#!/bin/sh

# New cert
DOM=${1}
KEY=${2}
CRT=${3}
CHAIN=${4}

if [ -z "$DOM" -o -z "$KEY" -o -z "$CRT" -o -z "$CHAIN" ]; then
  echo "Usage: $0 domain /path/to/key /path/to/cert /path/to/chain" >&2
  exit 1
fi

if [ \! -e "$KEY" ]; then
  echo "Can't use $KEY as key (file doesn't exist)" >&2
  exit 1
fi
if [ \! -e "$CRT" ]; then
  echo "Can't use $CRT as certificate (file doesn't exist)" >&2
  exit 1
fi
if [ \! -e "$CHAIN" ]; then
  echo "Can't use $chain as certificate chain (file doesn't exist)" >&2
  exit 1
fi

/sbin/e-smith/db configuration setprop modSSL key $KEY crt $CRT CertificateChainFile $CHAIN
# There's a new ssl-udpate event which update everything in a single event
# fallback to manual operations if this event doesn't exist
if [ -d /etc/e-smith/events/ssl-update ]; then
  /sbin/e-smith/signal-event ssl-update
else
  /sbin/e-smith/expand-template /home/e-smith/db/ssl.pem/pem
  /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
  /sbin/e-smith/expand-template /var/service/qpsmtpd/ssl/cert.pem
  /usr/bin/sv 1 /service/httpd-e-smith
  /usr/bin/sv h /service/ldap
  /usr/bin/sv 1 /service/pop3s
  /usr/bin/sv h /service/qpsmtpd
  /usr/bin/sv h /service/sqpsmtpd
  if [ -d /service/dovecot ]; then
    /usr/bin/sv 1 /service/dovecot
    /usr/bin/sv h /service/dovecot
  else
    /usr/bin/sv 1 /service/imaps
  fi
fi
# Now revoke old certificates
CUR_CRT=$(readlink /home/e-smith/db/letsencrypt.sh/certs/$DOM/cert.pem)
for cert in $(find /home/e-smith/db/letsencrypt.sh/certs/$DOM/ -type f -name cert\*.pem -exec basename "{}" \;); do
  if [[ "$cert" != "$CUR_CRT" ]]; then
    /usr/bin/letsencrypt.sh -r /home/e-smith/db/letsencrypt.sh/certs/$DOM/$cert
  fi
done