#!/bin/sh

. /etc/functions.sh
OPENSSL="openssl req "
REQ_TMP="/var/certificate_request_tmp"
REQ_OUT="/var/certificate_request_out"
TEMP_CERT="/var/certificate_tmp"
TEMP_CERT_PKCS12="/var/certificate_tmp_pkcs12.pem"

SSL_CFG="/etc/ssl/openssl.cnf"
TMP_REQ_EXTENSION="/var/req_extension"
TMP_OPENSSL_CONF="/var/tmp_openssl.conf"
REQ_EXT_WORD="req_ext"
strExt=""

MAX_CNT=256

certreq_handle() {

$OPENSSL -in  $REQ_TMP -noout -subject -out $REQ_OUT

	if [ ! -e $REQ_OUT ]; then
		rm $REQ_TMP;
		echo "Requset file is invalid"
		json set uploadreq status=reqfileinvalid
		return 99;
	fi
	
name=$( echo $1  |cut -d"." -f 1);
#cursub=$(cat $REQ_OUT | grep subject | cut -c 9-100);
cursub=$(cat $REQ_OUT);
status="Remote Requesting";

num=$(uci show rcertificate | grep -c certificatereq)
if [ "$num" -ge "$MAX_CNT" ]; then
	echo "The max entries of Remote Certificate is $MAX_CNT"
	json set uploadreq status=entryexceed
	return 0;
fi

uci set rcertificate.$name=certificatereq  
uci set rcertificate.$name.subject="$cursub"  
uci set rcertificate.$name.status="$status"	  

uci commit rcertificate;
mv $REQ_TMP /etc/ipsec.d/certs/$name.pem
rm $REQ_OUT;
echo "Import Success"
json set uploadreq status=importsuccess
return 0;
}

cert_handle() {

openssl x509 -in  $REQ_TMP -noout -subject 1>$REQ_OUT

	if [ ! -e $REQ_OUT ]; then
		rm $REQ_TMP;
		echo "Certificate file is invalid"
		json set uploadreq status=reqfileinvalid
		return 99;
	fi
	
name=$( echo $1  |cut -d"." -f 1);
cursub=$(cat $REQ_OUT);
status="OK";

num=$(uci show rcertificate | grep -c certificatereq)
if [ "$num" -ge "$MAX_CNT" ]; then
	echo "The max entries of Remote Certificate is $MAX_CNT"
	json set uploadreq status=entryexceed
	return 0;
fi

uci set rcertificate.$name=certificatereq  
uci set rcertificate.$name.subject="$cursub"  
uci set rcertificate.$name.status="$status"	  

uci commit rcertificate;
mv $REQ_TMP /etc/ipsec.d/certs/$name.crt
rm $REQ_OUT;
echo "Import Success"
json set uploadreq status=importsuccess
return 0;
}

if [ ! -s $1 ];then
	if [ "$2" = "0" ]; then
		if [ "$(cat $REQ_TMP | grep "BEGIN CERTIFICATE REQUEST" -c)" = "1" ]; then
			certreq_handle $1
		elif [ "$(cat $REQ_TMP | grep "BEGIN CERTIFICATE-" -c)" = "1" ]; then
			cert_handle $1
		else
			rm $REQ_TMP;
			echo "Invalid file"
			json set uploadreq status=reqfileinvalid
			return 99;
		fi
	elif [ "$2" = "1" ]; then
		upload_pass="$3"
		openssl pkcs12 -in $REQ_TMP -info -nodes -password pass:test_$upload_pass 1>/tmp/check_pkcs12 2>&1
		[ "$(cat /tmp/check_pkcs12 | grep "invalid password" -c)" = "0" ] && {
			echo "Please upload PKCS12 file"
			json set uploadreq status=reqfileinvalid
			return 0;
		}
		openssl pkcs12 -in $REQ_TMP -out $TEMP_CERT_PKCS12 -nodes -password pass:$upload_pass
		[ -s $TEMP_CERT_PKCS12 ] || {
			echo "Invalid Password"
			json set uploadreq status=passwordinvalid
			return 0;
		}
		rm $REQ_TMP
		openssl x509 -in $TEMP_CERT_PKCS12 -out $REQ_TMP
		cert_handle $1
	fi
fi
