#!/usr/bin/php
<?php

#############################################################################

/// init
	global $ini;
	global $node;

	require(dirname(__FILE__)."/../include/functions.php");
	check_force_run(1);
	init();

	if (get_ini_opt('confgen','ssl-gen') === '0') { exit(0); }

	check_live();

	// exit if apache update is running (or scheduled)
	$ares=DBquery("SELECT `value` FROM `var` WHERE `key` = 'apache_update' AND `node` = '".$node."' AND `value` = 0 AND `lock` = 0;");
	$anr=$ares->num_rows;
	if ($anr<1) die(0);

	check_update('ssl_update');


/// get certs to be generated
	$sql="SELECT
		vhosts.id AS vhid,
		vhosts.host AS host,
		domain.name AS domain,
		TRIM('\n' from REPLACE(vhosts.alias,'\r','')) AS alias_r,
		TRIM('\n' from REPLACE(vhosts.ext_alias,'\r','')) AS ext_alias_r,
		`vhosts`.`ssl_on` AS ssl_on,
		IF((`vhosts`.`ssl_on` = 2), 1, 0) AS ssl_new
		FROM vhosts
		LEFT JOIN domain ON vhosts.domainid=domain.id
		LEFT JOIN client ON domain.clientid=client.id
		WHERE (`vhosts`.`ssl_on`=2 OR `vhosts`.`ssl_on`=4)
		AND domain.active=1 AND client.active=1 AND vhosts.active=1
		AND (client.node=$node);";

	$res=DBquery($sql) or die(1);
	$n=$res->num_rows;

#	if ($n>0)
#	{
#	}

	$ssl_all=array();
	$new_num=0;

	while ($host = $res->fetch_assoc())
	{
#		$host['aliases']=explode("\n", $host['alias_r']);
		$host['aliases']=multirow2array($host['alias_r']);
#		$host['ext_aliases']=explode("\n", $host['ext_alias_r']);
		$host['ext_aliases']=multirow2array($host['ext_alias_r']);
#		if (strlen($host['aliases'][0])==0) { $host['aliases']=array(); }
#		if (strlen($host['ext_aliases'][0])==0) { $host['ext_aliases']=array(); }

		unset($host['alias_r']);
		unset($host['ext_alias_r']);

		$ssl_all[]=$host;
		if($host['ssl_new']==1)
		{
			$new_num++;
		}
	}

	$changed=false;

	if ($new_num>0)
	{
		logme ("SSL: Generating $new_num keypairs");
	}
	else
	{
		logme ("SSL: No new keys to generate, checking.");
	}

	$ssldir=$ini['ssl']['keydir'];

	//sanity check
	if (!(file_exists($ssldir)))
	{
		logme('SSL error: dir not found: '.$ssldir);
		die(3);
	}

	register_ssl_plugins();

	// run plugins
	foreach($ssl_plugins as $sslplugin_level => $sslplugin)
	{
		$sslpdir=$ssldir.'/'.$sslplugin;
		if (!(file_exists($sslpdir)))
		{
			mkdir($sslpdir, 0744);
			chown($sslpdir,$ini['ssl']['user']);
			chgrp($sslpdir,$ini['ssl']['group']);
		}
		$sslplugin::generate($sslpdir, $ssl_all, $ini);

		//check if new ssl keys exist
		foreach($ssl_all as $sk => $sslvh)
		{
			$keys=find_ssl_keys($sslvh['domain'], $sslvh['host'], $sslplugin_level);
			if (is_array($keys))
			{
				if($sslvh['ssl_new']==1)
				{
					logme ("SSL: Found new keypair for ".$sslvh['host'].".".$sslvh['domain']);
					DBquery("UPDATE `vhosts` SET `ssl_on`=4 WHERE `id`='".$sslvh['vhid']."' AND `ssl_on`='2';");
					$changed=true;
				}
				unset($ssl_all[$sk]);
			}
		}
	}

	//check if there is failed new ssl
	foreach($ssl_all as $sslvh)
	{
		if($sslvh['ssl_new']==1)
		{
			logme ("SSL: WARNING: No valid keypair found for ".$sslvh['host'].".".$sslvh['domain'].", setting failed");
			DBquery("UPDATE `vhosts` SET `ssl_on`=3 WHERE `id`='".$sslvh['vhid']."' AND `ssl_on`='2';");
		}
	}

	// update apache vhosts if new cert exists
	if ($changed)
	{
		logme ("SSL: New keypairs found, scheduling web config update");
		DBquery("UPDATE `var` SET `value`='1' WHERE `key` = 'apache_update' AND `node` = '".$node."';");
	}


### reset update flag

	unlock_update('ssl_update');