#!/bin/sh

. /etc/functions.sh

localca=0;
MAX_CNT=256

cert_del() {
        config_get lstatus $1 status
        if   [ "$lstatus" != "Requesting" ]; then
                return 0;
        fi

        config_get lsubject $1 subject

        if   [ "$lsubject" != "$subject" ]; then
                return 0;
        fi
	
		rm -rf /etc/ipsec.d/certs/$1.pem
		cp $TEMP_CERT /etc/ipsec.d/certs/$1.crt
		
		uci set certificate.$1.issuer="$issuer"  
		uci set certificate.$1.subject="$subject"  
		uci set certificate.$1.from="$from"  
		uci set certificate.$1.to="$to"  
		uci set certificate.$1.status="$status"
		localca=1;	  
}

OPENSSL_RSA="openssl rsa"
OPENSSL_X509="openssl x509"
VAR_MODULUS="/var/private_modulus"
TEMP_CERT="/var/certificate_tmp"
CERT_MODULUS="/var/cert_modulus"
CA_OUTPUT="/var/tmp_ca_output"

name=$( echo $1  |cut -d"." -f 1);

#$OPENSSL_RSA -in /etc/ipsec.d/private/private_key_$name.pem -passin pass:X509_Password_$name -modulus -noout -out $VAR_MODULUS

#if [ ! -s $VAR_MODULUS ]; then
#	echo "Import certificate is invalid"
#	return 0;
#fi

#$OPENSSL_X509 -in $TEMP_CERT -modulus -noout >  $CERT_MODULUS

#if [ ! -s $CERT_MODULUS ]; then
#	echo "Import certificate is invalid"
#	return 0;
#fi

$OPENSSL_X509 -in $TEMP_CERT -noout -issuer -subject -dates > $CA_OUTPUT

if [ ! -s $CA_OUTPUT ]; then
	echo "Certificate file is invalid"
	json set uploadcert status=certfileinvalid
	return 0;
fi

issuer=$(cat $CA_OUTPUT | grep issuer | cut -c 8-100);
subject=$(cat $CA_OUTPUT | grep subject | cut -c 9-100);
from=$(cat $CA_OUTPUT | grep notBefore| cut -c 11-100);
to=$(cat $CA_OUTPUT | grep notAfter | cut -c 10-100);
status="OK";


num=$(uci show certificate | grep -c usercertificate)
if [ "$num" -ge "$MAX_CNT" ]; then
	echo "The max entries of Local Certificate is $MAX_CNT"
	json set uploadcert status=entryexceed
	return 0;
fi

echo "Import Success"
json set uploadcert status=importsuccess
config_load certificate
config_foreach cert_del    

if [ $localca -lt 1 ];then
		cp $TEMP_CERT /etc/ipsec.d/certs/$name.crt
		uci set certificate.$name=usercertificate
		uci set certificate.$name.issuer="$issuer"  
		uci set certificate.$name.subject="$subject"  
		uci set certificate.$name.from="$from"  
		uci set certificate.$name.to="$to"  
		uci set certificate.$name.status="$status"
		uci commit certificate
fi

rm -f $CA_OUTPUT
rm -f $TEMP_CERT

#rm -f /etc/ipsec.d/newreq_$1.pem
