#!/bin/sh

. /usr/share/alterator/build/backend3.sh

. cert-sh-functions

SSL_NAME="httpd-alterator"
SSL_CERTCONF="/etc/httpd2/conf/$SSL_NAME.cnf"

HTTPDCONF="/etc/httpd2/conf/httpd2.alterator.conf"

_()
{
LANG=${in_language%%;*}.utf8 gettext "alterator-admin" "$1"
}

sure_ssl_conf()
{
    [ -f "$SSL_CERTCONF" ] && return
    
    local HOSTNAME="$(hostname)"
    HOSTNAME="${HOSTNAME:-localhost.localdomain}"

    echo "$DEFAULT_CERT" |
	sed -e "s|@HOSTNAME@|$HOSTNAME|" \
	    -e "s|@PRODUCT@|$SSL_NAME|" \
	    -e "/^O=/ a C=RU\nL=Moscow\nOU=HTTP Interface\n" \
	    >"$SSL_CERTCONF"
}

cert_file()
{
    echo "$SSL_CERTDIR/$1.cert"
}

key_file()
{
    echo "$SSL_KEYDIR/$1.key"
}

csr_file()
{
    echo "$SSL_CSRDIR/$1.csr"
}

read_value()
{
    sed -nr "/^$1=/ {s,^$1=(.*),\1,;p}" "$SSL_CERTCONF"
}

write_value()
{
    sed -r "s,^$1=.*,$1=$2," -i "$SSL_CERTCONF"
}

create_cert()
{
     ssl_check_key "$@" || ssl_make_key "$@"
     ssl_check_req "$@" || ssl_make_req "$@" 
     ssl_check_cert "$@" || ssl_make_cert "$@"
}

update_cert()
{
    (create_cert "$SSL_NAME-temp" "$SSL_CERTCONF") &&
	mv -f "$(cert_file "$SSL_NAME-temp")" "$(cert_file "$SSL_NAME")" &&
	mv -f "$(key_file "$SSL_NAME-temp")" "$(key_file "$SSL_NAME")" &&
	mv -f "$(csr_file "$SSL_NAME-temp")" "$(csr_file "$SSL_NAME")"
}

update_passwd()
{
        echo "root:$1"|/usr/sbin/chpasswd
        return $?
}

read_listen()
{
	sed -nr '/^Listen[[:space:]]/ {s,Listen[[:space:]]*,,;p}' "$HTTPDCONF"
}

write_listen()
{
	sed -r "s,^Listen[[:space:]].*,Listen $1," -i "$HTTPDCONF"
}

on_message()
{
	case "$in_action" in
		constraints)
			local reset_required="$([ "$in_orig_action" = "reset" ] && echo "#t" || echo "#f")"
			local write_required="$([ "$in_orig_action" = "write" ] && echo "#t" || echo "#f")"
			local regexp="^[-.a-zA-Z0-9][-.a-zA-Z0-9[:space:]]+$"
			local msg="`_ "should be latin letters"`"
			local regexp1="^[a-zA-Z][a-zA-Z]$"
			local msg1="`_ "two letter country code"`"
			echo '('
			printf ' CN (label "%s" required %s match ("%s" "%s"))' "`_ "Common Name (CN)"`" "$reset_required" "$regexp" "$msg" #"
			printf ' C (label "%s" match ("%s" "%s"))' "`_ "Country (C)"`" "$regexp1" "$msg1" #"
			printf ' L (label "%s" match ("%s" "%s"))' "`_ "Location (L)"`" "$regexp" "$msg" #"
			printf ' O (label "%s" match ("%s" "%s"))' "`_ "Organization (O)"`" "$regexp" "$msg" #"
			printf ' OU (label "%s" match ("%s" "%s"))' "`_ "Organizational Unit (OU)"`" "$regexp" "$msg" #"
			printf ' passwd1  (equal passwd2 label "%s")' "`_ "Administrator password"`"
			printf ' listen   (required %s label "%s" match ("^[0-9]+$" "%s"))' \
			    "$write_required" \
			    "`_ "HTTP interface port"`" \
			    "`_ "should be number"`"
			echo ')'
			;;
		read)
			sure_ssl_conf
			echo '('
			printf ' CN "%s"' "$(read_value "CN")"
			printf ' C "%s"' "$(read_value "C")"
			printf ' L "%s"' "$(read_value "L")"
			printf ' O "%s"' "$(read_value "O")"
			printf ' OU "%s"' "$(read_value "OU")"
			printf ' listen "%s"' "$(read_listen)"
			echo ')'
			;;
		write)
			[ -n "$in_passwd1" ] && update_passwd "$in_passwd1"
			[ -n "$in_listen" ] && write_listen "$in_listen"
			echo '()'
			;;
		reset)
			sure_ssl_conf
			[ -n "$in_CN" ] && write_value "CN" "$in_CN"
			[ -n "$in_C" ] && write_value "C" "$in_C"
			[ -n "$in_L" ] && write_value "L" "$in_L"
			[ -n "$in_O" ] && write_value "O" "$in_O"
			[ -n "$in_OU" ] && write_value "OU" "$in_OU"
			
			update_cert
			echo '()'
			;;
		upload)
			local tempfile="$(mktemp -t cert.XXXXXX)"
			[ -n "$in_certificate" ] &&
			echo "$in_certificate" >"$tempfile"
			if openssl verify "$tempfile" | grep -qs '^OK$'; then
			    mv -f "$tempfile" "$(cert_file "$SSL_NAME")"
			    chmod 644 "$(cert_file "$SSL_NAME")"
			    echo '()'
			else
			    rm -f "$tempfile"
			    printf '(error "%s")' "`_ "Invalid certificate file"`"
			fi
		        ;;
		reload)
			service httpd-alterator reload >&2
			echo '()'
			;;
		*)
			echo '#f'
			;;
	esac
}

message_loop
