sdkman hook to link /etc/ssl/java/cacerts to the currently used Java SDK

Question

Debian has a great mechanism to compile all commonly used CA certificates from Thawte, Let's Encrypt etc. as well as locally installed ones from /usr/local/share/ssl into one /etc/ssl/certs/java/cacerts JKS file. That is usually symlinked to $JAVA_HOME/lib/security/cacerts.

With sdkman I switch between different non-Debian Java versions in ~/.sdkman/candidates/java/current/ which use the cacerts provided by the SDK creator.

Is there some kind of post-inst hook mechanism where I could automatically create a symlink to the Debian cacerts file whenever I switch sdkman Java versions?

Answer 1

I solves this with a custom zsh function so I just have to run sdkman cacerts ~/.cacerts to symlink all cacerts for all sdkman installed jdks.

# sdkman
sdkman() {
    case $1 in
        --help)
            cat <<EOF
Alias for sdk with additional custom functions.

Usage: $0 <subcommand> [candidate] [version]

Additional Commands

    $0 --help               Print this help message
    $0 cacerts [cacerts]    Symlink all java cacerts to a custom location (default: ~/.cacerts)

EOF
            ;;
        cacerts)
            cacerts="${2:-$HOME/.cacerts}"
            if [[ -f "$cacerts" ]]; then
                for jdk in $(sdk list java | grep installed | sed 's/^.*\| \(.*\)$/\1/g'); do
                    jdkHome=$(sdk home java $jdk)
                    pushd "$jdkHome/lib/security"
                    mv cacerts cacerts.orginal
                    ln -s "$cacerts" "cacerts"
                    popd
                done
            else
                echo "Abort: file $cacerts not found."
            fi
            ;;
        *)
            sdk "$@"
    esac
}