#!/bin/bash

################
## freeradius ##
################
destroycerts() {
    rm -f *~ dh *.csr *.crt *.p12 *.der *.pem *.key index.txt* \
            serial*  *\.0 *\.1 ca-crl.pem ca.crl
}

make_index() {
    touch index.txt
}

make_serial() {
    echo '01' > serial
}

make_ca_pem() {
    ca_default_days=$1
    password_ca=$2
    openssl req -new -x509 -keyout ca.key -out ca.pem \
        -days ${ca_default_days} -config ./ca.cnf \
        -passin pass:${password_ca} -passout pass:${password_ca}
    chmod g+r ca.key
}

make_server_pem() {
    password_ca=$1
    password_server=$2
    openssl req -new -out server.csr -keyout server.key -config ./server.cnf
    chmod g+r server.key

    openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key ${password_ca} -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf

    openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:${password_server} -passout pass:${password_server}
    chmod g+r server.p12

    openssl pkcs12 -in server.p12 -out server.pem -passin pass:${password_server} -passout pass:${password_server}
    chmod g+r server.pem
}

. /usr/lib/eole/utils.sh
if [ "$(CreoleGet activer_freeradius)" = "oui" ]; then
    CA_DEFAULT_DAYS=$(CreoleGet freeradius_pki_default_days 365)
    PASSWORD_CA=$(CreoleGet freeradius_pki_ca_password)
    PASSWORD_SERVER=$(CreoleGet freeradius_pki_server_password)

    user="freerad"
    group="freerad"
    freeradius_conf_dir="/etc/freeradius/3.0"
    container="$(CreoleGet container_name_radius)"
    container_path="$(CreoleGet container_path_radius)"
    freeradius_cache_dir="$(CreoleGet container_path_radius)/var/cache/radiusd"
    freeradius_profile=$(CreoleGet freeradius_profile)

    # Install ssl files
    if [ "$(CreoleGet freeradius_pki_needed)" = "oui" ]; then
        CERT_DIR=/usr/share/eole/freeradius-certs.d/$freeradius_profile/certs
        if [ ! -d "$CERT_DIR" ]; then
            mkdir -p "$CERT_DIR"
        fi
        pushd "$CERT_DIR" >/dev/null
        if [ ! -f "${CERT_DIR}/server.pem" ]; then
            rm -rf "/usr/share/eole/freeradius-certs.d/$freeradius_profile/certs/*"
            cp -rf /usr/share/eole/freeradius-certs.d/base/certs/* "/usr/share/eole/freeradius-certs.d/$freeradius_profile/certs/"
            destroycerts
            make_index
            make_serial
            make_ca_pem "${CA_DEFAULT_DAYS}" "${PASSWORD_CA}"
            make_server_pem "${PASSWORD_CA}" "${PASSWORD_SERVER}"
        fi
        CreoleRun "rm -rf \"${freeradius_conf_dir}/ssl/certs\"" $container 
        CreoleRun "rm -rf \"${freeradius_conf_dir}/ssl/private\"" $container 
        CreoleRun "mkdir -p \"${freeradius_conf_dir}/ssl/certs\"" $container 
        CreoleRun "mkdir -p \"${freeradius_conf_dir}/ssl/private\"" $container
        scp ca.pem server.pem "$container_path${freeradius_conf_dir}/ssl/certs/"
        scp server.key "$container_path${freeradius_conf_dir}/ssl/private/"
        CreoleRun "chmod 640 ${freeradius_conf_dir}/ssl/certs/ca.pem" $container
        CreoleRun "chmod 640 ${freeradius_conf_dir}/ssl/certs/server.pem" $container
        CreoleRun "chmod 640 ${freeradius_conf_dir}/ssl/private/server.key" $container
        CreoleRun "chgrp ${group} ${freeradius_conf_dir}/ssl/certs/ca.pem" $container
        CreoleRun "chgrp ${group} ${freeradius_conf_dir}/ssl/certs/server.pem" $container
        CreoleRun "chgrp ${group} ${freeradius_conf_dir}/ssl/private/server.key" $container
        popd >/dev/null
        if [ ! -d "$freeradius_cache_dir" ]; then
            mkdir "$freeradius_cache_dir"
            CreoleRun "chown $user:$group /var/cache/radiusd" $container
            CreoleRun "chmod 700 /var/cache/radiusd" $container
        fi
        dh_file="${freeradius_conf_dir}/ssl/certs/dh"
    else
        CreoleRun "rm -rf \"${freeradius_conf_dir}/ssl/certs\"" $container 
        CreoleRun "rm -rf \"${freeradius_conf_dir}/ssl/certs\"" $container 
        InstallSSLFiles freeradius $user $group ${freeradius_conf_dir}/ssl $container
        CreoleRun "mv ${freeradius_conf_dir}/ssl/certs/{freeradius,server}.pem" $container
        CreoleRun "mv ${freeradius_conf_dir}/ssl/private/{freeradius,server}.key" $container
        dh_file="${freeradius_conf_dir}/ssl/certs/dh"
    fi
    if [ ! -f "$(CreoleGet container_path_radius)${dh_file}" ]
    then
        CreoleRun "openssl dhparam -out ${dh_file} 2048" $container
    fi

    
fi
exit 0
