#!/bin/bash

# extension on top of cert-check to conveniently install certificate
#
# jpokorny@redhat.com
#
# TODO: fix exit code

set -u
set +e

source cert-check

MUTT_CERTIFICATES=~/.mutt_certificates

cert_import_homebundle() {
	[ "$1" != "1" ] && return
	echo "Adding to homebundle" >&2
	mkdir -p "$(dirname ${HOMEBUNDLE})"
	cat >>${HOMEBUNDLE}
}

cert_import_mutt() {
	[ "$1" != "1" ] && return
	echo "Adding to mutt" >&2
	mkdir -p "$(dirname ${MUTT_CERTIFICATES})"
	cat >>${MUTT_CERTIFICATES}
}

cert_import_firefox() {
	# XXX: stdin is consumed in the first profile found
	# XXX: explore certificate to get a proper name (-n) for it
	[ "$1" != "1" ] && return
	echo "Adding to firefox" >&2
	for d in $(find ~/.mozilla/firefox/ -maxdepth 1 -mindepth 1 -type d); do
		grep -qs $(basename $d) ~/.mozilla/firefox/profiles.ini \
		  && certutil -A -n "cert-import:$(date +'%y%m%d%H%M%S')" -t C,p,p -d $d \
		  && break
	done < <(cat)
}

cert_import() {
	local homebundle=0 firefox=0 mutt=0 crl=1
	while true; do
		case $1 in
		homebundle) homebundle=1;;
		firefox)    firefox=1;;
		mutt)       mutt=1;;
		all)        homebundle=1; firefox=1; mutt=1;;
		--)         ;;
		*) break;;
		esac
		shift
	done
	[ "$1" = "-nocrl" ] && shift && crl=0
	(
	  (cert_pick "$@" | cert_check $crl) \
	    | tee >( openssl x509 \
	             | tee >(cert_import_homebundle $homebundle) \
	             | tee >(cert_import_firefox $firefox) \
	             | cert_import_mutt $mutt )
	) |& colorize 1
}


[[ "${BASH_SOURCE[0]}" != "${0}" ]] || \
  [ $# -lt 1 ] \
    && echo "usage: $0 (homebundle|mutt|firefox|all)* [-nocrl] file-or-server [port=443]" \
    || ( cert_import "$@" && set +u || ( ret=$?; set +u; pseudo_return $ret ))