#!/bin/bash

################
## freeradius ##
################

. /usr/lib/eole/utils.sh
if [ "$(CreoleGet activer_freeradius)" = "oui" ]; then
    user="freerad"
    group="freerad"
    freeradius_conf_dir="/etc/freeradius/3.0"
    container="$(CreoleGet container_name_radius)"
    freeradius_cache_dir="$(CreoleGet container_path_radius)/var/cache/radiusd"
    freeradius_profile=$(CreoleGet freeradius_profile)

    # Install ssl files
    if [ "$(CreoleGet freeradius_pki_needed)" = "oui" ]; then
        CERT_DIR=/usr/share/eole/freeradius-certs.d/$freeradius_profile/certs
        if [ ! -d "$CERT_DIR" ]; then
            mkdir -p "$CERT_DIR"
        fi
        pushd "$CERT_DIR" >/dev/null
        if [ ! -f "${CERT_DIR}/server.pem" ]; then
            rm -rf "/usr/share/eole/freeradius-certs.d/$freeradius_profile/certs/*"
            cp -rf /usr/share/eole/freeradius-certs.d/base/certs/* "/usr/share/eole/freeradius-certs.d/$freeradius_profile/certs/"
            make destroycerts
            make index.txt
            make serial
            make ca.pem
            make server.pem
        fi
        CreoleRun "rm -rf \"${freeradius_conf_dir}/ssl/certs\"" $container 
        CreoleRun "rm -rf \"${freeradius_conf_dir}/ssl/private\"" $container 
        CreoleRun "mkdir -p \"${freeradius_conf_dir}/ssl/certs\"" $container 
        CreoleRun "mkdir -p \"${freeradius_conf_dir}/ssl/private\"" $container
        scp ca.pem server.pem "$container:${freeradius_conf_dir}/ssl/certs/"
        scp server.key "$container:${freeradius_conf_dir}/ssl/private/"
        CreoleRun "chmod 640 ${freeradius_conf_dir}/ssl/certs/ca.pem" $container
        CreoleRun "chmod 640 ${freeradius_conf_dir}/ssl/certs/server.pem" $container
        CreoleRun "chmod 640 ${freeradius_conf_dir}/ssl/private/server.key" $container
        CreoleRun "chgrp ${group} ${freeradius_conf_dir}/ssl/certs/ca.pem" $container
        CreoleRun "chgrp ${group} ${freeradius_conf_dir}/ssl/certs/server.pem" $container
        CreoleRun "chgrp ${group} ${freeradius_conf_dir}/ssl/private/server.key" $container
        popd >/dev/null
        if [ ! -d "$freeradius_cache_dir" ]; then
            mkdir "$freeradius_cache_dir"
            CreoleRun "chown $user:$group /var/cache/radiusd" $container
            CreoleRun "chmod 700 /var/cache/radiusd" $container
        fi
        dh_file="${freeradius_conf_dir}/ssl/certs/dh"
    else
        CreoleRun "rm -rf \"${freeradius_conf_dir}/ssl/certs\"" $container 
        CreoleRun "rm -rf \"${freeradius_conf_dir}/ssl/certs\"" $container 
        InstallSSLFiles freeradius $user $group ${freeradius_conf_dir}/ssl $container
        CreoleRun "mv ${freeradius_conf_dir}/ssl/certs/{freeradius,server}.pem" $container
        CreoleRun "mv ${freeradius_conf_dir}/ssl/private/{freeradius,server}.key" $container
        dh_file="${freeradius_conf_dir}/ssl/certs/dh"
    fi
    if [ ! -f "$(CreoleGet container_path_radius)${dh_file}" ]
    then
        CreoleRun "openssl dhparam -out ${dh_file} 2048" $container
    fi

    
fi
exit 0
