.github/workflows/04-maven-nit.yml: provide a JKS for STARTTLS tests [#1711]

jimklimov · jimklimov · commit caaa145b053f · 2026-04-08T17:17:14.000+02:00
Signed-off-by: Jim Klimov &lt;jimklimov+nut@gmail.com&gt;
diff --git a/.github/workflows/04-maven-nit.yml b/.github/workflows/04-maven-nit.yml
@@ -79,7 +79,7 @@ jobs:
     - if: matrix.os == 'ubuntu-latest'
       name: Test jNut with NIT
       run: |
-        PATH="/lib/nut:/libexec/nut:/usr/sbin:/usr/bin:$PATH"
+        PATH="/lib/nut:/libexec/nut:/usr/sbin:/usr/bin:$JAVA_HOME/bin:$PATH"
         export PATH
         #NIT_CASE="generatecfg_upsd_add_SSL && generatecfg_upsdusers_trivial && generatecfg_ups_dummy"
         WITH_SSL_SERVER=NSS WITH_SSL_CLIENT=NSS \
@@ -90,8 +90,25 @@ jobs:
         echo 'maxstartdelay = 30' > "$NUT_CONFPATH/ups.conf.x"
         grep -v maxstartdelay < "$NUT_CONFPATH/ups.conf" >> "$NUT_CONFPATH/ups.conf.x"
         mv -f "$NUT_CONFPATH/ups.conf.x" "$NUT_CONFPATH/ups.conf"
+        SSL_ARGS=""
+        if [ -d "$NUT_CONFPATH/cert/upsd" ] ; then
+            mkdir -p "${NUT_CONFPATH}/cert/jks"
+            JNUTKS="${NUT_CONFPATH}/cert/jks/jNut.jks"
+
+            # For client we need Root CA cert (maybe server cert?) and own cert/key (upsmon)
+            # and NIT script already leaves (most of) them there as PEM files
+            keytool -importcert -noprompt -trustcacerts -cacerts -keystore "${JNUTKS}" -storetype JSK -storepass "changeit" -alias "${TESTCERT_ROOTCA_NAME}" -file "${TESTCERT_PATH_ROOTCA}/rootca.pem"
+            keytool -importcert -noprompt -trustcacerts -keystore "${JNUTKS}" -storepass "changeit" -alias "${TESTCERT_SERVER_NAME}" -file "${TESTCERT_PATH_SERVER}/server.crt"
+            if [ ! -e "${TESTCERT_PATH_CLIENT}/client.p12" ] ; then
+                pk12util -o "${TESTCERT_PATH_CLIENT}/client.p12" -n "${TESTCERT_CLIENT_NAME}" -d "${TESTCERT_PATH_CLIENT}" -W "${TESTCERT_CLIENT_PASS}"
+            fi
+            # keytool -importcert -noprompt -trustcacerts -keystore "${JNUTKS}" -storepass "changeit" -alias "${TESTCERT_CLIENT_NAME}" -file "${TESTCERT_PATH_CLIENT}/client.crt"
+            keytool -importkeystore -srckeystore "${TESTCERT_PATH_CLIENT}/client.p12" -srcstoretype PKCS12 -srcstorepass "${TESTCERT_CLIENT_PASS}" -srckeypass "${TESTCERT_CLIENT_PASS}" -destkeystore "${JNUTKS}" -deststoretype JKS -deststorepass "changeit" -destkeypass "changeit" -srcalias "${TESTCERT_CLIENT_NAME}" -destalias "${TESTCERT_CLIENT_NAME}" -v
+
+            SSL_ARGS="${JNUTKS} changeit 1 1"
+        fi
         upsdrvctl start
         upsd -DDDDDD &
         UPSD_PID="$!"
         trap 'kill $UPSD_PID ; upsdrvctl stop' 0 1 2 3 15
-        java -jar ./jNutList/target/jNutList-*-jar-with-dependencies.jar localhost "${NUT_PORT}" "admin" "${TESTPASS_ADMIN}" || exit
+        java -jar ./jNutList/target/jNutList-*-jar-with-dependencies.jar localhost "${NUT_PORT}" "admin" "${TESTPASS_ADMIN}" $SSL_ARGS || exit
