#!/bin/bash

if [ "$(CreoleGet cert_type)" = "letsencrypt" ]; then
    exit 0
fi
[ "$(CreoleGet ad_local)" = 'oui' ] || exit 0

. /usr/lib/eole/eolead.sh

# samba uses system wide certificate for now
SERVER_CERT_PATH="$(CreoleGet server_cert)"

# samba domain controller may be in container "domaine"
SAMBA_CERT_FOLDER="/var/lib/lxc/addc/rootfs/var/lib/samba/private/tls/"

InstallSambaSSLFiles()
{
    # Install SSL directories and files for a service #23694

    cert_dir="${CONTAINER_ROOTFS}/var/lib/samba/private/tls"
    [ ! -d "$cert_dir" ] && mkdir -p $cert_dir
    chmod 0755 $cert_dir
    server_key="$(CreoleGet server_key)"
    dest_cert_file="${cert_dir}/cert.pem"
    dest_privkey_file="${cert_dir}/key.pem"
    cp $SERVER_CERT_PATH $dest_cert_file
    chmod 0644 $dest_cert_file
    cp $server_key $dest_privkey_file
    chmod 0600 $dest_privkey_file
}



# create intermediate certificates file
echo """#-*- coding: utf-8 -*-
import os
from creole.cert import get_intermediate_certs, concat_fic

chain = get_intermediate_certs(\"$SERVER_CERT_PATH\")
if chain:
    concat_fic(\"$SAMBA_CERT_FOLDER/ca.pem\", chain)
elif os.path.isfile(\"$SAMBA_CERT_FOLDER/ca.pem\"):
    os.unlink(\"$SAMBA_CERT_FOLDER/ca.pem\")
""" > /tmp/samba_cert_chain.py

if [[ -f "$SERVER_CERT_PATH" ]]
then
    python3 /tmp/samba_cert_chain.py
fi

rm -f /tmp/samba_cert_chain.py

CreoleCat -t smb-addc.conf

InstallSambaSSLFiles


echo """#-*- coding: utf-8-*-
from creole.cert import get_certs_chain
ca_root = get_certs_chain([\"$SERVER_CERT_PATH\",])[-1]
print(ca_root)
""" > /tmp/get_ca_root.py

CA_PATH="$(python3 /tmp/get_ca_root.py)"
rm -f /tmp/get_ca_root.py

keytool -delete -alias eole-ad -keystore /etc/ssl/certs/java/cacerts -storepass changeit >/dev/null
keytool -import -trustcacerts -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -alias eole-ad -file $CA_PATH

exit 0
