#!/bin/sh

. /etc/functions.sh
DAYS=3650

signcert() {

config_load rcertificate	
CERT_REQ="/etc/ipsec.d/certs/"$1".pem"			
CERT_OUT="/etc/ipsec.d/certs/"$1".crt"
TEMP_CERT_OUTPUT="/var/certificate_tmp_out"
OPENSSL_X509="openssl x509"

if [ ! -s $CERT_REQ ]; then
	#echo "certificate request file is invalid"
	json -f /var/cert.json set newcert status=reqfileinvalid
	return 99;
fi

openssl ca -policy policy_anything -in $CERT_REQ -days $DAYS -out $CERT_OUT -batch -passin pass:$2

if [ ! -s $CERT_OUT ]; then
	#echo "Root CA password is invalid"
	if   [ "$3" == "0" ]; then 
		json -f /var/cert.json set newcert status=passwordwrong
		return 98;
	else
		json -f /var/cert.json set newcert status=success  #self sign fail change to requesting
		return 98;
	fi
fi

 if   [ "$3" == "0" ]; then  
rm $CERT_REQ
uci set rcertificate.$1.status="OK"
uci commit rcertificate
else
		rm $CERT_REQ
		
		$OPENSSL_X509 -in $CERT_OUT -noout -issuer -subject -dates > $TEMP_CERT_OUTPUT
		
		#issuer=$(cat $TEMP_CERT_OUTPUT | grep issuer | cut -c 8-100);
		#subject=$(cat $TEMP_CERT_OUTPUT | grep subject | cut -c 9-100);
		issuer=$(cat $TEMP_CERT_OUTPUT | grep issuer |sed 's/^.*CN=//g' |sed 's/\/.*//g');
		subject=$(cat $TEMP_CERT_OUTPUT | grep subject | sed 's/^.*CN=//g' |sed 's/\/.*//g');
		from=$(cat $TEMP_CERT_OUTPUT | grep notBefore| cut -c 11-100);
		to=$(cat $TEMP_CERT_OUTPUT | grep notAfter | cut -c 10-100);
		
		uci set certificate.$1=usercertificate
		uci set certificate.$1.issuer="$issuer"  
		uci set certificate.$1.subject="$subject"  
		uci set certificate.$1.from="$from"  
		uci set certificate.$1.to="$to"  
		uci set certificate.$1.status="OK"
		uci commit certificate
		rm -f $TEMP_CERT_OUTPUT
		json -f /var/cert.json set newcert status=success                
fi

return 
}
if [ ! -s $1 ];then
signcert $1 $2 $3
fi