
+NaQYJGnRvSjuiTNPetSyLK9ikUTL0LSgUrcyipbXyDUMz0LmEkLnj5TxYyCwWYG9
+ZVETJVZC4HZNCIF7FsENevDIAdVyk/PQTMxKTyJEwACE4e2plJmiOc54A7NiX3/G
+lm/O6SpfEtYfe322UWx9UoqYvO6HNmEW4za51YRg/+zroSfPDwIDAQABozYwNDAT
+BgNVHREEDDAKgghrZXljbG9hazAdBgNVHQ4EFgQUm8DKaO3TzCxRjuAgVJdxE5FG
+YtUwDQYJKoZIhvcNAQELBQADggEBABJZzZmF2ZQZ2+B+Mekgq8o7WYLDxABqc7YM
+y5ME6upBG5qq+6WH/ocSw0D42LMRPIWNEG8Dxtzb4u/ZDsHFX7eAbyFSG6EwwcIS
+mlirsOurBXZK2wRqIHcp+lP5UI8G6IWyCCE7vcRHaCkaV21MWK+0FZ9ixf82TqSW
+03gRAUEH6XGkf389ri6Nyl8szX1Dx9Bd52FENz7Sg/D8EB5JqKRPfKrp/dmYXW4/
+h0RhrXBf4QqLp+3Xi3kBf6vCbwIMKSn1JMNuJAN5kT15iJg/A++H12bsiaE6b4AQ
+MSuz/mgQ9Q+fK7465H3SeVTf6PPX3efaT065HhIzGFVl2L75uDQ=
+-----END CERTIFICATE-----

entrypoint/load_local_certs.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+source ${ENTRYPOINT_HOME}/global_env.sh
+source ${ENTRYPOINT_HOME}/certs_env.sh
+
+# imports certificates into trust store
+importIntoTrust() {
+
+    _total_certs_imported=0
+
+    if [ -e "${LOCAL_CERTS_DIR}" ]; then
+        for file in ${LOCAL_CERTS_DIR}/*.pem; do
+            [ -e "$file" ] || continue
+
+            filename=${file##*/}  
+            filename=${filename%.pem}
+
+            echo "Attempting to import ${filename}"
+
+            keytool -importcert ${_trustStoreOpts} -trustcacerts -alias ${filename} -file ${file} > /dev/null 2>&1
+            local _import_success=$?
+
+            if [ "${_import_success}" -eq 0 ]; then
+                echo "Successfully imported ${filename}"
+                _total_certs_imported=$((_total_certs_imported+1))
+
+            else
+                echo "Failed to import ${file}"
+                return 1
+            fi
+        done
+
+        echo -e "$_total_certs_imported certificate(s) imported\n"
+        return 0
+
+    else
+        echo "Invalid directory: ${LOCAL_CERTS_DIR}"
+        return 1
+    fi
+}
+
+importIntoTrust
+exit $?

entrypoint/pre_start.sh

@@ -99,8 +99,25 @@ if [ -n "$SOURCES" ]; then
   ${ENTRYPOINT_HOME}/sources.sh
 fi
 
+if [ -n "$LOCAL_CERTS_DIR" ]; then
+  echo -e "\nChecking certificates directory..."
+  ${ENTRYPOINT_HOME}/load_local_certs.sh
+  _certs_success=$?
+
+  if [ "${_certs_success}" -eq 1 ]; then
+    echo "Failed to import local certificate file(s)"
+    exit 1
+  fi
+fi
+
 if [ -n "$TRUSTED_REMOTES" ]; then
   ${ENTRYPOINT_HOME}/trusted_remotes.sh
+  _remotes_success=$?
+
+  if [ "${_remotes_success}" -eq 1 ]; then
+    echo "Failed to add trusted remote sources"
+    exit 1
+  fi
 fi
 
 if [ "${CATALOG_FANOUT_MODE}" = true ]; then

tests/load_local_certs.bats

@@ -0,0 +1,71 @@
+#!/usr/bin/env bats
+
+function setup {
+    export ENTRYPOINT_HOME=/opt/entrypoint
+    export APP_HOME=${BATS_TMPDIR}
+    export LOCAL_CERTS_DIR="$APP_HOME/random_dir"
+
+    keystore_dir="/tmp/etc/keystores/"
+    test_certs_dir="/opt/entrypoint/test_certs"
+
+    mkdir -p ${APP_HOME}/etc
+    mkdir -p $keystore_dir
+    mkdir -p $LOCAL_CERTS_DIR
+
+    cp -R $test_certs_dir/demoTruststore $keystore_dir/serverTrustore.jks
+}
+
+function teardown() {
+    rm -r $LOCAL_CERTS_DIR
+    rm -r $keystore_dir
+}
+
+@test "invalid directory" {    
+    export LOCAL_CERTS_DIR="$APP_HOME/foo"
+
+    run $ENTRYPOINT_HOME/load_local_certs.sh
+
+    [ "$status" -eq 1  ]
+    [[ "$output" = *"Invalid directory: $APP_HOME/foo"* ]]
+}
+
+@test "no certs" {    
+    run $ENTRYPOINT_HOME/load_local_certs.sh
+
+    [ "$status" -eq 0  ]
+    [[ "$output" = *"0 certificate(s) imported"* ]]
+}
+
+@test "one cert" {   
+    cp -R $test_certs_dir/foo.pem $LOCAL_CERTS_DIR
+
+    run $ENTRYPOINT_HOME/load_local_certs.sh >&3
+
+    [ "$status" -eq 0  ]
+    [[ "$output" = *"1 certificate(s) imported"* ]]
+}
+
+@test "multiple certs" {   
+    cp -R $test_certs_dir/{foo.pem,bar.pem} $LOCAL_CERTS_DIR
+
+    run $ENTRYPOINT_HOME/load_local_certs.sh >&3
+
+    [ "$status" -eq 0  ]
+    [[ "$output" = *"2 certificate(s) imported"* ]]
+}
+
+@test "invalid cert" {   
+    cp -R $test_certs_dir/bad.pem $LOCAL_CERTS_DIR
+
+    run $ENTRYPOINT_HOME/load_local_certs.sh >&3
+    [[ "$output" = *"Failed to import /tmp/random_dir/bad.pem" ]]
+}
+
+@test "non .pem files" {   
+    cp -R $test_certs_dir/{bar.pem,demoTruststore}  $LOCAL_CERTS_DIR
+
+    run $ENTRYPOINT_HOME/load_local_certs.sh >&3
+
+    [[ "$output" != *"Failed"* ]]
+    [[ "$output" = *"1 certificate(s) imported"* ]]
+}

tests/registry.bats

@@ -48,8 +48,6 @@ function teardown() {
     run $ENTRYPOINT_HOME/registry.sh
 
     file_count=$(ls -1 ${APP_HOME}/etc | wc -l)
-    echo "file count: ${file_count}" >&3
-    echo "Output: ${output}" >&3
 
     [ "$status" -eq 0 ]
     [ "$file_count" -eq 2 ]