#!/bin/bash

#
# AIM: Ask SSL certificates to an ACME Server
#

function getCertIssuerHash()
{
	cert=${1}
	res=$(openssl x509 -noout -issuer_hash -in ${cert})
	ret=${?}
	echo ${res}
	return ${?}
}

function updadteCA()
{
	issuerHash=${1}
	ssoserver_cert=$(CreoleGet eolesso_cert "")
    [[ -z ${ssoserver_cert} ]] && ssoserver_cert=$(CreoleGet server_cert)
	ca_location=$(CreoleGet eolesso_ca_location "")
	[[ -z ${ca_location} ]] && ca_location="/etc/ssl/local_ca"

	dst_root_x3=$(ls /etc/ssl/certs/DST_*.pem)
	ca_dir="/usr/share/ca-certificates/letsencrypt"

    activer_sso=$(CreoleGet activer_sso non)
    if [[ ${activer_sso} == "local" ]]
    then
        ssocertHash=$(getCertIssuerHash ${ssoserver_cert})
        if [[ ${issuerHash} == ${ssocertHash} ]]
        then
            cp -rp /usr/share/ca-certificates/letsencrypt/*.crt ${ca_location}
            [[ ${?} -ne 0 ]] && echo "Warning : l'ajout de la CA Let's Encrypt pour eole-sso a échoué"

            cp -rp ${dst_root_x3} ${ca_location}
            [[ ${?} -ne 0 ]] && echo "Warning : l'ajout de la CA DST pour eole-sso a échoué"
        fi
    fi
}


if [[ $(CreoleGet cert_type non) == 'letsencrypt'  ]]
then
    if [[ $(CreoleGet activer_sso non) != 'non' ]]; then
        X3HASH="4f06f81d"

        # Mise en place de la CA let's Encrypt
        updadteCA ${X3HASH}
    fi

    cp -rp /usr/share/ca-certificates/letsencrypt/*.crt /usr/local/share/ca-certificates/
    update-ca-certificates > /dev/null 2>&1
    if [ -f /etc/ssl/letsencrypt/conf/live/$(CreoleGet nom_domaine_machine)/cert.pem ];
    then

        CONFDIR=$(CreoleGet le_config_dir)
        WOKRDIR=$(CreoleGet le_work_dir)
        LOGSDIR=$(CreoleGet le_logs_dir)
        certbot --standalone  --config-dir ${CONFDIR} --work-dir ${WOKRDIR} --logs-dir ${LOGSDIR}   renew > /var/log/eole-letsencrypt-renew.log  2>&1
    fi
    #We want to copy new certs to eole locations
    /usr/share/eole/letsencrypt/post.sh reconfigure

fi


exit 0
