#!/bin/sh -f

alterator_api_version=1
po_domain="alterator-ahttpd"
ahttpdconffile='/etc/ahttpd/ahttpd.conf'
ahttpdlogdir="/var/log/ahttpd"

servername="ahttpd"
certconffile="/etc/ahttpd/$servername.cnf"

rdelim='[[:space:]]\+'
wdelim='	'

. alterator-sh-functions
. shell-config
. cert-sh-functions

###

config_get()
{
    shell_config_get "$ahttpdconffile" "$1" "$rdelim"
}

cert_get()
{
    shell_config_get "$certconffile" "$1"
}

config_set()
{
    shell_config_set "$ahttpdconffile" "$1" "$2" "$rdelim" "$wdelim"
}

cert_set()
{
    shell_config_set "$certconffile" "$1" "$2"
}

do_reload()
{
    sleep 1
    /sbin/service  ahttpd reload >/dev/null 2>/dev/null
}

sure_certconf()
{
    [ -f "$certconffile" ] && return

    local HOSTNAME="$(hostname)"
    HOSTNAME="${HOSTNAME:-localhost.localdomain}"

    echo "$DEFAULT_CERT" |
	sed -e "s|@HOSTNAME@|$HOSTNAME|" \
	    -e "s|@PRODUCT@|$servername|" \
	    -e "/^O=/ a C=RU\nL=Moscow\nOU=HTTP Interface\n" \
	    >"$certconffile"
}

create_cert()
{
     ssl_check_key "$@" || ssl_make_key "$@"
     ssl_check_req "$@" || ssl_make_req "$@"
     ssl_check_cert "$@" || ssl_make_cert "$@"
}

update_cert()
{
    local certfile="$SSL_CERTDIR/$servername.cert"
    local certfile_temp="$SSL_CERTDIR/$servername-temp.cert"
    local keyfile="$SSL_KEYDIR/$servername.key"
    local keyfile_temp="$SSL_KEYDIR/$servername-temp.key"
    local scrfile="$SSL_CSRDIR/$servername.csr"
    local scrfile_temp="$SSL_CSRDIR/$servername-temp.csr"

    (create_cert "$servername-temp" "$certconffile") &&
	mv -f "$certfile_temp" "$certfile" &&
	mv -f "$keyfile_temp" "$keyfile" &&
	mv -f "$scrfile_temp" "$scrfile"
}

on_message()
{
	case "$in_action" in
		type)
		    write_type_item port tcp-port
		    write_type_item listen ipv4-address

		    write_type_item CN hostname
		    write_type_item C iso-3166-alpha-2
		    write_type_item L ahttpd-cert-field
		    write_type_item O ahttpd-cert-field
		    write_type_item OU ahttpd-cert-field
		    ;;
		list)
			case "$in__objects" in
			    avail_log_mode)
				write_enum_item "all" "`_ "all connections"`"
				write_enum_item "errors" "`_ "errors only"`"
				write_enum_item "none" "`_ "nothing"`"
				;;
			esac
			;;
		write)
			if [ -n "$in_listen" ];then
			    config_set server-listen "$in_listen"
			else
			    config_set server-listen "*"
			fi

			[ -z "$in_port" ] || config_set server-port "$in_port"
			[ -z "$in_log_mode" ] || config_set log-mode "$in_log_mode"
			;;
		reload)
			do_reload &
			;;
		read)
			case "$in__objects" in
			    /)
				sure_certconf

				write_string_param port "$(config_get server-port)"
				write_string_param log_mode "$(config_get log-mode)"

				local listen="$(config_get server-listen)"
				[ "$listen" != "*" ] || listen=
				write_string_param listen "$listen"

				write_string_param CN "$(cert_get CN)"
				write_string_param C "$(cert_get C)"
				write_string_param L "$(cert_get L)"
				write_string_param O "$(cert_get O)"
				write_string_param OU "$(cert_get OU)"
				;;
			    csr)
				write_string_param "csr" "$SSL_CSRDIR/$servername.csr"
				;;
			esac
			;;
		recreate)
			sure_certconf

			[ -z "$in_CN" ] || cert_set "CN" "$in_CN"
			[ -z "$in_C" ] || cert_set "C" "$in_C"
			[ -z "$in_L" ] || cert_set "L" "$in_L"
			[ -z "$in_O" ] || cert_set "O" "$in_O"
			[ -z "$in_OU" ] || cert_set "OU" "$in_OU"

			update_cert
			;;
		upload)
			[ -n "$in_certificate" ] || return

			local keyfile="$SSL_KEYDIR/$servername.key"
			local certfile="$SSL_CERTDIR/$servername.cert"

			if certvalidate "$in_certificate" "$keyfile"; then
			    cp -f "$in_certificate" "$certfile"
			    chmod 644 "$certfile"
			else
			    write_error "`_ "Invalid certificate file"`"
			fi
			;;
	esac
}

message_loop
