#!/bin/bash

CERTDIR=/etc/ssl/sys

CNF=/etc/sys-ssl.conf

if [ -f $CNF ]; then
	. $CNF
else
	echo "ERROR: $CNF not found"
	exit 11
fi

if [ -z "$domain" ]; then
	echo "ERROR: no primary domain defined"
	exit 11
fi

function findkeys()
{

	HN=$1

	# dv_wc
	fn_key="dv_wc/${domain}-key.pem"
	fn_cert="dv_wc/${domain}-cert.pem"

	if (findkf $fn_key $fn_cert); then return 0; fi

	# dv
	fn_key="dv/${HN}.${domain}-key.pem"
	fn_cert="dv/${HN}.${domain}-cert.pem"

	if (findkf $fn_key $fn_cert); then return 0; fi

	# letsencrypt_sys
	fn_key="letsencrypt_sys/${HN}.${domain}/privkey.pem"
	fn_cert="letsencrypt_sys/${HN}.${domain}/fullchain.pem"

	if (findkf $fn_key $fn_cert); then return 0; fi

	# ss_wc
	fn_key="ss_wc/${domain}-key.pem"
	fn_cert="ss_wc/${domain}-cert.pem"

	if (findkf $fn_key $fn_cert); then return 0; fi

}

function findkf()
{
	KF=$1
	CF=$2

#	echo -n "looking for $CF"

	if [ -e ${CERTDIR}/${KF} -a -e ${CERTDIR}/${CF} ]; then
		echo "$KF $CF"
		return 0
	else
#		echo " ...not found"
		return 1
	fi
}

function mkcertlink()
{
	certname=$1
	fn_key=$2
	fn_cert=$3

	RET=0

	fn_key_lnk=${CERTDIR}/${certname}-key.pem
	fn_cert_lnk=${CERTDIR}/${certname}-cert.pem

	if [ -e "$fn_key_lnk" -o -h "$fn_key_lnk"  ]; then
		key_target=`readlink $fn_key_lnk`
		if ! [ "$fn_key" == "$key_target" ]; then
			echo "re-link $certname key:  ${fn_key_lnk} -> ${fn_key} (old: $key_target)"
			rm $fn_key_lnk
			ln -s ${fn_key} ${fn_key_lnk}
			RET=1
		fi
	else
		echo "link $certname key: ${fn_key_lnk} -> ${fn_key}"
		ln -s ${fn_key} ${fn_key_lnk}
		RET=1
	fi

	if [ -e "$fn_cert_lnk" -o -h "$fn_cert_lnk" ]; then
		cert_target=`readlink $fn_cert_lnk`
		if ! [ "$fn_cert" == "$cert_target" ]; then
			echo "re-link $certname key:  ${fn_cert_lnk} -> ${fn_cert} (old: $cert_target)"
			rm $fn_cert_lnk
			ln -s ${fn_cert} ${fn_cert_lnk}
			RET=1
		fi
	else
		echo "link $certname cert: ${fn_cert_lnk} -> ${fn_cert}"
		ln -s ${fn_cert} ${fn_cert_lnk}
		RET=1
	fi

	return $RET
}

CHANGED=0

for cert in $certs; do

	certhosts="d_${cert}"

	first=1

	if [ -n "${!certhosts}" ]; then
		for host in ${!certhosts}; do
			if [ $first -eq 1 ]; then
				cnkn=`findkeys ${host}`
				if [ -n "$cnkn" ]; then
					if ! (mkcertlink ${cert} ${cnkn}); then
						echo "$cert changed"
						CHANGED=1
					fi
				fi
			fi
			first=2
		done
	else
		echo "WARNING: No hostnames defined for ${cert}"
	fi
done

exit $CHANGED