#!/usr/bin/sh
#------------------------------------------------------------------------------
# /var/install/bin/certs-extract-certs-from-ca-bundle
#                                   - download and install mozilla certs bundle
#
# Copyright (c) 2014-2025  The Eisfair Team, team(at)eisfair(dot)org
#
# Creation:     2014-03-29  Marcus Roeckrath
# Last Update:  $Id$
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#------------------------------------------------------------------------------

# include eislib etc.
. /var/install/include/eislib
. /var/install/include/jedlib

#exec 2> /tmp/certs-extract-certs-from-ca-bundle-trace$$.log
#set -x

tempdir=`mktemp -d -p /tmp`
ssldir=/usr/local/ssl
certsdir=${ssldir}/certs
mozillabundle="${ssldir}/mozillabundle.txt"
mozillabundleold="${ssldir}/mozillabundle.txt.old"
cabundle=ca-bundle.crt
prevcaline=''
prevprevcaline=''
caline=''
certdata=false

mecho "Start downloading CA bundle and extracting certificates ..."

olddir=`pwd`
cd ${tempdir}

# Download mozilla bundle and convert it to ca-bundle.crt file
/usr/bin/mk-ca-bundle.pl $*

# Extract all certificates from ca-bundle.crt into single pem files
if [ -f ${cabundle} ] ; then
    while read -r caline ; do
        if [ -n "${caline}" ] ; then
            if ( echo "${caline}" | grep -q "BEGIN CERTIFICATE" ) ; then
                filename=`printf "%b\n" "${prevprevcaline}" | sed -e 's#/#_#g' -e 's# \+#_#g' -e 's#[()]##g'`

                # check if filename exists and then add an index number
                idx=0
                pemname="${filename}.pem"
                while [ -f "${pemname}" ] ; do
                    idx=$((idx + 1))
                    pemname="${filename}_${idx}.pem"
                done
                filename="${pemname}"

                mecho "Processing '${filename}' ..."
                certdata=true
            else
                if ( echo "${caline}" | grep -q "END CERTIFICATE" ) ; then
                    if [ ${certdata} = true ] && [ -n "${filename}" ] ; then
                        echo -E "${caline}" >> "${filename}"
                    fi
                    certdata=false
                    filename=''
                fi
            fi
        fi
        if [ ${certdata} = true ] && [ -n "${filename}" ] ; then
            echo -E "${caline}" >> "${filename}"
        fi
        prevprevcaline=`echo -E "${prevcaline}"`
        prevcaline=`echo -E "${caline}"`
    done < ${cabundle}

    # Convert/Remove special chars from filename
    detox -s utf_8-only *.pem

    # Remove certificates from previous script execution
    if [ -f "${mozillabundle}" ] ; then
        while read filename ; do
            rm -f "${certsdir}/${filename}"
        done < "${mozillabundle}"

        mv -f "${mozillabundle}" "${mozillabundleold}"
    fi

    # Create file list of new certificates
    ls -1 *.pem > "${mozillabundle}"

    # Copy certificates to certs directory
    cp *.pem "${certsdir}"

    # Rehash
    mecho "Updating hashes '${ssldir}' ..."
    /var/install/bin/certs-update-hashes --quiet --certdir
fi

# Remove temp working directory
cd "${olddir}"
rm -fr ${tempdir}

mecho "Done."

exit 0