#!/bin/zsh

# configuration
LETSENCRYPT_ETC=/etc/letsencrypt
LETSENCRYPT_HOSTNAME=
OPENHAB_PASSWORD=

# redirect output to log file
exec >&/var/log/letsencrypt/openhab.log
exec 2>&1

# verify settings
if [ "$LETSENCRYPT_ETC" = "" ]
then
	echo "$0: Set the LETSENCRYPT_ETC variable to the letsencrypt configuration directory."
	exit -1
fi 
if [ "$LETSENCRYPT_HOSTNAME" = "" ]
then
	echo "$0: Set the LETSENCRYPT_HOSTNAME variable to select the correct certificate."
	exit -1
fi 

if [ "$OPENHAB_PASSWORD" = "" ]
then
	echo "$0: Set the OPENHAB_PASSWORD variable to select keystore password."
	exit -1
fi 

# validate settings have been correctly configured
if [ ! -d $LETSENCRYPT_ETC ]
then
	echo "$0: Set LETSENCRYPT_ETC variable to letsencrypt config directory."
	exit -1
fi

if [ "$OPENHAB_PASSWORD" = "" ]
then
	echo "$0: Set the OPENHAB_PASSWORD variable to select keystore password."
	exit -1
fi 

# validate settings have been correctly configured
if [ ! -d $LETSENCRYPT_ETC ]
then
	echo "$0: $LETSENCRYPT_ETC directory not found."
	exit -1
fi

if [ ! -d $LETSENCRYPT_ETC/live/$LETSENCRYPT_HOSTNAME ]
then
	echo "$0: $LETSENCRYPT_HOSTNAME certificate not found."
	exit -1
fi

# import openhab settings
if [ -f /etc/default/openhab ]
then
	. /etc/default/openhab
fi

if [ "$OPENHAB_USERDATA" = "" ]
then
	OPENHAB_USERDATA=/var/lib/openhab
fi

# tmp file to store pkcs12 cert and key
TMPFILE=/tmp/certkey.p12

# convert pem files to pkcs12
if ! /bin/openssl pkcs12 -export -inkey ${LETSENCRYPT_ETC}/live/${LETSENCRYPT_HOSTNAME}/privkey.pem -in ${LETSENCRYPT_ETC}/live/${LETSENCRYPT_HOSTNAME}/cert.pem -out ${TMPFILE} -password pass:${OPENHAB_PASSWORD}
then
	rm -f ${TMPFILE}
	exit -1
fi
# remove old certificate
if ! /bin/keytool -delete -alias mykey -keystore ${OPENHAB_USERDATA}/etc/keystore -storepass ${OPENHAB_PASSWORD}
then
	rm -f ${TMPFILE}
	exit -1
fi

# import new certificate
if ! /bin/keytool -importkeystore -srckeystore ${TMPFILE} -srcstoretype pkcs12 -srcstorepass ${OPENHAB_PASSWORD} -destkeystore ${OPENHAB_USERDATA}/etc/keystore -deststoretype jks -deststorepass ${OPENHAB_PASSWORD} -destalias mykey -alias 1
then
	rm -f ${TMPFILE}
	exit -1
fi

# delete tmp cert
rm -f ${TMPFILE}

/bin/systemctl restart openhab