#!/bin/sh
echo ==================================================
echo ==    AQSI SSL certificate update \(2022\)
echo ==       \(c\) by Andrey Bogdanov
echo ==================================================

FONT_BOLD="\033[1m"
FONT_NORMAL="\033[0m"
FONT_RED="\033[31m"
FONT_GREEN="\033[32m"
FONT_YELLOW="\033[33m"


###################################################################
# Declare function that updates port 8000  in a single 
# configuration file­
###################################################################
update_port_8000_in_config() {

    file_name=$1
    
    echo -e $FONT_YELLOW"Checking config file ["$file_name"]"$FONT_NORMAL
	
    if grep "8000" $file_name ; then 
		echo -e $FONT_GREEN"	Updating port 8000 -> 8200"$FONT_NORMAL
		sed -i.bak 's/aqsi.ru.*:.*8000/aqsi.ru:8200/g' $file_name
	else
		echo "Nothing to update"
    fi

	sed -i.bak 's/aqsi.com/aqsi.ru/g' $file_name
}

########################################################################
# Install certificate
########################################################################
install_cert() {

	CERT_CONF=/etc/ca-certificates.conf
	
	cert_name=$1
	
	echo -e $FONT_YELLOW"Install certificate ["$cert_name"]"$FONT_NORMAL
	wget --no-verbose -P  $TMP_DIR $CERT_URL/$cert_name
	
	if [ -f $TMP_DIR/$cert_name ]; then
		
		mv -f $TMP_DIR/$cert_name $CERT_DIR/$cert_name
		
		echo -e $FONT_YELLOW"Adding lines to ["$CERT_CONF"]"$FONT_NORMAL
		if grep $cert_name $CERT_CONF ; then
			echo ""
		else
			echo "mozilla/"$cert_name
			echo "mozilla/"$cert_name >> $CERT_CONF
		fi
	else
		echo -e $FONT_RED"Failed to load certificate"$FONT_NORMAL
	fi	
}


#####################################################################
# BEGIN MAIN 
####################################################################



# Update all config files
for config_file in `ls /mnt/data/updater*.conf`
do 
    update_port_8000_in_config $config_file
done

# Remove wrong file aqsi-cacert.pem
if [ -f /etc/ssl/certs/aqsi-cacert.pem ]
then
	echo "Remove wrong file aqsi-cacert.pem"
	rm -f /etc/ssl/certs/aqsi-cacert.pem
fi 


TMP_DIR=/home/root/tmp_cert
CERT_URL=http://cube-data.aqsi.ru:555/cert
CERT_DIR=/usr/share/ca-certificates/mozilla

#  If TMP_DIR does not exist  - create
if ! [ -d $TMP_DIR ]; then
	mkdir $TMP_DIR
else
	#  If TMP_DIR exists  - clear old files
	rm -f $TMP_DIR/*
fi


install_cert aqsi_root.crt
install_cert DST_root.crt
install_cert ISRG_Root_X1.crt
install_cert StrelkaCA.crt
install_cert tinkoffrsa2020.crt
install_cert sberca-root-ext.crt
install_cert russian_root_ca.crt
install_cert Sbertroika.crt
install_cert CAAqsiAdmin.crt

echo -e $FONT_YELLOW"Execute: [update-ca-certificates]"$FONT_NORMAL
update-ca-certificates