#!/bin/bash
# CMI cert(s) to import
#

CERTSHA1FPRINTS=(
"15:01:9E:62:9D:F2:5C:C6:5F:A7:13:7E:E3:85:3A:DD:20:BC:54:44"
)

CERTMD5FPRINTS=(
"47:09:C1:03:63:01:E7:F9:F2:4D:78:DF:9C:80:8F:A9"
)

CERTPEMFILES=(
"/etc/pki/tls/certs/SiGNET-CA.pem"
)

CERTALIASES=(
"SiGNET"
)


SEARCHPATH="/usr/lib/jvm"

[ ! -z "$1" ] && SEARCHPATH=$1

SYSKEYTOOL=$(/usr/bin/find /usr/lib/jvm/java-1.8.0-oracle* -name keytool 2>/dev/null | /usr/bin/head -1)
[ -z $SYSKEYTOOL ] && SYSKEYTOOL="(none)"
SYSCERTSTORE="/etc/pki/java/cacerts"
SYSKEYSTOREOPTS="-importcert -noprompt"
SYSKEYSTOREPASS="changeit"

#
# java-1.5.0-gcj keytool seems broken: does not allow to import non-interactively ...
# well .. nobody uses this, right?
#
for CERTSTORE in $(/usr/bin/find $SEARCHPATH -name cacerts -type f 2>/dev/null | /bin/grep -v java-1.5.0-gcj); do
  KEYTOOL=${CERTSTORE//lib\/security\/cacerts/bin\/keytool}
  [ -z $KEYTOOL ] && KEYTOOL="(none)"
  if [ -x $KEYTOOL ]; then
    for (( I=0; I<${#CERTSHA1FPRINTS[@]}; I++)) do
      case $KEYTOOL in
        *java-1.5.0-gcj*)
          KEYSTOREPASS=""
          KEYSTOREOPTS="-import -noprompt"
          ;;
        *)
          KEYSTOREPASS="changeit"
          KEYSTOREOPTS="-importcert -noprompt"
          ;;
      esac
    RES=$(echo $KEYSTOREPASS | $KEYTOOL -list -keystore $CERTSTORE  2>&1 | /bin/grep -Pc "${CERTSHA1FPRINTS[$I]}|${CERTMD5FPRINTS[$I]}")
      if [ $RES -eq 0 -a -r ${CERTPEMFILES[$I]} ]; then
        echo "Adding ${CERTPEMFILES[$I]} to $CERTSTORE"
        echo $KEYSTOREPASS | $KEYTOOL $KEYSTOREOPTS -keystore $CERTSTORE -file ${CERTPEMFILES[$I]} -alias ${CERTALIASES[$I]}
      fi
      if [ -x $SYSKEYTOOL -a -r $SYSCERTSTORE -a -z "$1" ]; then
        RES=$(echo $SYSKEYSTOREPASS | $SYSKEYTOOL -list -keystore $SYSCERTSTORE 2>&1 | /bin/grep -Pc "${CERTSHA1FPRINTS[$I]}|${CERTMD5FPRINTS[$I]}")
        if [ $RES -eq 0 -a -r ${CERTPEMFILES[$I]} ]; then
          echo "Adding ${CERTPEMFILES[$I]} to $CERTSTORE"
          echo $SYSKEYSTOREPASS | $SYSKEYTOOL $SYSKEYSTOREOPTS -keystore $SYSCERTSTORE -file ${CERTPEMFILES[$I]} -alias ${CERTALIASES[$I]}
        fi
      fi
    done
  fi
done
exit 0
