#! /bin/sh

set -e

# use the locale C.UTF-8
unset LC_ALL
LC_CTYPE=C.UTF-8
export LC_CTYPE

storepass='changeit'
if [ -f /etc/default/cacerts ]; then
    . /etc/default/cacerts
fi

echo ""
if [ "$cacerts_updates" != yes ] || [ "$CACERT_UPDATES" = disabled ]; then
    echo "updates of cacerts keystore disabled."
    exit 0
fi

if ! mountpoint -q /proc; then
    echo >&2 "the keytool command requires a mounted proc fs (/proc)."
    exit 1
fi

for jdir in /usr/lib/jvm/java-[67]-openjdk* /usr/lib/jvm/java-6-sun; do
    if [ -x $jdir/bin/java ]; then
	break
    fi
done
export JAVA_HOME=$jdir
PATH=$JAVA_HOME/bin:$PATH

temp_jvm_cfg=
if [ ! -f /etc/$jvm/jvm.cfg ]; then
    # the jre is not yet configured, but jvm.cfg is needed to run it
    temp_jvm_cfg=/etc/$jvm/jvm.cfg
    mkdir -p /etc/$jvm
    printf -- "-server KNOWN\n" > $temp_jvm_cfg
fi

if dpkg-query --version >/dev/null; then
    nsspkg=$(dpkg-query -L libnss3 | sed -n 's,\(.*\)/libnss3\.so$,\1,p')
    nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' $jdir/jre/lib/security/nss.cfg)
    if [ "$nsspkg" != "$nssjdk" ]; then
	ln -sf $nsspkg/libnss3.so $nssjdk/
    fi
    softokn3pkg=$(dpkg-query -L libnss3-1d | sed -n 's,\(.*\)/libsoftokn3\.so$,\1,p')
    if [ "$softokn3pkg" != "$nssjdk" ]; then
	ln -sf $softokn3pkg/libsoftokn3.so $nssjdk/
    fi
fi

do_cleanup()
{
    [ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg
    if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]
    then
	rm -f $nssjdk/libnss3.so
    fi
    if [ -n "$softokn3pkg" ] && [ -n "$nssjdk" ] \
       && [ "$softokn3pkg" != "$nssjdk" ]
    then
	rm -f $nssjdk/libsoftokn3.so
    fi
}

CLASSPATH=/usr/share/ca-certificates-java
export CLASSPATH

if java UpdateCertificates -storepass "$storepass"; then
    do_cleanup
else
    do_cleanup
    exit 1
fi

echo "done."