#!/bin/bash

# extension on top of cert-check to conveniently install certificate
#
# jpokorny@redhat.com
#
# TODO:
# - fix exit code, remove unneeded subshells? ( '()' -> '{}' )
# - output also some identification/at least original cert-import command

source cert-check

cert_import_homebundle() {
	[ "$1" != "1" ] && return
	echo "Adding to default home bundle" >&2
	mkdir -p "$(dirname ${HOMEBUNDLE})"
	cp ${HOMEBUNDLE}{,.$(date '+%y%m%d%H%M%s')}
	cat >>${HOMEBUNDLE}
}

cert_import_mutt() {
	[ "$1" != "1" ] && return
	echo "Adding to mutt bundle" >&2
	mkdir -p "$(dirname "${CA_BUNDLE_MUTT}")"
	cp ${CA_BUNDLE_MUTT}{,.$(date '+%y%m%d%H%M%s')}
	cat >>${CA_BUNDLE_MUTT}
}

cert_import_offlineimap() {
	[ "$1" != "1" ] && return
	echo "Adding to offlineimap bundle" >&2
	mkdir -p "$(dirname "${CA_BUNDLE_OFFLINEIMAP}")"
	cp ${CA_BUNDLE_OFFLINEIMAP}{,.$(date '+%y%m%d%H%M%s')}
	cat >>${CA_BUNDLE_OFFLINEIMAP}
}

cert_import_firefox() {
	# XXX: stdin is consumed in the first profile found
	# XXX: explore certificate to get a proper name (-n) for it
	# see also https://developer.mozilla.org/en-US/docs/Cert_override.txt
	[ "$1" != "1" ] && return
	echo "Adding to firefox bundle" >&2
	for d in $(find ~/.mozilla/firefox/ -maxdepth 1 -mindepth 1 -type d); do
		grep -qs $(basename $d) ~/.mozilla/firefox/profiles.ini \
		  && certutil -A -n "cert-import:$(date +'%y%m%d%H%M%S')" -t C,p,p -d $d \
		  && break
	done < <(cat)
}

cert_import_npm() {
	# XXX: use "npm config edit" instead until ca_file or something occurs:
	# https://github.com/isaacs/npm/issues/4030
	[ "$1" != "1" ] && return
	echo "Adding to npm bundle" >&2
	mkdir -p "$(dirname "${CA_BUNDLE_NPM}")"
	cp ${CA_BUNDLE_NPM}{,.$(date '+%y%m%d%H%M%s')}
	cat >>${CA_BUNDLE_NPM}
}

# CRL can only be appended to homebundle
cert_import() {
	local homebundle=0 firefox=0 mutt=0 npm=0 offlineimap=0 crl=1 spec=0
	while true; do
		case $1 in
		homebundle)  homebundle=1;;
		firefox)     firefox=1;;
		mutt)        mutt=1;;
		npm)         npm=1;;
		offlineimap) offlineimap=1;;
		all)         homebundle=1; firefox=1; mutt=1;;
		--|*)        break;;
		esac
		spec=1
		shift
	done
	[ $spec -eq 0 ] \
	  && echo "run me without arguments to get usage help" && return
	(
	    #| tee >(openssl x509 \
	    #| tee >(openssl crl \
	  cert_pick_check "$@" \
	      | tee >(cert_import_homebundle  $homebundle)  \
	      | tee >(cert_import_firefox     $firefox)     \
	      | tee >(cert_import_mutt        $mutt)        \
	      | tee >(cert_import_npm         $npm)         \
	      | tee >(cert_import_offlineimap $offlineimap) \
	      | tee >(cert_import_homebundle  $homebundle)
	) |& colorize 1
}

# see cert-check
#setup() {
#	set -u
#	RESTOREUMASK=$(umask -p)
#	umask 077
#}
#
#teardown() {
#	${RESTOREUMASK}
#	unset RESTOREUMASK
#	unset vercmd
#	return $1
#}


[[ "${BASH_SOURCE[0]}" != "${0}" ]] || \
  { [ $# -lt 1 ] \
    && echo "usage: $0" \
            "(homebundle|mutt|firefox|all)*" \
	    "[-nocrl] file-or-server [port=443]" \
    || { setup; cert_import "$@"; teardown $?; };
  }