#! /bin/bash

SSLDIR="/etc/ssl"
MOZILLADIR="$SSLDIR/tmp/mozilla"
P11DIR="$SSLDIR/tmp/p11-kit"
BLACKLIST="$SSLDIR/tmp/blacklist.txt"
SSL_CADIR="$SSLDIR/certs"
SSL_CA="$SSL_CADIR/ca-certificates.crt"

if [ ! -d $SSL_CADIR ] ; then
  echo "ERROR: no directory $SSL_CADIR"
  exit 1
fi

if [ ! -w $SSL_CA ] ; then
  echo "ERROR: no write permission $SSL_CA"
  exit 1
fi

while [ $# -gt 0 ];
do
  case $1 in
    --verbose|-v)
      verbose="1"
      verbose_skip="1"
  ;;
    -vs)
      verbose_skip="1"
  ;;
    --help|-h|*)
      echo 
      echo "Usage: update-ca-certificates [-v | -vs]"
      echo "  --verbose, -v        verbose"
      echo "  -vs                  verbose skip"
      echo "  -h, --help           Prints out this screen"
      echo 
      echo "  scan dir:"
      echo "    $MOZILLADIR/*.crt"
      echo "    $P11DIR/*.p11-kit"
      echo "    $BLACKLIST"
      echo "  dest dir:"
      echo "    $SSL_CA"
      echo 
      exit 1
  ;;
  esac
  shift
done




TBLACKLIST="$(mktemp -t "ca-blacklist.tmp.XXXXXX")"
TSSLCA="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
TP11="$(mktemp -t "ca-certificates-scan.tmp.XXXXXX")"

cp_file() {
      if [ -n "$verbose" ] ; then echo "add  $n.$2" ; fi
      cp_run=
      cat "$1" | while read linedat; do
	case "$linedat" in

	\#*)
		if [ -n "$cp_run" ] ; then
		  echo "ERROR:(4) read $n"
		  break;
		fi
		continue 
	;;

	"")  
		if [ -n "$cp_run" ] ; then
		  echo "ERROR:(5) read $n"
		  break;
		fi
		continue 
	;;

	"-----BEGIN CERTIFICATE-----")
		if [ -z $cp_run ] ; then
		  cp_run="1"
		  echo "$linedat" > $TP11
		else
		  echo "ERROR:(1) read $n"
		  break;
		fi
	;;

	"-----END CERTIFICATE-----")
		if [ -n "$cp_run" ] ; then
		  echo "$linedat" >> $TP11
		  cat $TP11 >> "$TSSLCA"
		  rm $TP11
		  break;
		else
		  echo "ERROR:(3) read $n"
		  break;
		fi
	;;

	*)
		if [ -n "$cp_run" ] ; then
		  echo "$linedat" >> $TP11
		fi
	;;
	esac
      done
      if [ -e $TP11 ] ; then
	rm $TP11
	echo "ERROR: no ca-data in $1"
      fi
}


add_crt() {
    skip=
    n=$(basename "$1" .crt | sed -e 's/ /_/g')
    skip="$(cat $TBLACKLIST | while read linedat; do \
    if [ "$n" = "$linedat" ] ; then echo "y" ; fi \
    done)"
    if [ "$skip" != "y" ] ; then
#      if [ -n "$verbose" ] ; then echo "add  $n.crt" ; fi
#      cat "$1" >> "$TSSLCA"
      cp_file "$1" "crt"
    else 
      if [ -n "$verbose_skip" ] ; then echo "skip $n.crt" ; fi
    fi
}

add_p11() {
    skip=
    n=$(basename "$1" .p11-kit | sed -e 's/ /_/g')
    skip="$(cat $TBLACKLIST | while read linedat; do \
    if [ "$n" = "$linedat" ] ; then echo "y" ; fi \
    done)"
    if [ "$skip" != "y" ] ; then
      cp_file "$1" "p11-kit"
    else 
      if [ -n "$verbose_skip" ] ; then echo "skip $n.p11-kit" ; fi
    fi
}

if [ -f $BLACKLIST ] ; then
  if [ -n "$verbose" ] ; then echo " ---    ---  blacklist  ---    ---" ; fi
  sed -e '/^$/d' -e '/^#/d' -e 's/["]//g' -e 's/ /_/g' -e 's/.crt//g' "$BLACKLIST" | while read crt
  do
    if [ -n "$verbose" ] ; then echo "blacklist $crt" ; fi
    echo "$crt" >>$TBLACKLIST
  done
fi

if [ -n "$verbose" ] ; then echo " ---    ---    run      ---    ---" ; fi

if [ -d $MOZILLADIR ] ; then
  find "$MOZILLADIR" -type f -name '*.crt' | sort | while read crt
  do
    add_crt "$crt"
  done
fi

if [ -d $P11DIR ] ; then
  find "$P11DIR" -type f -name '*.p11-kit' | sort | while read crt
  do
    add_p11 "$crt"
  done
fi

rm -f $TP11
rm $TBLACKLIST
cp -a $TSSLCA $SSL_CA
chmod 0644 $SSL_CA
rm $TSSLCA

exit 0
