#!/bin/sh
set -e

KEYSTORE=/etc/ssl/certs/java/cacerts
CACERTDIR=/usr/share/ca-certificates

if [ "$1" = "configure" -a -z "$2" ]
then	printf "Creating keystore %s..." "$KEYSTORE"
	grep -v -E '^( *$|[#!])' /etc/ca-certificates.conf |
	(	ERRORS=
		while read pem
		do	[ -e "$CACERTDIR/$pem" ] || continue
			ALIAS=$(basename $pem .crt | tr A-Z a-z |
				tr -cs a-z0-9 _)
			ALIAS=${ALIAS%_}
			if ! keytool -importcert -trustcacerts \
				-keystore $KEYSTORE -noprompt \
				-storepass changeit -alias "$ALIAS" \
				-file "$CACERTDIR/$pem" 2> /dev/null
			then	echo >&2 "  error adding $pem"
				ERRORS=yes
			fi
		done
		if [ "$ERRORS" ]
		then	echo failed.
			exit 1
		fi
		echo done.
	)
fi
