#!/bin/bash

download_cert() {
    URL="https://letsencrypt.org/certs/${1}.der"

    wget --quiet --no-clobber $URL
}

import_cert() {
    CERT=$1
    CERT_ALIAS=$2

    if [ -z "$CERT_ALIAS" ];
    then
        CERT_ALIAS=${CERT%%.*}
    fi

    keytool -importcert -noprompt -trustcacerts       \
            -keystore "$KEYSTORE" -storepass changeit \
            -alias "$CERT_ALIAS" -file "$CERT"
}

if [ -z "$JAVA_HOME" ];
then
	echo "JAVA_HOME not set"
	exit 1
fi

read -p "Updating keystore for JRE located at $JAVA_HOME. Is this correct? [y/N]: " -n 1 -r
echo

if [[ ! $REPLY =~ ^[Yy]$ ]]
then
	echo "Cancelled"
	exit 1
fi

#KEYSTORE="$JAVA_HOME/jre/lib/security/cacerts"

echo "Downloading certificates..."
download_cert isrgrootx1
download_cert lets-encrypt-x1-cross-signed
download_cert lets-encrypt-x2-cross-signed
download_cert lets-encrypt-x3-cross-signed
download_cert lets-encrypt-x4-cross-signed

echo "Importing root certificate..."
import_cert isrgrootx1.der lets-encrypt-isrgrootx1
echo "Import cross-signed certificate 1..."
import_cert lets-encrypt-x1-cross-signed.der
echo "Import cross-signed certificate 2..."
import_cert lets-encrypt-x2-cross-signed.der
echo "Import cross-signed certificate 3..."
import_cert lets-encrypt-x3-cross-signed.der
echo "Import cross-signed certificate 4..."
import_cert lets-encrypt-x4-cross-signed.der