#!/bin/bash

#
# AIM: Ask SSL certificates to an ACME Server
#

function getCertIssuerHash()
{
	cert=${1}
	res=$(openssl x509 -noout -issuer_hash -in ${cert})
	ret=${?}
	echo ${res}
	return ${?}
}

function updadteCA()
{
	issuerHash=${1}
	activer_sso=$(CreoleGet activer_sso non)
	ssoserver_cert=$(CreoleGet eolesso_cert "")
	ca_location=$(CreoleGet eolesso_ca_location "")
	[[ -z ${ca_location} ]] && ca_location="/etc/ssl/local_ca"

	dst_root_x3=$(ls /etc/ssl/certs/DST_*.pem)
	ca_dir="/usr/share/ca-certificates/letsencrypt"

	if [[ ${activer_sso} != "non" ]]
	then
		ssocertHash=$(getCertIssuerHash ${ssoserver_cert})
		if [[ ${issuerHash} == ${ssocertHash} ]]
		then
			if [[ ! -d ${ca_location} ]]
			then
				cat /usr/share/ca-certificates/letsencrypt/*.crt ${dst_root_x3} >> ${ca_location}
				[[ ${?} -ne 0 ]] && echo "Warning : Problème de concaténantion des CA Let's Encrypt dans ${ca_location}"
			else
				cp -rp /usr/share/ca-certificates/letsencrypt/*.crt ${ca_location}
				[[ ${?} -ne 0 ]] && echo "Warning : l'ajout de la CA Let's Encrypt pour eole-sso a échoué"

				cp -rp ${dst_root_x3} ${ca_location}
				[[ ${?} -ne 0 ]] && echo "Warning : l'ajout de la CA DST pour eole-sso a échoué"
			fi
		fi
	fi
}


if [[ $(CreoleGet cert_type non) == 'letsencrypt'  ]]
then

	X3HASH="4f06f81d"

	# Mise en place de la CA let's Encrypt
	updadteCA ${X3HASH}

	exit 0
fi
