[ca-certificates-java] 03/46: updating the jks-keystore.hook

[Emmanuel Bourg]

This is an automated email from the git hooks/post-receive script.

ebourg-guest pushed a commit to branch master
in repository ca-certificates-java.

commit 9c840ab811f5abe62c26697567365815184dfea1
Author: Torsten Werner <twerner at debian.org>
Date:   Sun Apr 24 22:59:25 2011 +0000

    updating the jks-keystore.hook
---
 debian/jks-keystore.hook | 75 ++++--------------------------------------------
 1 file changed, 6 insertions(+), 69 deletions(-)

diff --git a/debian/jks-keystore.hook b/debian/jks-keystore.hook
index 37a8e41..a23ee1d 100644
--- a/debian/jks-keystore.hook
+++ b/debian/jks-keystore.hook
@@ -7,21 +7,20 @@ if [ -f /etc/default/cacerts ]; then
     . /etc/default/cacerts
 fi
 
-KEYSTORE=/etc/ssl/certs/java/cacerts
-
 echo ""
 if [ "$cacerts_updates" != yes ] || [ "$CACERT_UPDATES" = disabled ]; then
     echo "updates of cacerts keystore disabled."
     exit 0
 fi
 
+# Do we still need it? TODO: check that.
 if ! mountpoint -q /proc; then
     echo >&2 "the keytool command requires a mounted proc fs (/proc)."
     exit 1
 fi
 
-for jvm in java-6-openjdk java-6-sun java-6-cacao; do
-    if [ -x /usr/lib/jvm/$jvm/bin/keytool ]; then
+for jvm in java-6-openjdk java-7-openjdk java-6-sun; do
+    if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
 	break
     fi
 done
@@ -36,72 +35,10 @@ if [ ! -f /etc/$jvm/jvm.cfg ]; then
     printf -- "-server KNOWN\n" > $temp_jvm_cfg
 fi
 
-# read lines of the form: [+-]/etc/ssl/certs/*.pem
-
-echo "updating keystore $KEYSTORE..."
+CLASSPATH=/usr/share/ca-certificates-java
+export CLASSPATH
 
-errors=0
-log=$(tempfile)
-while read line; do
-    pem=${line#[+-]*}
-    alias=$(basename $pem .crt | tr A-Z a-z | tr -cs a-z0-9 _)
-    alias=${alias%*_}
-    LANG=C LC_ALL=C keytool -list -keystore $KEYSTORE \
-	-storepass "$storepass" -alias "$alias" >/dev/null 2>&1 \
-	&& exists=yes || exists=no
-    case "$line" in
-    +*)
-	if [ "$exists" = yes ]; then
-	    echo "  already exists: ${line#+*}"
-	else
-	  if LANG=C LC_ALL=C keytool -importcert -trustcacerts \
-		-keystore $KEYSTORE -noprompt -storepass "$storepass" \
-		-alias "$alias" -file "$pem" > $log 2>&1
-	  then
-	      echo "  added: ${line#+*}"
-	  elif LANG=C LC_ALL=C keytool -importcert -trustcacerts \
-		-keystore $KEYSTORE -noprompt -storepass "$storepass" \
-	        -providerClass sun.security.pkcs11.SunPKCS11 \
-	        -providerArg '${java.home}/lib/security/nss.cfg' \
-		-alias "$alias" -file "$pem" > $log 2>&1
-	  then
-	      echo "  added: ${line#+*} (using NSS provider)"
-	  elif grep -q 'Signature not available' $log; then
-	      echo "  ignored import, signature not available: ${line#+*}"
-	      cat $log
-	  else
-	      echo >&2 "  error adding ${line#+*}"
-	      errors=$(expr $errors + 1)
-	  fi;
-	fi
-	;;
-    -*)
-	if [ "$exists" = yes ]; then
-	    if LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \
-		-noprompt -storepass "$storepass" \
-		-alias "$alias"
-	    then
-		echo "  removed ${line#-*}"
-	    elif LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \
-		-noprompt -storepass "$storepass" \
-	        -providerClass sun.security.pkcs11.SunPKCS11 \
-	        -providerArg '${java.home}/lib/security/nss.cfg' \
-		-alias "$alias"
-	    then
-		echo "  removed ${line#-*} (using NSS provider)"
-	    else
-		echo >&2 "  error removing ${line#+*}"
-		errors=$(expr $errors + 1)
-	    fi
-	else
-	    echo "  does not exist: ${line#-*}"
-	fi
-	;;
-    *)
-	echo >&2 "  $0: Unknown line $line"
-    esac
-done
-rm -f $log
+java UpdateCertificates -storepass "$storepass"
 
 [ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/ca-certificates-java.git