#! /bin/sh

set -e

# use the locale C.UTF-8
unset LC_ALL
LC_CTYPE=C.UTF-8
export LC_CTYPE

storepass='changeit'
if [ -f /etc/default/cacerts ]; then
    . /etc/default/cacerts
fi

echo ""
if [ "$cacerts_updates" != yes ] || [ "$CACERT_UPDATES" = disabled ]; then
    echo "updates of cacerts keystore disabled."
    exit 0
fi

if ! mountpoint -q /proc; then
    echo >&2 "the keytool command requires a mounted proc fs (/proc)."
    exit 1
fi

for jvm in java-6-openjdk java-7-openjdk java-6-sun; do
    if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
	break
    fi
done
export JAVA_HOME=/usr/lib/jvm/$jvm
PATH=$JAVA_HOME/bin:$PATH

temp_jvm_cfg=
if [ ! -f /etc/$jvm/jvm.cfg ]; then
    # the jre is not yet configured, but jvm.cfg is needed to run it
    temp_jvm_cfg=/etc/$jvm/jvm.cfg
    mkdir -p /etc/$jvm
    printf -- "-server KNOWN\n" > $temp_jvm_cfg
fi

CLASSPATH=/usr/share/ca-certificates-java
export CLASSPATH

java UpdateCertificates -storepass "$storepass"

[ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg

echo "done."
