#!/bin/sh /etc/rc.common
# Copyright (C) 2008 OpenWrt.org

#START=91

certificate_add()
{
	local sectiontype
	sectiontype=$(uci get  ipsec_cer_config.$1)
		
	if   [ "$sectiontype" = "certificate-rootca" ]; then
		config_load ipsec_cer_config
		config_get rootcapass $1 rootcapass
		
		echo "$rootcapass" >> /tmp/rootcapass.txt
		/sbin/buildca $rootcapass
	else
		/sbin/ipsec_new_cer $1
	fi
}

apply() {
	add=$(uci fchanges new ipsec_cer_config)	
	for profile in ${add}; do
		certificate_add $profile
		ret=$(json -f /var/cert.json get newcert.status)
		
		if [ $profile = "RootCA" ];then
			ret=$(json -f /var/cert.json get ca.status)
		  //return 99
		fi
		
		if [ $ret != "success" ];then
			uci revert ipsec_cer_config
			return 99
		fi
	done
			
	uci commit ipsec_cer_config
}