#!/bin/sh

. /etc/functions.sh
OPENSSL_X509="openssl x509"
TEMP_CA="/var/tmp_trust_ca.pem"
CA_OUTPUT="/var/tmp_ca_output"
MAX_CNT=32

$OPENSSL_X509 -in $TEMP_CA -noout -issuer -subject -dates > $CA_OUTPUT

if [ ! -s $CA_OUTPUT ]; then
	echo "CA file is invalid"
	json set uploadca status=cafileinvalid
	return 0;
fi

cp $TEMP_CA /etc/ipsec.d/cacerts/$1

name=$( echo $1  |cut -d"." -f 1);
#issuer=$(cat $CA_OUTPUT | grep issuer | cut -c 8-100);
#subject=$(cat $CA_OUTPUT | grep subject | cut -c 9-100);
issuer=$(cat $CA_OUTPUT | grep issuer | sed 's/^.*CN=//g' |sed 's/\/.*//g');
subject=$(cat $CA_OUTPUT | grep subject | sed 's/^.*CN=//g' |sed 's/\/.*//g');
from=$(cat $CA_OUTPUT | grep notBefore| cut -c 11-100);
to=$(cat $CA_OUTPUT | grep notAfter | cut -c 10-100);

status="OK";
rm -f $TEMP_CA
rm -f $CA_OUTPUT

num=$(uci show certificate | grep -c trustca)
num=$(expr $num - 1)
if [ "$num" -ge "$MAX_CNT" ]; then
	echo "The max entries of TRUST CA exclude ROOTCA is $MAX_CNT"
	json set uploadca status=entryexceed
	return 0;
fi

uci set certificate.$name=trustca
uci set certificate.$name.issuer="$issuer"  
uci set certificate.$name.subject="$subject"  
uci set certificate.$name.from="$from"  
uci set certificate.$name.to="$to"  
uci set certificate.$name.status="$status"	  

ipsec whack --rereadcacerts
echo "Import Success"
json set uploadca status=importsuccess
return 0;
