14
for jvm in java-6-openjdk java-6-sun; do
15
if [ -x /usr/lib/jvm/$jvm/bin/keytool ]; then
12
for jvm in java-6-openjdk java-7-openjdk java-6-sun; do
13
if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
19
17
export JAVA_HOME=/usr/lib/jvm/$jvm
20
18
PATH=$JAVA_HOME/bin:$PATH
20
CLASSPATH=/usr/share/ca-certificates-java
25
cacertdir=/usr/share/ca-certificates
28
# aliases of pregenerated files
29
pregenerated=$(tempfile)
30
LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -list -keystore $KEYSTORE -storepass "$storepass" \
31
| awk -F, '/^Certificate fingerprint/ { print s } { s=$1 } ' \
32
| sort > $pregenerated
34
grep -v -E '^ *$|^#' /etc/ca-certificates.conf | ( \
38
alias=$(basename $pem .crt | tr A-Z a-z | tr -cs a-z0-9 _)
26
find /etc/ssl/certs -name \*.pem | \
27
while read filename; do
28
alias=$(basename $filename .pem | tr A-Z a-z | tr -cs a-z0-9 _)
42
# remove untrusted certificate
43
if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -delete -keystore $KEYSTORE \
44
-storepass "$storepass" -alias "$alias" >/dev/null
46
echo " removed untrusted certificate $pem"
48
# not (anymore) in keystore
52
# add certificate not yet in keystore
53
if [ ! -f "$cacertdir/$pem" ]; then
54
echo >&2 "warning: /etc/ca-certificates.conf lists $pem,"
55
echo >&2 "warning: but $cacertdir/$pem does not exist."
58
if ! grep -q "^${alias}$" $pregenerated; then
59
if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore $KEYSTORE \
60
-noprompt -storepass "$storepass" \
61
-alias "$alias" -file "$cacertdir/$pem" > $log 2>&1
63
echo " added certificate $pem"
64
elif LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore $KEYSTORE \
65
-providerClass sun.security.pkcs11.SunPKCS11 \
66
-providerArg '${java.home}/lib/security/nss.cfg' \
67
-noprompt -storepass "$storepass" \
68
-alias "$alias" -file "$cacertdir/$pem" > $log 2>&1
70
echo " added certificate $pem (using NSS provider)"
71
elif grep -q 'Signature not available' $log; then
72
echo " ignored import, signature not available: ${line#+*}"
73
sed -e 's/^/ -> /' $log
75
echo >&2 " error adding ${line#+*}"
76
errors=$(expr $errors + 1)
83
if [ $errors -gt 0 ]; then
84
echo >&2 "failed (VM used: $jvm)."
85
[ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg
30
if [ -n "$FIXOLD" ]; then
36
java UpdateCertificates -storepass "$storepass"
42
if dpkg --compare-versions "$2" le "20100412"; then
44
cp -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old
46
if [ -z "$2" -o -n "$FIXOLD" ]; then
97
49
if ! mountpoint -q /proc; then
106
58
printf -- "-server KNOWN\n" > $temp_jvm_cfg
109
# on first install, remove certs untrusted by the
110
# user/admininstrator, add locally added certs
111
echo "creating $KEYSTORE..."
112
cp /usr/share/ca-certificates-java/cacerts $KEYSTORE
115
63
[ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg