#!/bin/sh /etc/rc.common
# Copyright (C) 2008 OpenWrt.org

START=90

config_load certificate

boot()
{
	config_load ipsec_cer_config
	config_foreach decrypt_key
	chgobj=`uci fchanges all ipsec_cer_config`
	[ -n "$chgobj" ] && uci commit ipsec_cer_config
}

decrypt_key() {
	local keyname=$1
	local passkey=`uci get ipsec_cer_config.$keyname.passkey`
	if [ "$passkey" != "" ]; then
		openssl rsa -inform PEM -outform PEM -in /etc/ipsec.d/private/private_key_$keyname.pem \
		-out /etc/ipsec.d/private/private_key_$keyname.pem -passin pass:$passkey
		uci set ipsec_cer_config.$keyname.passkey=""
	fi
}

certificate_delete()
{
	local sectiontype
	local option
	local pemfile
	local crtfile
	
	uci delete ipsec_cer_config.$1
	
	sectiontype=$(uci oget  certificate.$1)
	
	 if [ "$sectiontype" == "trustca"  ];then
    		pemfile="/etc/ipsec.d/cacerts/"$1.pem;
		crtfile="/etc/ipsec.d/cacerts/"$1.crt;
    else
    		pemfile="/etc/ipsec.d/certs/"$1.pem;
		crtfile="/etc/ipsec.d/certs/"$1.crt;
    fi
		
	[ -f "$pemfile" ] && {
		rm -rf $pemfile;
	}
	[ -f "$crtfile" ] && {
		rm -rf $crtfile;
	}
	
	uci commit ipsec_cer_config
}

apply() {
	chage=$(uci fchanges delete certificate)	
	for profile in ${chage}; do
		certificate_delete $profile
	done
			
	uci commit certificate
	
}