#!/bin/sh
set -e

KEYSTORE=/etc/ssl/certs/java/cacerts

printf "\nUpdating keystore %s..." "$KEYSTORE"

ERRORS=
while read line
do	PEM=${line#[+-]}
	ALIAS=$(basename $PEM .crt | tr A-Z a-z | tr -cs a-z0-9 _)
	ALIAS=${ALIAS%_}
	EXISTS=
	keytool -list -keystore $KEYSTORE -storepass changeit -alias "$ALIAS" \
		>/dev/null 2>&1 && EXISTS=yes
	case "$line" in
	+*)
		[ ! "$EXISTS" ] || continue
		if ! keytool -importcert -trustcacerts -keystore $KEYSTORE \
			-noprompt -storepass changeit -alias "$ALIAS" \
			-file "$PEM" 2> /dev/null
		then	echo >&2 "  error adding $PEM"
			ERRORS=yes
		fi
		;;
	-*)
		[ "$EXISTS" ] || continue
		if ! keytool -delete -keystore $KEYSTORE -noprompt \
			-storepass changeit -alias "$ALIAS"
		then	echo >&2 "  error removing $PEM"
			ERRORS=yes
		fi
		;;
	*)
		echo >&2 "  $0: Unknown line $line"
		;;
	esac
done

if [ "$ERRORS" ]
then	echo failed.
	exit 1
fi
echo done.
