#!/bin/sh

local down_path="$1"
local down_cert="$2"
local down_type="$3"

DOWNCERT="/tmp/$down_cert.crt"
DOWNKEY="/tmp/$down_cert.pem"

rm -rf /tmp/$down_cert.*
cp /etc/ipsec.d/$down_path/$down_cert.crt $DOWNCERT
[ -f $DOWNCERT ] || return 0;

if [ "$3" = "0" ]; then 
	echo "Download Local Certificate" > /dev/console
elif [ "$3" = "1" ]; then 
	echo "Download PKCS12 Certificate" > /dev/console
	local down_pass="$4"
	
	if [ "$down_path" = "cacerts" ]; then
		cp /etc/ipsec.d/private/$down_cert.pem $DOWNKEY
	else
		cp /etc/ipsec.d/private/private_key_$down_cert.pem $DOWNKEY
	fi
	local passphrase="$5"
	openssl pkcs12 -export -in $DOWNCERT -inkey $DOWNKEY -out $DOWNCERT.p12 -descert -password pass:$down_pass -passin pass:$passphrase
elif [ "$3" = "2" ]; then 
	echo "Download Local Certificate and Private Key" > /dev/console
	if [ "$down_path" = "cacerts" -a "$down_cert" = "RootCA" ]; then
		cp /etc/ipsec.d/private/$down_cert.pem $DOWNKEY
	else
		cp /etc/ipsec.d/private/private_key_$down_cert.pem $DOWNKEY
	fi
	tar -czf $DOWNCERT.tgz $DOWNCERT $DOWNKEY
fi
