#!/usr/bin/sh
#----------------------------------------------------------------------------------
# /var/install/bin/certs-download-ca-bundle - download ca certificates
#
# Copyright (c) 2001-2025  The Eisfair Team, team(at)eisfair(dot)org
#
# Creation:     2010-08-26  jed
# Last Update:  $Id$
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#----------------------------------------------------------------------------------

# include eislib
. /var/install/include/eislib

#exec 2> /tmp/certs-download-trace$$.log
#set -x

#==================================================================================
# main
#==================================================================================

tmpdir=/tmp
ssldir=/usr/local/ssl
certdir=${ssldir}/certs
certsfile=/etc/config.d/certs
vardir=/var/certs
wget_bin=/usr/bin/wget.sh

### load configuration ###
. ${certsfile}
chmod 600 ${certsfile}

if [ -z "${CERTS_CA_BUNDLE_URL}" ]
then
    # parameter not set, use default
    sa_bundle_file="BLFS-ca-bundle-3.12.11.0.tar.bz2"
    sa_bundle_url="http://anduin.linuxfromscratch.org/files/BLFS/${sa_bundle_file}"
else
    echo "${CERTS_CA_BUNDLE_URL}" | grep -q "^http:|https:|^file:|^ftp:"

    if [ $? -eq 0 ]
    then
        # full url given, extract archive name
        sa_bundle_file="`basename "${CERTS_CA_BUNDLE_URL}"`"
        sa_bundle_url="${CERTS_CA_BUNDLE_URL}"
    else
        # incomplete url given, prefix name with url
        sa_bundle_file="${CERTS_CA_BUNDLE_URL}"
        sa_bundle_url="http://anduin.linuxfromscratch.org/files/BLFS/${sa_bundle_file}"
    fi
fi

# print header
clrhome
mecho --info "Download CA certificate bundle"
mecho

if [ -f ${vardir}/${sa_bundle_file} ]
then
    mecho --warn "The bundle file ${sa_bundle_file} has already been downloaded."
    mecho

    if /var/install/bin/ask "Do you want to delete the file and download it again" "n"
    then
        rm -f ${vardir}/${sa_bundle_file}

        mecho "downloading ca bundle file '${sa_bundle_file}' ..."
        mecho

        cd ${vardir}
        ${wget_bin} ${sa_bundle_url}
    fi
else
    mecho "downloading ca bundle file '${sa_bundle_file}' ..."
    mecho

    cd ${vardir}
    ${wget_bin} ${sa_bundle_url}
fi

if [ -f ${vardir}/${sa_bundle_file} ]
then
    cd ${tmpdir}

    # temporary directory
    if [ -d ${tmpdir}/blfs ]
    then
        rm -rf ${tmpdir}/blfs
    fi

    mkdir ${tmpdir}/blfs

    # extracting files
    mecho "extracting files ..."
    tar xjf ${vardir}/${sa_bundle_file} -C ${tmpdir}/blfs

    if [ $? -eq 0 ]
    then
        # delete previous archives after new one has successfully been downloaded
        for FNAME in `ls ${vardir}/BLFS-ca-bundle-*bz2 2>/dev/null | grep -v ${sa_bundle_file}`
        do
            rm -f ${FNAME}
        done
    fi

    tmppemfile=`find ${tmpdir}/blfs -name *.pem | head -1`
    tmppemdir=`dirname ${tmppemfile}`

    # copy files to destination directory
    cp ${tmppemdir}/*.pem ${certdir}/

    # recreating hashes
    mecho "creating hashes ..."
    /var/install/bin/certs-update-hashes --quiet --certdir

    # removing temporary files
    mecho "removing temporary files ..."
    rm -rf ${tmpdir}/blfs

    mecho "finished."
else
    mecho --error "error downloading ca bundle file!"
fi

mecho
anykey

#==================================================================================
# End
#==================================================================================
exit 0