#!/bin/sh

. /etc/functions.sh
OPENSSL="openssl req "
REQ_TMP="/var/certificate_request_tmp"
REQ_OUT="/var/certificate_request_out"

SSL_CFG="/etc/ssl/openssl.cnf"
TMP_REQ_EXTENSION="/var/req_extension"
TMP_OPENSSL_CONF="/var/tmp_openssl.conf"
REQ_EXT_WORD="req_ext"
strExt=""

MAX_CNT=256

certreq_handle() {

$OPENSSL -in  $REQ_TMP -noout -subject -out $REQ_OUT

	if [ ! -e $REQ_OUT ]; then
		rm $REQ_TMP;
		echo "Requset file is invalid"
		json set uploadreq status=reqfileinvalid
		return 99;
	fi
	
name=$( echo $1  |cut -d"." -f 1);
#cursub=$(cat $REQ_OUT | grep subject | cut -c 9-100);
cursub=$(cat $REQ_OUT);
status="Remote Requesting";

num=$(uci show rcertificate | grep -c certificatereq)
if [ "$num" -ge "$MAX_CNT" ]; then
	echo "The max entries of Remote Certificate is $MAX_CNT"
	json set uploadreq status=entryexceed
	return 0;
fi

uci set rcertificate.$name=certificatereq  
uci set rcertificate.$name.subject="$cursub"  
uci set rcertificate.$name.status="$status"	  

uci commit rcertificate;
mv $REQ_TMP /etc/ipsec.d/certs/$name.pem
rm $REQ_OUT;
echo "Import Success"
json set uploadreq status=importsuccess
return 0;
}

cert_handle() {

openssl x509 -in  $REQ_TMP -noout -subject 1>$REQ_OUT

	if [ ! -e $REQ_OUT ]; then
		rm $REQ_TMP;
		echo "Certificate file is invalid"
		json set uploadreq status=reqfileinvalid
		return 99;
	fi
	
name=$( echo $1  |cut -d"." -f 1);
cursub=$(cat $REQ_OUT);
status="OK";

num=$(uci show rcertificate | grep -c certificatereq)
if [ "$num" -ge "$MAX_CNT" ]; then
	echo "The max entries of Remote Certificate is $MAX_CNT"
	json set uploadreq status=entryexceed
	return 0;
fi

uci set rcertificate.$name=certificatereq  
uci set rcertificate.$name.subject="$cursub"  
uci set rcertificate.$name.status="$status"	  

uci commit rcertificate;
mv $REQ_TMP /etc/ipsec.d/certs/$name.crt
rm $REQ_OUT;
echo "Import Success"
json set uploadreq status=importsuccess
return 0;
}

if [ ! -s $1 ];then
	if [ "$(cat $REQ_TMP | grep "BEGIN CERTIFICATE REQUEST" -c)" = "1" ]; then
		certreq_handle $1
	elif [ "$(cat $REQ_TMP | grep "BEGIN CERTIFICATE-" -c)" = "1" ]; then
		cert_handle $1
	else
		rm $REQ_TMP;
		echo "Invalid file"
		json set uploadreq status=reqfileinvalid
		return 99;
	fi
fi
